Match the attack to the definition. cache poisoning ==> Attacker sends falsified information to redirect users to malicious sites resource utilization attack ==> Attacker sends multiple packets that consume server…
Which risk management plan involves discontinuing an activity that creates a risk? risk retention risk avoidance risk sharing risk reduction Explanation & Hint: During a risk assessment it may be…
Which term describes a field in the IPv4 packet header used to detect corruption in the IPv4 header? header checksum version destination IPv4 address protocol Explanation & Hint: The header…
A security service company is conducting an audit in several risk areas within a major corporate client. What attack or data loss vector term would be used to describe providing…
Match the type of cyberattackers to the description. state-sponsored attackers ==> Gather intelligence or commit sabotage on specific goals on behalf of their government vulnerability brokers ==> Discover exploits and…
A social media site is describing a security breach in a sensitive branch of a national bank. In the post, it refers to a vulnerability. What statement describes that term?…
What is the first line of defense to protect a device from improper access control? passwords end user license agreement (EULA) encryption shredding Explanation & Hint: Improper access control is…
What does the term vulnerability mean? a computer that contains sensitive information a weakness that makes a target susceptible to an attack a potential threat that a hacker creates a…
A cyber criminal sends a series of maliciously formatted packets to the database server. The server cannot parse the packets and the event causes the server to crash. What is…
What three best practices can help defend against social engineering attacks? (Choose three.) Enable a policy that states that the IT department should supply information over the phone only to…
The employees in a company receive an email stating that the account password will expire immediately and requires a password reset within 5 minutes. Which statement would classify this email? …
What control category does system hardening belong to? technical administrative operational physical Explanation & Hint: Technical controls make use of technology to reduce vulnerabilities. System hardening is an example of…
How is the score that CVSS provides interpreted? scores are rated from 0 to 100, with 100 being the most severe scores are rated from 0 to 100, with 0…
A document entitled "Building an Information Technology Security Awareness and Training Program" succinctly defines why security education and training are so important for users. The document defines ways to improve…
Which example of administrative controls enables administrators to control what users can do at both broad and granular levels? RBAC secure software development life cycle policies and procedures minimum password…
Which example of technical control is recommended to mitigate and prevent vulnerabilities such as cross-site scripting, cross-site request forgery, SQL injection, and command injection? user input sanitization process-level remediation secrets…
Which kind of event is a successful identification of a security attack? false negative false positive true positive true negative Explanation & Hint: True positives are successful identification of security…
Which kind of event occurs when an intrusion detection device identifies an activity as acceptable behavior and the activity is acceptable? false positives false negatives true negatives true positives Explanation…
Which kinds of events are malicious activities not detected by a network security device? false positives false negatives true negatives true positives Explanation & Hint: False negatives are malicious activities…
What kind of events diminishes the value and urgency of real alerts? false positives false negatives true negatives true positives Explanation & Hint: False positives are situations in which a…