Sec+
CySa+
Net+
MITRE - Initial Access
Random
100
Which of the following is used to add extra complexity before using a one-way data transformation algorithm?
What is Salting?
100
Which of the following tools would work best to prevent the exposure of PII outside of an organization?
What is DLP?
100
A network administrator needs to set up a file server to allow user access. The organization uses DHCP to assign IP addresses. Which of the following is the best solution for the administrator to set up?
A. A separate scope for the file server using a /32 subnet
B. A reservation for the server based on the MAC address
C. A static IP address within the DHCP IP range
D. A SLAAC for the server
B. A reservation for the server based on the MAC address
100
Clue:
This technique involves tricking users into clicking malicious links or opening attachments.
What is Phishing (T1566)?
100
Clue:
This type of SIEM alert indicates multiple failed logins followed by a successful one.
What is a Brute Force / Credential Stuffing attempt?
200
Which of the following scenarios describes a possible business email compromise attack?
A. An employee receives a gift card request in an email that has an executive's name in the display field of the email.
B. Employees who open an email attachment receive messages demanding payment in order to access the file
C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.
C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.
200
A security analyst recently joined the team and is trying to determine which scripting language is being used in a production script to determine if it is malicious. Given the following script: 
Which scripting languages was used in the script?
What is Powershell?
200
Which of the following technologies are X. 509 certificates most commonly associated with?
A. MFA
B. LDAP
C. VLAN tagging
D.PKI
D.PKI
200
Clue:
Attackers exploit vulnerabilities in internet-facing apps using this technique.
What is Exploit Public-Facing Application (T1190)?
200
Clue:
This Fortinet service uses global threat intelligence to categorize websites and enforce web filtering policies.
What is FortiGuard?
300
An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users' passwords. What should the administrator implement to prevent this type of attack from succeeding in the future?
What is Multifactor authentication?
300
A company's user accounts have been compromised. Users are also reporting that the company's internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?
An on-path attack is being performed by someone with internal access that forces users into port 80
300
A network administrator wants to implement an authentication process for temporary access to an organization's network. Which of the following technologies would facilitate this process?
A. Captive portal
B. Enterprise authentication
C. Ad hoc network
D. WPA3
A. Captive portal
300
Clue:
This technique involves compromising software updates or vendors to gain access to targets.
What is Supply Chain Compromise (T1195)?
300
Clue:
A user logs in from California and then 5 minutes later from Eastern Europe—this indicates this type of anomaly.
What is Impossible Travel?
400
Which of the following vulnerabilities is associated with installing software outside of a manufacturer's approved software repository?
What is Side loading?
400
Which of the following will most likely ensure that mission-critical services are available in the event of an incident?
A. Business continuity plan
B. Vulnerability management plan
C. Disaster recovery plan
D. Asset management plan
A. Business continuity plan
400
Which of the following should be used to obtain remote access to a network appliance that has failed to start up properly?
A. Crash cart
B. Jump box
C. Secure Shell
D. Out-of-band management
D. Out-of-band management
400
Clue:
Attackers gain access through a trusted third party like an MSP or vendor.
What is Trusted Relationship (T1199)?
400
Clue:
This intelligence type includes IOCs like hashes, IPs, and domains.
What is Tactical Intelligence?
500
A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?
What is SSO?
500
The Chief Information Security Officer wants to eliminate and reduce shadow IT in the enterprise. Several high-risk cloud applications are used that increase the risk to the organization. Which of the following solutions will assist in reducing the risk?
A. Configure MFA with strict access
B. Enable SSO to the cloud applications
C. Deploy a CASB and enable policy enforcement
D. Deploy an API gateway
C. Deploy a CASB and enable policy enforcement
500
Which of the following is a cost-effective advantage of a split-tunnel VPN?
A. Web traffic is filtered through a web filler.
B. More bandwidth is required on the company's internet connection.
C. Cloud-based traffic flows outside of the company's network.
D. Monitoring detects insecure machines on the company's network.
C. Cloud-based traffic flows outside of the company's network.
500
Clue:
This technique involves attackers registering or hijacking domains that resemble legitimate ones to gain initial access.
What is Compromise Infrastructure (T1584)
500
Clue:
A FortiAnalyzer alert showing abnormal VPN logins outside business hours would fall under this MITRE tactic.
What is Initial Access?