Correct answer:

644 is correct. The permissions for the yum.conf file are owner: read and write, group: read, and others: read. Since octal notation consists of read: 4, write: 2, and execute: 1, and are additive, the owner, having read + write permissions would be 6, and the only permissions listed for group and others is read, which would be 4 each, so octal permissions would be 644.

Incorrect answers:

777 is incorrect. Octal permissions of 777 would require that the file owner, group, and others each have read, write, and execute permissions, which add up to 7 each, since octal permissions are additive.

421 is incorrect. Octal permissions of 421 would require that the file owner, group, and others each have read, write, and execute, respectively.

0 is incorrect. Octal permissions of 000 would mean that neither the owner, nor group, nor others have any permissions whatsoever, which is an unlikely scenario.

Correct answer:

Scripting is correct. Scripting is a simple yet effective means of automating repetitive tasks, typically at the operating system level, using built-in operating system commands and saving them to a file for later execution.

Incorrect answers:

Data transformation is incorrect. Data transformation is the process of converting data from one form or format to another so it may be used in a different application or database.

Workflow orchestration is incorrect. Workflow orchestration is a general term referring to the overarching integration and management of automated tools, processes, and activities under one centralized management umbrella.

Data enrichment is incorrect. Data enrichment is the process of adding context and content to a piece of data, so that it may be viewed from multiple angles and at different levels of detail. This enables an analyst to view all aspects of a piece of data and more accurately correlate it with other pieces of data.

Correct answer:

Embedded platform is correct. Embedded platforms are devices dedicated to specialized tasks, with operating systems implemented as firmware on a chip.

Incorrect answers:

Distributed application architecture is incorrect. In a distributed application architecture, applications perform their functions across different connected platforms.

Mobile platform is incorrect. Mobile platforms are general-purpose devices such as tablets and smartphones, which may use some embedded systems in their construction, but they are not embedded dedicated devices.

Client/server platform architecture is incorrect. The client/server architecture is a tiered platform architecture that may be used in both traditional and mobile devices. Client/server architectures normally do not use embedded systems on a wide basis.

Correct answer:

Password spraying is correct. Password spraying is a type of brute-force technique in which an attacker tries a single password against a system, and then iterates through multiple systems on a network using the same password. By doing this, an attacker may avoid account lockouts from a single system.

Incorrect answers:

Credential stuffing is incorrect. Credential stuffing is a type of brute-force attack in which credentials obtained from a data breach of one service are used to authenticate to another system in an attempt to gain access.

Man-in-the-middle is incorrect. A man-in-the-middle attack is an attempt to interrupt a communications session and assume the role of both communicating parties in the hopes of spoofing communications between them.

Session hijacking is incorrect. Session hijacking is a class of attacks by which an attacker takes advantage of valid session information, often by stealing and replaying it.

Correct answer:

System rebuild is correct. During the containment phase of an incident, you are concerned with removing the threat from your systems and keeping the threat, such as malware, from spreading. Segmenting systems to protected areas, isolating them from other hosts, and even, when necessary, removing them from the network are all valid steps during containment. System rebuild, if necessary, takes place later, usually post-incident.

Incorrect answers:

System segmentation is incorrect. System segmentation is a valid step taken during the containment of an incident.

System isolation is incorrect. System isolation is a valid step taken during the containment of an incident.

System removal is incorrect. System removal is a valid step taken during the containment of an incident.

Correct answer:

Instructions that provide security features in the CPU and can be used to support a trusted execution environment (TEE) is correct. Processor security extensions are instructions that provide security features in the CPU and can be used to support a TEE. They can, for example, enable programmers to designate special regions in memory as being encrypted and private for a given process. These regions are dynamically decrypted by the CPU while in use, which means any unauthorized process, including the OS or a hypervisor, is unable to access the plaintext stored in them. This feature is one of the building blocks of TEEs, which enables trusted applications to have their own protected memory.

Incorrect answers:

Instructions that allow for secure virtualization to take place in the CPU is incorrect. This is not the correct description for processor security extensions.

A system-on-a-chip firmware implementation that can control all cryptographic functions on a device is incorrect. This is not the correct description for processor security extensions.

A process that allows for data encryption and decryption between the storage media and the CPU is incorrect. This is not the correct description for processor security extensions.

Correct answer:

MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) is correct. The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) model enables government agencies and industry security teams to share information about attacker tactics, techniques, and procedures (TTPs) with one another in an effective manner.

Incorrect answers:

The Diamond Model of Intrusion Analysis is incorrect. The Diamond Model of Intrusion Analysis emphasizes the relationships and characteristics of four basic components: Adversary, Capability, Victim, and Infrastructure. The components are represented as vertices on a diamond, with connections between them. Using the connections between these entities, you can use the model to describe how an adversary uses a capability within an infrastructure against a victim.

NIST Risk Management Framework is incorrect. The NIST Risk Management Framework is focused on risk identification, analysis, response, and management.

MITRE Structured Threat Information Expression (STIX) is incorrect. The Structured Threat Information Expression, or STIX, is a collaborative effort led by the MITRE Corporation to communicate threat data using a standardized lexicon. To represent threat information, the STIX 2.0 framework uses a structure consisting of twelve key STIX Domain Objects (SDOs) and two STIX Relationship Objects (SROs).

Correct answer:

Techniques usedA is correct. Users of the MITRE ATT&CK framework can profile potential attackers by examining the techniques used by their adversaries to engage in attack.

Incorrect answers:

Organizations targeted is incorrect. The MITRE ATT&CK framework focuses on techniques, tactics, and tools, as opposed to what organizations are targeted.

Originating locations is incorrect. The MITRE ATT&CK framework focuses on techniques, tactics, and tools, as opposed to the originating locations of the attacker.

Social media profiles is incorrect. The MITRE ATT&CK framework focuses on techniques, tactics, and tools, as opposed to the social media profiles of the attacker.

Correct answer:

Wipe the medium by overwriting it with a fixed pattern of 1’s and/or 0’s is correct. The best way to forensically wipe destination media is to wipe it by overwriting it with a fixed pattern of 1’s and/or 0’s. This completely erases all remnant data and replaces it with a fixed, predictable pattern.

Incorrect answers:

Wipe the medium by performing a low-level format on it is incorrect. A low-level format does not necessarily eliminate all data from media, and for modern media, may damage it.

Wipe the medium by formatting and repartitioning it is incorrect. Simply formatting and repartitioning media will not eliminate all remnant data and does not replace the data with a fixed predictable pattern.

Wipe the medium by deleting all data on it is incorrect. Simply deleting all data on the media does not ensure that there is no remnant data on it.

Correct answer:

PCRs is correct. Platform Configuration Registers (PCRs) are used to store cryptographic hashes of data used for TPM’s sealing functionality.

Incorrect answers:

EK is incorrect. The endorsement key (EK) is a public/private key pair that is installed in the TPM at the time of manufacture and cannot be modified. The private key is always present inside the TPM, while the public key is used to verify the authenticity of the TPM itself. The EK, installed in the TPM, is unique to that TPM and its platform. It is stored in static or persistent memory.

SRK is incorrect. The storage root key (SRK) is the master wrapping key used to secure the keys stored in the TPM. It is stored in static or persistent memory.

AIKs is incorrect. Attestation Identity Keys (AIKs) are used for the attestation of the TPM chip itself to service providers. The AIK is linked to the TPM’s identity at the time of development, which in turn is linked to the TPM’s EK. Therefore, the AIK ensures the integrity of the EK.