Security Pro
Which cryptographic attack tries to find two inputs that produce the same hash value, often used on digital signatures?
Collision attack
Which asymmetric algorithm was released in 1976 and allows two users who have never met to safely create a shared key over a public channel?
Diffie-Hellman
Which of the following is an ongoing process that includes assessing requirements, setting up organizational security systems, hardening and monitoring those systems, responding to attacks in progress, and deterring attackers?
Security
A cryptographic process that encodes data so it can be stored or transmitted securely and then decrypted only by its owner or intended recipient is called an:
Algorithm or cipher
What is the process of capturing data packets flowing across a network and analyzing them for important information?
Packet sniffing
Which cryptographic attack forces a system to use an older, less secure communication protocol, often as part of a Man-in-the-Middle (MITM) attack?
Downgrade attack
What refers to the ability of an adversary to achieve an ongoing compromise of network security to obtain and maintain access?
Advanced persistent threat (APT)
The process of gathering information about an organization, including system hardware, network configuration, and user information, is known as:
Reconnaissance
Which type of encryption refers to a product that encrypts the entire contents of a storage device, including metadata and free space?
Full disk encryption (FDE)
What is the process that measures the difference between an organization's current and desired security states to assess the scope of work needed for a project?
Gap analysis
Which Linux file contains the user account information, with each user's data stored in a single line?
/etc/passwd
Which security countermeasure involves adding a random number of characters to a password before the hash is created, mitigating precomputed hash table attacks?
Salting
In the Identity and Access Management (IAM) system, what is the process of proving that a subject is who or what it claims to be when it attempts to access a resource?
Authentication
Which web filtering approach involves installing a software agent on client devices to enforce filtering policies locally, even when users are off the corporate network?
Agent-based filtering
What is the science and practice of altering data to make it unintelligible to unauthorized parties?
Cryptography
A two-way encryption scheme where encryption and decryption are both performed by the same key is also known as:
Shared-key encryption
What is the practice where an attacker registers a domain name very similar to a real one, hoping users will misspell a URL and be taken to the attacker's website?
Typosquatting
What is a biometric or inherence factor that uses physiological identifiers like a fingerprint or facial scan to verify identity?
Something you are
What type of database encryption encrypts data when it's transferred between disk and memory, often referred to as transparent data encryption (TDE) in SQL Server?
Database-level encryption
A type of attack that combines a collision attack and a brute-force attack, named after a probability math problem, is called a:
Birthday attack
An attack where the threat actor targets specific groups or organizations, discovers which websites they frequent, and injects malicious code into those sites is known as a:
Watering hole attack
What cryptography method ensures that each transmission in a messaging app is encrypted with a different unique key, even if the same key is used for the entire session?
Perfect forward secrecy
A combination of asymmetric encryption and hashing values that provides confidentiality, integrity validation, strong authentication, and non-repudiation is a:
Digital signature
Which obfuscation technique involves redacting all or part of a database field's contents by substituting character strings with generic labels to preserve metadata for analysis?
Data masking
Which social engineering technique involves an attacker pretending to be someone they are not, often over the phone or via email, to obtain information?
Impersonation
What is the standard for federated identity management, allowing resource servers or consumer sites to work with user accounts created and managed on a separate identity provider?
Open Authorization (OAuth)
Which IDS/IPS detection method defines a baseline of normal network traffic and then monitors for anything that falls outside that baseline?
Heuristic-based detection
A type of malware that tries to extort money from the victim by making their computer and/or data files unavailable and demanding payment is called:
Ransomware
Which reconnaissance tool is a popular search engine for internet-connected devices, allowing users to search for specific device types and locations?
Shodan
Which attribute of a threat actor refers to their ability to use advanced exploit techniques and tools?
Sophistication/capability
What is the process of adding blocks to a blockchain, where each block has a 64-digit hexadecimal hash generated by complex math computations?
Mining
What is malware concealed within an installer package for software that appears to be legitimate, designed to operate secretly without user consent?
Trojan
Which type of software is installed alongside a package selected by the user or bundled with a new computer system, often without active consent from a confusing license agreement?
Potentially unwanted program (PUP)
In key management, what refers to the storage of a backup key with a third party to mitigate risks of compromise?
Key escrow
What is a key encryption key (KEK) used for in storage encryption?
To encrypt the symmetric bulk media encryption key
Which role has overall responsibility for the IT function and might also have direct responsibility for security?
Chief Information Officer (CIO)
What is the art of making a message or data difficult to find, also known as security by obscurity?
Obfuscation
A host that is under malicious control and can be manipulated by a botnet is sometimes described as a:
Zombie
Which Linux command is used to delete a user account and optionally remove their home directory?
userdel
A type of attack that redirects users from a legitimate website to a malicious one, often by corrupting internet name resolution, is called:
Pharming
A hacker gaining higher access within a system after a breach is an example of which attack strategy?
Escalating privileges
What type of software vulnerability can be exploited in specific circumstances and is often swiftly fixed by the vendor, but can still be a threat if an organization lacks an effective patch management system?
Vulnerable software
What term refers to all the points at which a malicious threat actor could try to exploit a vulnerability?
Attack surface
What active reconnaissance technique involves scanning a target network to identify open ports and the services running on them?
Port scanning
What is the practice of concealing a file, message, image, or video within another file, message, image, or video?
Steganography
Which standard do both PGP and GPG follow for encrypting and decrypting data?
OpenPGP (RFC 4880)
Which malware recovery action involves moving an infected file to a secure folder where it cannot open or run normally, often to see if another tool can recover it later?
Quarantine the file
A security control implemented as a system, such as firewalls or antivirus software, is classified as which type of control?
Technical
Which type of homomorphic encryption allows only select simple math functions, such as addition, to be performed an unlimited number of times on encrypted values?
Partially homomorphic encryption (PHE)
Which of the following security challenges describes the availability of various tools on the internet that allow individuals with moderate technical knowledge to launch attacks?
Proliferation of attack software
A control that psychologically discourages an attacker from attempting an intrusion, such as warning signs of legal penalties, is what type of functional control?
Deterrent control
What network security appliance combines multiple security functions, such as firewall, antimalware, and intrusion prevention, into a single device?
Unified Threat Management (UTM)
A threat actor whose primary motivation is to prevent an organization from working normally, often to sow chaos or gain revenge, is focused on:
Service disruption
Which hashing algorithm generates a 128-bit message digest and has known security vulnerabilities, making it no longer viable for security purposes?
Message-Digest Algorithm 5 (MD5)
Which passive reconnaissance method involves an attacker sifting through discarded documents to find sensitive information?
Dumpster diving
Which authentication factor involves possessing something unique, such as smart cards, RSA tokens, or security key fobs?
Something you have
Which authentication technology allows a user to authenticate once and receive authorizations for multiple services without having to enter credentials again?
Single sign-on (SSO)
A stream cipher encrypts data one bit at a time. It uses a smaller, fixed-length seed key run through what to output a new, unique encryption key?
Pseudorandom number generator
In Kerberos, what component authenticates users and issues tickets (tokens)?
Key Distribution Center (KDC)
What is the state of data when it is primarily stored on specific media, such as a hard drive or USB stick?
Data at rest
Which type of malware creates a new process for itself in memory when the host file is executed, remaining active even if the host process terminates?
Memory resident virus
Which type of threat actor is characterized by using cyber weapons to promote a political agenda, often by releasing confidential information or defacing websites?
Hacktivist group
What is a technique that blocks or allows access to specific websites by controlling the resolution of domain names into IP addresses, providing a proactive defense mechanism?
DNS filtering
Which Zero Trust concept dictates that access to network resources is granted on a need-to-know basis, limiting access to only what is required to complete a specific task?
Threat scope reduction
Which type of firewall inspects traffic received by a host and is typically a software program used to protect individual computers?
Host-based firewall
What describes a centralized platform that verifies subject identification, assigns relevant permissions, and logs these actions to create an audit trail?
Authentication, Authorization, and Accounting (AAA)
Which defense methodology emphasizes implementing multiple security strategies to protect the same asset, ensuring no single layer is completely effective?
Layering (Defense in depth)
What is a characteristic of sophisticated attacks that makes them difficult to detect and thwart?
They vary their behavior with each attempt.
What is malware that actively attempts to steal confidential information by recording keystrokes?
Keylogger
Which term refers to malware that hijacks the resources of the host to perform cryptocurrency mining?
Cryptojacking
What is the security principle that states users or groups are given only the necessary access to perform their jobs, and nothing more?
Principle of least privilege
Which functional type of security control acts to eliminate or reduce the likelihood that an attack can succeed before it takes place?
Preventive
What is a special network device that monitors, logs, and detects security breaches but does NOT take action to stop or prevent an attack?
Intrusion Detection System (IDS)
What term describes malware that can dynamically change or obfuscate its code to evade detection?
Polymorphic
A path that a threat actor uses to execute a data exfiltration, service disruption, or disinformation attack is known as a:
Threat vector
Which protocol secures traffic sent between two endpoints over a public or untrusted network, often used for Virtual Private Networks (VPNs)?
Internet Protocol Security (IPsec)
What is the default action in iptables if a matching rule is not found for incoming network traffic?
Drop
Which attack strategy involves manipulating others into providing sensitive information, often through tactics like intimidation or sympathy?
Social engineering
What is an authentication scheme that uses ownership and biometric factors, but not knowledge factors, for identity verification?
Passwordless authentication
Which iptables chain controls the behavior of incoming connections?
INPUT
What is a network security device or software application that monitors, filters, and controls incoming and outgoing network traffic based on predetermined rules?
Firewall
What cryptoprocessor is implemented as a module within the CPU of a computer or mobile device and is used for secure hardware-based storage of encryption keys?
Trusted Platform Module (TPM)
What cultural shift encourages more collaboration between developers, systems administrators, and security specialists, integrating security considerations at every stage of software development?
DevSecOps
The constant change in personal habits and passwords to prevent predictable behavior is known as what defense methodology?
Randomness
What is the fundamental security goal of ensuring that computer systems operate continuously and that authorized persons can access data when they need it?
Availability
Which block cipher mode of operation encrypts each block of plaintext data separately, allowing for faster encryption but generating the same ciphertext for identical data blocks?
Electronic Code Book (ECB)
In access control, what is the principle of having more than one person required to complete a task, primarily designed to reduce conflicts of interest and insider attacks?
Separation of duties
A dedicated location where security professionals monitor and protect critical information assets is known as a:
Security Operations Center (SOC)
What is the primary use of hashing for downloaded files?
To verify file integrity
In a security device's failure state, which mode prioritizes availability over confidentiality and integrity, preserving network or host access if possible?
Fail-open
What is the output of an encryption process, which is unintelligible without the cipher key?
Ciphertext
Which encryption scheme uses the same key for both encryption and decryption?
Symmetric encryption
Which NIST cybersecurity function involves developing security policies, evaluating risks, and recommending security controls to mitigate threats?
Identify
Which type of phishing attack uses SMS text messages to trick a victim into revealing information?
Smishing
What is the process of comparing what was presented to the authentication server with a copy of the credentials it has stored, leading to authentication if they match?
Authentication
What is the primary role of a Data Recovery Agent (DRA) in the Encrypting File System (EFS)?
To decrypt encrypted files if the user account is corrupted or password is lost
What is the output of a cryptographic hashing algorithm, typically a fixed-length string of bits, that is impossible to recover the plaintext data from?
Message digest (hash)
Which term describes a threat actor having legitimate permissions on a system, typically an employee or contractor, making them an insider threat?
Internal/insider threat actor
What malware prevention method involves educating end users about common safety tips, such as examining email attachments and not using social media at work?
Training
Which of the three main goals of security controls ensures that data is not modified or tampered with?
Integrity