Correct Answer:

tcpdump is correct. tcpdump is a packet-capture utility built into most modern Linux distributions, but is also found in some macOS and Windows ports. It’s used to view network packets and to output to a file.

Incorrect Answers:

Wireshark is incorrect. Wireshark is also a packet-capture utility but is not native to an OS.

WinHex is incorrect. WinHex is a hexadecimal editor for the Windows family of operating systems.

curl is incorrect. The curl command within Unix and Linux allows the user to transfer data to or from a server using a variety of protocols, including HTTP, HTTPS, and FTP.

Correct Answer:

Transitive access is correct. Transitive access occurs when a user is inadvertently given advanced access to another part of the application or the system on which it is hosted. You must ensure that your application does not allow transitive access in the event of a crash or malfunction.

Incorrect Answers:

Buffer overflow is incorrect. A buffer overflow occurs when user input is greater than what the input field allows.

Command injection is incorrect. The user did not perform a command injection into the application; it simply crashed and presented the user with a command prompt.

Fuzzing is incorrect. Fuzzing is used to test input validation through the entry of random characters.

Correct Answer:

Spam mail accidentally trained as legitimate mail is correct. Your anti-spam filter is constantly training on spam and legitimate e-mail messages, and at some point, the training database could have been corrupted by spam that was trained as trusted, legitimate mail.

Incorrect Answers:

Operating system requiring new software updates is incorrect. Lack of new operating system updates will not result in spam messages bypassing spam filters.

Outbound content filter not configured properly is incorrect. Improperly configured outbound content filtering will not result in spam messages bypassing spam filters.

Poisoned DNS server is incorrect. Domain Name System (DNS) poisoning will not result in spam messages bypassing spam filters.

Correct Answer:

Hot site is correct. A hot site is a facility that’s ready to be operational immediately when the primary site becomes unavailable. All the equipment and networking infrastructure the company requires are already in place and can be activated quickly.

Incorrect Answers:

Remote backup, having spare routers and switches on hand, and hot and cold aisles are incorrect. None of these options provides redundancy for your full primary site if a disaster strikes.

Correct Answer:

Resolve the issue and release a hotfix is correct. Because this is a serious security flaw, you should resolve it as soon as possible and release a hotfix to your customers to prevent them from being exploited by the flaw.

Incorrect Answers:

Do not publish the issue but resolve it in the next major version and completely re-architect the application for the next major version are incorrect. These actions leave your customers vulnerable to the security flaw for an extended period of time.

Advise end users not to use command injection is incorrect. This course of action does not fix the issue but rather advertises to both customers and hackers the fact that your application has a command injection flaw.

Correct Answer:

Awareness training is correct. You can improve security by providing user training on the different types of social engineering attacks and how to prevent them.

Incorrect Answers:

Security guard and security passes are incorrect. Without proper user training, using security guards or security access passes does not prevent an experienced social engineer from gaining unauthorized access through techniques such as tailgating and impersonation.

Acceptable use policy is incorrect. An acceptable use policy (AUP) is a written agreement, read and signed by employees, that outlines the organization’s terms, conditions, and rules regarding use of company resources such as Internet and internal network use.

Correct Answer:

Virtualization is correct. Virtualization allows you to run several operating system instances on a single hardware device. Each virtual machine is run in its own CPU and memory environment and is secure from the other virtual machines running on the same system.

Incorrect Answers:

Cloud computing is incorrect. Cloud computing is where shared resources are provided on demand through the Internet, not on-site.

Web-caching proxy is incorrect. A web-caching proxy is only used to cache web-browsing data.

Firewall DMZ is incorrect. A firewall DMZ provides a method of splitting networks into different security zones.

Correct Answer:

Signed organizational policies is correct. For the most effective risk management and training, organizational policies must be created, distributed, and signed in order to educate your employees on how to conduct their day-to-day activities while being vigilant about security.

Incorrect Answers:

Social media posting, hard-copy rulebook available from human resources, and company-wide memo via e-mail are incorrect. These methods won’t ensure that the policies will be read and understood or that users will be held accountable.

Correct Answer:

Tabletop is correct. A tabletop exercise requires the involved parties to gather and step through a scenario to discern weaknesses in the plan. Tabletop exercises are generally paper-based, meaning that no actual steps are undertaken.

Incorrect Answers:

Simulation is incorrect. A simulation requires a team to consult the recovery plan documentation and actually execute it accordingly. It is not paper-based.

Checklist is incorrect. A checklist is often used within an exercise but is not a type of exercise itself.

Risk assessment is incorrect. A risk assessment is identifies and assesses the risk of security breaches against company assets.

Correct Answer:

TOTP is correct. A time-based one-time password (TOTP) allows a user to log in to a system with a username and password combination and then use a one-time token, generally generated from a separate device.

Incorrect Answers:

SSL is incorrect. Secure Sockets Layer (SSL) provides secure communications.

SSH is incorrect. Secure Shell (SSH) is an encrypted form of remote access.

One-way hash is incorrect. A one-way hash is used to validate the integrity of a message.