Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SY601 > 1-50 > Flashcards

1-50 Flashcards

1
Q

The SOC is reviewing process and procedures after a recent incident. The review indicates it took more
than 30 minutes to determine that quarantining an infected host was the best course of action. The
allowed the malware to spread to additional hosts before it was contained.
Which of the following would be BEST to improve the incident response process?

A

A. Updating the playbooks with better decision points
B. Dividing the network into trusted and untrusted zones
C. Providing additional end-user training on acceptable use
D. Implementing manual quarantining of infected hosts
Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following would be BEST to establish between organizations that have agreed cooperate
and are engaged in early discussion to define the responsibilities of each party, but do not want to
establish a contractually binding agreement?

A 
A. An SLA
B. AnNDA
C. ABPA
D. AnMOU
Answer: D
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Phishing and spear-phishing attacks have been occurring more frequently against a company’s staff.
Which of the following would MOST likely help mitigate this issue?

A

A. DNSSEC and DMARC
B. DNS query logging
C. Exact mail exchanger records in the DNS
D. The addition of DNS conditional forwarders
Answer: C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following control sets should a well-written BCP include? (Select THREE)

A 
A. Preventive
B. Detective
C. Deterrent
D. Corrective
E. Compensating
F. Physical
G. Recovery
Answer: A,D,G
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A security engineer needs to Implement the following requirements:
• All Layer 2 switches should leverage Active Directory tor authentication.
• All Layer 2 switches should use local fallback authentication If Active Directory Is offline.
• All Layer 2 switches are not the same and are manufactured by several vendors.
Which of the following actions should the engineer take to meet these requirements? (Select TWO).

A

A. Implement RADIUS.
B. Configure AAA on the switch with local login as secondary.
C. Configure port security on the switch with the secondary login method.
D. Implement TACACS+
E. Enable the local firewall on the Active Directory server.
F. Implement a DHCP server.
Answer: A,B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A company wants to deploy PKI on its Internet-facing website.
The applications that are currently deployed are:
✑ www.company.com (main website)
✑ contactus.company.com (for locating a nearby location)
✑ quotes.company.com (for requesting a price quote)
The company wants to purchase one SSL certificate that will work for all the existing applications and any
future applications that follow the same naming conventions, such as store.company.com.
Which of the following certificate types would BEST meet the requirements?

A 
A. SAN
B. Wildcard
C. Extended validation
D. Self-signed
Answer: B
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A security engineer needs to enhance MFA access to sensitive areas in a building. A key card and
fingerprint scan are already in use.
Which of the following would add another factor of authentication?

A 
A. Hard token
B. Retina scan
C. SMS text
D. Keypad PIN
Answer: B
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A cybersecurity manager has scheduled biannual meetings with the IT team and department leaders to
discuss how they would respond to hypothetical cyberattacks. During these meetings, the manager
presents a scenario and injects additional information throughout the session to replicate what might occur
in a dynamic cybersecurity event involving the company, its facilities, its data, and its staff.
Which of the following describes what the manager is doing?

A 
A. Developing an incident response plan
B. Building a disaster recovery plan
C. Conducting a tabletop exercise
D. Running a simulation exercise
Answer: C
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Entering a secure area requires passing through two doors, both of which require someone who is
already inside to initiate access.
Which of the following types of physical security controls does this describe?

A 
A. Cameras
B. Faraday cage
C. Access control vestibule
D. Sensors
E. Guards
Answer: C
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A company recently moved sensitive videos between on-premises. Company-owned websites. The
company then learned the videos had been uploaded and shared to the internet.
Which of the following would MOST likely allow the company to find the cause?

A 
A. Checksums
B. Watermarks
C. Oder of volatility
D. A log analysis
E. A right-to-audit clause
Answer: D
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A user recently entered a username and password into a recruiting application website that had been
forged to look like the legitimate site Upon investigation, a security analyst the identifies the following:
• The legitimate websites IP address is 10.1.1.20 and eRecruit local resolves to the IP
• The forged website’s IP address appears to be 10.2.12.99. based on NetFtow records
• AH three at the organization’s DNS servers show the website correctly resolves to the legitimate IP
• DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise.
Which of the following MOST likely occurred?

A

A. A reverse proxy was used to redirect network traffic
B. An SSL strip MITM attack was performed
C. An attacker temporarily pawned a name server
D. An ARP poisoning attack was successfully executed
Answer: B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A security analyst needs to make a recommendation for restricting access to certain segments of the network using only data-link layer security.
Which of the following controls will the analyst MOST likely recommend?

A 
A. MAC
B. ACL
C. BPDU
D. ARP
Answer: A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A network engineer notices the VPN concentrator overloaded and crashes on days when there are a
lot of remote workers. Senior management has placed greater importance on the availability of VPN
resources for the remote workers than the security of the end users’ traffic.
Which of the following would be BEST to solve this issue?

A 
A. iPSec
B. Always On
C. Split tunneling
D. L2TP
Answer: B
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The Chief Security Officer (CSO) at a major hospital wants to implement SSO (Single sign-on) to help improve in the
environment patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that
training and guidance have been provided to frontline staff, and a risk analysis has not been performed.
Which of the following is the MOST likely cause of the CRO’s concerns?

A

A. SSO would simplify username and password management, making it easier for hackers to pass guess
accounts.
B. SSO would reduce password fatigue, but staff would still need to remember more complex passwords.
C. SSO would reduce the password complexity for frontline staff.
D. SSO would reduce the resilience and availability of system if the provider goes offline.
Answer: D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following should a data owner require all personnel to sign to legally protect intellectual property?

A 
A. An NDA
B. An AUP
C. An ISA
D. An MOU
Answer: D
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The process of passively gathering information prior to launching a cyberattack is called:

A 
A. tailgating
B. reconnaissance
C. pharming
D. prepending
Answer: B
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A university with remote campuses, which all use different service providers, loses Internet
connectivity across all locations. After a few minutes, Internet and VoIP services are restored, only to go
offline again at random intervals, typically within four minutes of services being restored. Outages
continue throughout the day, impacting all inbound and outbound connections and services. Services that
are limited to the local LAN or WiFi network are not impacted, but all WAN and VoIP services are affected.
Later that day, the edge-router manufacturer releases a CVE outlining the ability of an attacker to exploit
the SIP protocol handling on devices, leading to resource exhaustion and system reloads.
Which of the following BEST describe this type of attack? (Choose two.)

A 
A. DoS
B. SSL stripping
C. Memory leak
D. Race condition
E. Shimming
F. Refactoring
Answer: A,D
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A network administrator at a large organization Is reviewing methods to improve the security of the
wired LAN Any security improvement must be centrally managed and allow corporate-owned devices to
have access to the intranet but limit others to Internet access only.
Which of the following should the administrator recommend?

A

A. 802.1X utilizing the current PKI infrastructure
B. SSO to authenticate corporate users
C. MAC address filtering with ACLs on the router
D. PAM for user account management
Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

While checking logs, a security engineer notices a number of end users suddenly downloading files
with the .tar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state
they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an
external email containing an infected MHT file with an href link a week prior.
Which of the following is MOST likely occurring?

A

A. A RAT was installed and is transferring additional exploit tools.
B. The workstations are beaconing to a command-and-control server.
C. A logic bomb was executed and is responsible for the data transfers.
D. A fireless virus is spreading in the local network environment.
Answer: A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

An organization has been experiencing outages during holiday sales and needs to ensure availability
of its point-of-sale systems The IT administrator has been asked to improve both server-data fault
tolerance and site availability under high consumer load.
Which of the following are the BEST options to accomplish this objective’? (Select TWO)

A 
A. Load balancing
B. Incremental backups
C. UPS
D. RAID
E. Dual power supply
F. NIC teaming
Answer: A,D
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A company Is concerned about is security after a red-team exercise. The report shows the team was
able to reach the critical servers due to the SMB being exposed to the Internet and running NTLMV1.
Which of the following BEST explains the findings?

A 
A. Default settings on the servers
B. Unsecured administrator accounts
C. Open ports and services
D. Weak Data encryption
Answer: C
22
Q

The IT department at a university is concerned about professors placing servers on the university
network in an attempt to bypass security controls.
Which of the following BEST represents this type of threat?

A 
A. A script kiddie
B. Shadow IT
C. Hacktivism
D. White-hat
Answer: B
23
Q

A cybersecurity analyst needs to implement secure authentication to third-party websites without
users’ passwords.
Which of the following would be the BEST way to achieve this objective?

A 
A. OAuth
B. SSO
C. SAML
D. PAP
Answer: C
24
Q

A security analyst has received an alert about being sent via email. The analyst’s Chief information
Security Officer (CISO) has made it clear that PII must be handle with extreme care.
From which of the following did the alert MOST likely originate?.

A 
A. S/MIME
B. DLP ( Data Loss Prevention )
C. IMAP
D. HIDS
Answer: B
25
Q

Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in
a software company’s final software releases? (Select TWO.)

A 
A. Unsecure protocols
B. Use of penetration-testing utilities
C. Weak passwords
D. Included third-party libraries
E. Vendors/supply chain
F. Outdated anti-malware software
Answer: A,D
26
Q

Which of the following incident response steps involves actions to protect critical systems while
maintaining business operations?

A 
A. Investigation
B. Containment
C. Recovery
D. Lessons learned
Answer: B
27
Q

An engineer is setting up a VDI ( Virtual Desktop Infrastructure ) environment for a factory location, and the business wants to deploy a
low-cost solution to enable users on the shop floor to log in to the VDI environment directly.
Which of the following should the engineer select to meet these requirements?

A 
A. Laptops
B. Containers
C. Thin clients
D. Workstations
Answer: C
28
Q

Users have been issued smart cards that provide physical access to a building. The cards also contain
tokens that can be used to access information systems. Users can log m to any thin client located
throughout the building and see the same desktop each time.
Which of the following technologies are being utilized to provide these capabilities? (Select TWO)

A 
A. COPE
B. VDI
C. GPS
D. TOTP
E. RFID
F. BYOD
Answer: B,E
29
Q

A Chief Security Office’s (CSO’s) key priorities are to improve preparation, response, and recovery
practices to minimize system downtime and enhance organizational resilience to ransomware attacks.
Which of the following would BEST meet the CSO’s objectives?

A

A. Use email-filtering software and centralized account management, patch high-risk systems, and restrict
administration privileges on fileshares.
B. Purchase cyber insurance from a reputable provider to reduce expenses during an incident.
C. Invest in end-user awareness training to change the long-term culture and behavior of staff and
executives, reducing the organization’s susceptibility to phishing attacks.
D. Implement application whitelisting and centralized event-log management, and perform regular testing
and validation of full backups.
Answer: D

30
Q

The security administrator has installed a new firewall which implements an implicit DENY policy by
default.
INSTRUCTIONS:
Click on the firewall and configure it to allow ONLY the following communication.
1. The Accounting workstation can ONLY access the web server on the public network over the default
HTTPS port. The accounting workstation should not access other networks.
2. The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port
3. The Admin workstation should ONLY be able to access the servers on the secure network over the
default TFTP port.
Instructions: The firewall will process the rules in a top-down manner in order as a first match. The port
number must be typed in and only one port number can be entered per rule Type ANY for all ports. The
original firewall configuration can be reset at any time by pressing the reset button. Once you have met
the simulation requirements, click save and then Done to submit.
Network Diagram
Instructions: The firewall will process the rules in a top-down manner in order as a first match.
The port number must be typed in and only one port number can be entered per rule. Type ANY for
all ports. The original firewall configuration can be reset at any time by pressing the reset
button. Once you have met the simulation requirements, click save and then Done to submit.

A

PIC

31
Q

A local coffee shop runs a small WiFi hot-spot for its customers that utilizes WPA2-PSK. The coffee
shop would like to stay current with security trends and wants to implement WPA3 to make its WiFi even
more secure.
Which of the following technologies will the coffee shop MOST likely use in place of PSK?

A 
A. WEP
B. MSCHAP
C. WPS
D. SAE
Answer: D
32
Q

A manufacturer creates designs for very high security products that are required to be protected and
controlled by the government regulations. These designs are not accessible by corporate networks or the
Internet.
Which of the following is the BEST solution to protect these designs?

A 
A. An air gap
B. A Faraday cage
C. A shielded cable
D. A demilitarized zone
Answer: A
33
Q

A company uses specially configured workstations tor any work that requires administrator privileges
to its Tier 0 and Tier 1 systems. The company follows a strict process to harden systems immediately
upon delivery. Even with these strict security measures in place, an incident occurred from one of the
workstations. The root cause appears to be that the SoC was tampered with or replaced.
Which of the following MOST likely occurred?

A 
A. Fileless malware
B. A downgrade attack
C. A supply-chain attack
D. A logic bomb
E. Misconfigured BIOS
Answer: C
34
Q

A nationwide company is experiencing unauthorized logins at all hours of the day. The logins appear to
originate from countries in which the company has no employees.
Which of the following controls should the company consider using as part of its IAM strategy? (Select
TWO).

A 
A. A complex password policy
B. Geolocation
C. An impossible travel policy
D. Self-service password reset
E. Geofencing
F. Time-based logins
Answer: A,B
35
Q

A systems analyst is responsible for generating a new digital forensics chain-of-custody form.
Which of the following should the analyst Include in this documentation? (Select TWO).

A 
A. The order of volatility
B. A checksum
C. The location of the artifacts
D. The vendor's name
E. The date and time
F. A warning banner
Answer: A,E
36
Q

An attacker was easily able to log in to a company’s security camera by performing a basic online
search for a setup guide for that particular camera brand and model.
Which of the following BEST describes the configurations the attacker exploited?

A 
A. Weak encryption
B. Unsecure protocols
C. Default settings
D. Open permissions
Answer: C
37
Q

An information security incident recently occurred at an organization, and the organization was
required to report the incident to authorities and notify the affected parties. When the organization’s
customers became of aware of the incident, some reduced their orders or stopped placing orders entirely.
Which of the following is the organization experiencing?

A 
A. Reputation damage
B. Identity theft
C. Anonymlzation
D. Interrupted supply chain
Answer: A
38
Q

A financial analyst is expecting an email containing sensitive information from a client. When the email
arrives, the analyst receives an error and is unable to open the encrypted message.
Which of the following is the MOST likely cause of the issue?

A 
A. The S/MME plug-in is not enabled.
B. The SLL certificate has expired.
C. Secure IMAP was not implemented
D. POP3S is not supported.
Answer: A
39
Q

A company recently experienced a data breach and the source was determined to be an executive
who was charging a phone in a public area.
Which of the following would MOST likely have prevented this breach?

A 
A. A firewall
B. A device pin
C. A USB data blocker
D. Biometrics
Answer: C
40
Q

A security analyst is reviewing the following attack log output:
Which of the following types of attacks does this MOST likely represent?

A 
A. Rainbow table
B. Brute-force
C. Password-spraying
D. Dictionary
Answer: C
41
Q

A security analyst is configuring a large number of new company-issued laptops.
The analyst received the following requirements:
• The devices will be used internationally by staff who travel extensively.
• Occasional personal use is acceptable due to the travel requirements.
• Users must be able to install and configure sanctioned programs and productivity suites.
• The devices must be encrypted
• The devices must be capable of operating in low-bandwidth environments.
Which of the following would provide the GREATEST benefit to the security posture of the devices?

A

A. Configuring an always-on VPN
B. Implementing application whitelisting
C. Requiring web traffic to pass through the on-premises content filter
D. Setting the antivirus DAT update schedule to weekly
Answer: A

42
Q

Which of the following job roles would sponsor data quality and data entry initiatives that ensure
business and regulatory requirements are met?

A 
A. The data owner
B. The data processor
C. The data steward
D. The data privacy officer.
Answer: C
43
Q

A company is launching a new internet platform for its clients. The company does not want to
implement its own authorization solution but instead wants to rely on the authorization provided by
another platform.
Which of the following is the BEST approach to implement the desired solution?

A 
A. OAuth
B. TACACS+
C. SAML
D. RADIUS
Answer: D
44
Q

A security assessment determines DES and 3DES at still being used on recently deployed production
servers.
Which of the following did the assessment identify?

A 
A. Unsecme protocols
B. Default settings
C. Open permissions
D. Weak encryption
Answer: D
45
Q

A network administrator has been asked to design a solution to improve a company’s security posture.
The administrator is given the following, requirements?
• The solution must be inline in the network
• The solution must be able to block known malicious traffic
• The solution must be able to stop network-based attacks
Which of the following should the network administrator implement to BEST meet these requirements?

A 
A. HIDS
B. NIDS
C. HIPS
D. NIPS
Answer: D
46
Q

An attacker is trying to gain access by installing malware on a website that is known to be visited by
the target victims.
Which of the following is the attacker MOST likely attempting?

A 
A. A spear-phishing attack
B. A watering-hole attack
C. Typo squatting
D. A phishing attack
Answer: B
47
Q

A security analyst is investigating an incident to determine what an attacker was able to do
on a compromised laptop.
The analyst reviews the following SIEM log:
Which of the following describes the method that was used to compromise the laptop?

A

A. An attacker was able to move laterally from PC1 to PC2 using a pass-the-hash attack
B. An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an
embedded PowerShell in the file
C. An attacker was able to install malware to the CAasdf234 folder and use it to gam administrator nights
and launch Outlook
D. An attacker was able to phish user credentials successfully from an Outlook user profile
Answer: A

48
Q

Which of the following algorithms has the SMALLEST key size?

A 
A. DES
B. Twofish
C. RSA
D. AES
Answer: B
49
Q

A security engineer obtained the following output from a threat intelligence source that recently
performed an attack on the company’s server:
Which of the following BEST describes this kind of attack?

A 
A. Directory traversal
B. SQL injection
C. API
D. Request forgery
Answer: D
50
Q

A database administrator needs to ensure all passwords are stored in a secure manner, so the
administrate adds randomly generated data to each password before string.
Which of the following techniques BEST explains this action?

A 
A. Predictability
B. Key stretching
C. Salting
D. Hashing
Answer: C

SY601 (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions