Exam Question 31
Which of the following is true of a human firewall?
A. It can replace technical firewalls.
B. It is composed of every member of the organization, regardless of job title.
C. It involves educating and incentivizing employees to combat threats to their organization.
D. Both B and C
Correct Answer:
D. Both B and C
Answer Description:
A human firewall is composed of every member of an organization. Employees are consistently trained and incentivized to improve security awareness and behavior. This human layer of protection does not replace but augments technical security controls.
Exam Question 32
True or false: Though positive reinforcement in security awareness training can change risky behavior, it can also produce costly side effects, such as damaging employee morale.
A. True
B. False
Correct Answer:
B. False
Answer Description:
Negative reinforcement, such as shaming and punishment, may change risky behavior but at the cost of employee morale. New approaches to security awareness training incorporate positive reinforcement, gamification and social proof to reduce human risks without hurting morale.
Exam Question 33
In accordance with a consequence training model, which of the following should not be a tactic used to punish users who frequently fall for phishing emails?
A. Additional in-person or virtual training
B. Official warnings
C. Adjudication in a court of law
D. Monetary penalties
Correct Answer:
C. Adjudication in a court of law
Answer Description:
Under a consequence training model, users who regularly fall for phishing emails may be subject to punishments, ranging from additional training to official warnings to monetary penalties, in order to deter high-risk behavior.
Exam Question 34
To trick users into falling for phishing emails, attackers exploit human psychology by triggering which of the following automatic responses in the brain?
A. Response to authority
B. Response to scarcity
C. Response to security
D. Both A and B
Correct Answer:
D. Both A and B
Answer Description:
To develop effective email security training, it is important to understand the brain’s automatic responses to authority and scarcity — and how phishing and business email compromise attacks capitalize on them.
Exam Question 35
Which of the following is a major obstacle to creating or improving a workplace cybersecurity culture?
A. Mandated password reset policies
B. Lack of CISO succession plan
C. Adequate security budgets
D. Recruiting, training and retaining security talent with a diverse set of backgrounds
Correct Answer:
B. Lack of CISO succession plan
Answer Description:
A critical element of an effective security culture is a CISO succession plan. The average CISO tenure is about two years, but a culture shift can take up to five years. Organizations should be prepared to quickly name a CISO successor who will continue implementing the new security vision.
Exam Question 36
Gurvinder has been asked to assist a company that recently fired one of their developers. After the developer was terminated, the critical application that they had written for the organization stopped working and now displays a message reading, “You shouldn’t have fired me!” If the developer’s access was terminated and the organization does not believe that they would have had access to any systems or code after they left the organization, what type of malware should Gurvinder look for?
A. A RAT
B. A PUP
C. A logic bomb
D. A keylogger
Correct Answer:
C. A logic bomb
Answer Description:
A logic bomb is a type of malware that activates after specific conditions are met. Here, the developer no longer showing up in payroll, not entering a specific input, or another activation scheme could have been used. A RAT is a remote access Trojan, a PUP is a potentially unwanted program, and a keylogger steals user input.
Exam Question 37
Naomi believes that an attacker has compromised a Windows workstation using a fileless malware package. What Windows scripting tool was most likely used to download and execute the malware?
A. VBScript
B. Python
C. Bash
D. PowerShell
Correct Answer:
D. PowerShell
Answer Description:
PowerShell is the most likely tool for this type of exploit. VBScript would be used inside an application, and both Bash and Python are more likely to exist on a Linux system.
Exam Question 38
Scott notices that one of the systems on his network contacted a number of systems via encrypted web traffic, downloaded a handful of files, and then uploaded a large amount of data to a remote system. What type of infection should he look for?
A. A keylogger
B. A backdoor
C. A bot
D. A logic bomb
Correct Answer:
C. A bot
Answer Description:
The behaviors that Scott is seeing are characteristics of a bot infection. The bot was likely contacting command-and-control hosts, then downloading updates and/or additional packages, then uploading data from his organization. He will need to determine if sensitive or important business information was present on the system or accessible from it. Keyloggers will capture keystrokes and user input but would typically require additional malware packages to display this behavior. A logic bomb might activate after an event, but no event is described, and a backdoor is used for remote access.
Exam Question 39
Amanda notices traffic between her systems and a known malicious host on TCP port 6667. What type of traffic is she most likely detecting?
A. Command and control
B. A hijacked web browser
C. A RAT
D. A worm
Correct Answer:
A. Command and control
Answer Description:
Amanda has most likely discovered a botnet’s command-and-control (C&C) channel, and the system or systems she is monitoring are probably using IRC as the C&C channel. A RAT is more likely to use a different control channel, worms spread by attacking vulnerable services, and a hijacked web browser would probably operate on common HTTP or HTTPS ports (80/443).
Exam Question 40
Mike discovers that attackers have left software that allows them to have remote access to systems on a computer in his company’s network. How should he describe or classify this malware?
A. A worm
B. Crypto malware
C. A Trojan
D. A backdoor
Correct Answer:
D. A backdoor
Answer Description:
Remote access to a system is typically provided by a backdoor. Backdoors may also appear in firmware or even hardware. None of the other items listed provide remote access by default, although they may have a backdoor as part of a more capable malware package.
Alex Lim
Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook
