checkingSecure register wiping capabilities107 What concept describes a security process that ensures that another process or device cannot perform read or write operations on memory while an operation is occurring?Nonblocking memoryMemory coherenceAtomic executionTrusted executionUse the following scenario to answer questions 108–111.Tom connects to a website using the Chrome web browser. The site uses TLS encryption and presents the digital certificate shown here.
108 Who created the digital signature shown in the last line of this digital certificate?Starfield ServicesAmazonnd.eduRSA
109 Which one of the following websites would not be covered by this certificate?nd.eduwww.nd.eduwww.business.nd.eduAll of these sites would be covered by the certificate.
110 What encryption key does the certificate contain?The website's public keyThe website's private keyTom's public keyTom's private key
111 After Tom initiates a connection to the website, what key is used to encrypt future communications from the web server to Tom?The website's public keyThe website's private keyTom's public keyThe session key
112 Holographic stickers are a common tool used for what type of security practice?Anti-tamperAnti-theftAsset managementAsset tracking
113 Olivia has been tasked with identifying a solution that will prevent the exposure of data on a drive if the drive itself is stolen. What type of technology should she recommend?MFASEDP2PEeSATA
114 Amanda's organization wants to ensure that user awareness, documentation, and other tasks are accomplished and tracked as new infrastructure is added and modified. What type of tool should they acquire?A project management toolAn IDEA change management toolA ticketing tool
115 Christina wants to check the firmware she has been provided to ensure that it is the same firmware that the manufacturer provides. What process should she follow to validate that the firmware is trusted firmware?Download the same file from the manufacturer and compare file size.Compare a hash of the file to a hash provided by the manufacturer.Run strings against the firmware to find any evidence of tempering.Submit the firmware to a malware scanning site to verify that it does not contain malware.
116 Amanda's organization uses an air-gap design to protect the HSM device that stores their root encryption certificate. How will Amanda need to access the device if she wants to generate a new certificate?Wirelessly from her laptopOver the wired network from her PCFrom a system on the air-gapped networkAmanda cannot access the device without physical access to it
117 What is the key difference between a secured boot chain and a measured boot chain?A secured boot chain depends on a root of trust.A measured boot chain computes the hash of the next object in the chain and stores it securely.A secured boot chain computes the hash of the next object in the chain and stores it securely.A measured boot chain depends on a root of trust.
118 Encrypted data transmission from a CPU to a GPU is an example of what type of technology?Secure EnclaveBus encryptionHardware security moduleSoftware security module
119 Which of the following parties directly communicate with the end user during a SAML transaction?The relying partyThe SAML identity providerBoth the relying party and the identity providerNeither the relying party nor the identity provider
120 What type of dedicated device is used in organizations that can generate keys, create and validate digital signatures, and provide cryptoprocessing to both encrypt and decrypt data?HSMsBGPsSSMsNone of the above
121 Saeed wants to ensure that devices procured by his company are captured in inventory and tracked throughout their lifespan via physical inventory tracking methods. What can he do to make sure that the assets are easier to quickly identify against an asset inventory?Record them in a databaseRecord them via paper formsUse asset taggingUse hardware address-based tagging
122 Isaac is developing a mobile application and is following the OWASP Mobile Application Security Checklist. Which of the following is a practice he should not follow?The application will use symmetric cryptography with hard-coded keys as its sole method of encryption.Data for the application will be encoded on the network using TLS any time data is sent or received.The application will use the Secure Enclave on iOS devices to store cryptographic keys.The application invalidates sessions after a predetermined period of inactivity and session tokens expire.
123 Micro-probing, applying unexpected or out of specification voltages or clock signals, and freezing a device are all examples of types of attacks prevented by what type of technique?DRMAnti-theftAnti-tamperFault tolerance
124 Patricia wants to protect updated firmware for her organization's proprietary hardware when it is installed and is concerned about third parties capturing the information as it is transferred between the host system and the hardware device. What type of solution should she use to protect the data in transit if the device is a PCIe internal card?Bus encryptionCPU encryptionFull-disk encryptionDRM
125 Piper wants to delete the contents of a self-encrypting drive (SED). What is the fastest way to securely do so?Use a full-drive wipe following DoD standards.Delete the encryption key for the drive.Use a degausser.Format the drive.
126 What type of module is required to enable Secure Boot and remote attestation?A TPM moduleA HSMA GPMAn MX module
127 Although both Secure Boot and Measured Boot processes rely on a chain of trust, only one validates the objects in the chain. Which technology does this and what process does it follow?A Secured Boot chain validates the boot objects using private keys to check against public keys already in the BIOS.A Measured Boot chain computes the hash of the next object in the chain and compares it to the hash of the previous object.A Secured Boot chain computes the hash of the next object in the chain and compares it to the hash of the previous object.A Measured Boot chain validates the boot objects using private keys to check against public keys already in the BIOS.
128 What type of operation occurs in a way that prevents another processor or I/O device from reading or writing to a memory location that is in use by the operation until the operation is complete?A complete operationA fractional operationAtomic executionPerpendicular execution
129 Adil is attempting to boot a system that uses UEFI and has Secure Boot enabled. During the boot process, the system will not start because of a recognized key error. What has occurred?The user has not entered their passphrase.The drive token needs updated.A USB token is not plugged in.The operating system may not be secure.
130 Support for AES, 3DES, ECC, and SHA-256 are all examples of what?Encryption algorithmsHashing algorithmsProcessor security extensionsBus encryption modules
131 Bernie sets up a VPC for his organization and connects to it through a VPN. What has he created and where?A private segment of a public cloudA private segment of a local virtualization environmentA public segment of a private cloudA public segment of a local virtualization environment
132 What types of attacks can API keys help prevent when used to limit access to a REST-based service?Brute-force attacksTime-of-access/time-of-use attacksMan-in-the-middle attacksDenial-of-service attacks
133 Which of the following is not a benefit of physical segmentation?Easier visibility into trafficImproved network securityReduced costIncreased performanceUse the following diagram to answer the next three questions.
134 Scott has designed a redundant infrastructure, but his design still has single points of failure. Which of the single points of failure is most likely to cause an organizationwide Internet outage?Point APoint CPoint EPoint F
135 After
