SCENARIOS
A young technician is in charge of the security awareness program for an organization and begins looking at common attack vectors. Which tools are best suited to help defend against social engineering attacks?
A- FIREWALL
B- EMAIL SECURITY
C- DDOS PROTECTION
D- WAF
ANSWER- WHAT IS EMAIL SECURITY
(Email security provides confidentiality, integrity, and availability of email messages, as well as safeguarding against phishing attacks, spam, viruses, and other forms of malware)
An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device. Which of the following best describes the user’s activity?
A- Penetration testing
B- Phishing campaign
C- External audit
D- Insider threat
(DOUBLE JEOPARDY)
Answer- WHAT IS AN INSIDER THREAT.
(If answered correctly deduct 500 points from the team IT2 Hernandez is on.)
The technicians have determined that the current server hardware is outdated, so they have decided to throw it out. Which of the following is the BEST method to use to ensure no data remnants can be recovered?
A- Drive wiping
B- Degaussing
C- Purging
D- Physical destruction
Answer- WHAT IS PHYSICAL DESTRUCTION.
(Involves shredding, crushing, or incinerating hard drives and other storage devices. However, it is more expensive and has a negative environmental impact.)
Which of the following describes the maximum allowance of accepted risk?
A- Risk indicator
B- Risk level
C- Risk score
D- Risk threshold
(DOUBLE JEOPARDY)
Answer- WHAT IS RISK THRESHOLD.
The term WAF stands for.
(DOUBLE JEOPARDY)
What is a WEB APPLICATION FIREWALL.
A defense contractor is setting up systems that will conduct testing on a new jet. The contractor wants to set up a list of programs that are acceptable to run. What should the defense contractor set up?
A- IMMUTABLE
B- ALLOW LIST
C- ANTIVIRUS
D- BLOCK LIST
ANSWER- What is an allow list.
(An allow list ensures that only approved entities can gain entry, while keeping unauthorized users at bay.)
Malware spread across a company's network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?
A- Impersonation
B- Disinformation
C- Watering-hole
D- Smishing
Answer- WHAT IS A WATERING HOLE.
A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs. Which of the following should the company use to prevent data theft?
A- Watermarking
B- Digital Rights management
C- NDA
D- Access logging
(DOUBLE JEOPARDY)
What is DRM (Digital rights management)
(DRM aims to protect the intellectual property rights of content creators and prevent unauthorized copying and distribution of digital media)
As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents.
Which of the following BEST describes this kind of risk response?
A- Risk rejection
B- Risk mitigation
C- Risk transference
D- Risk avoidance
(If answered correctly choose another question or deduct 100 points from the opposite team.)
Answer- WHAT IS RISK TRANSFERENCE
The term CISO stands for.
WHAT IS A CHIEF INFORMATION SECURITY OFFICER.
A website administrator is setting up a cluster of web servers and wants to ensure that if one server goes down, the system in place will route the traffic through the others. Which network appliance should the administrator use?
A- NAT GATEWAY
B- ROUTER
C- FIREWALL
D- LOAD BALANCER
(DOUBLE JEOPARDY)
ANSWER- WHAT IS A LOAD BALANCER.
(A load balancer works by distributing incoming requests to multiple servers. This ensures that no single server bears too many requests, which can lead to server crashes or high latency.)
An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)
(If answered correctly deduct 100 points form the opposite team or choose to go again)
Answer- WHAT IS SMISHING AND IMPERSONATION.
The security administrator configured the account policies per security implementation guidelines. However, the accounts still appear to be susceptible to brute-force attacks. The following settings meet the existing compliance guidelines:
-Must have a minimum of 15 characters
-Must use one number
-Must use one capital letter
-Must not be one of the last 12 passwords used
Which of the following policies should be added to provide additional security?
A- Shared accounts
B- Password complexity
C- Account lockout
D- Password history
Answer- WHAT IS ACCOUNT LOCKOUT
An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?
A- Exception
B- Segmentation
C- Risk transfer
D- Compensating controls
(If answered correctly pick another category.)
Answer- WHAT ARE COMPENSATING CONTROLS.
(Compensating controls are measures that are put in place to maintain the required level of security even if primary controls fail.)
The term DLP stands for.
(If answered correctly subtract 100 points from the opposite team.)
What is DATA LOSS PREVENTION.
A security researcher wants to look for new and emerging malware on unindexed and hidden locations on the Internet. What should the security researcher use to look?
A- HUMINT
B- DEEP WEB
C- OSINT
D- FEEDS
ANSWER- WHAT IS THE DEEP WEB.
(The deep web refers to parts of the World Wide Web that are not indexed by standard search engines like Google, Bing, or Yahoo)
After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?
A- Insider threat
B- Email phishing
C- Social engineering
D- Executive whaling
Answer- WHAT IS SOCIAL ENGINEERING.
During a phishing exercise, a few privileged users ranked high on the failure list. The enterprise would like to ensure that privileged users have an extra security- monitoring control in place. Which of the following is the MOST likely solution?
A. A WAF to protect web traffic
B. User and entity behavior analytics
C. Requirements to change the local password
D. A gap analysis
Answer- WHAT IS USER AND ENTITY BEHAVIOR ANALYTICS.
User and entity behavior analytics can identify malicious insider and cyberattacks, including DDoS attacks, phishing attempts, malware, and ransomware.
A company's product site recently had failed API calls, resulting in customers being unable to check out and purchase products. This type of failure could lead to the loss of customers and damage to the company's reputation in the market.
Which of the following should the company implement to address the risk of system unavailability?
A- User and entity behavior analytics
B- Redundant reporting systems
C- A self-healing system Most Voted
D- Application controls
Answer- WHAT IS A SELF HEALING SYSTEM.
The term NIPS stands for.
What is NETWORK-BASED INTRUSION PREVENTION SYSTEM.
A forensics expert is performing file carving during an investigation. Which of the following tools could the forensics expert use?
A- HEXDUMP
B- CHAT GPT
C- FOREMOST
D- OLLY DBG
(If answered correctly pick another category.)
ANSWER- WHAT IS FOREMOST.
(Foremost is a forensic data recovery program for Linux that recovers files using their headers, footers, and data structures through a process known as file carving)
A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?
A- A worm is propagating across the network.
B- Data is being exfiltrated.
C- A logic bomb is deleting data.
D- Ransomware is encrypting files.
Answer- DATA IS BEING EXFILTRATED.
The company is looking for a solution to hide data stored in databases. The solution must meet the following requirements:
Be efficient at protecting the production environment, Not require any change to the application and Act at the presentation layer.
Which of the following techniques should be used?
A- Masking
B- Tokenization
C- Algorithmic
D- Random substitution
ANSWER- WHAT IS MASKING
(Data masking is a way to create a fake, but a realistic version of your organizational data. The goal is to protect sensitive data, while providing a functional alternative when real data is not needed)
An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment's notice. Which of the following should the organization consider FIRST to address this requirement?
A- Implement a change management plan to ensure systems are using the appropriate versions.
B- Hire additional on-call staff to be deployed if an event occurs.
C- Design an appropriate warm site for business continuity.
D- Identify critical business processes and determine associated software and hardware requirements.
(If answered correctly deduct 300 points from the opposite team.)
Answer- Implement a change management plan to ensure systems are using the appropriate versions.
The full term for NIDS is.
What is NETWORK BASED INTRUSION DETECTION SYSTEM.