Correct Answer:

Buffer overflow is correct. The contact address field does not have proper input validation controls, causing the lengthy e-mail address to overflow the memory buffer allocated for that field.

Incorrect Answers:

Privilege escalation is incorrect. The user is not gaining additional privileges because of the issue.

SQL injection is incorrect. No SQL commands are being entered.

Cross-site scripting is incorrect. No scripting is occurring in this scenario.

Correct Answer:

Unknown environment testing is correct. Unknown environment testing is an excellent way to test your system’s security by simulating an actual attack, because the tester is seeing this system for the first time.

Incorrect Answers:

Partially known environment testing is incorrect. Partially known environment testing means the tester has some knowledge of the system’s design.

Known environment testing is incorrect. Known environment testing assumes the tester has previous knowledge of the system’s design.

Vulnerability testing is incorrect. Vulnerability testing is a passive way of testing a system for security vulnerabilities and assumes prior knowledge of how the system works.

Correct Answer:

Hardware redundancy is correct. Hardware redundancy means that you always have spare servers or spare parts available in the event that hardware fails. For example, a server may have redundant power supplies so that if one supply fails, the system continues to run. Within the scenario, if the requirement is to be able to maximize effectiveness within a cloud-degraded or cloud-disrupted environment, being sure you have redundancy for your local equipment is key.

Incorrect Answers:

Cloud computing and virtualization are incorrect. Cloud computing and virtualization do not provide high-availability benefits within this scenario.

Load balancing is incorrect. Load balancing spreads processing load between resources; it doesn’t replace those resources if they fail.

Correct Answer:

Ignore and delete the message is correct. Hoax e-mails should be ignored and deleted to prevent them from using up valuable resources on the mail server and networks.

Incorrect Answers:

Forward it to the entire company to warn them of the message, only forward it to users outside of the organization, and only forward the message to users in her department are incorrect. All of these actions waste the time and resources of the mail server, network, and other users.

Correct Answer:

Session cookie authentication is correct. Cross-site request forgery (XSRF/CSRF) is a type of attack that tricks a user into navigating to a website that contains malicious code. To prevent XSRF/CSRF attacks, a web application must verify that a request came from an authorized user. Web applications can require a second identifying value saved in a cookie that is compared with every single request to the website.

Incorrect Answers:

Cookie privacy is incorrect. Cookie privacy controls will not help prevent a cross-site request forgery attack.

Fuzzing is incorrect. Fuzzing is a method of testing input validation.

Input validation is incorrect. Input validation checks that the input into a form meets requirements and does not allow cross-site scripting (XSS) or other attacks from a malicious input.

Correct Answer:

Metasploit is correct. Exploitation frameworks are platforms that can be used to craft and execute exploits against targets. They generally contain suites of tools and serve as a “Swiss Army knife” of exploitation, a one-stop shop for hackers and security professionals alike. Metasploit is one of the leading exploitation frameworks available.

Incorrect Answers:

tracert is incorrect. tracert (also known as traceroute) displays the route of packets and timing between point A and point B. It’s very useful to help an administrator understand where along a route potential delays are arising.

PowerShell is incorrect. PowerShell is a cross-platform task automation and configuration management framework, consisting of a command-line shell and scripting language.

WinHex is incorrect. WinHex is a hexadecimal editor for the Windows family of operating systems that is frequently used for forensic purposes. Its main functions include the ability to inspect files and recover data from corrupted disk drives.

Correct Answer:

Embedded systems is correct. Embedded systems include gaming systems, printers, appliances, in-vehicle systems, medical devices, cameras, home automation, and HVAC (heating, ventilating, and air conditioning) controls that are network enabled, and sometimes Internet connected, for remote access.

Incorrect Answers:

System-on-a-chip and FPGA are incorrect. System-on-a-chip and field programmable gate array (FPGA) are types of chips used within embedded systems.

ERP systems is incorrect. Enterprise resource planning (ERP) systems are generally large systems that manage business processes.

Correct Answer:

The Diamond Model of Intrusion Analysis is correct. The Diamond Model categorizes the relationships and characteristics of an attack’s four main components: the model describes that an adversary deploys a capability over some infrastructure against a victim. These are known as events and form the diamond. Analysts then populate each part of the diamond with the information they gather during the analysis process.

Incorrect Answers:

NIST Cybersecurity Framework is incorrect. The NIST Cybersecurity Framework (CSF) is a controls framework originally designed for organizations that are part of the U.S. Critical Infrastructure. CSF contains a set of controls that are sorted into five categories to reduce risk and help organizations respond more rapidly when incidents do occur.

MITRE ATT&CK is incorrect. MITRE created the ATT&CK framework to help catalog emerging tactics, techniques, and procedures being used within attacks globally.

Cyber Kill Chain is incorrect. The Cyber Kill Chain was developed for use by the major defense contractor, Lockheed Martin, with the end state of portraying how attackers step through their actions to reach their final goal.

Correct Answer:

Operational is correct. Controls in the operational risk category address how the organization conducts its daily business and are designed to minimize the security risk to those business activities. This category could include, for example, company-wide policies that are created, distributed, and used to educate employees on how to conduct their day-to-day activities while being vigilant about organizational security, and improvement initiatives to make organizational processes more efficient and effective.

Incorrect Answers:

Managerial is incorrect. Managerial risk controls are the high-level risk management, assessment, and mitigation plans that define your overall organization security.

Technical is incorrect. The category of technical risk controls encompasses the actual technical measures used to reduce security risks in your organization.

Physical is incorrect. The physical control type includes physical access controls (perimeter fencing, security passes, and surveillance) and environmental controls (fire suppression and temperature controls).

Correct Answer:

TAXII is correct. The Trusted Automated eXchange of Intelligence Information (TAXII) is a major technical specification for automated indicator sharing.

Incorrect Answers:

Dark web is incorrect. While the dark web can also be a great place to gather information, it does not provide a mechanism for automated indicator sharing.

Threat maps is incorrect. Threat maps are graphical displays of attacks that have taken place.

Vulnerability feeds is incorrect. Vulnerability feeds are repositories, such as the U.S. National Vulnerability Database (NVD), that catalog past and current vulnerabilities.