101-200 Flashcards by Caitlyn Rink

A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer’s company. The network already includes a SEIM and a NIPS and requires 2FA for all user access.

Which of the following system should the engineer consider NEXT to mitigate the associated risks?

A. DLP
B. Mail gateway
C. Data flow enforcement
D. UTM

A. DLP

How well did you know this?

Not at all

Perfectly

The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:

Transaction being requested by unauthorized individuals.- Complete discretion regarding client names, account numbers, and investment information.
Malicious attackers using email to malware and ransomeware.
Exfiltration of sensitive company information.
The cloud-based email solution will provide anti-malware reputation-based scanning, signaturebased scanning, and sandboxing.

Which of the following is the BEST option to resolve the boar’s concerns for this email migration?

A. Data loss prevention
B. Endpoint detection response
C. SSL VPN
D. Application whitelisting

A. Data loss prevention

How well did you know this?

Not at all

Perfectly

A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops.

Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?

A. Increased network latency
B. Unavailable of key escrow
C. Inability to selected AES-256 encryption
D. Removal of user authentication requirements

D. Removal of user authentication requirements

How well did you know this?

Not at all

Perfectly

A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows
remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent
from the log aggregate to a public IP address in the MSSP datacenter for analysis. A security engineer is concerned about the security of the solution and notes the following.

The critical devise send cleartext logs to the aggregator.
The log aggregator utilize full disk encryption.
The log aggregator sends to the analysis server via port 80.- MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.
The data is compressed and encrypted prior to being achieved in the cloud.

Which of the following should be the engineer’s GREATEST concern?

A. Hardware vulnerabilities introduced by the log aggregate server
B. Network bridging from a remote access VPN
C. Encryption of data in transit
D. Multinancy and data remnants in the cloud

C. Encryption of data in transit

How well did you know this?

Not at all

Perfectly

A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals.

Which of the following does the business’s IT manager need to consider?

A. The availability of personal data
B. The right to personal data erasure
C. The company’s annual revenue
D. The language of the web application

B. The right to personal data erasure

How well did you know this?

Not at all

Perfectly

A company publishes several APIs for customers and is required to use keys to segregate customer data sets.

Which of the following would be BEST to use to store customer keys?

A. A trusted platform module
B. A hardware security module
C. A localized key store
D. A public key infrastructure

B. A hardware security module

How well did you know this?

Not at all

Perfectly

An organization wants to perform a scan of all its systems against best practice security configurations. Which of the following SCAP standards, when combined, will enable the organization to view each of the configuration checks in a machine-readable checklist format for fill automation? (Choose two.)

A. ARF
B. XCCDF
C. CPE
D. CVE
E. CVSS
F. OVAL

B & F

How well did you know this?

Not at all

Perfectly

A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company’s Chief Financial Officer loses a phone multiple times a year.

Which of the following will MOST likely secure the data on the lost device?

A. Require a VPN to be active to access company data.
B. Set up different profiles based on the person’s risk.
C. Remotely wipe the device.
D. Require MFA to access company applications.

C. Remotely wipe the device.

How well did you know this?

Not at all

Perfectly

A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization’s headquarters location. The solution must also have the lowest power requirement on the CA.

Which of the following is the BEST solution?

A. Deploy an RA on each branch office.
B. Use Delta CRLs at the branches.
C. Configure clients to use OCSP.
D. Send the new CRLs by using GPO.

C. Configure clients to use OCSP.

How well did you know this?

Not at all

Perfectly

After a security incident, a network security engineer discovers that a portion of the company’s sensitive external traffic has been redirected through a secondary ISP that is not normally used.

Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?

A. Disable BGP and implement a single static route for each internal network.
B. Implement a BGP route reflector.
C. Implement an inbound BGP prefix list.
D. Disable BGP and implement OSPF.

C. Implement an inbound BGP prefix list.

How well did you know this?

Not at all

Perfectly

A company’s SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is vulnerable to this active campaign.

Which of the following should the company use to make this determination?

A. Threat hunting
B. A system penetration test
C. Log analysis within the SIEM tool
D. The Cyber Kill Chain

B. A system penetration test

How well did you know this?

Not at all

Perfectly

A security engineer needs to recommend a solution that will meet the following requirements:

Identify sensitive data in the provider’s network
Maintain compliance with company and regulatory guidelines- Detect and respond to insider threats, privileged user threats, and compromised accounts
Enforce datacentric security, such as encryption, tokenization, and access control

Which of the following solutions should the security engineer recommend to address these
requirements?

A. WAF
B. CASB
C. SWG
D. DLP

D. DLP

How well did you know this?

Not at all

Perfectly

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times.

Which of the following should the engineer report as the ARO for successful breaches?

A. 0.5
B. 8
C. 50
D. 36,500

A. 0.5

How well did you know this?

Not at all

Perfectly

A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are
the following:

The network supports core applications that have 99.99% uptime.
Configuration updates to the SD-WAN routers can only be initiated from the management service.
Documents downloaded from websites must be scanned for malware.

Which of the following solutions should the network architect implement to meet the
requirements?

A. Reverse proxy, stateful firewalls, and VPNs at the local sites
B. IDSs, WAFs, and forward proxy IDS
C. DoS protection at the hub site, mutual certificate authentication, and cloud proxy
D. IPSs at the hub, Layer 4 firewalls, and DLP

C. DoS protection at the hub site, mutual certificate authentication, and cloud proxy

How well did you know this?

Not at all

Perfectly

A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.

Which of the following is the BEST solution to meet these objectives?

A. Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.
B. Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.
C. Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.
D. Implement EDR, keep users in the local administrators group, and enable user behavior analytics.

B. Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.

How well did you know this?

Not at all

Perfectly

An organization’s hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.

Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?

A. Deploy a SOAR tool.
B. Modify user password history and length requirements.
C. Apply new isolation and segmentation schemes.
D. Implement decoy files on adjacent hosts.

D. Implement decoy files on adjacent hosts.

How well did you know this?

Not at all

Perfectly

A security analyst is reviewing network connectivity on a Linux workstation and examining the
active TCP connections using the command line.

Which of the following commands would be the BEST to run to view only active Internet connections?

A. sudo netstat -antu | grep “LISTEN” | awk `{print$5}’
B. sudo netstat -nlt -p | grep “ESTABLISHED”
C. sudo netstat -plntu | grep -v “Foreign Address”
D. sudo netstat -pnut -w | column -t -s $’\w’
E. sudo netstat -pnut | grep -P ^tcp

E. sudo netstat -pnut | grep -P ^tcp

How well did you know this?

Not at all

Perfectly

A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking.
After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?

A. Protecting
B. Permissive
C. Enforcing
D. Mandatory

C. Enforcing

How well did you know this?

Not at all

Perfectly

A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from
/var/log/auth.log: graphic.ssh_auth_log.

Which of the following actions would BEST address the potential risks by the activity in the logs?

A. Alerting the misconfigured service account password
B. Modifying the AllowUsers configuration directive
C. Restricting external port 22 access
D. Implementing host-key preferences

C. Restricting external port 22 access

How well did you know this?

Not at all

Perfectly

A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.

Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

A. Scan the code with a static code analyzer, change privileged user passwords, and provide security training.
B. Change privileged usernames, review the OS logs, and deploy hardware tokens.
C. Implement MFA, review the application logs, and deploy a WAF.
D. Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.

C. Implement MFA, review the application logs, and deploy a WAF.

How well did you know this?

Not at all

Perfectly

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable.

Which of the following should the security team recommend FIRST?

A. Investigating a potential threat identified in logs related to the identity management system
B. Updating the identity management system to use discretionary access control
C. Beginning research on two-factor authentication to later introduce into the identity managementsystem
D. Working with procurement and creating a requirements document to select a new IAM system/vendor

D. Working with procurement and creating a requirements document to select a new IAM system/vendor

How well did you know this?

Not at all

Perfectly

An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root access.

Which of the following describes the administrator’s discovery?

A. A vulnerability
B. A threat
C. A breach
D. A risk

A. A vulnerability

How well did you know this?

Not at all

Perfectly

A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.

Which of the following should be the analyst’s FIRST action?

A. Create a full inventory of information and data assets.
B. Ascertain the impact of an attack on the availability of crucial resources.
C. Determine which security compliance standards should be followed.
D. Perform a full system penetration test to determine the vulnerabilities

A. Create a full inventory of information and data assets.

How well did you know this?

Not at all

Perfectly

While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.

Which of the following is the NEXT step the analyst should take after reporting the incident to the
management team?

A. Pay the ransom within 48 hours.
B. Isolate the servers to prevent the spread.
C. Notify law enforcement.
D. Request that the affected servers be restored immediately.

B. Isolate the servers to prevent the spread.

How well did you know this?

Not at all

Perfectly

A security administrator wants to allow external organizations to cryptographically validate the company's domain name in email messages sent by employees. Which of the following should the security administrator implement? A. SPF B. S/MIME C. TLS D. DKIM

D. DKIM

A large enterprise with thousands of users is experiencing a relatively high frequency of malicious activity from the insider threats. Much of the activity appears to involve internal reconnaissance that results in targeted attacks against privileged users and network file shares. Given this scenario, which of the following would MOST likely prevent or deter these attacks? (Choose two.) A. Conduct role-based training for privileged users that highlights common threats against them and covers best practices to thwart attacks B. Increase the frequency at which host operating systems are scanned for vulnerabilities, and decrease the amount of time permitted between vulnerability identification and the application of corresponding patches C. Enforce command shell restrictions via group policies for all workstations by default to limit which native operating system tools are available for use D. Modify the existing rules of behavior to include an explicit statement prohibiting users from enumerating user and file directories using available tools and/or accessing visible resources that do not directly pertain to their job functions E. For all workstations, implement full-disk encryption and configure UEFI instances to require complex passwords for authentication F. Implement application blacklisting enforced by the operating systems of all machines in the enterprise

C & D

A team is at the beginning stages of designing a new enterprise-wide application. The new application will have a large database and require a capital investment in hardware. The Chief Information Officer (IO) has directed the team to save money and reduce the reliance on the datacenter, and the vendor must specialize in hosting large databases in the cloud. Which of the following cloud-hosting options would BEST meet these needs? A. Multi-tenancy SaaS B. Hybrid IaaS C. Single-tenancy PaaS D. Community IaaS

C. Single-tenancy PaaS

Legal authorities notify a company that its network has been compromised for the second time in two years. The investigation shows the attackers were able to use the same vulnerability on different systems in both attacks. Which of the following would have allowed the security team to use historical information to protect against the second attack? A. Key risk indicators B. Lessons learned C. Recovery point objectives D. Tabletop exercise

B. Lessons learned

A security engineer has implemented an internal user access review tool so service teams can baseline user accounts and group memberships. The tool is functional and popular among its initial set of onboarded teams. However, the tool has not been built to cater to a broader set of internal teams yet. The engineer has sought feedback from internal stakeholders, and a list of summarized requirements is as follows: - The tool needs to be responsive so service teams can query it, and then perform an automated response action. - The tool needs to be resilient to outages so service teams can perform the user access review at any point in time and meet their own SLAs. - The tool will become the system-of-record for approval, reapproval, and removal life cycles of group memberships and must allow for data retrieval after failure. Which of the following need specific attention to meet the requirements listed above? (Choose three.) A. Scalability B. Latency C. Availability D. Usability E. Recoverability F. Maintainability

B, C, & E

A newly hired systems administrator is trying to connect a new and fully updated, but very customized, Android device to access corporate resources. However, the MDM enrollment process continually fails. The administrator asks a security team member to look into the issue. Which of the following is the MOST likely reason the MDM is not allowing enrollment? A. The OS version is not compatible B. The OEM is prohibited C. The device does not support FDE D. The device is rooted

D. The device is rooted

The risk subcommittee of a corporate board typically maintains a master register of the most prominent risks to the company. A centralized holistic view of risk is particularly important to the corporate Chief Information Security Officer (CISO) because: A. IT systems are maintained in silos to minimize interconnected risks and provide clear risk boundaries used to implement compensating controls B. risks introduced by a system in one business unit can affect other business units in ways in which the individual business units have no awareness C. corporate general counsel requires a single system boundary to determine overall corporate risk exposure D. major risks identified by the subcommittee merit the prioritized allocation of scare funding to address cybersecurity concerns

B. risks introduced by a system in one business unit can affect other business units in ways in which the individual business units have no awareness

A hospital's security team recently determined its network was breached and patient data was accessed by an external entity. The Chief Information Security Officer (CISO) of the hospital approaches the executive management team with this information, reports the vulnerability that led to the breach has already been remediated, and explains the team is continuing to follow the appropriate incident response plan. The executive team is concerned about the hospital's brand reputation and asks the CISO when the incident should be disclosed to the affected patients. Which of the following is the MOST appropriate response? A. When it is mandated by their legal and regulatory requirements B. As soon as possible in the interest of the patients C. As soon as the public relations department is ready to be interviewed D. When all steps related to the incident response plan are completed E. Upon the approval of the Chief Executive Officer (CEO) to release information to the public

A. When it is mandated by their legal and regulatory requirements

An organization has employed the services of an auditing firm to perform a gap assessment in preparation for an upcoming audit. As part of the gap assessment, the auditor supporting the assessment recommends the organization engage with other industry partners to share information about emerging attacks to organizations in the industry in which the organization functions. Which of the following types of information could be drawn from such participation? A. Threat modeling B. Risk assessment C. Vulnerability data D. Threat intelligence E. Risk metrics F. Exploit frameworks

B. Risk assessment

A business is growing and starting to branch out into other locations. In anticipation of opening an office in a different country, the Chief Information Security Officer (CISO) and legal team agree they need to meet the following criteria regarding data to open the new office: - Store taxation-related documents for five years - Store customer addresses in an encrypted format - Destroy customer information after one year - Keep data only in the customer's home country Which of the following should the CISO implement to BEST meet these requirements? (Choose three.) A. Capacity planning policy B. Data retention policy C. Data classification standard D. Legal compliance policy E. Data sovereignty policy F. Backup policy G. Acceptable use policy H. Encryption standard

B, E, & H

An organization developed a social media application that is used by customers in multiple datacenter are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application: - Low latency for all mobile user to improve the users' experience - SSL offloading to improve web server performance - Protection against DoS and DDoS attacks - High availability Which of the following should the organization implement to BEST ensure all requirements are met? A. A cache server farm in its datacenter B. A load-balanced group of reverse proxy servers with SSL acceleration C. A CDN with the origin set to its datacenter D. Dual gigabit-speed Internet connections with managed DDoS prevention

C. A CDN with the origin set to its datacenter

An engineer is assisting with the design of a new virtualized environment that will house critical company services and reduce the datacenter's physical footprint. The company has expressed concern about the integrity of operating systems and wants to ensure a vulnerability exploited in one datacenter segment would not lead to the compromise of all others. Which of the following design objectives should the engineer complete to BEST mitigate the company's concerns? (Choose two.) A. Deploy virtual desktop infrastructure with an OOB management network B. Employ the use of vTPM with boot attestation C. Leverage separate physical hardware for sensitive services and data D. Use a community CSP with independently managed security services E. Deploy to a private cloud with hosted hypervisors on each physical machine

A & C

A systems administrator is preparing to run a vulnerability scan on a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produce accurate information especially regarding configuration settings. Which of the following scan types will provide the systems administrator with the MOST accurate information? A. A passive, credentialed scan B. A passive, non-credentialed scan C. An active, non-credentialed scan D. An active, credentialed scan

D. An active, credentialed scan

A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that an important legacy embedded system gathers SNMP information from various devices. The system can only be managed through a web browser running Flash. The embedded system will be replaced within the year but is still critical at the moment. Which of the following should the security administrator do to mitigate the risk? A. Explain to the networking team the reason Flash is no longer available and insist the team move up the timetable for replacement. B. Air gap the legacy system from the network and dedicate a laptop with an end-of-life OS on it to connect to the system via crossover cable for management. C. Suggest that the networking team contact the original embedded system's vendor to get an update to the system that does not require Flash. D. Isolate the management interface to a private VLAN where a legacy browser in a VM can be used as needed to manage the system.

D. Isolate the management interface to a private VLAN where a legacy browser in a VM can be used as needed to manage the system.

A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company's managed database, exposing customer information. The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach? A. The pharmaceutical company B. The cloud software provider C. The web portal software vendor D. The database software vendor

A. The pharmaceutical company

A host on a company's network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis. Which of the following steps would be best to perform FIRST? A. Turn off the infected host immediately. B. Run a full anti-malware scan on the infected host. C. Modify the smb.conf file of the host to prevent outgoing SMB connections. D. Isolate the infected host from the network by removing all network connections

D. Isolate the infected host from the network by removing all network connections

A company's product site recently had failed API calls, resulting in customers being unable to check out and purchase products. This type of failure could lead to the loss of customers and damage to the company's reputation in the market. Which of the following should the company implement to address the risk of system unavailability? A. User and entity behavior analytics B. Redundant reporting systems C. A self-healing system D. Application controls

D. Application controls

Which of the following represents the MOST significant benefit of implementing a passwordless authentication solution? A. Biometric authenticators are immutable. B. The likelihood of account compromise is reduced. C. Zero trust is achieved. D. Privacy risks are minimized.

B. The likelihood of account compromise is reduced.

A review of the past year's attack patterns show that attackers stopped reconnaissance after finding a susceptible system to compromise. The company would like to find a way to use this information to protect the environment while still gaining valuable attack information. Which of the following would be BEST for the company to implement? A. A WAF B. An IDS C. A SIEM D. A honeypot

D. A honeypot

As part of the customer registration process to access a new bank account, customers are required to upload a number of documents, including their passports and driver's license. The process also requires customers to take a current photo of themselves to be compared against provided documentation. Which of the following BEST describes this process? A. Deepfake B. Know your customer C. Identity proofing D. Passwordless

C. Identity proofing

A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack. Which of the following is the NEXT step of the incident response plan? A. Remediation B. Containment C. Response D. Recovery

B. Containment

A recent data breach stemmed from unauthorized access to an with a cloud-based productivity suite. The attacker exploited excessive permissions granted to a third-party OAuth application to collect sensitive information. Which of the following BEST mitigates inappropriate access and permissions issues? A. SIEM B. CASB C. WAF D. SOAR

B. CASB

QUESTION 160 A security engineer is hardening a company's multihomes SFTP server. When scanning a public-facing network interface, the engineer finds the following ports are open: -22 -25 -110 -137 -138 -139 -445 Internal Windows clients are used to transferring files to the server to stage them for customer download as part of the company's distribution process. Which of the following would be the BEST solution to harden the system? A. Close ports 110, 138, and 139. Bind ports 22, 25, and 137 to only the internal interface. B. Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface. C. Close ports 22 and 139. Bind ports 137, 138, and 445 to only the internal interface. D. Close ports 22, 137, and 138. Bind ports 110 and 445 to only the internal interface

B. Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface.

A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes. Which of the following should a security architect recommend? A. A DLP program to identify which files have customer data and delete them B. An ERP program to identify which processes need to be tracked C. A CMDB to report on systems that are not configured to security baselines D. A CRM application to consolidate the data and provision access based on the process and need

D. A CRM application to consolidate the data and provision access based on the process and need

Which of the following is the MOST important cloud-specific risk from the CSP's viewpoint? A. Isolation control failure B. Management plane breach C. Insecure data deletion D. Resource exhaustion

B. Management plane breach

An organization is developing a disaster recovery plan that requires data to be backed up and available at a moments notice Which of the following should the organization consider FIRST to address this requirement? A. Implement a change management plan to ensure systems are using the appropriate versions. B. Hire additional on-call staff to be deployed if an event occurs. C. Design an appropriate warm site for business continuity. D. Identify critical business processes and determine associated software and hardware requirements.

D. Identify critical business processes and determine associated software and hardware requirements.

Leveraging cryptographic solutions to protect data that is in use ensures the data is encrypted: A. when it is passed across a local network. B. in memory during processing C. when it is written to a system's solid-state drive. D. by an enterprise hardware security module.

B. in memory during processing

A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements: -Support all phases of the SDLC. -Use tailored website portal software. -Allow the company to build and use its own gateway software. -Utilize its own data management platform. -Continue using agent-based security tools. Which of the following cloud-computing models should the CIO implement? A. SaaS B. PaaS C. MaaS D. IaaS

B. PaaS

A security analyst detected a malicious PowerShell attack on a single server. The malware used the Invoke-Expression function to execute an external malicious script. The security analyst scanned the disk with an antivirus application and did not find any IOCs. The security analyst now needs to deploy a protection solution against this type of malware. Which of the following BEST describes the type of malware the solution should protect against? A. Worm B. Logic bomb C. Fileless D. Rootkit

C. Fileless

A development team created a mobile application that contacts a company's back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior. Which of the following would BEST safeguard the APIs? (Choose two.) A. Bot protection B. OAuth 2.0 C. Input validation D. Autoscaling endpoints E. Rate limiting F. CSRF protection

A & E

QUESTION 169 An organizations existing infrastructure includes site-to-site VPNs between datacenters. In the past year, a sophisticated attacker exploited a zero-day vulnerability on the VPN concentrator. Consequently, the Chief Information Security Officer (CISO) is making infrastructure changes to mitigate the risk of service loss should another zero-day exploit be used against the VPN solution. Which of the following designs would be BEST for the CISO to use? A. Adding a second redundant layer of alternate vendor VPN concentrators B. Using Base64 encoding within the existing site-to-site VPN connections C. Distributing security resources across VPN sites D. Implementing IDS services with each VPN concentrator E. Transitioning to a container-based architecture for site-based services

A. Adding a second redundant layer of alternate vendor VPN concentrators

A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user's actions. An investigator took a forensic image of the VM and downloaded the image to a secured USB drive to share with the government. Which of the following should be taken into consideration during the process of releasing the drive to the government? A. Encryption in transit B. Legal issues C. Chain of custody D. Order of volatility E. Key exchange

C. Chain of custody

As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents. Which of the following BEST describes this kind of risk response? A. Risk rejection B. Risk mitigation C. Risk transference D. Risk avoidance

C. Risk transference

A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system. Which of the following security responsibilities will the DevOps team need to perform? A. Securely configure the authentication mechanisms. B. Patch the infrastructure at the operating system. C. Execute port scanning against the services. D. Upgrade the service as part of life-cycle management.

A. Securely configure the authentication mechanisms.

A company's Chief Information Officer wants to implement IDS software onto the current system's architecture to provide an additional layer of security. The software must be able to monitor system activity, provide information on attempted attacks, and provide analysis of malicious activities to determine the processes or users involved. Which of the following would provide this information? A. HIPS B. UEBA C. HIDS D. NIDS

C. HIDS

The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight. Which of the following testing methods would be BEST for the engineer to utilize in this situation? A. Software composition analysis B. Code obfuscation C. Static analysis D. Dynamic analysis

D. Dynamic analysis

A forensic investigator would use the foremost command for: A. cloning disks. B. analyzing network-captured packets. C. recovering lost files. D. extracting features such as email addresses.

C. recovering lost files.

A software company is developing an application in which data must be encrypted with a cipher that requires the following: -Initialization vector -Low latency -Suitable for streaming Which of the following ciphers should the company use? A. Cipher feedback B. Cipher block chaining message authentication code C. Cipher block chaining D. Electronic codebook

A. Cipher feedback

An organization that provides a SaaS solution recently experienced an incident involving customer data loss. The system has a level of self-healing that includes monitoring performance and available resources. When the system detects an issue, the self-healing process is supposed to restart parts of the software. During the incident, when the self-healing system attempted to restart the services, available disk space on the data drive to restart all the services was inadequate. The self-healing system did not detect that some services did not fully restart and declared the system as fully operational. Which of the following BEST describes the reason why the silent failure occurred? A. The system logs rotated prematurely. B. The disk utilization alarms are higher than what the service restarts require. C. The number of nodes in the self-healing cluster was healthy. D. Conditional checks prior to the service restart succeeded.

D. Conditional checks prior to the service restart succeeded.

A security consultant needs to set up wireless security for a small office that does not have Active Directory. Despite the lack of central account management, the office manager wants to ensure a high level of defense to prevent brute-force attacks against wireless authentication. Which of the following technologies would BEST meet this need? A. Faraday cage B. WPA2 PSK C. WPA3 SAE D. WEP 128 bit

C. WPA3 SAE

An attack team performed a penetration test on a new smart card system. The team demonstrated that by subjecting the smart card to high temperatures, the secret key could be revealed. Which of the following side-channel attacks did the team use? A. Differential power analysis B. Differential fault analysis C. Differential temperature analysis D. Differential timing analysis

B. Differential fault analysis

A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment. Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant? A. NAC to control authorized endpoints B. FIM on the servers storing the data C. A jump box in the screened subnet D. A general VPN solution to the primary network

C. A jump box in the screened subnet

A networking team was asked to provide secure remote access to all company employees. The team decided to use client-to-site VPN as a solution. During a discussion, the Chief Information Security Officer raised a security concern and asked the networking team to route the Internet traffic of remote users through the main office infrastructure. Doing this would prevent remote users from accessing the Internet through their local networks while connected to the VPN. Which of the following solutions does this describe? A. Full tunneling B. Asymmetric routing C. SSH tunneling D. Split tunneling

A. Full tunneling

A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility. Which of the following systems should the consultant review before making a recommendation? A. CAN B. ASIC C. FPGA D. SCADA

D. SCADA

Company A acquired Company B. During an audit, a security engineer found Company B's environment was inadequately patched. In response, Company A placed a firewall between the two environments until Company B's infrastructure could be integrated into Compaprogram. Which of the following risk-handling techniques was used? A. Accept B. Avoid C. Transfer D. Mitigate

D. Mitigate

An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact. Which of the following should the organization perform NEXT? A. Assess the residual risk. B. Update the organization's threat model. C. Move to the next risk in the register. D. Recalculate the magnitude of impact.

A. Assess the residual risk.

A software house is developing a new application. The application has the following requirements: -Reduce the number of credential requests as much as possible -Integrate with social networks -Authenticate users Which of the following is the BEST federation method to use for the application? A. WS-Federation B. OpenID C. OAuth D. SAML

D. SAML

A company is looking for a solution to hide data stored in databases. The solution must meet the following requirements: -Be efficient at protecting the production environment -Not require any change to the application -Act at the presentation layer Which of the following techniques should be used? A. Masking B. Tokenization C. Algorithmic D. Random substitution

A. Masking

A forensic expert working on a fraud investigation for a US-based company collected a few disk images as evidence. Which of the following offers an authoritative decision about whether the evidence was obtained legally? A. Lawyers B. Court C. Upper management team D. Police

B. Court

Technicians have determined that the current server hardware is outdated, so they have decided to throw it out. Prior to disposal, which of the following is the BEST method to use to ensure no data remnants can be recovered? A. Drive wiping B. Degaussing C. Purging D. Physical destruction

D. Physical destruction

A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence. Which of the following techniques would BEST support this? A. Configuring systemd services to run automatically at startup B. Creating a backdoor C. Exploiting an arbitrary code execution exploit D. Moving laterally to a more authoritative server/service

B. Creating a backdoor

A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic. When designing the solution, which of the following threats should the security architect focus on to precent attacks against the OT network? A. Packets that are the wrong size or length B. Use of any non-DNP3 communication on a DNP3 port C. Multiple solicited responses over time D. Application of an unsupported encryption algorithm

B. Use of any non-DNP3 communication on a DNP3 port

A security administrator configured the account policies per security implementation guidelines. However, the accounts still appear to be susceptible to brute-force attacks. The following settings meet the existing compliance guidelines: -Must have a minimum of 15 characters -Must use one number -Must use one capital letter -Must not be one of the last 12 passwords used Which of the following policies should be added to provide additional security? A. Shared accounts B. Password complexity C. Account lockout D. Password history E. Time-based logins

C. Account lockout

A cybersecurity analyst discovered a private key that could have been exposed. Which of the following is the BEST way for the analyst to determine if the key has been compromised? A. HSTS B. CRL C. CSRs D. OCSP

B. CRL

Which of the following technologies allows CSPs to add encryption across multiple data storages? A. Symmetric encryption B. Homomorphic encryption C. Data dispersion D. Bit splitting

D. Bit splitting

A vulnerability scanner detected an obsolete version of an open-source file-sharing application on one of the company's Linus servers. While the software version is no longer supported by the OSS community, the company's Linux vendor backported fixes, applied them for all current vulnerabilities, and agrees to support the software in the future. Based on this agreement, this finding is BEST categorized as a: A. true positive. B. true negative. C. false positive. D. false negative.

A. true positive.

A company's Chief Information Security Officer is concerned that the company's proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC. Which of the following compensating controls would be BEST to implement in this situation? A. EDR B. SIEM C. HIDS D. UEBA

B. SIEM

A security team received a regulatory notice asking for information regarding collusion and pricing from staff members who are no longer with the organization. The legal department provided thesecurity team with a list of search terms to investigate. This is an example of: A. due intelligence B. e-discovery. C. due care. D. legal hold.

B. e-discovery.

Which of the following protocols is a low power, low data rate that allows for the creation of PAN networks? A. Zigbee B. CAN C. DNP3 D. Modbus

A. Zigbee

An organization's assessment of a third-party, non-critical vendor reveals that the vendor does not have cybersecurity insurance and IT staff turnover is high. The organization uses the vendor to move customer office equipment from one service location to another. The vendor acquires customer data and access to the business via an API. Given this information, which of the following is a noted risk? A. Feature delay due to extended software development cycles B. Financial liability from a vendor data breach C. Technical impact to the API configuration D. The possibility of the vendor's business ceasing operations

B. Financial liability from a vendor data breach

Which of the following agreements includes no penalties and can be signed by two entities that are working together toward the same goal? A. MOU B. NDA C. SLA D. ISA

A. MOU

A security architect is given the following requirements to secure a rapidly changing enterprise with an increasingly distributed and remote workforce: - Cloud-delivered services - Full network security stack - SaaS application security management - Minimal latency for an optimal user experience - Integration with the cloud 1AM platform Which of the following is the BEST solution? A. Routing and Remote Access Service (RRAS) B. NGFW C. Managed Security Service Provider (MSSP) D. SASE

D. SASE

An HVAC contractor requested network connectivity permission to remotely support/troubleshoot equipment issues at a company location. Currently, the company does not have a process that allows vendors remote access to the corporate network. Which of the following solutions represents the BEST course of action to allow the contractor access? A. Add the vendor's equipment to the existing network. Give the vendor access through the standard corporate VPN B. Give the vendor a standard desktop PC to attach the equipment. Give the vendor access throughthe standard corporate VPN C. Establish a certification process for the vendor. Allow certified vendors access to the VDI tomonitor and maintain the HVAC equipment D. Create a dedicated segment with no access to the corporate network. Implement dedicated VPN hardware for vendor access

D. Create a dedicated segment with no access to the corporate network. Implement dedicated VPN hardware for vendor access

A company recently acquired a SaaS provider and needs to integrate its platform into the company's existing infrastructure without impact to the customer's experience. The SaaS provider does not have a mature security program. A recent vulnerability scan of the SaaS provider's systems shows multiple critical vulnerabilities attributed to very old and outdated OSs. Which of the following solutions would prevent these vulnerabilities from being introduced into the company's existing infrastructure? A. Segment the systems to reduce the attack surface if an attack occurs B. Migrate the services to new systems with a supported and patched OS. C. Patch the systems to the latest versions of the existing OSs D. Install anti-malware. HIPS, and host-based firewalls on each of the systems

B. Migrate the services to new systems with a supported and patched OS.

An organization decided to begin issuing corporate mobile device users microSD HSMs that must be installed in the mobile devices in order to access corporate resources remotely. Which of the following features of these devices MOST likely led to this decision? (Choose two.) A. Software-backed keystore B. Embedded cryptoprocessor C. Hardware-backed public key storage D. Support for stream ciphers E. Decentralized key management F. TPM 2.0 attestation services

B & C

Which of the following is required for an organization to meet the ISO 27018 standard? A. All Pll must be encrypted. B. All network traffic must be inspected. C. GDPR equivalent standards must be met D. COBIT equivalent standards must be met

A. All Pll must be encrypted.

A vulnerability assessment endpoint generated a report of the latest findings. A security analyst needs to review the report and create a priority list of items that must be addressed. Which of the following should the analyst use to create the list quickly? A. Business impact rating B. CVE dates C. CVSS scores D. OVAL

C. CVSS scores

An organization is researching the automation capabilities for systems within an OT network. A security analyst wants to assist with creating secure coding practices and would like to learn about the programming languages used on the PLCs. Which of the following programming languages is the MOST relevant for PLCs? A. Ladder logic B. Rust C. C D. Python E. Java

A. Ladder logic

A company based in the United States holds insurance details of EU citizens. Which of the following must be adhered to when processing EU citizens' personal, private, and confidential data? A. The principle of lawful, fair, and transparent processing B. The right to be forgotten principle of personal data erasure requests C. The non-repudiation and deniability principle D. The principle of encryption, obfuscation, and data masking

A. The principle of lawful, fair, and transparent processing

A security architect was asked to modify an existing internal network design to accommodate the following requirements for RDP: - Enforce MFA for RDP. - Ensure RDP connections are only allowed with secure ciphers. The existing network is extremely complex and not well segmented. Because of these limitations, the company has requested that the connections not be restricted by network-level firewalls or ACLs. Which of the following should the security architect recommend to meet these requirements? A. Implement a reverse proxy for remote desktop with a secure cipher configuration enforced. B. Implement a bastion host with a secure cipher configuration enforced. C. Implement a remote desktop gateway server, enforce secure ciphers, and configure to use OTP. D. Implement a GPO that enforces TLS cipher suites and limits remote desktop access to only VPN users.

C. Implement a remote desktop gateway server, enforce secure ciphers, and configure to use OTP.

A security engineer is reviewing a record of events after a recent data breach incident that Involved the following: - A hacker conducted reconnaissance and developed a footprint of thecompany s Internet-facing web application assets. - A vulnerability in a third-party horary was exploited by the hacker,resulting in the compromise of a local account. - The hacker took advantage of the account's excessive privileges to access a data store and exfiltrate the data without detection. Which of the following is the BEST solution to help prevent this type of attack from being successful in the future? A. Dynamic analysis B. Secure web gateway C. Software composition analysis D. User behavior analysis E. Web application firewall

E. Web application firewall

A security engineer needs to implement a CASB to secure employee user web traffic. A key requirement is that the relevant event data must be collected from existing on-premises infrastructure components and consumed by the CASB to expand traffic visibility. The solution must be highly resilient to network outages. Which of the following architectural components would BEST meet these requirements? A. Log collection B. Reverse proxy C. AWAF D. API mode

A. Log collection

The Chief information Officer (CIO) wants to implement enterprise mobility throughout the organization. The goal is to allow employees access to company resources. However the CIO wants the ability to enforce configuration settings, manage data, and manage both company owned and personal devices. Which of the following should the CIO implement to achieve this goal? A. BYOO B. CYOD C. COPE D. MDM

D. MDM

A company just released a new video card. Due to limited supply and nigh demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's Intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk? A. Inherent B. Low C. Mitigated D. Residual E. Transferred

D. Residual

A forensic investigator would use the foremost command for: A. cloning disks. B. analyzing network-captured packets. C. recovering lost files. D. extracting features such as email addresses

C. recovering lost files.

A large, multinational company currently has two separate databases. One is used for ERP while the second is used for CRM To consolidate services and infrastructure, it is proposed to combine the databases. The company's compliance manager is asked to review the proposal and is concerned about this integration. Which of the following would pose the MOST concern to the compliance manager? A. The attack surface of the combined database is lower than the previous separate systems, so there likely are wasted resources on additional security controls that will not be needed B. There are specific regulatory requirements the company might be violating by combining these two types of services into one shared platform. C. By consolidating services in this manner, there is an increased risk posed to the organization due to the number of resources required to manage the larger data pool. D. Auditing the combined database structure will require more short-term resources, as the new system will need to be learned by the auditing team to ensure all security controls are in

B. There are specific regulatory requirements the company might be violating by combining these two types of services into one shared platform.

A healthcare system recently suffered from a ransomware incident. As a result, the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits, and had open RDP access to servers with personal health information. As the consultant builds the remediation plan, which of the following solutions would BEST solve these challenges? (Choose three.) A. SD-WAN B. PAM C. Remote access VPN D. MFA E. Network segmentation F. BGP G. NAC

B, D, E

A business wants to migrate its workloads from an exclusively on-premises IT infrastructure to the cloud but cannot implement all the required controls. Which of the following BEST describes the risk associated with this implementation? A. Loss of governance B. Vendor lockout C. Compliance risk D. Vendor lock-in

A. Loss of governance

An auditor needs to scan documents at rest for sensitive text. These documents contain both text and images. Which of the following software functionalities must be enabled in the DLP solution for the auditor to be able to fully read these documents? (Choose two.) A. Document interpolation B. Regular expression pattern matching C. Optical character recognition functionality D. Baseline image matching E. Advanced rasterization F. Watermarking

A & C

Due to adverse events, a medium-sized corporation suffered a major operational disruption that caused its servers to crash and experience a major power outage. Which of the following should be created to prevent this type of issue in the future? A. SLA B. BIA C. BCM D. BCP E. RTO

D. BCP

Which of the following risks does expanding business into a foreign country carry? A. Data sovereignty laws could result in unexpected liability B. Export controls might decrease software costs C. Data ownership might revert to the regulatory entities in the new country D. Some security tools might be monitored by legal authorities

A. Data sovereignty laws could result in unexpected liability

A company Is adopting a new artificial-intelligence-based analytics SaaS solution. This Is the company's first attempt at using a SaaS solution, and a security architect has been asked to determine any future risks. Which of the following would be the GREATEST risk In adopting this solution? A. The inability to assign access controls to comply with company policy B. The inability to require the service provider process data in a specific country C. The inability to obtain company data when migrating to another service D. The inability to conduct security assessments against a service provider

C. The inability to obtain company data when migrating to another service