management activities.Vulnerability identificationValidationRemediation/mitigationScanning parameters and criteriaInhibitors to remediation
1.4 Given a scenario, analyze the output from common vulnerability assessment tools.Web application scannerInfrastructure vulnerability scannerSoftware assessment tools and techniquesEnumerationWireless assessment toolsCloud infrastructure assessment tools
1.5 Explain the threats and vulnerabilities associated with specialized technology.MobileInternet of Things (IoT)EmbeddedReal-time operating system (RTOS)System-on-Chip (SoC)Field programmable gate array (FPGA)Physical access controlBuilding automation systemsVehicles and dronesWorkflow and process automation systemsIndustrial control systems (ICS)Supervisory control and data acquisition (SCADA)
1.6 Explain the threats and vulnerabilities associated with operating in the cloud.Cloud service modelsCloud deployment modelsFunction as a service (FaaS)/serverless architectureInfrastructure as code (IaC)Insecure application programming interface (API)Improper key managementUnprotected storageLogging and monitoring
1.7 Given a scenario, implement controls to mitigate attacks and software vulnerabilities.Attack typesVulnerabilities
1 Olivia is considering potential sources for threat intelligence information that she might incorporate into her security program. Which one of the following sources is most likely to be available without a subscription fee?Vulnerability feedsOpen sourceClosed sourceProprietary
2 During the reconnaissance stage of a penetration test, Cynthia needs to gather information about the target organization's network infrastructure without causing an IPS to alert the target to her information gathering. Which of the following is her best option?Perform a DNS brute-force attack.Use an nmap ping sweep.Perform a DNS zone transfer.Use an nmap stealth scan.
3 Roger is evaluating threat intelligence information sources and finds that one source results in quite a few false positive alerts. This lowers his confidence level in the source. What criteria for intelligence is not being met by this source?TimelinessExpenseRelevanceAccuracy
4 What markup language provides a standard mechanism for describing attack patterns, malware, threat actors, and tools?STIXTAXIIXMLOpenIOC
5 A port scan of a remote system shows that port 3306 is open on a remote database server. What database is the server most likely running?OraclePostgresMySQLMicrosoft SQL
6 Brad is working on a threat classification exercise, analyzing known threats and assessing the possibility of unknown threats. Which one of the following threat actors is most likely to be associated with an advanced persistent threat (APT)?HacktivistNation-stateInsiderOrganized crime
7 During a port scan of her network, Cynthia discovers a workstation that shows the following ports open. What should her next action be?Determine the reason for the ports being open.Investigate the potentially compromised workstation.Run a vulnerability scan to identify vulnerable services.Reenable the workstation's local host firewall.
8 Charles is working with leaders of his organization to determine the types of information that should be gathered in his new threat intelligence program. In what phase of the intelligence cycle is he participating?DisseminationFeedbackAnalysisRequirements
9 As Charles develops his threat intelligence program, he creates and shares threat reports with relevant technologists and leaders. What phase of the intelligence cycle is now occurring?DisseminationFeedbackCollectionRequirements
10 What term is used to describe the groups of related organizations who pool resources to share cybersecurity threat information and analyses?SOCISAC CERTCIRT
11 Which one of the following threats is the most pervasive in modern computing environments?Zero-day attacksAdvanced persistent threatsCommodity malwareInsider threats
12 Singh incorporated the Cisco Talos tool into his organization's threat intelligence program. He uses it to automatically look up information about the past activity of IP addresses sending email to his mail servers. What term best describes this intelligence source?Open sourceBehavioralReputationalIndicator of compromise
13 Consider the threat modeling analysis shown here. What attack framework was used to develop this analysis?ATT&CKCyber Kill Chain STRIDEDiamond
14 Jamal is assessing the risk to his organization from their planned use of AWS Lambda, a serverless computing service that allows developers to write code and execute functions directly on the cloud platform. What cloud tier best describes this service?SaaSPaaSIaaSFaaS
15 Lauren's honeynet, shown here, is configured to use a segment of unused network space that has no legitimate servers in it. What type of threats is this design particularly useful for detecting?Zero-day attacksSQL injectionNetwork scansDDoS attacks
16 Nara is concerned about the risk of attackers conducting a brute-force attack against her organization. Which one of the following factors is Nara most likely to be able to control?Attack vectorAdversary capability LikelihoodTotal attack surface
17 Fred believes that the malware he is tracking uses a fast flux DNS network, which associates many IP addresses with a single fully qualified domain name as well as using multiple download hosts. How many distinct hosts should he review based on the NetFlow shown here?Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows 2020-07-11 14:39:30.606 0.448 TCP 192.168.2.1:1451->10.2.3.1:443 10 1510 1 2020-07-11 14:39:30.826 0.448 TCP 10.2.3.1:443->192.168.2.1:1451 7 360 1 2020-07-11 14:45:32.495 18.492 TCP 10.6.2.4:443->192.168.2.1:1496 5 1107 1 2020-07-11 14:45:32.255 18.888 TCP 192.168.2.1:1496->10.6.2.4:443 11 1840 1 2020-07-11 14:46:54.983 0.000 TCP 192.168.2.1:1496->10.6.2.4:443 1 49 1 2020-07-11 16:45:34.764 0.362 TCP 10.6.2.4:443->192.168.2.1:4292 4 1392 1 2020-07-11 16:45:37.516 0.676 TCP 192.168.2.1:4292->10.6.2.4:443 4 462 1 2020-07-11 16:46:38.028 0.000 TCP 192.168.2.1:4292->10.6.2.4:443 2 89 1 2020-07-11 14:45:23.811 0.454 TCP 192.168.2.1:1515->10.6.2.5:443 4 263 1 2020-07-11 14:45:28.879 1.638 TCP 192.168.2.1:1505->10.6.2.5:443 18 2932 1 2020-07-11 14:45:29.087 2.288 TCP 10.6.2.5:443->192.168.2.1:1505 37 48125 1 2020-07-11 14:45:54.027 0.224 TCP 10.6.2.5:443->192.168.2.1:1515 2 1256 1 2020-07-11 14:45:58.551 4.328 TCP 192.168.2.1:1525->10.6.2.5:443 10 648 1 2020-07-11 14:45:58.759 0.920 TCP 10.6.2.5:443->192.168.2.1:1525 12 15792 1 2020-07-11 14:46:32.227 14.796 TCP 192.168.2.1:1525->10.8.2.5:443 31 1700 1 2020-07-11 14:46:52.983 0.000 TCP 192.168.2.1:1505->10.8.2.5:443 1 40 11345
18 Which one of the following functions is not a common recipient of threat intelligence information?Legal counselRisk managementSecurity engineeringDetection and monitoring
19 Alfonzo is an IT professional at a Portuguese university who is creating a cloud environment for use only by other Portuguese universities. What type of cloud deployment model is he using?Public cloudPrivate cloudHybrid cloudCommunity cloud
20 During a network reconnaissance exercise, Chris gains access to a PC located in a secure network. If Chris wants to locate database and web servers that the company uses, what command-line tool can he use to gather information about other systems on the local network without installing additional tools or sending additional traffic?pingtraceroutenmapnetstat
21 Kaiden's organization uses the AWS public cloud environment. He uses the CloudFormation tool to write scripts that create the cloud resources used by his organization. What type of service is CloudFormation?SaaSIACFaaSAPI
22 What is the default nmap scan type when nmap is not provided with a scan type flag?A TCP FIN scanA TCP connect scanA TCP SYN scanA UDP scan
23 Isaac wants to grab the banner from a remote web server using commonly available tools. Which of the following tools
