Practice : CompTIA CySA+ (CS0-001)

Jessica is currently reviewing the security procedures related to the use of a cloud-based online payment service. She has set access permissions for the service so the same person will not be able to add funds to the account and transfer funds out of the account. What security principle is most closely related to this scenario?

Options are :

  • Lease privilege
  • Security through obscurity
  • Separation of duties (Correct)
  • Dual control

Answer : Separation of duties

Explanation The scenario above is an example of separation of duties. If someone has the ability to transfer funds into and out of an account, they could issue a large unreasonable transfer. This works close to dual control but doesn’t meet the same requirements.

A software assurance laboratory is performing a dynamic assessment on an application by automatically generating random data sets and inputting them in an attempt to cause an error or failure condition. What software assessment capability was the lab performing?

Options are :

  • Fuzzing (Correct)
  • Sequential data sets
  • Static code analysis
  • Known bad data

Answer : Fuzzing

Explanation Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions, or for finding potential memory leaks.

FlashMe Software has discovered a bug in their software’s code and recently released a software patch to remove the vulnerability caused by the bug. You have been tasked with testing the software to ensure the vulnerability has been remediated and the application is still functioning properly. What type of test should you perform?

Options are :

  • Fuzzing
  • User acceptance testing
  • Regression testing (Correct)
  • Penetration testing

Answer : Regression testing

Explanation Regression testing focuses on testing to ensure that changes that were made do not create new issues. This often is used when patches are installed.

What document typically contains high-level statements of management intent?

Options are :

  • Procedure
  • Guideline
  • Standard
  • Policy (Correct)

Answer : Policy

Explanation Policies are high-level statements of management intent. Compliance with policies is mandatory. An information security policy will generally contain broad statements around cybersecurity objectives.

James is working with a development team to integrate security reviews into some of their coding review processes. He wants to implement a real-time process. Which of the following would best meet his requirements?

Options are :

  • Pair Programming (Correct)
  • Pass-around code review
  • Tool-assisted review
  • Formal code review

Answer : Pair Programming

Explanation The best option is pair programming. This is a real-time process that places two developers at one workstation where one developer reviews the code while the other one writes the code. All other processes are asynchronous processes.

Your company just launched a new invoicing website for use by your five largest vendors. You are the cyber security analyst and have been receiving numerous phone calls that the webpage is timing out and the website overall is performing slowly. You have noticed that the website received three million requests in just 24 hours and the service has now become unavailable for use. What do you recommend be implemented to restore and maintain the availability of the new invoicing system?

Options are :

  • Intrusion Detection System
  • Whitelisting (Correct)
  • VPN
  • MAC filtering

Answer : Whitelisting

Explanation By whitelisting the IP addresses for the five largest vendors, they will be the only ones who will be able to access the web server. This can be done by creating rules in the Access Control List (ACL) to deny ALL other users except these five vendors, thereby dropping large number of the requests from any other IP addresses, such as those from an attacker.

What technology is not a shared authentication protocol?

Options are :

  • OpenID
  • LDAP (Correct)
  • OAuth
  • Facebook Connect

Answer : LDAP

Explanation OpenID, OAuth, and Facebook Connect are all shared authentication protocols. LDAP can be used for single sign-on but is not a shared authentication protocol.

Your organization needs to institute an organizational vulnerability management program due to new regulations. The CIO assigns this new function to the information security team. What framework would BEST support the program?

Options are :

  • NIST (Correct)
  • OWASP
  • SDLC
  • SANS

Answer : NIST

Explanation NIST (National Institute of Standards and Technology) produced a useful patch and vulnerability management program framework in its Special Publication (NIST SP 800-40).

A security analyst used to make a copy of an image for forensics use. What command should they utilize?

Options are :

  • dd (Correct)
  • wget
  • touch
  • rm

Answer : dd

Explanation dd is used to make bit by bit copies of a disk, drive, or partition. Once the image is created using dd, a hash of the file should be made and placed into evidence as well, to ensure no modification occurs between collection and analysis of the disk image.

OWASP (Open Web Application Security Project) has/maintains a list of the most important web application security controls. Which of these items is least likely to appear on that list?

Options are :

  • Implement identity and authentication controls
  • Implement appropriate access controls
  • Obscure web interface locations (Correct)
  • Leverage security frameworks and libraries

Answer : Obscure web interface locations

Explanation The best option is obscurity. Security through obscurity isn’t the greatest practice because you shouldn’t rely on secrecy of a control as a security measure.

Sharon doesn’t have the staff she needs to conduct 24/7 security monitoring of her network. She wants to supplement her team with a managed security operations center service. Which of the following providers are best suited for this?

Options are :

  • MSSP (Correct)
  • IaaS
  • PaaS
  • SaaS

Answer : MSSP

Explanation The best answer is MSSP which stands for managed security service provider and provides security as a service. IaaS, PaaS, and SaaS (infrastructure, platform and software) do not include security in their offerings.

You are conducting an incident response and have traced the source of the attack to some compromised user credentials. After performing log analysis, you have discovered that the attack successfully authenticated from an unauthorized foreign country. You management is now asking for you to implement a solution to help mitigate an attack using compromised credentials from occurring in the future. What should you implement?

Options are :

  • Self-service password reset
  • Single sign-on
  • Context-based authentication (Correct)
  • Password complexity

Answer : Context-based authentication

Explanation Context-based authentication can take a number of factors into consideration before permitting access to a user, including their location (country, state, etc.), time of day, and other key factors to minimize the threat of compromised credentials being utilized in an attack.

You have been investigating how a malicious actor was able to exfiltrate confidential data from a web server to a remote host. After a in-depth forensic review, you determine that the web server’s BIOS had been modified by the installation of a rootkit. After you remove the rootkit and reflash the BIOS to a known good image, what should you do in order to prevent the malicious actor from gaining access to the BIOS in the future?

Options are :

  • Install an anti-malware application
  • Install a host-based IDS
  • Utilize TPM data sealing (Correct)
  • Utilize file integrity monitoring

Answer : Utilize TPM data sealing

Explanation Since you are trying to protect the BIOS, using TPM data sealing is the best choice. TPM data sealing is used to store and manage the encryption and decryption keys securely and is a hardware solution. The other choices are associate with the files accessible to the operating system, not the BIOS itself.

Thomas is working on scheduling vulnerability scans for his data center. Which of the following is a best practice that he should follow when scheduling scans?

Options are :

  • Schedule scans so they are evenly spread throughout the day
  • Schedule scans so they run during periods of low activity (Correct)
  • Schedule scans so they all begin at the same time
  • Schedule scans so they run during peak times to simulate performance under load.

Answer : Schedule scans so they run during periods of low activity

Explanation For the best results, the scans should be scheduled during periods of low activity, to help reduce the negative impact on business operations. All other items have a higher risk of causing network/business operation disruptions.

What is the term for the company’s willingness to tolerate risk in their computing environment?

Options are :

  • risk appetite (Correct)
  • risk acceptance
  • risk mitigation
  • risk avoidance

Answer : risk appetite

Explanation An organization’s willingness to tolerate risk in their computing environment is known as the organization’s risk appetite.

A vulnerability scan has returned the following results:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Detailed Results
172.25.67.101 (APACHE-2.3) 
Windows Shares
Category: Windows
CVE ID: -
Vendor Ref: -
Bugtraq ID: -
Service Modified - 8.30.2017 
Enumeration Results:
print$ c:\windows\system32\spool\drivers
files c:\FileShare\Accounting 
Temp c:\temp
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 

What best describes the meaning of these results?

Options are :

  • There is an unknown bug in an Apache server with no Bugtraq ID
  • Connecting to the host using a null session allows enumeration of the share names on the host (Correct)
  • Windows Defender has a known exploit that must be resolved or patched
  • There is no CVE present, so this is a false positive caused by Apache running on a Windows server

Answer : Connecting to the host using a null session allows enumeration of the share names on the host

Explanation The enumeration results show three share names (print$, files, Temp), that have been found using a null session connection.

What is NOT one of the factors that comprise the exploitability score for a vulnerability?

Options are :

  • Access vector
  • Authentication
  • Access complexity
  • Availability (Correct)

Answer : Availability

Explanation The three components that make up the exploitability score are the access vector, authentication, and access complexity.

Joseph is interpreting a vulnerability that has a CVSS base score of 8.3. What risk category would this vulnerability fit into?

Options are :

  • Low
  • Medium
  • High (Correct)
  • Critical

Answer : High

Explanation Vulnerabilities with CVSS base scores rated 7.0 or higher but less than 10.0 (in CVSS2) or 9.0 (CVSS3) are assigned to the high-risk category.

Andy noticed an OS vulnerability on a system on his network. After tracing the IP address, he noticed that the vulnerability is on a search appliance that was installed on his network. He consulted with an engineer who told him he has no access to the operating system. What is the best course of action?

Options are :

  • Contact the vendor to obtain a patch (Correct)
  • Try to gain access to the underlying operating system and install the patch
  • Mark the vulnerability as a false positive
  • Wait 30 days, rerun the scan, see whether the vendor corrected the vulnerability

Answer : Contact the vendor to obtain a patch

Explanation Andy needs to contact the vendor to be able to know whether a patch is available for the appliance, if he hasn’t received notice for such. He shouldn’t attempt to change the appliance himself because it may cause issues or void the warranty. He has no reason to believe that this is a false report and there’s no reason to wait 30 days for the problem to fix itself because that seems slightly unreasonable.

William is evaluating the potential impact of a confidentiality risk and determines that the disclosure of information contained on a system could have a limited adverse effect on the organization. Using FIPS 199, how should he classify the confidentiality impact?

Options are :

  • Low (Correct)
  • Medium
  • Moderate
  • High

Answer : Low

Explanation FIPS 199 classifies any risk where “the unauthorized disclosure of information could be expected to have a limited adverse effect? as a low impact confidentiality risk.

You conducted a security scan and found that port 389 is being used when connecting to LDAP for user authentication instead of port 636. The security scanning software recommends that you remediate this by changing user authentication to port 636 wherever technically possible. What should you do?

Options are :

  • Correct the audit; this finding is accurate, but the correct remediation is to update encryption keys on each of the servers to match port 636.
  • Correct the audit; this finding is a well-known false positive; the services that typically run on 389 and 636 are identical.
  • Change all devices and servers that support it to port 636, as encrypted services run by default on port 636. (Correct)
  • Change all devices and servers that support it to port 636, as port 389 is a reserved port that requires root access and can expose the server to privilege escalation attacks.

Answer : Change all devices and servers that support it to port 636, as encrypted services run by default on port 636.

Explanation LDAP can be run on either port 389 or port 636. Port 389 is the standard port for LDAP, but typically runs unencrypted LDAP services over this port. Instead, you should change all devices and servers that can technically support the change to port 636, since LDAP services over port 636 are encrypted by default.

You have been asked to remediate a vulnerability in a server. Once you have located a patch for the vulnerability, what should you do NEXT?

Options are :

  • Start the incident response process
  • Establish continuous monitoring
  • Rescan the server to ensure the vulnerability still exists
  • Submit a Request for Change to begin the change management process (Correct)

Answer : Submit a Request for Change to begin the change management process

Explanation Before any changes to a baseline occurs, a Request for Change must be submitted which in turn starts the change management process. Once approved, the patch should be installed on the server, then the server should be rescanned to ensure the vulnerability no longer exists.

Isaac oversees vulnerability scans for his organization. His supervisor provides a monthly report to the CIO based on activity, which includes the number of open vulnerabilities. Isaac would appreciate being able to provide this information in a simpler manner. What should be done?

Options are :

  • Provide the supervisor with access to the scanning system
  • Check the system monthly for the correct number and email it to the supervisor
  • Configure a report that provides information that automatically sends to the supervisor’s email at the same time each month (Correct)
  • Ask the administrative assistance to check the system and provide the information to the supervisor

Answer : Configure a report that provides information that automatically sends to the supervisor’s email at the same time each month

Explanation Out of all of these options, the simplest/easiest solution is to design a report that provides all necessary information and configure the system to automatically send this report to the person responsible each month.

During a port scan, it was discovered that the listed ports are open on the internal network: TCP port 25, TCP port 80, TCP port 110, TCP port 443, TCP port 1433 and TCP port 3389. Which of the following services is not indicated by the scan results?

Options are :

  • Web
  • Database
  • SSH (Correct)
  • RDP

Answer : SSH

Explanation The best answer is SSH. Web servers use port 80 for HTTP and 443 for HTTPS. Database servers run on port 1433 (Microsoft SQL), 1521 (Oracle), and 3306 (MySQL). Remote Desktop Protocol uses port 3389. Nothing in these items give any inclination that SSH or port 22 is running on this server.

Which mobile device strategy is most likely to result in the introduction of vulnerable devices to a network?

Options are :

  • COPE
  • TLS
  • BYOD (Correct)
  • MDM

Answer : BYOD

Explanation The BYOD (bring your own device) strategy opens a network to many vulnerabilities. People are able to bring their personal devices to the corporate network and their devices could contain vulnerabilities that shouldn’t roam free on a corporate network. The MDM is a mobile device management system which gives centralized control over COPE (Company owned personally enabled) devices. TLS is a network encryption so it doesn’t seem to matter with this particular question.

What is NOT a vulnerability scanning tool?

Options are :

  • Nessus
  • QualysGuard
  • NEXpose
  • Zap (Correct)

Answer : Zap

Explanation Zap is an application proxy. Nessus, QualysGuard, and NEXpose are all vulnerability scanners.

You are working as a cyber security analyst and you just received a report that many of your servers are experiencing slow response times as a result of what appears to be a DDoS attack. What action do you recommend to solve this issue?

Options are :

  • Inform users regarding the affected systems
  • Inform management of the issue being experienced (Correct)
  • Shutdown all of the interfaces on the affected servers
  • Take no action, but continue to monitor the critical systems

Answer : Inform management of the issue being experienced

Explanation During an incident response, the cyber security analyst should ensure management understands the current status of an incident and recommend the best way ahead. It is up to management to choose the plan of remediation based on a weighing of numerous factors, such as cost, risk, resourcing, threat, etc.

Erin is working to collect a forensic image of a Macintosh computer. What hard drive format is she most likely to encounter?

Options are :

  • FAT32
  • MacFAT
  • HFS+ (Correct)
  • NTFS

Answer : HFS+

Explanation The best option is HFS+. The default macOS file system for the drive is HFS+. Mac does support FAT32 and NTFS but MacFAT is not a legitimate term.

Alexander needs to search for files that may have been deleted by a user. What two locations are most likely to contain those files on a Window system?

Options are :

  • Slack space, the recycle bin (Correct)
  • Unallocated space, slack space
  • Recycle bin, unallocated space
  • Registry, the recycle bin

Answer : Slack space, the recycle bin

Explanation Files that users have deleted are most likely to be found in the recycle bin or in slack space, which is the space left after a file has been written to a cluster, which may contain remnant data from previous files. Unallocated space is space that has not been partitioned and, thus, would typically not have been written to. Finally, the registry will not store files that have been deleted.

Russell searched for a possible Linux backdoor account during a forensic investigation. This led to check through the file system for issues. Where should he look for back doors associated with services?

Options are :

  • /etc/passwd
  • /etc/xinetd.conf (Correct)
  • /etc/shadow
  • $HOME/.ssh/

Answer : /etc/xinetd.conf

Explanation Linux services are started by xinetd, but some new versions use sytemctl. Both etc/passwd and etc/shadow are specifically associated with individual user accounts and the home/ssh directory contains SSH keys for SSH-based logins.

While performing an investigation on a compromise, Andy noticed several files that he didn’t recognize and believes they could be malware. What can he do to quickly/effectively check the files to see if they’re infected with malware?

Options are :

  • Submit them to a site like VirusTotal (Correct)
  • Open them using a static analysis tool
  • Run strings against each file to identify common malware identifiers
  • Run a local antivirus/anti-malware tool against them.

Answer : Submit them to a site like VirusTotal

Explanation The best option is to submit them to an online scanning site like VirusTotal. These scanners use multiple systems to scan virus/malware files so they can identify many malware/virus files that a locally installed application cannot, as quickly anyways. Static analysis is something that requires higher levels of knowledge. Running strings can help identify text if the code isn’t encoded in a specific way and a local AV/anti-malware has a lower success rate.

What protocol is commonly used to collect information about CPU utilization and memory usage from network devices?

Options are :

  • Netflow
  • SMTP
  • MIB
  • SNMP (Correct)

Answer : SNMP

Explanation Simple Network Management Protocol (SNMP) is commonly used to gather information from routers, switches, and other network devices. It provides information about a device’s status including CPU and memory utilization as well as many other useful details about the device. Netflow provides information about network traffic, MIB is a management information block, and SMTP is the Simple Mail Transfer Protocol.

John is a cybersecurity analyst who has been asked to review several SIEM event logs for APT activity. He was given several pieces of information, including lists of indicators for domain names and some IP addresses. What is the BEST action for John to take in order to analyze the possible APT activity?

Options are :

  • Use the IP addresses to search through the event logs
  • Analyze the trends of the events while manually reviewing them to see if any indicators match (Correct)
  • Create an advanced query that includes all of the indicators and review any matches
  • Scan for vulnerabilities with exploits known to previously have been used by an APT

Answer : Analyze the trends of the events while manually reviewing them to see if any indicators match

Explanation While all of the answers could provide some insight into the APT’s actions, only “Analyze the trends of the events while manually reviewing them to see if any indicators match? effectively will answer this question. If you only use the IP addresses to search the event logs, you would miss any events that correlated only to the domain names. If you create an advanced query with ALL of the indicators, your search of the event logs will find nothing, because no single event will include ALL of these IPs and domain names. Finally, while scanning for vulnerabilities known to have been used by the APTs is a good practice, it would only be effective in determining how to stop future attacks from occurring, not for piecing together whether or not an attack has already occurred.

A network tap is typically associated with which type of monitoring?

Options are :

  • Router-based
  • Active
  • Passive (Correct)
  • SNMP

Answer : Passive

Explanation Network taps are devices that allow a copy of network traffic to be captured for analysis. They are often used for passive network monitoring where they can provide visibility without interfering with the network traffic itself.

You have received a laptop from a user who recently left the company. You went to the terminal in the operating system and typed 'history' into the prompt and see this line of code in bash history: 

> for i in seq 255; ping -c 1 10.1.0.$i; done 

The subnet 10.1.0.0/24 is not supposed to be known or accessed by users at the company. What describes what this code did on the company's network?

Options are :

  • Attempted to conduct a SYN scan on the network
  • Conducted a ping sweep of the subnet (Correct)
  • Conducted a sequential ICMP echo reply to the subnet
  • Sequentially sent 255 ping packets to every host on the subnet

Answer : Conducted a ping sweep of the subnet

Explanation This code is performing a ping sweep of the subnet. The code states that for every number sequence from 1 to 255, conduct a ping to 10.1.0.x, where x is the number from 1 to 255. When it completes this sequence, it is to return to the terminal prompt (done).

Amy wants to access a macOS FileVault 2 – encrypted drive. What method is not a means of unlocking the volume?

Options are :

  • Change the FileVault key using a trusted user account. (Correct)
  • Retrieve the key from memory while the volume is mounted.
  • Acquire the recovery key.
  • Extract the keys from iCloud.

Answer : Change the FileVault key using a trusted user account.

Explanation By default, FileVault allows trusted accounts to unlock the drive, however, they cannot do so by changing the key. The keys can be recovered for mounted volumes, so it may be best if Amy asks the user for the key or to search their office for the key. These keys can be recovered from iCloud, however, that’s just not completely ideal. The best option is to change the FileVault key using a trusted account.

A triple-homed firewall normally connects the Internet, a private network, and a _________ network.

Options are :

  • DMZ (Correct)
  • Subnetted
  • NIDS
  • GPO

Answer : DMZ

Explanation Demilitarized zone (DMZ) networks are used to host systems that require access from external hosts.

Jacob’s company has recently migrated to a SaaS provider for its ERP (enterprise resource planning) software. In the traditional on-site ERP environment, there was a regular port scan conducted to help validate the security of the systems. What will most likely have to be done in this new environment?

Options are :

  • Use a different scanning tool
  • Rely on vendor testing and audits (Correct)
  • Engage a third-party tester
  • Use a VPN to scan inside the vendor’s security perimeter

Answer : Rely on vendor testing and audits

Explanation The best option is to rely on vendor testing/audits. Most SaaS providers don’t want customers conducting port scans etc.

Manny is a US Government employee and he wants to ensure that network devices have a verified chain of custody for every chip and component that goes into them. What program is this known as?

Options are :

  • Gray market procurement
  • Trusted Foundry (Correct)
  • White market procurement
  • Chain of procurement

Answer : Trusted Foundry

Explanation The US Department of Defense created the Trusted Foundry program to help assure the integrity and confidentiality of circuits and manufacturing. The purpose is to help verify that agents of foreign governments aren’t able to insert code into our ICS.

Richard attempted to visit a website and received a DNS response from the DNS cache server pointing to the wrong IP address. What attack has occurred?

Options are :

  • DNS brute forcing
  • ARP spoofing
  • DNS poisoning (Correct)
  • MAC spoofing

Answer : DNS poisoning

Explanation DNS poisoning is something that sends attempts to alternate locations. If there’s been something malicious done to the site, this may be intentional.

Josh needs to shut down a service called explorer.exe on a Windows server. Which of the following is not an option?

Options are :

  • Use sc
  • Use wmic
  • Use secpol.msc (Correct)
  • Use services.msc

Answer : Use secpol.msc

Explanation The correct answer is secpol.msc, because this is a tool to create security policies and cannot be used to stop a service. The other options will allow Josh to stop the service called explorer.exe..

Lynne’s company recently suffered an attack where an employee made an unauthorized modification to payroll records. What tenant or objective of cybersecurity objective did this attack violate?

Options are :

  • Confidentiality
  • Authentication
  • Integrity (Correct)
  • Availability

Answer : Integrity

Explanation Integrity ensures that no unauthorized modifications are made to information. The attack described here violates the integrity of payroll information.

A recent threat has been announced in the cyber security world stating that there is a critical vulnerability in the kernel of a particular operating system. Your company, unfortunately, has not maintained a current asset inventory, so you are unsure of how many of your servers may be affected. What technique should you perform to find all affected servers within your company?

Options are :

  • Manual log review from data sent to syslog
  • OS fingerprinting scan across all hosts (Correct)
  • Packet capture of data traversing the server network
  • Service discovery scan on the network

Answer : OS fingerprinting scan across all hosts

Explanation By utilizing operating system fingerprinting using a tool like nmap, you can identify which servers are running which version of the operating system. This will give you an accurate list of the possibly affected servers.

Fred is able to use a known vulnerability and compromise an Apache web server. After he gains access, what’s his next step, if he’s attempting to use the system to pivot to protected systems behind the DMZ?

Options are :

  • Vulnerability scanning
  • Privilege escalation (Correct)
  • Patching
  • Installing additional tools

Answer : Privilege escalation

Explanation By default settings, Apache doesn’t run as an administrator. It usually runs as a limited user. To be efficient and effective, he would need to look for a way to gain further access via privilege escalation. The best option for this one is privilege escalation.

Christina needs to retrieve some information about an organization’s network infrastructure without causing an IPS to alert her target of the activity. This happens during the reconnaissance stage of a penetration test. Which is the best option?

Options are :

  • Perform a DNS brute-force attack. (Correct)
  • Use an nmap ping sweep.
  • Perform a DNS zone transfer.
  • Use an nmap stealth scan.

Answer : Perform a DNS brute-force attack.

Explanation The best option is a DNS brute-force attack. The DNS brute-force attack queries a list of IPs and typically bypasses IDS/IPS systems that do not pay attention to DNS queries. Through this method, she may also be able to find a DNS server that actually isn’t protected by the IPS.

Barbie would like to implement a control that prevents unauthorized users from connecting to her company’s wireless network. What security control best meets this requirement?

Options are :

  • NAC (Correct)
  • Firewall
  • IPS
  • Segmentation

Answer : NAC

Explanation Network Access Control (NAC) prevents unauthorized users from connecting to a network. Firewalls and intrusion prevention systems (IPS) are meant to restrict access from external sources and block known attacks. They would not keep out an intruder who is already in range of the wireless network. Network segmentation would limit the access that an intruder has to network resources but would not block the connection.

You received an incident response report that indicates a piece of malware was introduced into the company’s network through a remote workstation that was connected to the company’s servers over a VPN connection. You have been asked for a recommendation to solve this issue: what control should be applied to prevent this type of incident from occurring in the future?

Options are :

  • ACL
  • NAC (Correct)
  • TAP
  • MAC filtering

Answer : NAC

Explanation Network Access Control (NAC) is an approach to computer security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication, and network security enforcement. When a remote workstation connects to the network, NAC will place it into a separate portion of the network (sandbox), scan it for malware and its security controls, and based on the results of those scans either connect it to the company’s networks or place the workstation into a separate quarantined network.

Which language would require the use of a decompiler during reverse engineering?

Options are :

  • Ruby
  • Python
  • Objective-C (Correct)
  • JavaScript

Answer : Objective-C

Explanation Ruby, Python, and JavaScript are interpreted languages and do not require the use of a decompiler to view the source code.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions