A
In positions where a person must be present daily to manipulate records or audit logs to perpetrate fraud against their employer, what can be used by the company to help ensure protections against this type of fraud?
A mandatory vacation policy.
When performing an audit, what is the process that looks at the applications that the user is provided, how frequently they are used, and how they are being used known as?
usage auditing and review
What are the 3 components of the "AAA" framework used to control access to computer resources?
Accounting, Authorization and Authentication
What kind of access control allows for the dynamic assignment of roles to subjects based on rules?
Rule-Based Access Control (RB-RBAC)
Continuous integration and security automation are two items that are specifically part of what methodology?
Secure DevOps
Of the two encryption modes supported by IPsec, what mode is more secure?
*BONUS - Why is it more secure?
Tunnel mode, because the header and data portion of the packet are encrypted.
If an encrypted hard drive from a computer with a TPM chip must be moved to a new computer with a TPM chip, due to a component failure on the motherboard, what happens to the drive upon starting the new computer?
The drive will be unavailable until the recovery password is entered.
After generation of public and private keys to be used, what must a user do next in order to get a digital certificate?
The user must create a certificate signing request (CSR) and sign it with their public key.
How does a distributed denial of service attack differ from a regular denial of service attack?
DDoS attacks utilize many computers for making bogus requests, instead of just one.
What are the defining characteristics of a smurf DoS attack?
An attacker broadcasts a network request to multiple computers, spoofing the IP address in the request to the victim's computer.
What type of information security policy is often considered to be the most important policy?
acceptable use policy
What application development lifecycle model allows for an incremental approach and simplistic project design?
agile model
What is used to document that evidence was always under strict control and no unauthorized person was given the opportunity to corrupt the evidence?
A chain of custody document.
A client PC on your company's network is attempting to browse to a vendor's web page on the Internet, but the computer goes to a malicious web page instead. What two utilities (Windows and Linux) can you use to verify that the DNS records are correct for the web page?
nslookup and dig
At what layer of the OSI model does a network switch primarily function at?
2 - Data Link layer
What type of device functions as a cryptographic process, includes an onboard key generator and key storage facility, as well as accelerated symmetric and asymmetric encryption, and usually provides services to multiple devices on a LAN?
Hardware Security Module (HSM)
What are the two different types of one-time password that can be created?
time-based one time password (TOTP) and HMAC based one-time password (HOTP)
A threat actor is speaking with a potential social engineering victim, and says "This is your regional supervisor calling, and I'm late for an important meeting in your building. I need you to provide me with the passcode for the security gate out front." What are the two primary principles of social engineering at work here?
urgency and authority
What is the method of operation of a logic bomb malware program?
The logic bomb code lies dormant until a specific logical event triggers it
What type of a social engineering attack attempts to trick a user via email or web page into surrendering private information, such as login information to financial websites?
phishing attack
Recently, a managed Cisco network switch in a publicly accessible closet experienced a crash, dropping all those that were connected to it. Based on logs recovered from a central logging system, you determine that the switch may have been flooded with spoofed MAC addresses, causing the memory available on the switch to be consumed. What feature could you implement to help prevent this from happening in the future?
port security
An attack in which the attacker substitutes the return address in a program with a pointer to malicious code is an example of what kind of attack?
buffer overflow attack
While app firewalls commonly use things like payload analysis, header inspection and application signatures, they are NOT capable of identifying application being used with what certain traffic identifier that is most common to network firewalls?
IP addresses
What type of agreement serves as a contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service?
Service Level Agreement (SLA)
What type of digital certificate is primarily used for Microsoft Exchange servers or unified communications?
Subject Alternative Name (SAN) certificate