CERTIPORT EXAMINATION SET QUESTIONS AND
ANSWERS RATED A+
✔✔Half-open attack/ Syn floods - ✔✔SYN floods are often called "half-open" attacks
because this type of DDoS attack intends to send short burst of SYN messages into the
ports, leaving insecure connections open and available, and often resulting in a
complete server crash.
✔✔What's worse false positive or false negative in cybersecurity attacks? - ✔✔A false-
positive is worse.
✔✔DDoS (Distributed Denial of Service) Attack - ✔✔A deliberate attempt to prevent
authorized users from accessing a system by overwhelming it with requests.
✔✔Man-in-the-Middle Attack (MITM) - ✔✔A device that can be set to receive all
communications by substituting that MAC address.
✔✔man-in-the-middle attack pt2 (MITM) - ✔✔A threat actor is positioned in a
communication between 2 parties. Neither of the legitimate parties is aware of the
presence of the threat actor and communicate freely, thinking they are talking only to
the authentic party.
✔✔Prevent internet access - ✔✔An attacker can substitute an invalid MAC address for
the network gateway so that no users can access external networks.
✔✔Steal Data - ✔✔An attacker can substitute their own MAC address and steal data
intended for another device.
✔✔DNS-based attack - ✔✔Substitutes a DNS address so that the computer is silently
redirected to a different device.
✔✔DNS hijacking - ✔✔Intended to infect an external DNS server with IP addresses that
point to malicious sites.
✔✔Wireshark - ✔✔Captures packets from a network connection, such as your
computer to another computer. It is used widely on network management and system
security courses. Used in troubleshooting and planning.
✔✔CVSS (Common Vulnerability Scoring System) - ✔✔The overall score assigned to a
vulnerability. You must use the NVD to find assigned CVSS scores. Assigning a
numeric score to a vulnerability (much like a trouble ticket system). You must use NVD
to find the assigned CVSS scores.
, ✔✔CVE (Common Vulnerabilities and Exposures) - ✔✔A list of publicly disclosed
vulnerabilities and exposures.
✔✔NVD (the National Vulnerability Database) - ✔✔A database, maintained by NIST,
that is fully synchronized with the CVE list.
✔✔SIEM (Security Information and Event Management) - ✔✔Helps security teams
manage and respond to security warnings and alarms. Ingests various log and event
data from traditional infrastructure component.
✔✔SOAR (System and Security Orchestration, Automation, Response) - ✔✔Gathers
data and analytics to automate incident response. (When ransomware hits, shut the
power off to the servers, SOAR does more). Focuses more on prioritizing alerts that are
identified by various security tools.
✔✔Important Information - ✔✔Know to turn off ports not used!
✔✔HIPAA (Health Insurance Portability and Accountability Act) - ✔✔Health care
records and patient privacy
✔✔FERPA (Family Educational Rights and Privacy Act) - ✔✔College student records
privacy
✔✔GDPF (General Data Protection Regulation) - ✔✔Used in the European Union to
protect general data
✔✔PCI DSS (Payment Card Industry Data Security Standard) - ✔✔Credit cards
✔✔GLBA (Gramm-Leach-Bliley Act) - ✔✔Protection for consumers
✔✔FISMA (Federal Information Security Management Act) - ✔✔Protection of federal
government information
✔✔Reconnaissance/Footprinting (Active) - ✔✔Directly probing for vulnerabilities and
useful information much like a threat actor would do/scanning for open ports. Ex: War
diving(searching for wireless signals from an automobile or on foot while using a
portable device), War Flying(uses drones). The attacker engages with the target
system, typically conducting a port scan to find any open ports.
✔✔Reconnaissance/Footprinting (Passive) - ✔✔Watching the outside and perimeter of
an organization and using social media. An attempt to gain information about targeted
computers and networks w/out actively engaging with the systems.
ANSWERS RATED A+
✔✔Half-open attack/ Syn floods - ✔✔SYN floods are often called "half-open" attacks
because this type of DDoS attack intends to send short burst of SYN messages into the
ports, leaving insecure connections open and available, and often resulting in a
complete server crash.
✔✔What's worse false positive or false negative in cybersecurity attacks? - ✔✔A false-
positive is worse.
✔✔DDoS (Distributed Denial of Service) Attack - ✔✔A deliberate attempt to prevent
authorized users from accessing a system by overwhelming it with requests.
✔✔Man-in-the-Middle Attack (MITM) - ✔✔A device that can be set to receive all
communications by substituting that MAC address.
✔✔man-in-the-middle attack pt2 (MITM) - ✔✔A threat actor is positioned in a
communication between 2 parties. Neither of the legitimate parties is aware of the
presence of the threat actor and communicate freely, thinking they are talking only to
the authentic party.
✔✔Prevent internet access - ✔✔An attacker can substitute an invalid MAC address for
the network gateway so that no users can access external networks.
✔✔Steal Data - ✔✔An attacker can substitute their own MAC address and steal data
intended for another device.
✔✔DNS-based attack - ✔✔Substitutes a DNS address so that the computer is silently
redirected to a different device.
✔✔DNS hijacking - ✔✔Intended to infect an external DNS server with IP addresses that
point to malicious sites.
✔✔Wireshark - ✔✔Captures packets from a network connection, such as your
computer to another computer. It is used widely on network management and system
security courses. Used in troubleshooting and planning.
✔✔CVSS (Common Vulnerability Scoring System) - ✔✔The overall score assigned to a
vulnerability. You must use the NVD to find assigned CVSS scores. Assigning a
numeric score to a vulnerability (much like a trouble ticket system). You must use NVD
to find the assigned CVSS scores.
, ✔✔CVE (Common Vulnerabilities and Exposures) - ✔✔A list of publicly disclosed
vulnerabilities and exposures.
✔✔NVD (the National Vulnerability Database) - ✔✔A database, maintained by NIST,
that is fully synchronized with the CVE list.
✔✔SIEM (Security Information and Event Management) - ✔✔Helps security teams
manage and respond to security warnings and alarms. Ingests various log and event
data from traditional infrastructure component.
✔✔SOAR (System and Security Orchestration, Automation, Response) - ✔✔Gathers
data and analytics to automate incident response. (When ransomware hits, shut the
power off to the servers, SOAR does more). Focuses more on prioritizing alerts that are
identified by various security tools.
✔✔Important Information - ✔✔Know to turn off ports not used!
✔✔HIPAA (Health Insurance Portability and Accountability Act) - ✔✔Health care
records and patient privacy
✔✔FERPA (Family Educational Rights and Privacy Act) - ✔✔College student records
privacy
✔✔GDPF (General Data Protection Regulation) - ✔✔Used in the European Union to
protect general data
✔✔PCI DSS (Payment Card Industry Data Security Standard) - ✔✔Credit cards
✔✔GLBA (Gramm-Leach-Bliley Act) - ✔✔Protection for consumers
✔✔FISMA (Federal Information Security Management Act) - ✔✔Protection of federal
government information
✔✔Reconnaissance/Footprinting (Active) - ✔✔Directly probing for vulnerabilities and
useful information much like a threat actor would do/scanning for open ports. Ex: War
diving(searching for wireless signals from an automobile or on foot while using a
portable device), War Flying(uses drones). The attacker engages with the target
system, typically conducting a port scan to find any open ports.
✔✔Reconnaissance/Footprinting (Passive) - ✔✔Watching the outside and perimeter of
an organization and using social media. An attempt to gain information about targeted
computers and networks w/out actively engaging with the systems.
