Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cybersecurity > 131-155 > Flashcards

131-155 Flashcards

1
Q

A corporation is concerned that, if a mobile device is lost, any sensitive information on the device could be
accessed by third parties. Which of the following would BEST prevent this from happening? (Select TWO).

A. Initiate remote wiping on lost mobile devices.
B. Use FDE and require PINs on all mobile devices.
C. Use geolocation to track lost devices
D. Require biometric logins on all mobile devices.
E. Install antivirus on mobile endpoints.
F. Patch cirtical vulnerabilities at least daily.

A

A. Initiate remote wiping on lost mobile devices.
B. Use FDE and require PINs on all mobile devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A security administrator’s review of network logs indicates unauthorized network access, the source of which
appears to be wired data jacks in the lobby area. Which of the following represents the BEST course of action
to prohibit this access?

A. Enabling BDPU guard
B. Enabling loop prevention
C. Enabling port security
D. Enabling anti-spoofing

A

C. Enabling port security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

which of the following is the BEST use of a WAF?

A. To protect sites on web servers that are publicly accessible
B. To allow access to web services of internal users of the organization
C. To maintain connection status of all HTTP requests
D. To deny access to all websites with certain contents

A

A. To protect sites on web servers that are publicly accessible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A technician is auditing network security by connecting a laptop to open hardwired jacks within the facility to
verify they cannot connect. Which of the following is being tested?

A. Layer 3 routing
B. Port security
C. Secure IMAP
D. SMIME

A

B. Port security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A security professional wants to test a piece of malware that was isolated on a user’s computer to document
its effect on a system. Which of the following is the FIRST step the security professional should take?

A. Create a sandbox on the machine.
B. Open the file and run it.
C. Create a secure baseline of the system state.
D. Harden the machine.

A

A. Create a sandbox on the machine.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A forensic analyst is creating a report of findings for litigation purposes. The analyst must ensure data is
preserved using all elements of the CIA triad. Given this scenario, which of the following should the analyst
use to BEST meet these requirements?

A. Hashing for confidentiality, full backups for integrity, and encryption for availability
B. Full backups for confidentiality, encryption for integrity, and hashing for availability
C. Hashing for confidentiality, encryption for integrity, and full backup for availability
D. Encryption for confidentiality, hashing for integrity, and full backups for availability

A

D. Encryption for confidentiality, hashing for integrity, and full backups for availability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An attacker had obtained the user ID and password of a datacenter’s backup operator and has gained access
to a production system. Which of the following would be the attacker’s NEXT action?

A. Perform a passive reconnaissance of the network.
B. Initiate a confidential data exfiltration process.
C. Look for known vulnerabilities to escalate privileges.
D. Create an alternate user ID to maintain persistent access.

A

C. Look for known vulnerabilities to escalate privileges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A healthcare company is revamping its IT strategy in light of recent regulations. The company is concerned
about compliance and wants to use a pay-per-use model. Which of the following is the BEST solution?

A. On-premise hosting
B. Community cloud
C. Hosted infrastucture
D. Public SaaS

A

B. Community cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A developer wants to use a life-cycle model that utilizes a cascade model and has a definite beginning and
end to each stage. Which of the following models BEST meets this need?

A. Agile
B. Iterative
C. Waterfall
D. Spiral

A

C. Waterfall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A security administrator wants to implement a system that will issue digital security tokens, which require the
following:

The token-generating system must be distributed and decentralized.
The validity of each token must be verifiable.
Transaction and token integrity are more important that the confidentiality of the token.’
Which of the following should the administrator implement?

A. PKI with OCSP
B. GPG
C. Web of trust
D. Blockchain
E. Cryptographic service provider

A

D. Blockchain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An organizations’ policy requires users to create passwords with an uppercase letter, lowercase letter, number,
and symbol. This policy is enforced with technical controls, which also prevents users from using any of their
previous 12 passwords. The organization does not use single sign-on, nor does it centralize storage of
passwords.
The incident response team recently discovered that passwords for one system were compromised.
Passwords for a completely separate system have NOT been compromised, but unusual login activity has
been detected for that separate system. Account login has been detected for users who are on vacation.
Which of the following BEST describes what is happening?

A. Some users are meeting password complexity requirements but not password length requirements.
B. The password history is insufficient, and old passwords are still valid across many different systems.
C. Some users are reusing passwords, and some of the compromised passwords are valid on multiple
systems.
D. The compromised password file has been brute-force hacked, and the complexity requirements are not
adequate to mitigate this risk.

A

C. Some users are reusing passwords, and some of the compromised passwords are valid on multiple
systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following BEST distinguishes Agile development from other methodologies in terms of
vulnerability management?

A. Cross-functional teams
B. Rapid deployments
C. Daily standups
D. Peer review
E. Creating user stories

A

B. Rapid deployments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A network administrator is ensuring current account policies and procedures are following best practives and
will not be flagges in an upcoming audit. While running reports on current group memberships, the network
administrator logs the following access:
User Current Job title Accounting group HR group IT group Research
group
User1 IT help desk rep x x x
User2 Senior Accountant x x x x
User3 Product development Mgr x x x
User4 HR representative x x
Upon further review, the network administrator discovers all of these employees have been in their current
positions for at least two years. Which of the following practices should the network administrator recommend
for this scenario?
A. permission and usage reviews that occur on a regularly scheduled basis
B. Separating of duties and time-of-day restrictions for accounts with privileged access
C. Inactive account disablement and setting of expiration dates for all new service accounts
D. Immediate review of group nesting policies to prevent excessive permissions from occurring again

A

A. permission and usage reviews that occur on a regularly scheduled basis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following documents would provide specific guidance regarding ports and protocols that should
be disabled on an operating system?

A. Regulatory requirements
B. Secure configuration guide
C. Application installation guide
D. User manuals

A

B. Secure configuration guide

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A state-sponsored threat actor has launched several successful attacks against a corporate network. Although
the target has a robust patch management program in place, the attacks continue in depth and scope, and the
security department has no idea how the attacks are able to gain access. Given that patch management and
vulnerability scanner are being used, which of the following would be used to analyze the attack methodology?

A. rogue system detection
B. Honeypots
C. Next-generation firewall
D. Penetration test

A

B. Honeypots

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A dumpster diver was able to retrieve hard drives from a competitor’s trash bin. After installing the hard
drives and running common data recovery software, sensitive information was recovered. In which of the
following ways did the competitor apply media sanitation?

A. Pulverizing
B. Degaussing
C. Encrypting
D. Formatting

A

D. Formatting

17
Q

A company is examining possible locations for a hot site. Which of the following considerations is of MOST
concern if the replication technology being used is highly sensitive to network latency?
A. Connection to multiple power substations
B. Location proximity to the production site
C. Ability to create separate caged space
D. Positioning of the site across international borders

A

D. Positioning of the site across international borders

18
Q

A forensic analyst needs to collect physical evidence that may be used in legal proceedings. Which of the
following should be used to ensure the evidence remains admissible in court?

A. Bit-level image
B. Chain of custody
C. Log capture
D. Incident response plan

A

B. Chain of custody

19
Q

An administrator is disposing of media that contains sensitive information. Which of the following will provide
the MOST effective method to dispose of the media while ensuring the data will be unrecoverable?

A. Wipe the hard drive.
B. Shred the hard drive.
C. Sanitize all of the data.
D. Degauss the hard drive.

A

B. Shred the hard drive.

20
Q

A security analyst wants to ensure the integrity of a file downloaded from the Internet The name of the file is
code.zip. The analyst uses the vendor website to determine the 160-bit fingerprint of the input, and then
reviews the following output:
8532f8c0bcb335cf231ec09e02da8f77e921e4c0 code.zip
Which of the following can be determined from this output?

A. A message digest of 160 bits should be SHA-1 hash. The message digest listed is for MD5.
B. A message digest of 160 bits should be SHA-1 hash. The message digest listed is for SHA-1.
C. A message digest of 160 bits should be MD5 hash. The message digest listed is for MD5.
D. A message digest of 160 bits should be MD5 hash. The message digest listed is for SHA-1.

A

B. A message digest of 160 bits should be SHA-1 hash. The message digest listed is for SHA-1.

21
Q

In highly secure environments where the risk of malicious actors attempting to steal data is high, which of the
following is the BEST reason to deploy Faraday cages?

A. To provide emanation control to prevent credential harvesting
B. To minimize signal attenuation over distances to maximize signal strength
C. To minimize external RF interference with embedded processors
D. To protect the integrity of audit logs from malicious alteration

A

A. To provide emanation control to prevent credential harvesting

22
Q

A network administrator is implementing multifactor authentication for employees who travel and use
company devices remotely by using the company VPN. Which of the following would provide the required
level of authentication?

A. 802.1X and OTP
B. Fingerprint scanner and voice recognition
C. RBAC and PIN
D. Username/Password and TOTP

A

D. Username/Password and TOTP

23
Q

An organization needs to integrate with a third-party cloud application. The organization has 15000 users and
does not want to allow the cloud provider to query its LDAP authentication server directly. Which of the
following is the BEST way for the organization to integrate with the cloud application?

A. Upload a separate list of users and passwords with a batch import.
B. Distribute hardware tokens to the users for authentication to the cloud.
C. Implement SAML with the organization’s server acting as the identity provider.
D. Configure a RADIUS federation between the organization and the cloud provider.

A

D. Configure a RADIUS federation between the organization and the cloud provider.

24
Q

An organization is building a new customer services team, and the manager needs to keep the team focused
on customer issues and minimize distractions. The users have a specific set of tools installed, which they
must use to perform their duties. Other tools are not permitted for compliance and tracking purposes. Team
members have access to the Internet for product lookups and to research customer issues. Which of the
following should a security engineer employ to fulfill the requirements for the manager?

A. Install a web application firewall.
B. Install HIPS on the team’s workstations.
C. Implement containerization on the workstations.
D. Configure whitelisting for the team.

A

D. Configure whitelisting for the team.

25
Q

A technician is investigating a report of unusual behivior and slow performance on a company-owned Laptop.
The technician runs a command and reviews the following information:
Proto Local Address Foreign Address State
TCP 0.0.0.0:445 Listening RpcSs
TCP 0.0.0.0:80 Listening httpd.exe
TCP 0.0.0.0:443 192.168.1.20:1301 Established httpd.exe
TCP 0.0.0.0:90328 172.55.80.22:9090 Established notepadexe
Based on the above information, which of the following types of malware should the technician report?

A. Spyware
B. Rootkit
C. RAT
D. Logic bomb

A

C. RAT

Cybersecurity (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions