Baseline Quiz 20 Questions

#1. What DOS attack is a reflected attack using ICMP packets?

Fraggle

backdoor

Smurf

MITM

#2. How will I discover incorrectly configured devices that deviate from the baseline?

FUZZING

SLDC

NIDS

SCAP SCAN

#3. How can I ensure my enterprise employees are able to authenticate only whilst present on the secure site?

Biometrics

Context based authentication

Strong Password

Oauth

#4. How can I block a ping attack from generating unnecessary traffic on my intranets?

Block UDP on Firewall

Block POP on Firewall

Block Telnet on Firewall

Block ICMP on Firewall

#5. How can I BEST reduce operation risk when I support BYOD?

MDM + Containerization

AUP + Remote Wipe

Android Fragmentation

MFA + Geofencing

#6. My Financial corporation is risk averse. If a risk is seen as too great, what is the recommended risk action?

Avoid

Reject

Ignore

Accept

#7. CISA post an advisory on a recently discovered zero day for providers of critical infrastructure, how will we best discover if we have been affected?

Pen Testing

Deploy a Hunt Team

Check Firewall Logs

Signature based detection

#8. Which of the following BIA OBJECTIVES deals with restoration of data?

RTO

Daily Full Backups

RPO

MTBF

#9. What are CPE, CVE and OVAL used for?

Port Scan

Memory Scan

Virus Scan

Vulnerability scans

#10. Which of the following BIA OBJECTIVES deals with a returning system to an operational state?

RTO

MTD

RPO

MTTR

#11. What would be a good source of information for a red team, aiming to test the responsiveness of the staff to an APT actor?

Mitre Attack Framework

OWASP

NIST CSF

ISO 31000

#12. A CSP needs to ensure customers will be assured that the services on offer meet industry expectations and follow best practices. What framework should the CSP adopt?

GDPR

CSA STAR Program

NIST CSF

ISO 31000

#13. Security Architects are defining a baseline set of security protocols for all web application servers. The goal is to ensure historic data and future sessions cannot be compromised by a long term key being exposed. What algorithm would ensure Perfect Forward Secrecy (PFS)?

ECDHE

RSA

ECC

SHA512

#14. A forensic analyst must take a local copy of a laptop hard drive as part of an investigation. What command would allow the evidence to be copied to a 2nd hard drive?

scp /* tech01@10.10.0.1:/evidence.img

dd if=dev/sda of=dev/sdb

grep /* of=dev/sdb

exiftool if=dev/sda of=dev/sdb

#15. An organization is preparing to upgrade their firewalls at five locations around the United States. Each of the three vendor's RFP responses is in-line with the security and other requirements. Which of the following should the security administrator do to ensure the firewall platform is appropriate for the Organization?

Correlate current industry research with the RFP responses to ensure validity

Create a lab environment to evaluate each of the three firewall platforms

Benchmark each firewall platform's capabilities and experiences with similar sized companies

Develop criteria and rate each firewall platform based on information in the RFP responses

#16. An audit at a popular on-line shopping site reveals that a flaw in the website allows customers to purchase goods at a discounted rate. To improve security the Chief Information Security Officer (CISO) has requested that the web based shopping cart application undergo testing to validate user input in both free form text fields and drop down boxes. Which of the following is the BEST combination of tools and / or methods to use?

Code review and packet analyser

Blackbox testing and fingerprinting

Enumerator and vulnerability assessment

Fuzzer and HTTP interceptor

#17. A Company's SAN is nearing capacity, and will cause costly downtimes if servers run out disk space. Which of the following is a more cost effective alternative to buying a new SAN?

Enable multipath to increase availability

Enable deduplication on the storage pools

implement snapshots to reduce virtual disk size

Implement replication to offsite datacenter

#18. A Linux security administrator is attempting to resolve performance issues with new software installed on several baselined user systems. After investigating, the security administrator determines that the software is not initializing or executing correctly. For security reasons, the company has implemented trusted operating systems with the goal of preventing unauthorized changes to the configuration baseline. The MOST likely cause of this problem is that SE Linux is set to:

Enforcing mode with an incorrectly configured policy

Enforcing mode with no policy configured

Disabled with a correctly configured policy

Permissive mode with an incorrectly configured policy

#19. A company's user community is being adversely affected by various types of emails whose authenticity cannot be trusted. The Chief Information Security Officer (CISO) must address the problem. Which of the following solutions would BEST support trustworthy communication solutions?

Enabling spam filtering and DMARC

Using MFA when logging into email clients and the domain

Enforcing HTTPS everywhere so web traffic, including email, is secure

Enabling SPF and DKIM on company servers

Enforcing data classification labels before an email is sent to an outside party

#20. A security administrator is investigating an incident involving suspicious word processing documents on an employee's computer, which was found powered off in the employee's office. Which of the following tools is BEST suited for extracting full or partial word processing documents from unallocated disk space?

memdump

dd

foremost

nc

Results