CERTMASTER SECURITY QUESTIONS AND
ANSWERS CORRECT AND ACCURATE.
Identify types of metadata that would be associated with CDR (call detail
records) of mobile devices. (Select all that apply.)
Call durations
List of towers connected to
SMS text timestamps
GPS location data
Call durations
List of towers connected to
SMS text timestamps
Call detail records (CDR) routinely contain times and durations of incoming,
outgoing, and attempted calls, as well as the phone numbers of said calls.
By examining the list of towers, a device has connected to in the call detail
records (CDR), it is possible to ascertain the general vicinity of locations in
which the device has been present.
SMS text time, duration, and phone number of origin are recorded in the call
detail records (CDR) metadata associated with mobile devices.
GPS location data is, in most cases, private user data and not grouped with
call detail records (CDR) metadata.
A small business was robbed, and several workstations were stolen. The
business stored customer data within a plain spreadsheet on one of the
stolen workstations. Customer data and other business files are restored
from an external hard drive soon after. Describe the issues that the
business faced during this trying time. (Select all that apply.)
Data was exfiltrated from the office.
Customer identity was not stolen.
,Business had a privacy breach.
Customer data was permanently lost.
Data was exfiltrated from the office.
Business had a privacy breach.
Data exfiltration is the methods and tools an attacker uses to take data
without authorization from the victim's systems. The data can be physically
taken or transferred to an external network or media.
A privacy breach is where personal data is not collected, stored, or processed
in full compliance with the laws or regulations governing personal information.
A plain spreadsheet and a computer with no encryption capability are not
enough security to hold sensitive data.
The customer's identity was stolen and can be sold on the black market on the
dark web, for example.
Data loss occurred only for a short moment and was not permanent. Customer
data and other business files were restored from a backup and made
available.
Analyze the active defense solution statements and determine which best
describes the purpose of a honeyfile.
It is helpful in analyzing attack strategies and may provide early warnings
of attacks.
Configurations are in place to route suspect traffic to a different network.
A decoy is set as a distraction to emulate a false topology and security
zones.
The attempts to reuse can be traced if the threat actor successfully
exfiltrates it.
The attempts to reuse can be traced if the threat actor successfully exfiltrates
it.
A honeyfile is convincingly useful but actually fake data. This data can be
made trackable, so that when a threat actor successfully exfiltrates it, the
attempts to reuse or exploit it can be traced.
,A honeypot is a computer system set up to attract threat actors with the
intention of analyzing attack strategies and tools to provide early warnings of
attack attempts.
What are the main features that differentiate the Test Access Point (TAP)
from a Switched Port Analyzer (SPAN)? (Select all that apply.)
Test access point (TAP) is a separate hardware device.
Test access point (TAP) is considered 'active' only.
Test access point (TAP) is a temporary solution.
Test access point (TAP) avoids frame loss.
Test access point (TAP) is a separate hardware device.
Test access point (TAP) avoids frame loss.
A test access point (TAP) is a hardware device that copies signals from the
physical layer and the data link layer, while SPAN (switched port analyzer) is
simply mirroring ports.
Since no network or transport logic is used with a test access point (TAP),
every frame is received, allowing reliable packet monitoring.
A network engineer is plugging in new patch cables and wants to prevent
inadvertent disruptions to the network while doing so. What will the
engineer prevent if a Spanning Tree Protocol (STP) is configured on the
switches?
DHCP spoofing
Signature-based intrusion
MAC floods
Broadcast storms
Broadcast storms
A Spanning Tree Protocol (STP) is a means for bridges to organize themselves
into a hierarchy and prevent loops from forming. These loops have the
potential for broadcasting multiple times creating a storm.
When implementing a native-cloud firewall, which layer of the Open
Systems Interconnection (OSI) model will require the most processing
, capacity to filter traffic based on content?
Layer 7
Layer 4
Layer 1
Layer 3
Layer 7
At layer 7, or the application layer of the OSI model, the firewall can parse
application protocol headers and payloads (such as HTTP packets) and make
filtering decisions based on their contents. This requires the most processing
capacity (or load balancing), or the firewall will become a bottleneck causing
network latency.
The local operational network consists of physical electromechanical
components controlling valves, motors, and electrical switches. All devices
enterprise-wide trust each other in the internal network. Which of the
following attacks could overwhelm the network by targeting
vulnerabilities in the headers of specific application protocols?
Malicious PowerShell attack
DNS amplification attack
DDoS attack
Man-in-the-middle attack
DNS amplification attack
Domain name system (DNS) amplification attack is an application attack that
targets vulnerabilities in the headers and payloads of specific application
protocols. It triggers a short request for a long response at the victim network.
A recent change to an API exposes an exploit in a web application.
Developers working on the project discover that dead code in the
application had been executed as a result of which practice?
Normalization code
Unreachable code
ANSWERS CORRECT AND ACCURATE.
Identify types of metadata that would be associated with CDR (call detail
records) of mobile devices. (Select all that apply.)
Call durations
List of towers connected to
SMS text timestamps
GPS location data
Call durations
List of towers connected to
SMS text timestamps
Call detail records (CDR) routinely contain times and durations of incoming,
outgoing, and attempted calls, as well as the phone numbers of said calls.
By examining the list of towers, a device has connected to in the call detail
records (CDR), it is possible to ascertain the general vicinity of locations in
which the device has been present.
SMS text time, duration, and phone number of origin are recorded in the call
detail records (CDR) metadata associated with mobile devices.
GPS location data is, in most cases, private user data and not grouped with
call detail records (CDR) metadata.
A small business was robbed, and several workstations were stolen. The
business stored customer data within a plain spreadsheet on one of the
stolen workstations. Customer data and other business files are restored
from an external hard drive soon after. Describe the issues that the
business faced during this trying time. (Select all that apply.)
Data was exfiltrated from the office.
Customer identity was not stolen.
,Business had a privacy breach.
Customer data was permanently lost.
Data was exfiltrated from the office.
Business had a privacy breach.
Data exfiltration is the methods and tools an attacker uses to take data
without authorization from the victim's systems. The data can be physically
taken or transferred to an external network or media.
A privacy breach is where personal data is not collected, stored, or processed
in full compliance with the laws or regulations governing personal information.
A plain spreadsheet and a computer with no encryption capability are not
enough security to hold sensitive data.
The customer's identity was stolen and can be sold on the black market on the
dark web, for example.
Data loss occurred only for a short moment and was not permanent. Customer
data and other business files were restored from a backup and made
available.
Analyze the active defense solution statements and determine which best
describes the purpose of a honeyfile.
It is helpful in analyzing attack strategies and may provide early warnings
of attacks.
Configurations are in place to route suspect traffic to a different network.
A decoy is set as a distraction to emulate a false topology and security
zones.
The attempts to reuse can be traced if the threat actor successfully
exfiltrates it.
The attempts to reuse can be traced if the threat actor successfully exfiltrates
it.
A honeyfile is convincingly useful but actually fake data. This data can be
made trackable, so that when a threat actor successfully exfiltrates it, the
attempts to reuse or exploit it can be traced.
,A honeypot is a computer system set up to attract threat actors with the
intention of analyzing attack strategies and tools to provide early warnings of
attack attempts.
What are the main features that differentiate the Test Access Point (TAP)
from a Switched Port Analyzer (SPAN)? (Select all that apply.)
Test access point (TAP) is a separate hardware device.
Test access point (TAP) is considered 'active' only.
Test access point (TAP) is a temporary solution.
Test access point (TAP) avoids frame loss.
Test access point (TAP) is a separate hardware device.
Test access point (TAP) avoids frame loss.
A test access point (TAP) is a hardware device that copies signals from the
physical layer and the data link layer, while SPAN (switched port analyzer) is
simply mirroring ports.
Since no network or transport logic is used with a test access point (TAP),
every frame is received, allowing reliable packet monitoring.
A network engineer is plugging in new patch cables and wants to prevent
inadvertent disruptions to the network while doing so. What will the
engineer prevent if a Spanning Tree Protocol (STP) is configured on the
switches?
DHCP spoofing
Signature-based intrusion
MAC floods
Broadcast storms
Broadcast storms
A Spanning Tree Protocol (STP) is a means for bridges to organize themselves
into a hierarchy and prevent loops from forming. These loops have the
potential for broadcasting multiple times creating a storm.
When implementing a native-cloud firewall, which layer of the Open
Systems Interconnection (OSI) model will require the most processing
, capacity to filter traffic based on content?
Layer 7
Layer 4
Layer 1
Layer 3
Layer 7
At layer 7, or the application layer of the OSI model, the firewall can parse
application protocol headers and payloads (such as HTTP packets) and make
filtering decisions based on their contents. This requires the most processing
capacity (or load balancing), or the firewall will become a bottleneck causing
network latency.
The local operational network consists of physical electromechanical
components controlling valves, motors, and electrical switches. All devices
enterprise-wide trust each other in the internal network. Which of the
following attacks could overwhelm the network by targeting
vulnerabilities in the headers of specific application protocols?
Malicious PowerShell attack
DNS amplification attack
DDoS attack
Man-in-the-middle attack
DNS amplification attack
Domain name system (DNS) amplification attack is an application attack that
targets vulnerabilities in the headers and payloads of specific application
protocols. It triggers a short request for a long response at the victim network.
A recent change to an API exposes an exploit in a web application.
Developers working on the project discover that dead code in the
application had been executed as a result of which practice?
Normalization code
Unreachable code
