Federal Virtual Training Environment (FedVTE) Bundle Set

Which of the following alternative operating systems is focused mostly on greater security in the event of a compromise by preventing propagation? CORRECT ANSWER Qubes Which of the following might a malicious actor attempt to exploit in a social engineering attack? CORRECT ANSWER All of the above...

Which attribute constitutes the ability to identify and/or audit a user and his/her actions? CORRECT ANSWER Accountability Which security standards commonly supplements the use of an Internet Key Exchange (IKE)? CORRECT ANSWER IPSEC Which detail concerning risk analysis would you present to le...

What are passive footprints? CORRECT ANSWER Data unintentionally left behind during typical internet activities If an investigator in New York state wants to document 2:15 PM on May 31, 2017, how would that moment in time be notated according the ISO 8601 directive? (New York is in the Eastern Ti...

Which of the following can be determined by capturing and analyzing network traffic? A. Intent of Insider Threat actors and logs of their activity B. Communication and connections between hosts C. Open files and Registry handles on individual hosts D. Firewall and Intrusion Detection...

The authorization decision document conveys the final security authorization decision from the authorizing official to the information system owner. The authorization decision document contains all of the following information except? A. Authorization decision B. Terms and conditions for the ...

An insurance plan is what type of mitigation strategy? CORRECT ANSWER Transfer Risk Which of the following is not a reason why a backdoor may exist? CORRECT ANSWER Attempts to interfere with the ability of a provider to keep services available What is the act of hiding messages in existing dat...

In order to automate host characteristic monitoring you can compare baselines and snapshots with syslog. CORRECT ANSWER False The following should be taken into account when accepting the residual risk inherent in the project. CORRECT ANSWER All of the above What is the high water mark for an ...

A. White Hat B. Black Hat C. Red Hat D. Gray Hat CORRECT ANSWER D. Gray Hat During which step of Microsoft recommended Update Management Process would an update be tested? A. Assess B. Identify C. Evaluate and Plan D. Deploy CORRECT ANSWER C. Evaluate and Plan Which exec...

What program could you use on a Linux system to securely copy files to a Linux host running the SSH server daemon? CORRECT ANSWER SCP Single user mode in Linux is a security risk if a malicious actor has physical access to the host CORRECT ANSWER True srm is a tool used to securely delete file...

A flaw in an online sporting goods website allows customers to purchase multiple quantities of goods and only be charged the single quantity price. To improve the site, management is demanding that the ecommerce application be tested to insure this flaw is corrected. Which of the following is the BE...

Topology Discovery - Answer Which of the following is a common environmental reconnaissance task that is performed to help gain insight on how an organization's networked systems are connected, or mapping the network? Not System or Security. Maybe Setup - Answer If an unexpected issue occu...

The acronym VPN stands for: - Answer Virtual Private Network Executives are responsible for managing and overseeing enterprise risk management. - Answer True The internal audit department is investigating a possible accounting breach. One of the auditors is sent to interview the following ...

Which of the following should risk assessments be based upon as a best practice? A quantitative measurement of risk and impact and asset value An absolute measurement of threats A qualitative measurement of risk and impact A survey of annual loss and potential threats and asset value - Answer ...

Which value in the PowerShell "execution policy" allows loading of all configuration files and scripts? - Answer Unrestricted Which Active Directory Certificate Service (AD CS) server role allows routers and other network devices that do not have a domain account to obtain certificates? - Ans...