Professional Documents
Culture Documents
Ch # Episode Name
0
0.01 Promo
0.02 Introduction
1 Risk Management
2 Cryptography
2.07 Diffie-Hellman
2.08 Hashing
3.03 Authorization
3.04 Accounting
4.02 Shells
5.01 Malware
6.07 Honeypots
6.08 Firewalls
10 Physical Security
10.01 Physical Security Overview
12 Testing Infrastructure
12.01 Testing Infrastructure Overview
Description Time
0:04:42
Mike and Dan introduce the CompTIA Security+ (SY0-601) video course from Total 0:02:30
Seminars.
This episode goes over the domains of the CompTIA Security+ (SY0-601) exam 0:03:06
objectives and the various topics that are covered.
Managing risk involves identifying threat actors from script kiddies to state-
sponsored attackers. Mitigating threats is achieved by identifying assets and putting 0:08:20
security controls in place to mitigate risks.
The CIA security triad (confidentiality, integrity and availability) describes how
solutions such as encryption, hashing, and data backups can address potential attack 0:07:00
vectors that might be exploited by threat actors.
With the ever-changing IT threat landscape, how can you keep up with the latest
security issues? Threat intelligence refers to the wide variety of open-source
intelligence (OSINT) and proprietary IT security sources that use standards such as 0:11:01
STIX and TAXII for cybersecurity intelligence sharing.
Various security standards such as PCI DSS and the Cloud Controls Matrix (CCM)
define what types of security controls to put in place to mitigate risk both on- 0:09:21
premises and in the cloud. The specific type of attack vector determines whether
managerial, operational, or technical controls should be deployed.
How can you determine whether assets are adequately protected from threats? One
way is running periodic risk assessments to address the ever-changing threat 0:05:41
landscape to define the likelihood and impact of security incidents.
Is the cost of a security control justified? A quantitative risk assessment uses various
calculations against an asset to determine the maximum yearly spend for protecting 0:06:33
that asset.
The same risk can have a different impact to various organizations. Qualitative risk 0:03:54
assessment use subjective priority ratings for risks rather than dollar values.
In addition to deploying effective security controls to protect assets, what can be
done to ensure business continuity in the event of a security incident. A business 0:09:16
impact analysis involves proactive planning to help reduce downtime and data loss
when negative events occur.
Protecting personally identifiable information, or PII, is crucial and required by
security regulations such as GDPR, but of the vast amounts of data in an
organization, how do you know which data is sensitive? The answer is through data 0:11:26
roles and responsibilities assigned to personnel in conjunction with data discovery
and classification tools on-premises and in the cloud.
Security must be applied to all phases of the information life cycle, from collection to
its eventual archiving and deletion. This includes data security techniques such as 0:09:00
tokenization and masking while considering how laws apply to data based on its
location (data sovereignty).
Digital data resides on physical storage devices. Secure storage media disposal
mechanisms, such as shredding, cryptographic erasure, degaussing, and disk wiping, 0:06:01
must be put in place to ensure sensitive data cannot be retrieved by unauthorized
users.
Hiring the right employees and contractors for the job always matters. Enacting
internal security controls such as background checks, mandatory vacations, job
rotation, and separation of duties goes a long way in ensuring the integrity of 0:10:21
business processes.
In this episode, Mike describes encrypting and decrypting data with different keys
and the magic that happens when key pairs are generated. 0:12:47
Learn the Diffie-Hellman key exchange agreement and methods in this very complex
algorithm. 0:06:52
Hashes provide assurance of data integrity using fascinating mathematical
0:08:43
calculations. Passwords are a very common use for hashing.
Digital certificates are used in many different places to verify the identity of a public
key owner. They can also include verification from third parties for an added layer of 0:07:39
security.
Web of trust is a mostly outdated method of proving identities, however it is helpful
to understand as the predecessor of public key infrastructure (PKI) which is widely 0:04:44
used today.
In this episode, Mike discusses public key infrastructure (PKI), used to enable 0:03:39
commerce and other secure activities over the Internet.
Mike reviews different types of certificates including Web, e-mail, code-signing, 0:14:10
machine/computer, and user.
Mike tours various certificates in this episode. 0:08:47
In this episode, Mike explains how encrypted information is at risk and explores ways
to protect it. 0:05:23
Passwords are often stored in hash format but can still be susceptible to attacks. The
various password attacks include brute force, dictionary, and rainbow table. Salting 0:10:12
and key stretching add another layer of security to hashed passwords.
Dan demonstrates how to use a password cracking tool to turn hashed passwords
into cleartext. 0:06:08
Protecting sensitive data can be done using many techniques. In this episode , the 0:02:27
viewer is tested on the best security control for a given scenario.
Digital cryptocurrencies provide a centralized public way to pay for goods and
services. This video explains the relationship between cryptocurrency, public 0:01:44
ledgeres and the blockchain.
Multifactor authentication (MFA) hardens user sign-in by requiring more than one
factor, or category of authentication, such as something you know combined with 0:04:43
something you have.
What role does authorization play in identity and access management (IAM)?
Authorization relates to resource permissions granted to a security principal such as 0:04:48
a user or device.
The 3 As – authentication, authorization, and accounting/auditing, play a big role in
IT security. Tracking activity through auditing provides accountability for access to 0:05:21
resources such as files on a file server or database rows.
Have you ever had trouble remembering usernames and passwords for multiple web
apps? Password vaults serve as a protected credential repository in addition to
common authentication methods such as one-time password codes, certificate- 0:14:03
based authentication and SSH public key authentication.
Controlling access to resources begins with policies governing how credentials are
managed. Permissions to use resources can be configured through attribute-based 0:06:47
access control (ABAC), role-based access control (RBAC), discretionary access control
(DAC), and for high security environments, mandatory access control (MAC).
Accountability for resource access is possible only with people using their own
unique user accounts where the principle of least privilege has been applied, ideally
through group-assigned permissions. Account policies can determine conditions that 0:13:01
allow or deny resource access, such as the location of a user.
Older network authentication protocols such as password authentication protocol
(PAP) and challenge handshake authentication protocol (CHAP) have been
deprecated in favor of protocols such as Kerberos and extensible authentication 0:09:01
protocol (EAP). Variations of the RADIUS authentication protocol are still used to
authenticate users and devices to networks.
How can authentication be removed from individual apps? The answer is identity
federation, which uses a centralized identity provider that is trusted by resources, 0:05:51
such as Web apps, and can also support single sign-on (SSO).
There are a variet of ways in which user authentication can be implemented prior to
allowing user access to the Internet. This question presents a scenario require user 0:02:15
sign-off to a terms of agreement before gaining Internet access.
User and group management in Linux can be performed at the command line. This
demo makes use of the useradd and groupadd commands to create authentication 0:05:44
identities.
Authentication can be configured and managed within a single organization to
control access to IT resources. This episode covers identity federation and its 0:01:16
relationship to identity and resource providers.
The command-line interface (CLI) allows technicians to interact with Windows, Linux,
and macOS systems by typing in commands such as ping and ipconfig. Windows uses
a command prompt, macOS uses a terminal shell and Linux can use a variety of shells 0:16:07
including bash. Microsoft PowerShell is an object-oriented CLI supported on
Windows, Linux, and macOS.
Shells allow technicians to enter commands, such as a Linux bash shell or a Windows
command prompt. Reverse shells are the result of infected victim machines that 0:06:01
reach out to an attacker station.
Is there a better way to automate operating system commands than through scripts
and text manipulation? Yes! Microsoft PowerShell is an object-oriented cross- 0:12:22
platform command environment that uses a verb-noun type of syntax, such as with
the Get-Service cmdlet.
A Linux shell is a case-sensitive command line environment that supports scripting
and comes in various flavors including bash, Korn and C shells. 0:11:40
Security technicians must be comfortable with Windows commands for standard 0:16:08
maintenance and security tasks using commands such as ping, netstat, and icalcs.
Security technicians must be comfortable with Linux commands for standard
maintenance and security tasks using commands such as head, tail, grep, dig, and 0:09:19
setting file system permissions with chmod.
How do attackers discover networks and hosts? Network scanners such as Nmap are
used by attackers as well as legitimate security technicians to perform network 0:05:07
reconnaissance.
Nmap is the most commonly used network scanning tool. Scans can be saved as XML
files. Nmap can be used at the command line but it also has a frontend GUI named 0:08:58
Zenmap.
Network traffic can be captured, saved, and analyzed using a properly placed
hardware or software network protocol analyzer such as the free Wireshark tool. 0:08:01
Capture analysis can result in identifying indicators of compromise or the use of
insecure protocols.
Wireshark is a free open-source network traffic analyzer that can capture, analyze, 0:08:58
filter, and save captured network packets.
tcpdump is a built-in Unix and Linux command-line tool that can capture, analyze, 0:08:16
filter, and save captured network packets.
Log files can provide valuable insights related to suspicious network, host or
application activity, but only if log file integrity can be ensured. Centralized logging in 0:08:35
the enterprise on a secured logging host ensures an accurate copy of log files can be
used for security and performance analysis.
Network infrastructure and host and application logs can be stored centrally such as
with Linux or Windows log forwarding. This can then be fed into a centralized log 0:08:48
ingestion and analysis system, otherwise called SIEM.
Centralized Linux log hosts can be configured using the rsyslog daemon on Linux 0:08:20
hosts.
Managing Linux host authentication can involve the use of many command-line
utilities. This episode focuses on the sequence of steps needed to enable SSH public 0:02:57
key authentication.
Shell scripts contain Linux command that can be invoked simply by calling upon the
script name. In this demo, a simple utility menu loop is created in a bash shell script. 0:07:09
IT network reconnaissance begins with discover hosts and services on the network. 0:04:31
This episode uses the nmap command to map out hosts on the network.
Malware is malicious software that comes in many different shapes and sizes. This
episode tackles examples of malicious code and how it related to Visual Basic for 0:02:12
Applications (VBA).
Staying up-to-date with the latest types of security attacks is form of attack
mitigation. Keeping systems hardened helps protect against zero-day attacks.
Software develops must adhere to secure coding practices to ensure deployed code 0:09:07
does not contain security flaws.
Malicious actors can trick victims into installing malicious code such as driver shims.
Software programming flaws related to memory allocation can result in security
0:07:55
threats. Secure coding, patching, and user awareness go a long way in mitigating
these types of security issues.
RAID configurations can enhance the performance and availability of stored data,
depending on the level of RAID used. In this demo, software RAID level 1 (disk 0:07:31
mirroring) is configured in Linux.
Securing hosts properly should involve both a proactive and a reactive approach. This 0:01:44
episode discusses what can be done about zero-day attacks.
Is there a standard model for describing and mapping network hardware and
software? Yes, the 7-layer conceptual OSI model! Understanding network security
0:12:30
and selecting the appropriate security solutions requires a solid understanding of the
OSI model.
Which security considerations are important when planning your network design? IP
addressing and network segmentation using screened subnets can be used for
hosting public servers. VLANs can improve network performance and provide 0:07:05
network isolation for security purposes.
Active/active and active/passive load balancing can efficiently route client application
requests to backend servers. Load balancing improves application performance and 0:05:39
resiliency to a single application server failure.
Securing networks restricts access to the network while securing services on the
network. 802.1x network edge devices can limit network access. Rogue DHCP servers
can be mitigated with DHCP snooping configurations. Secure remote server 0:06:17
management is possible using a jump box/bastion host which has both public and
private network connections.
How can malicious attacker and malware activity be monitored without allowing the
compromise of production systems? Honeypots are fake decoy systems designed to 0:06:01
attract malicious activity for the purpose of logging and tracing activity.
Packet filtering firewalls apply to layer 4 (Transport layer) of the OSI model and
examine only packet headers to allow or deny network traffic. Content filtering
firewalls apply to OSI layer 7 (Application layer) and can examine packet headers as 0:11:16
well as content to allow or deny traffic. A Web application firewall (WAF) protected
Web apps from common Web application attacks.
Forward proxies sit between internal user devices and the Internet and fetch
Internet content on behalf of internal users. Reverse proxies map public network 0:06:15
service IPs to private IPs; they route client requests for a network service to the
backend server private IP.
Network address translation (NAT) maps external public IPs to internal private IPs to
protect the true identity of servers. Port address translation (PAT) allows multiple 0:06:48
internal network clients with private IPs to access the Internet using a single public IP
assigned the NAT device public interface.
The IPsec network security protocol suite can be used to secure any type of network
traffic through integrity, authentication and encryption. Many VPNs use IPsec to 0:08:54
establish an encrypted network tunnel.
VPNs provide an encrypted network tunnel over the Internet to provide secure
access to a remote network. Client-to-site VPNs allow individual device access where 0:09:59
site-to-site VPNs can securely link branch offices over the Internet or securely link an
on-premises network to the cloud through a L2TP or TLS VPN.
Intrusion detection can detect, log, report, and send alerts when suspicious activity is
detected on a host or on the network, whereas intrusion prevention can be
configured to stop the suspicious activity. Anomaly detection can be signature-based 0:13:01
or heuristic/behavior-based. Unified threat management (UTM) solutions combine
firewall, IDS, IPS, and other security functions.
Address Resolution Protocol (ARP) is used by the TCP/IP protocol suite. This episode 0:03:25
discussed ARP poisonning attacks and potential mitigations.
An Intrusion Detection System (IDS) is designed to detect suspicious network or host
activity and then log or notify the incident. In this episode, the Snort IDS is 0:07:20
configured and tested in Linux.
Secure Sockets Layer (SSL) has long been used to secure network communication on
LANs and WANs. This episode discusses how Transport Layer Security (TLS) 0:01:12
supersedes SSL in addition to continued backwards-compatibility support that
remains for SSL.
Securing Wi-Fi networks is crucial since physical access is not required to gain
network access. In this video Wi-Fi security standards such as WEP, WPA, and WPS 0:09:43
are discussed.
While there are many wireless network standards, which ones are designed for close
proximity? This video covers RFID, NFC and Bluetooth wireless network 0:06:50
communications.
Is your Wi-Fi network completely invisible if you disable SSID broadcasting? No!
Periodic beacon frames are still sent wirelessly with the WLAN name field excluded. 0:12:09
Freely available tools can be used to discover and crack WEP and WPA passphrases.
Some wireless networking attacks involve deception. In this episode, Mike describes 0:01:16
how there are variations of Evil Twin attacks including through DNS.
Public servers offer services to Internet users. These servers should be hardened and
placed on an isolated network such as a screened subnet or DMZ so that in the case 0:00:45
of compromise, lateral movement by the attacker will not allow access to other
sensitive hosts.
Public servers are subjected to many types of attacks that can be mitigated by
hardening the network and host using a wide variety of methods. This episode
covers common attacks include DDoS, URL hijacking/redirection, session replay, and 0:09:46
pass-the-hash.
Cloud security is generally split between the Cloud Service Provider (CSP) and the
cloud tenant, depending on which type of cloud service is being used. Security
solutions include firewalls, data loss prevention tools as well as a Cloud Access 0:10:18
Security Broker which enforces cloud computing security policies.
Public servers can be hosted as virtual machines in the public cloud. In this episode, a
scenario is presented where a virtual machine requires access to specific cloud-based 0:02:10
resources.
Embedded systems use an operating system burned into one or more chips and have
a defined function, such as running an elevator or proving Wi-Fi services. In this 0:13:16
episode, Industrial Control Systems, Internet of Things (IoT), Raspberry PI and
Arduinos are discussed.
ICSs use computing devices to automate tasks in a fast dependable way using
Programmable Logic Controllers (PLCs). This episode also covers Supervisory Control 0:06:42
and Data Acquisition (SCADA).
IoT devices are function-specific and can communicate over the Internet. Examples
include environmental control devices, medical devices, and video surveillance 0:10:03
systems. This episode also covers the Zigbee smart home automation protocol.
There are many modern wireless communication standards. This episode discussed
the Global Positioning System (GPS), 4G and 5G cellular, Wi-Fi Direct, and mobile 0:10:52
device tethering.
Some dedicated device security settings are limited, or patches are not available, and
should be placed on isolated networks that do not contain sensitive systems or data. 0:05:09
Mobile devices have limited CPU and battery power which limits characteristics such
as the ability to quickly process cryptographic algorithms.
Organizations normally allow the use of personal or work-issued mobile devices for
work purposes through provisioning schemes such as Bring Your Own Device (BYOD)
0:11:18
and Choose Your Own Device (CYOD). This episode also discusses Subscriber Identity
Module (SIM) cards and mobile device hardening.
Smartphones are small computers that almost everybody carries around with them.
Many standard desktop computer hardening techniques can be applied to 0:02:31
smartphones.
Some IT solutions are dedicated to serving specific functions. In this episode, Mike 0:02:13
discusses the security aspect of using Zigbee devices.
Physical security matters because all digital IT systems and data rely upon physical 0:01:00
equipment somewhere.
This episode covers physical security controls such as door lock types and bollards, as 0:09:53
well as encryption of data at rest.
Limited access to network computers can prevent malicious actors from installing
components such as hardware key loggers, which can capture all user keystrokes and 0:04:44
make them available to an attacker over a Wi-Fi network.
Computing equipment must be kept at the correct temperature and humidity levels
to function efficiently. This episode covers air flow management using hot and cold 0:05:25
aisles as well as environmental monitoring.
IT systems are greatly affected by physical security. This episode presents a scenario
in which only some security controls effectively mitigate a security problem. 0:02:24
A full IT security audit always includes physical security. In this episode, physical
security considerations are presented. 0:02:54
Some physical security controls protect physical property which includes harware IT
devices. In this episode, IP cameras and CCTV are discussed. 0:02:42
FTP continues to be used for file transfers over the Internet, but it is inherently
insecure. This episode also discusses how to harden the use of FTP by instead using 0:03:29
secure variations such as SSH File Transfer Protocl (SFTP) and File Transfer Protocol,
Secure (FTPS).
This episode covers how to harden Web and e-mail servers using load balancers,
0:11:58
proxy servers and NAT. POP, IMAP, SMTP and S/MIME are also covered.
Hijacked authenticated user sessions can result in Cross-Site Request Forgery (CSRF)
attacks. This episode explains how these attacks occur and how they can be 0:04:56
mitigated.
Web apps that do not properly validate or sanitize user-supplied input could be
susceptible to Cross-Site Scripting (XSS) attacks. 0:07:16
The OWASP Top 10 identifies common Web application attacks. This episode also
discusses secure coding practices that should be applied to each system (or software) 0:08:01
development life cycle (SDLC) phase.
This episode shows how specialized Web application vulnerability scanning tools can
be used to identity security flaws in a Web application. 0:05:43
Connecting to any Internet resource commonly uses DNS to resolve host names to IP
addresses. In this episode, the viewer is presented with a DNS scenario and must 0:03:21
determine which type of attack has occurred.
The OWASP to 10 is a list of the most common web application attacks. Using the
OWASP Zed Attack Proxy (ZAP) provides a method for testing a web application for 0:04:24
common vulnerabilities.
Securing web applications involves not only IT administrators but also software
developers. In this episode, Mike provides a distinction between input validation and 0:02:00
input sanitization.
With so many security vulnerabilities out there, a good IT security tech must know 0:04:37
how to robustly test their network and physical security measures.
Tricking people into doing something, or divulging sensitive information – this is
social engineering. This episode discusses a pretext, or believable story, that often 0:05:48
goes along with this type of activity.
Social engineering attacks can take place over the phone, in person, or through
technology. This episode discusses concepts such as spam, phishing and DNS URL 0:10:47
redirection.
This episode discusses how to use tools to identify security flaws on hosts or for a
specific application. Topics include credential vs non-credential scans and keeping 0:08:52
the vulnerability database up to date.
This episode focuses on how penetration testing discovers and exploits security
vulnerabilities. Concepts covered include known, partially known, and unknown 0:09:39
testing types as well as the role that red, white, blue, and purples teams play.
Open-source and proprietary (paid) security assessment tools are used by security
analysts and malicious actors; what differs is the reason they are being used. The
scanless tool uses Web sites to perform port scanswhile the hping3 tool allows for 0:11:30
the creation of spoofed packets, among other capabilities.
Penetration testers can use the cross-platform Metasploit framework command-line
tool for discovering and exploiting security flaws on hosts. 0:08:01
Penetration testing provides insight as to how secure an organization's physical and 0:01:46
IT infrastructure really is. In this episode, a pen testing scenario is provided.
The hping3 tool provides many services, including the creation of network packets
based on command-line parameters. This episode demonstrates to to craft packets 0:06:05
using the hping3 tool.
One aspect of security testing is determining if internal employees have an
awareness of common security problems. In this episode, Mike discusses phishing 0:01:41
and whaling.
An IRP provides guidance on how security incidents are dealt with effectively while
they are occurring. The IRP includes roles, responsibilities, a contact list and
escalation procedures. IRPs should be updated periodically through lessons learned 0:06:01
from past incidents.
The application of computer science to legal situations include evidence gathering is 0:12:14
referred to as digital forensics. This episode covers e-discovery, and steganography.
This episode covers chain of custody, evidence order of volatility, and digital 0:09:44
forensics tools used to acquire evidence.
Business continuity ensures that business processes can continue despite
interruptions. Continuity of operations (COOP), disaster recovery plans (DRPs), as 0:06:11
well as hot, warm, and cold alternate sites are discussed.
c01_e01_defining_risk Chapter_01_Handout.pdf
c01_e02_threats_and_vulnerabilities
c01_e03_threat_intelligence
c01_e04_risk_management_concepts
c01_e05_security_controls
c01_e06_risk_assessments_treatmen
ts
c01_e07_quantitative_risk_assessme
ments
c01_e08_qualitative_risk_assessment
s
c01_e09_business_impact_analysis
c01_e10_data_types_and_roles
c01_e11_security_and_the_info_life_
cycle
c01_e12_data_destruction
c01_e13_personnel_risk_and_policie
s
c01_e14_third_party_risk_managem
ent
c01_e15_agreement_types
c01_e16_ch_1_exam_question_revie
w.mp4
c01_e18_ch_1_ama.mp4
c02_e01_cryptography_basics Chapter_02_Handout.pdf
c02_e02_data_protection
c02_e03_cryptographic_methods
c02_e04_symmetric_cryptosystems
c02_e05_symmetric_block_modes
c02_e06_asymmetric_cryptosystems
c02_e07_diffie_hellman
c02_e08_hashing
c02_e09_understanding _digital
_certs
c02_e10_trust_models
c02_e11_public_key_infrastructure
c02_e12_certificate_types
c02_e13_touring_certificates
c02_e14_cryptographic_attacks
c02_e15_password_cracking
c02_e16_password_cracking_demo
c02_e17_ch_2_exam_question_revie
w.mp4
c02_e18_ssh_public_key_authentica
tion.mp4 Chapter 2 Lab Handout.pdf
c02_e19_ch_2_ama.mp4
c03_e01_id_authentication_authoriz
ation Chapter_03_Handout.pdf
c03_e02_enabling_multifactor_authe
ntication
c03_e03_authorization
c03_e04_accounting
c03_e05_authentication_methods
c03_e06_access_control_schemes
c03_e07_account_management
c03_e08_network_authentication
c03_e09_identity_management_syst
ems
c03_e10_ch_3_exam_question_revie
w.mp4
c03_e11_creating_linux_users_group
s_lab.mp4 Chapter 3 Lab Handout.pdf
c03_e12_ch_3_ama.mp4
c04_e01_touring_the_cli Chapter_04_Handout.pdf
c04_e02_shells
c04_e03_the_windows_command_li
ne
c04_e04_microsoft_powershell
c04_e05_linux_shells
c04_e06_python_scripts
c04_e07_windows_command_line_t
ools
c04_e08_linux_command_line_tools
c04_e09_network_scanners
c04_e10_network_scanning_with_n
map
c04_e11_network_protocol_analyzer
s
c04_e12_wireshark_analyze_network
_traffic
c04_e13_tcpdump_analyze_network
_traffic
c04_e14_log_files
c04_e15_centralized_logging
c04_e16_configuring_linux_log_forw
arding
c04_e17_ch_4_exam_question_revie
w.mp4
c04_e18_linux_shell_script_lab.mp4
Chapter 4 Lab Handout Part
1.pdf
c04_e19_nmap_lab.mp4
Chapter 4 Lab Handout Part
2.pdf
c04_e20_ch_4_ama.mp4
c05_e01_malware Chapter_05_Handout.pdf
c05_e02_weak_configurations
c05_e03_common_attacks
c05_e04_driver_and_overflow_attack
s
c05_e05_password_attacks
c05_e06_bots_and_botnets
c05_e07_disk_raid_levels
c05_e08_securing_hardware
c05_e09_securing_endpoints
c05_e10_ch_5_exam_question_revie
w.mp4
Chapter 5 Lab
c05_e11_linux_software_raid_lab.mp Chapter 5 Lab Handout Part
Handout Part
4 1.pdf
2.pdf
c05_e12_ch_5_ama.mp4
c06_e01_osi_model Chapter_06_Handout.pdf
c06_e02_arp_cache_poisoning
c06_e03_other_layer_2_attacks
c06_e04_network_planning
c06_e05_load_balancing
c06_e06_securing_network_access
c06_e07_honeypots
c06_e08_firewalls
c06_e09_proxy_servers
c06_e10_network_and_pat
c06_e11_ip_security
c06_e12_virtual_private_networks
c06_e13_intrusion_detection_preven
tion
c06_e14_ch_6_exam_question_revie
w.mp4
c06_e16_ch_6_ama.mp4
c07_e01_wi_fi_encryption_standards Chapter_07_Handout.pdf
c07_e02_rfid_nfc_and_bluetooth
c07_e03_wi_fi_coverage_and_perfor
mance
c07_e04_wi_fi_discovery_and_attack
s
c07_e05_cracking_wpa2
c07_e06_wi_fi_hardening
c07_e07_ch_7_exam_question_revie
w.mp4
c07_e09_ch_7_ama.mp4
c08_e01_defining_a_public_server Chapter_08_Notes_Slides.pdf
c08_e02_common_attacks_and_miti
gations
c08_e03_cont_and_soft_defined_net
working
c08_e04_hypervisors_and_virtual_m
achines
c08_e05_cloud_deployment_models
c08_e06_cloud_service_models
c08_e07_securing_the_cloud
c08_e08_ch_8_exam_question_revie
w.mp4
c09_e01_embedded_systems Chapter_09_Handout.pdf
c09_e02_industrial_control_system
c09_e03_iot_devices
c09_e04_conn_to_dedicated_and_m
obile
c09_e05_sec_constraints_for_dedicat
ed_sys
c09_e06_mobile_deploy_and_harde
ning
c09_e07_ch_9_exam_question_revie
w.mp4
c09_lab_01_smartphone_hardening.
mp4 Chapter 9 Lab Handout.pdf
c09_e09_ch_9_ama.mp4
c10_e01_physical_security_overview Chapter_10_Handout.pdf
c10_e02_physical_security
c10_e03_keylogger_demo
c10_e04_environmental_controls
c10_e05_ch_10_exam_question_revi
ew.mp4
c10_lab_01_physical_security.mp4 Chapter 10 Lab Handout.pdf
c10_e07_ch_10_ama.mp4
c11_e01_dns_security Chapter_11_Handout.pdf
c11_e02_ftp_packet_capture
c11_e03_secure_web_and_email
c11_e04_request_forgery_attacks
c11_e05_cross_site_scripting_attacks
c11_e06_web_application_security
c11_e07_web_app_vulnerability_sca
nning
c11_e08_ch_11_exam_question_revi
ew.mp4
c11_e10_ch_11_ama.mp4
c12_e01_testing_infrastructure_over Chapter_12_Notes_Slides.pdf
view
c12_e02_social_engineering
c12_e03_social_engineering_attacks
c12_e04_vulnerability_assessments
c12_e05_penetration_testing
c12_e06_security_assessment_tools
c12_e07_the_metasploit_framework
c12_e08_ch_12_exam_question_revi
ew.mp4
c12_e09_hping3_forged_packet_lab.
mp4 Chapter 12 Lab Handout.pdf
c12_e10_ch_12_ama.mp4
c13_e01_incident_response_overvie
w Chapter_13_Handout.pdf
c13_e02_incident_response_plans
c13_e03_threat_analysis_mitigating_
actions
c13_e04_digital_forensics
c13_e05_gathering_digital_evidence
c13_e06_business_cont_alt_sites
c13_e07_data_backup
c13_e08_ch_13_exam_question_r
eview.mp4
c13_e10_ch_13_ama.mp4
Question Answer 1 Answer 2
1 Risk Management
2 Cryptography
Which term describes the result of plaintext that has
1 been fed into an encryption algorithm along with an Hash Ciphertext
encryption key?
You are ordering laptops for sales executives that travel
for work. The laptops will run the Windows 10 Order laptops with Order laptops with
2 Enterprise operating system. You need to ensure that HSM chips and HSM chips and
protection of data at rest is enabled for internal laptop configure BitLocker configure EFS
disks. The encryption must be tied to the specific disk encryption. encryption.
laptop. What should you do?
4 You are decrypting a message sent over the network. Your public key Sender public key
Which key will be used for decryption?
5 You are verifying a digital signature. Which key will be Your public key Sender public key
used?
6 Which technique is used to enhance the security of Password length Key pinning
password hashes?
Your company has numerous public-facing Web sites Generate self-signed Acquire public
that use the same DNS domain suffix. You need to use
8 certificates for each certificates for each
PKI to secure each Web site. Which solution involves Web sit Web site
the least amount of administrative effort?
You are configuring SSH public key authentication for a User home
4 Linux host that will be managed from a Windows User home directory directory on the
on the Linux server
computer. Where must the public key be stored? Windows host
You are building a Web application that will allow users Multifactor
7 to sign in with their Google account. Which term best Identity federation
describes this scenario? authentication
You are a Linux sys admin attempting to execute Use the sudo Use the chmod
2 privileged commands in Linux but you keep receiving command command
“Permission denied” messages. What should you do?
The chgrp
You have created a Python script named You must be logged command was not
4 “remove_temp.py.” When you attempt to run the in as root to execute used to set the
script at the Linux command line, it does not execute at
all. What is the most probable reason? Python scripts. script owning
group.
7 You are logged into a Linux host and need to view its IP dig nslookup
address. Which command should you use?
2 You are planning the configuration of HTTPS for a Web Client PKI certificates Server PKI
site. Which items should be acquired/configured? certificate
Which type of security flaw is not known by the
3 Firmware Denial of service
vendor?
4 Which type of security problem stems from improper Race condition Driver shimming
memory handling?
You need a network security solution that can not only Reverse proxy
8 detect, but also stop current suspicious activity. What Layer 4 firewall
should you implement? server
4 Which load balancing algorithm sends each client app Weighted Active/passive
request to the next backend virtual machine?
1 Which Wi-Fi term is synonymous with the WLAN name? BSSID WPA
Your hotel provides free Wi-Fi to guests. The Wi-Fi Send automated
network is secured. You would like to provide a simple emails to registered Provide guests with
3 convenient way for guests to immediately connect to guests with Wi-Fi a printout of Wi-Fi
connection
the Wi-Fi network using their smartphones. What connection information.
should you do? information.
To forcibly To forcibly
disconnect Wi-Fi
6 When pen testing Wi-Fi networks, why is disconnect Wi-Fi clients to prevent
deauthentication sometimes used? clients to observe their Wi-Fi
authentication
connectivity.
7 Which Wi-Fi EAP configuring uses both client and server EAP-FAST EAP-TTLS
PKI certificates?
When connecting to a public Wi-Fi hotspot you are
8 presented with a Web page where you must agree to Reverse proxy server Port address
the terms of use before gaining Internet access. What is translation
this?
10 Physical Security
1 Which type of device records everything a user types? Common Access Card Ransomware
2 Which physical security item mitigates the ramming of Bollard Security guards
vehicles into buildings?
4 Which server room consideration focuses on pulling Cold aisles Hot aisles
warm equipment exhaust air away from equipment?
Your company runs sensitive medical research
5 equipment and servers on a network named RNET-A. VLANs Layer 4 firewall
You need to ensure external network access to RNET-A
is not possible. Which technique should you use?
12 Testing Infrastructure
1 Which type of planning is designed to deal with security Disaster recovery Business continuity
events as they occur? plan plan
When gathering digital evidence, what is the correct Hard disk, USB thumb Hard disk, USB
4 order of volatility that dictates the order in which drive, RAM, CPU thumb drive, RAM,
evidence should be acquired? registers temporary files
5 Which term refers to hiding files within other files? Digital signature Hashing
Answer 3 Answer 4 Correct Answer
Multiply the Annual Multiply the Single Loss Multiply the Single
Rate of Occurrence Expectancy (SLE) by the Loss Expectancy
(SLE) by the Annual
(ARO) by the Asset Annual Rate of Rate of Occurrence
Value (AV). Occurrence (ARO).
(ARO).
User home
Root directory on the Root directory on the directory on the
Linux server Windows host
Linux server
PS1 SH PS1
The script does not The script does not The script does not
include the include the include the
#!/usr/bin/bash #!/usr/bin/env python #!/usr/bin/env
python directive. directive. python directive.
Enable security
protocols that Enable security protocols Server PKI
that precede TLS v1.0 certificate
precede SSL v3.0
Application Zero-day Zero-day
4 7 4
4 7 4
Network address Forward proxy
translation Forward proxy server server
Use RFID tags that Use NFC tags that Use NFC tags that
contain Wi-Fi contain Wi-Fi connection contain Wi-Fi
connection connection
information. information. information.
To forcibly
To test RADIUS
authentication To perform offline disconnect Wi-Fi
resiliency. dictionary attacks. clients to observe
authentication
Hardware security
Keylogger module Keylogger
Visual equipment
inspection is made Air flow is improved Air flow is improved
easier
Correct Answer: Script kiddies have basic IT knowledge and the ability to read tutorials to learn how to execute attacks.
Incorrect Answers: Hacktivists are motivated by a belief or ideology and execute attacks in an attempt to bring about social change. State-s
funded by one or more nations, often for the purposes of protecting national interests. Criminal syndicate actors are related to organized
technology to ply their nefarious trade.
Correct Answer: Trusted Automated Exchange of Intelligence (TAXII) is a standard that defines how threat intelligence information is relay
subscribers.
Incorrect Answers: Structured Threat Information Expression (STIX) defines a standard format used to express threat intelligence data. A H
Module (HSM) is a cryptographic tamper-proof appliance used to carry out cryptographic operations, as well as to securely store encryptio
Infrastructure (PKI) is a hierarchy of digital security certificates.
Correct Answer: Mitigating risk means putting security controls in place to eliminate or reduce the impact or realized threats.
Incorrect Answers: Risk acceptance occurs when the potential benefit of engaging in an activity outweighs the risks and no changes are m
transfer shifts some or all risk responsibility to a third party, as is the case with cybersecurity attack insurance. With risk avoidance, the risk
to potential benefits not outweighing the risks.
Correct Answer: Multiple the Asset Value (AV) by the Exposure Factor (EF). The SLE reflects the cost associated with an asset being unavail
going down for a period of time. The Single Loss Expectancy (SLE) is calculated by multiplying the Asset Value (AV) by the Exposure Factor
percentage expressing how much of an asset’s value is loss due to a negative event.
Incorrect Answers: The listed options do not reflect the values used to calculate the SLE.
Correct Answer: Multiply the Single Loss Expectancy (SLE) by the Annual Rate of Occurrence (ARO). The Annual Loss Expectancy (ALE) repr
the downtime of an asset over a one-year period. It is calculated by multiplying the Single Loss Expectancy (SLE) by the Annual Rate of Occ
Incorrect Answers: The listed options do not reflect the values used to calculate the ALE.
Correct Answer: A qualitative risk assessment organizes risks by a severity or threat rating which may differ from one organization to anoth
Incorrect Answers: A risk heat map plots risks on a grid using colours to represent severities; red is normally high severity and green is norm
register is a centralized list of risks that includes details such as a risk priority value, risk severity rating, mitigating controls, responsible per
Quantitative risk assessments use numbers (such as dollar values and percentages) to calculate the impact realized threats can have on as
determine if the cost of protecting an asset is less than the projected annual cost of negative security incidents.
Correct Answer: A Non-disclosure Agreement (NDA) is used to ensure that any sensitive data will not be disclosed to unauthorized parties.
Incorrect Answers: An Interconnection Security Agreement (ISA) defines how to secure communications when linking organizations, sites,
together. A Memorandum of Understanding (MOU) defines general terms of agreement between two parties, where a Memorandum of U
defines granular contractual details between two parties.
Correct Answer: Ciphertext results from feeding plaintext and an encryption key into an encryption algorithm.
Incorrect Answers: A hash is a unique representation of data that was fed into a one-way hashing algorithm; no key is used. “Message dige
hash. A digital signature is created with a sender’s private key and verified by the recipient with the related public key; it assures the recipi
authenticity and that the message has not been tampered with.
Correct Answer: Order laptops with TPM chips and configure BitLocker disk encryption. A Trusted Platform Module (TPM) chip in a compu
integrity of the machine boot process and to store disk volume encryption keys.
Incorrect Answers: A Hardware Security Module (HSM) is not a chip installed within a computer; it is a tamper-resistant device used for cry
and the storage of encryption keys. Encrypting File System (EFS) file encryption is tied to the user account, not tied to the machine.
Correct Answer: Symmetric encrypting uses a single “secret” key for encrypting and decrypting.
Incorrect Answers: Asymmetric keys (public and private keys) are used for security in the form of encryption, digital signatures and so on;
is used to encrypt and the related private key is used to decrypt. RSA is a public and private key pair cryptosystem. SHA256 is a hashing alg
Correct Answer: Your private key. Recipient private keys decrypt network messages (the recipient’s related public key encrypts network m
Incorrect Answers: The listed keys are not used for decryption.
Correct Answer: Sender public key. Verifying digital signatures is done using the sender’s public key (the sender’s private key creates the d
Incorrect Answers: The listed keys are not used to verify a digital signature.
Correct Answer: Salting adds random data to passwords before they are hashed thus making them much more difficult to crack.
Incorrect Answers: The listed items do not enhance the security of password hashes. The password length does not affect the password ha
fixed length. Key pinning is an older technique that associates a certificate stored on a client device with a Web site. Multifactor authentica
multiple factors for authentication, such as a username (something you know) and a private key (something you have).
Correct Answer: With Cipher Feedback Mode (CFB), each previous block ciphertext is encrypted and fed into the algorithm to encrypt the
Incorrect Answers: Electronic Code Book (ECB), given the same plaintext, always results in the same ciphertext and is thus considered inse
Chaining (CBC) is similar to ECB except that it used a random Initialization Vector (IV). Output Feedback Mode (OFB) uses a keystream of bi
blocks.
Correct Answer: Wildcard certificates allow a single certificate tied a DNS domain to be used by hosts within subdomains.
Incorrect Answers: Using self-signed or public certificates for each Web site requires more effort than using a wildcard certificate. Extende
require the certificate issuer to perform extra due diligence in ensuring that the certificate request is legitimate.
Correct Answer: Username + password device PIN. MFA uses multiple categories of authentication such as something you know (usernam
something you have (a device on which you receive a PIN).
Incorrect Answers: The listed items constitute only single factor authentication (SFA) because they use only one authentication category su
are (fingerprint scan, facial recognition) or something you know (username, password, answer to security question).
Correct Answer: Authorization (gaining access to a resource) occurs only after successful authentication.
Incorrect Answers: Accounting, also referred to as auditing, is used to track activity in an IT environment. Availability ensures that data or I
when needed. Authentication proves the identity of a user, device, or software component in an IT environment.
Correct Answer: One-time passwords (OTPs) enhance user sign in security since the code is supplied through a separate mechanism than t
(out of band), and the code can only be used once.
Incorrect Answers: Multifactor authentication (MFA) combines authentication categories such as a username (something you know) with a
you have), where single factor uses only one category. Digital signatures are used to prove the authenticity of received network messages.
Correct Answer: User home directory on the Linux server. SSH public keys must be stored on the server in the user home directory in a file
“authorized_keys”.
Incorrect Answers: None of the listed options specifies the correct location of the SSH public key.
Correct Answer: Access-based Access Control (ABAC) allows resource access based on user, device and resource attributes.
Incorrect Answers: Role-based Access Control (RBAC) uses roles, which are collections of related permissions, to control resource access. D
Control (DAC) allows the data custodian to set permissions in accordance with policies set forth by the data owner. Mandatory Access Con
resources and ties security clearance levels to specific labels to allow resource access.
Correct Answer: Geotagging uses GPS coordinates or IP address block information to add detailed location information to social media pos
Incorrect Answers: Geofencing is used to allow app access within a specific location. The Global Positioning System (GPS) uses satellites to
objects on the Earth’s surface. Triangulation is a technique used to determine the distances and relative positions of points spread over a g
Correct Answer: Identity federation uses a central trusted Identity Provider (IdP) to allow access to resources such as Web sites.
Incorrect Answers: Multifactor authentication (MFA) combines authentication categories such as a username (something you know) with a
you have). Security Assertion Markup Language (SAML) is an authentication scheme whereby an identity provider issues digitally signed se
then used to gain resource access. The Lightweight Directory Access Protocol (LDAP) is a protocol used to access a central network directo
Correct Answer: Remote Authentication Dial-In User Service (RADIUS) servers are centralized authentication servers that receive authentic
RADIUS clients such as network switches and Wi-Fi routers.
Incorrect Answers: The Lightweight Directory Access Protocol (LDAP) is a protocol used to access a central network directory. Identity fede
trusted Identity Provider (IdP) to allow access to resources such as Web sites. Active Directory is a Microsoft Windows Server role that use
containing user, computer and application configuration information.
Correct Answer: PS1. Microsoft PowerShell scripts normally use a .PS1 file extension.
Incorrect Answers: Batch files use a .BAT extension, Python scripts use a .PY extension and shell scripts often use the .SH file extension.
Correct Answer: The sudo command prefix allows non-root users to run privileged commands as long as they are granted this permission i
Incorrect Answers: The chmod command is used to set Linux file system permissions. Logging in as root is not recommended because it is
account. Security Enhanced Linux (SELinux) is not causing permission denied messages in this scenario.
Correct Answer: The ssh-keygen command creates an SSH public and private key pair.
Incorrect Answers: The listed commands do not create key pairs. md5sum and sha256sum are used to generate file hashes. The ssh comm
management of any device with an SSH daemon over an encrypted connection.
Correct Answer: To run a Python script either specify the script name after the python command, or specific python as the script engine us
python directive.
Incorrect Answers: The listed items are not as probable reasons for the Python script failing, and the script should not refer to /usr/bin/ba
instead refer to the Python binary.
Correct Answer: netstat –p tcp –n | find “3389”. Remote Desktop Protocol (RDP) uses TCP port 3389.
Incorrect Answers: RDP does not use port 389, nor does it use UDP or ICMP.
Correct Answer: The name server lookup (nslookup) command is used to test and troubleshoot DNS name resolution.
Incorrect Answers: While the dig command can also be used to test and troubleshoot DNS name resolution, this command is not native to
Linux. The tracert command show the hops (routers) that traffic traverses to reach an ultimate network target. The icacls command is used
file system permissions.
Correct Answer: The ifconfig command shows Linux network interfaces and IP address information.
Incorrect Answers: The dig command in Linux can be used to test and troubleshoot DNS name resolution. The name server lookup (nslook
test and troubleshoot DNS name resolution in both Windows and Linux. Ipconfig is used to view network interface and IP address informa
Correct Answer: chmod o+rx script1.sh. The change mode (chmod) command sets file system permissions. Use the ‘o’ mnemonic to set ‘ot
case, read and execute.
Incorrect Answers: The other listed commands do not set read and execute permissions for ‘other’.
Correct Answer: Wired Equivalent Privacy (WEP) is a deprecated insecure wireless security protocol and should not be used.
Incorrect Answers: Wi-Fi Protected Access 3 (WPA3) is a current wireless network security protocol. Remote Access Dial-in User Service (R
uses a central authentication server to service authentication requests from RADIUS clients. Disabling DHCP is a hardening technique beca
difficult for attackers to get on an IP network.
Correct Answer: Server PKI certificate. HTTP Web sites require a server PKI certificate to secure communications and normally use TCP por
Incorrect Answers: Client PKI certificates are not required to enable an HTTPS Web application. TLS v1.2 should be configured on clients an
network security protocol used for HTTPS; SSL v3.0 and TLS v1.0 are deprecated and should not be used.
Correct Answer: Zero-days are security flaws not yet known by vendors.
Incorrect Answers: The listed flaw types do not reflect security problems unknown to the vendor.
Correct Answer: Common buffer overflow problems occur when too much data is provided to a memory variable due to a lack of input val
programmer.
Incorrect Answers: Driver shimming is normally used to allow legacy software to run; it intercepts API calls. A race condition is a multi-thre
phenomenon whereby one code action that might occur before a security control or programmatic result is in effect from another thread.
restructures internal code while maintaining external behaviour.
Correct Answer: Brute-force attacks use automation tools to try every possible combination of letters, numbers and symbols to crack passw
Incorrect Answers: Dictionary attacks use dictionary word or phrase files to try them in combination with a username in an attempt to crac
Password spraying blasts many accounts with a best-guess common password before trying a new password; this is slower (per-user accou
traditional attacks and is less likely to trigger account lockout thresholds. Offline password attacks use an offline copy of passwords for crac
Correct Answer: Client devices are infected and are attempting to discover a command and control server. Client devices normally query IP
AAAA records to resolve FQDNs to IP addresses. Clients querying DNS TXT records is abnormal.
Incorrect Answers: The listed reasons are invalid in this scenario.
Correct Answer: RAID level 1 (disk mirroring) writes each file to all disks in the mirrored array.
Incorrect Answers: RAID 0 (disk striping) writes data across an array of disks to improve performance. RAID 5 (disk striping with distributed
across an array of disks but also write parity (error recovery information) across the disks in the array, thus providing a performance impro
resiliency against a single failed disk in the array. RAID 6 uses at least 4 disks for striping and stores 2 parity stripes on each disk in the arra
tolerance of 2 disk failures within the array.
Correct Answer: A network intrusion prevention system can not only detect but also be configured to stop suspicious activity.
Incorrect Answers: Layer 4 firewalls are packet filtering firewalls which do not detect or prevent suspicious activity. Reverse proxy servers m
and ports to internal servers to protect their true identities. Intrusion detection systems only detect and report, log, or notify of suspicious
Correct Answer: Port numbers apply to the OSI model transport layer (layer 4).
Incorrect Answers: The listed OSI layers are not related to port numbers.
Correct Answer: Network devices modify their ARP cache to use the attacker MAC address for the default gateway. ARP cache poisoning fo
destined for a router (default gateway) first through an attacker machine.
Incorrect Answers: The listed items do not properly describe ARP cache poisoning.
Correct Answer: The Spanning Tree Protocol (STP) is a network switch configuration option that can prevent network switching loops.
Incorrect Answers: The listed mitigations are not designed to prevent network switching loops.
Correct Answer: Round robin load balancing sends each client app request to the next backend server.
Incorrect Answers: Weighted load balancing uses a configured relative weight value for each backend server to determine how much traffi
Active/passive is a load balancing redundancy configuration where a standby server is not active until the active server fails. Least connecti
requests to the backend server that is currently the least busy.
Correct Answer: The Extended Set Service Identification (ESSID) is synonymous with the wireless network name.
Incorrect Answers: The Basic Service Set Identifier (BSSID) represents the Wi-Fi access point MAC address. Wi-Fi Protected Access (WPA) is
network security protocol. Temporal Key Integrity Protocol (TKIP) was introduced with WPA to address WEP security issues related to unch
Correct Answer: Wi-Fi Protected Setup (WPS) pairs Wi-Fi devices using a PIN.
Incorrect Answers: The listed Wi-Fi standards do not pair Wi-Fi devices using a PIN.
Correct Answer: Use NFC tags that contain Wi-Fi connection information. With a smartphone app, you can write data to a physical NFC tag
inexpensively. Users with NFC-enabled smartphones can retrieve NFC tag information such as Wi-Fi connection details.
Incorrect Answers: The listed options are not as convenient as using NFC tags.
Correct Answer: To forcibly disconnect Wi-Fi clients to observe authentication. Deauthentication kicks connected devices off the Wi-Fi netw
the reconnection authentication information.
Incorrect Answers: The listed explanations do not explain why deauthentication is often used with Wi-Fi pen testing.
Correct Answer: EAP-TLS can use client and server PKI certificates for mutual authentication.
Incorrect Answers: The listed EAP configurations do not require both client and server PKI certificates.
Correct Answer: Captive portals present a Web page when users connect to a Wi-Fi network; sometimes a user account is required (often
terms of use before connecting to the Internet).
Incorrect Answers: The listed security configurations would not result with the Web page presented when connection to a public Wi-Fi hot
Correct Answer: The HTTPOnly flag ensures that client Javascript cannot access the cookie which can help mitigate cross-site scripting (XSS
Incorrect Answers: The Samesite attribute helps mitigate cross-site request forgery (CSRF) attacks. The Secure attribute requires HTTPS con
attribute controls the target host to which the cookie will be sent.
Correct Answer: sudo docker run –d –p 4443:443 cust-dev-lamp1. The first port number is the local Docker host port number, the second
colon is the configured listening port number within the application container.
Incorrect Answers: The listed syntax options are incorrect.
Correct Answer: Type 2 hypervisors run as an app within an existing operating system.
Incorrect Answers: Type 1 hypervisors are a specialized operating system designed to host multiple virtual machine guests. Type A and B a
types.
Correct Answer: Private clouds are owned and used by a single organization.
Incorrect Answers: Public clouds are accessible by anybody over the Internet. Hybrid clouds combine Public and Private clouds. Communit
specific cloud computing needs of a group of tenants, such as for government cloud usage.
Correct Answer: Infrastructure as a Service (IaaS) includes storage, network and virtual machines. IaaS virtual machine software patching is
the cloud tenant.
Incorrect Answers: Software as a Service (SaaS) refers to end-user productivity software running in the cloud, Security as a Service (SECaaS
services, and Platform as a Service (PaaS) refers to database and software development platforms, all of which do not place the responsibi
patching on the cloud tenant.
Correct Answer: A Cloud Access Security Broker (CASB) sits between users and cloud services to enforce organizational security policies.
Incorrect Answers: Cloud Service Providers (CSPs) host cloud services. Service Level Agreements (SLAs) guarantee cloud service uptime. Inf
(IaaS) includes storage, network and virtual machines. IaaS virtual machine software patching is the responsibility of the cloud tenant.
Correct Answer: Programmable Logic Controllers (PLCs) are used extensively in manufacturing and various industries such as oil refining, e
treatment.
Incorrect Answers: Service Level Agreements (SLAs) guarantee uptime for services such as those offered in the cloud. An Industrial Control
collection of computerized solution used for industrial process control. A Hardware Security Module (HSM) is a tamper-resistant device us
operations and the storage of cryptographic keys.
Correct Answer: Zigbee is designed to make connecting smart home devices together simple and convenient, and it does not use TCP/IP.
Incorrect Answers: An Industrial Control System (ICS) refers to a collection of computerized solution used for industrial process control. Pro
Controllers (PLCs) are used extensively in manufacturing and various industries such as oil refining, electricity and water treatment. Interne
to devices that connect to and send and receive data over the Internet.
Correct Answer: The maximum proposed speed for 5G is 10 Gbps.
Incorrect Answers: The listed transmission rates are incorrect.
Correct Answer: 4G cell towers have an approximate range of 6 miles.
Incorrect Answers: The listed distances are incorrect.
Correct Answer: Elliptic Curve Cryptography (ECC) uses small keys to achieve strong crypto strength.
Incorrect Answers: RSA keys are larger than ECC keys. MD5 and SHA256 do not use keys; they are hashing algorithms.
Correct Answer: Sideloading refers to installing mobile device apps directly from installation files, without using an app store.
Incorrect Answers: Geotagging adds geographic metadata (such as GPS coordinates) to files, such as photos taken with a smart phone. Geo
geographical location to control app access. Registering refers to linking a mobile device to a centralized Mobile Device Management (MDM
Correct Answer: Keyloggers come in the form of hardware and software. User keystrokes are captured and can later be viewed by maliciou
Incorrect Answers: A Common Access Card (CAC) is a single card used to authenticate to many systems such as buildings, floors in a buildin
systems. Ransomware is malware that encrypts user data files and demands a ransom payment in exchange for a decryption key. A Hardw
(HSM) is a tamper-proof device used for cryptographic operations and the secure storage of cryptographic keys.
Correct Answer: Bollards are concrete or steel pillars embedded deep into the ground near sensitive areas to prevent vehicle ramming.
Incorrect Answers: Security guards cannot effectively prevent vehicles from ramming buildings. Access control vestibules (man traps) prev
from opening until the first outer door closes and locks. Door locks prevent physical entry to a room but do not mitigate vehicles ramming
Correct Answer: Air flow is improved by installing blanking panels in racks where there is no equipment.
Incorrect Answers: The listed items are not valid reasons for installing blanking panels.
Correct Answer: Hot aisles are designed to pull warm exhaust air away from equipment.
Incorrect Answers: The listed items are not focused on removing warm exhaust air from server rooms.
Correct Answer: Air-gapping ensures that there is not a physical wired or wireless connection to a sensitive network.
Incorrect Answers: The listed items can be used for optimizing network throughput (VLAN) and limiting network access (Layer 4 firewall, re
options do not ensure external network access to RNET-A is impossible.
Correct Answer: DNS Security (DNSSEC) digitally signs DNS zone records. Clients validate the signature to ensure DNS responses are authen
Incorrect Answers: IP security (IPsec) is a suite of network security protocols that can be used to encrypt and authenticate network messag
Infrastructure (PKI) is a hierarchy of digital security certificates. Hyper Text Transfer Protocol Secure (HTTPS) encrypts HTTP network transm
and servers.
Correct Answer: The Simple Network Management Protocol (SNMP) uses a management station that connects to network devices to retrie
allow remote configuration.
Incorrect Answers: DNS Security (DNSSEC) digitally signs DNS zone records. Clients validate the signature to ensure DNS responses are auth
is a suite of network security protocols that can be used to encrypt and authenticate network messages. Hyper Text Transfer Protocol Secu
HTTP network transmissions between clients and servers.
Correct Answer: A Cross-site Request Forgery (CSRF) attack occurs when the attacker takes over an existing authenticated user session and
the server that appear to originate from the authenticated user.
Incorrect Answers: A Cross-site Scripting (XSS) attack occurs when a victim views a Web page where a malicious user has injected maliciou
in JavaScript, that executes in the victim Web browser. A Denial of Service (DoS) attack renders a service unreachable by legitimate users, o
network or host with useless traffic. A Distributed Denial of Service (DDoS) is similar to a DoS attack but instead uses multiple hosts to atta
network.
Correct Answer: JavaScript. A Cross-site Scripting (XSS) attack occurs when a victim views a Web page where a malicious user has injected
written in JavaScript, that executes in the victim Web browser.
Incorrect Answers: The listed languages are not commonly used for XSS attacks.
Correct Answer: In the client Web browser. A Cross-site Scripting (XSS) attack occurs when a victim views a Web page where a malicious us
malicious code, normally written in JavaScript, that executes in the victim Web browser.
Incorrect Answers: The listed locations do not correctly identity where XSS attacks execute.
Correct Answer: Deception. Attackers use social engineering to trick (deceive) unsuspecting victims into somehow divulging sensitive infor
via SMS text messages, through email with infected links or attachments, and so on.
Incorrect Answers: While the listed terms can be related to social engineering in some cases, they are not always associated as is the word
Correct Answer: Dumpster diving involves malicious actors going through garbage seeking documents that could contain some kind of sen
Incorrect Answers: Impersonation is more related to social engineering than it is with not shredding paper documents. Shoulder surfing oc
actors can watch unsuspecting victims using computing devices to learn of passwords or to see sensitive information on their screens. Tail
malicious actors follow legitimate users into a secured facility before a locked door closes.
Correct Answer: Smishing occurs when social engineering phishing attacks take place over SMS text.
Incorrect Answers: Vishing occurs when social engineering attacks take place using phone calls. Spear phishing is a form of phishing that is
potential victims. Whaling relates to targeted phishing scams, such as to a company CEO.
Correct Answer: A Non-disclosure Agreement (NDA) ensures that pen testers will not divulge any sensitive information they might encoun
parties.
Incorrect Answers: A Memorandum of Understanding (MOU) consists of a general agreement with broad terms between 2 parties. An Inte
Agreement (ISA) defines how 2 parties will securely connect their networks and systems together. A Memorandum of Agreement (MOA) c
agreed upon by two parties in a business arrangement.
Correct Answer: The Linux curl command can be used to download files from a variety of sources including Web servers.
Incorrect Answers: The scanless tool is used to perform port scans through a Web site. The hping3 tool can be used to forge TCP/IP packet
used to go through DNS records within a DNS zone and also to perform DNS zone transfers, or copies.
Correct Answer: An Incident Response Plan (IRP) is a plan created to deal with incidents as they occur such as enabling incident containme
eradication.
Incorrect Answers: A Disaster Recovery Plan (DRP) is specific to a business process, IT system, or data, and it focuses on recovering from a
quickly as possible. A Business Continuity Plan (BCP) is a document specifying general terms organizations will take to ensure continued bu
backup plan is not a standard accepted term in this context.
Correct Answer: The Recovery Point Objective (RPO) specifies, in time, the maximum tolerable amount of data loss due to a negative occu
Incorrect Answers: The Service Level Agreement (SLA) is a document detailing guaranteed service uptime. A Hardware Security Module (H
resistant device used for cryptographic operations. The Recovery Time Objective (RTO) specifies, in time, the maximum amount of tolerab
business process or IT system.
Correct Answer: A Security, Orchestration, Automation, and Response (SOAR) solution allows the creation of playbooks that can automate
response tasks.
Incorrect Answers: Security Information Event Management (SIEM) is a solution that ingests activity data from numerous sources in order
compromise. An Industrial Control System (ICS) is a collection of computerized solutions used for industry, such as with manufacturing, oil
plants. A Programmable Logic Controller (PLC) is a network device that connects with some kind of industrial component such as robotics,
centrifuges, and so on.
Correct Answer: CPU registers, RAM, temporary files, hard disk. The most volatile, or fragile types of evidence should be gathered first, suc
followed by RAM contents since they depend on power. Temporary files might persist without power, and files on hard disks are non-vola
when the machine is not turned on.
Correct Answer: Steganography is a technique used to hide files within other files; it is a form of obfuscation.
Incorrect Answers: Digital signatures are created with the sender’s private key and are used by the message recipient to ensure the messa
not been tampered with. Hashing feeds data into a 1-way algorithm which results in a fixed-length unique value called a “hash”. Encryptio
data; the correct decryption key is needed to reverse the process thus revealing the original data.