151-200

Question 1

Which of the following would be MOST effective to contain a rapidly spreading attack that is affecting a large number of organizations?

A Machine learning
B DNS sinkhole
C Blocklist
D Honeypot

Answer 1

B. DNS sinkhole

Question 2

A business is looking for a cloud service provider that offers a la carte services, including cloud backups, VM elasticity, and secure networking. Which of the following cloud service provider types should the business engage?

A laaS
B PaaS
C XaaS
D SaaS

Answer 2

A. LaaS

Question 3

A security analyst needs to implement an MDM solution for BOD users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration that might occur if the devices are lost or stolen. Which of the following would BEST meet these requirements? (Choose two.)

A Full device encryption
B Network usage rules
C Geofencing
D Containerization
E Application approve list
F Remote control

Answer 3

D. Contanerization
F. Remote control

Question 4

A company currently uses passwords for logging in to company-owned devices and wants to add a second authentication factor. Per corporate policy, users are not allowed to have smartphones at their desks. Which of the following would meet these requirements?

A Smart card
B PIN code
C Knowledge-based question
D Secret key

Answer 4

A. Smart card

Question 5

Which of the following techniques eliminates the use of rainbow tables for password cracking?

A Hashing
B Tokenization
C Asvmmetric encryption
D Salting

Answer 5

D. Salting

Question 6

An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

A Compromise
B Retention
C Analysis
D Transfer
E Inventory

Answer 6

B. Retention

Question 7

A company is considering transitioning to the cloud. The company employs individuals from various locations around the world. The company does not want to increase its on premises infrastructure blueprint and only wants to pay for additional compute power required. Which of the following solutions would BEST meet the needs of the company?

A Private cloud
B Hybrid environment
C Managed security service provider
D Hot backup site

Answer 7

B. Hybrid environment

Question 8

A recent vulnerability scan revealed multiple servers have non-standard ports open for applications that are no longer in use. The security team is working to ensure all devices are patched and hardened. Which of the following would the security team perform to ensure the task is completed with minimal impact to production?

A Enable HIDS on all servers and endpoints.
B Disable unnecessary services
C Configure the deny list appropriately on the NGFW.
D Ensure the antivirus is up to date.

Answer 8

B. Disable unnecessary services

Question 9

A user downloaded an extension for a browser and the user’s device later became infected. The analyst who is investigating the incident saw various logs where the attacker was hiding activity by deleting data. The following was observed running:

New-Partition -DiskNumber 2 -UseMaximumSize -AssignDriveLetter C| Format-Volume -DriveLetter C - FileSystemLabel “New”-FileSystem NTFS - Full -Force -Confirm: $false |
Which of the following is the malware using to execute the attack?

A PowerShell
B Python
C Bash
D Macros

Answer 9

A. PowerShell

Question 10

An organization maintains several environments in which patches are developed and tested before being deployed to an operational status. Which of the following is the environment in which patches will be deployed just prior to being put into an operational status?

A Development
B Test
C Production
D Staging

Answer 10

C. Production

Question 11

Which of the following is required in order for an IDS and a WAF to be effective on HTTPS traffic?

A Hashing
B DNS sinkhole
C TLS inspection
D Data masking

Answer 11

C. TLS inspection

Question 12

A security engineer is hardening existing solutions to reduce application vulnerabilities. Which of the following solutions should the engineer implement FIRST? (Choose two.)

A Auto-update
B HTTP headers
C Secure cookies
D Third-party updates
E Full disk encryption
F Sandboxing
G Hardware encryption

Answer 12

A. Auto-update
F. Sandboxing

Question 13

Which of the following is the MOST likely reason for securing an air-gapped laboratory HVAC system?

A To avoid data leakage
B To protect surveillance logs
C To ensure availability
D To facilitate third-party access

Answer 13

C. To ensure availability

Question 14

Which of the following should customers who are involved with UI developer agreements be concerned with when considering the use of these products on highly sensitive projects?

A Weak configurations
B Integration activities
C Unsecure user accounts
D Outsourced code development

Answer 14

C Unsecure user accounts

Question 15

A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?

A Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.
B Restrict administrative privileges and patch all systems and applications.
C Rebuild all workstations and install new antivirus software.
D Implement application whitelisting and perform user application hardening

Answer 15

B. Restrict administrative privileges and patch all systems and applications.

Question 16

During a recent incident, an external attacker was able to exploit an SMB vulnerability over the internet. Which of the following action items should a security analyst perform FIRST to prevent this from occurring again?

A Check for anv recent SMB CVEs.
B Install AV on the affected server.
C Block unneeded TCP 445 connections.
D Deploy a NIDS in the affected subnet.

Answer 16

C. Block unneeded TCP 445 connections.

Question 17

Which of the following would be the BEST way to analyze diskless malware that has infected a VDI?

A Shut down the VDI and copy off the event logs.
B Take a memory snapshot of the running system.
C Use NetFlow to identify command-and-control IPs.
D Run a full on-demand scan of the root volume

Answer 17

B. Take a memory snapshot of the running system

Question 18

Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

A Disaster recovery plan
B Incident response procedure
C Business continuity plan
D Change management procedure

Answer 18

D. Change management procedure

Question 19

Which of the following rales is responsible for defining the protection type and classification type for a given set of files?

A General counsel
B Data owner
C Risk manager
D Chief Information Officer

Answer 19

B Data owner

Question 20

Audit logs indicate an administrative account that belongs to a security engineer has been locked out multiple times during the day. The security engineer has been on vacation for a few days.

Which of the following attacks can the account lockout be attributed to?

A Backdoor
B Brute-force
C Rootkit
D Trojan

Answer 20

B. Brute-force

Question 21

After returning from a conference, a user’s laptop has been operating slower than normal and overheating, and the fans have been running constantly. During the diagnosis process, an unknown piece of hardware is found connected to the laptop’s motherboard. Which of the following attack vectors was exploited to install the hardware?

A Removable media
B Spear phishing
C Supply chain
D Direct access

Answer 21

C. Supply chain

Question 22

A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place?

A Recovery
B Identification
C Lessons learned
D Preparation

Answer 22

C. Lessons learned

Question 23

A security analyst is scanning a company’s public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

A Changing the remote desktop port to a non-standard number
B Setting up a VPN and placing the jump server inside the firewall
C Using a proxy for web connections from the remote desktop server
D Connecting the remote server to the domain and increasing the password length

Answer 23

B. Setting up a VPN and placing the jump server inside the firewall

Question 24

A company is switching to a remote work model for all employees. All company and employee resources will be in the cloud. Employees must use their personal computers to access the cloud computing environment. The company will manage the operating system. Which of the following deployment models is the company implementing?

A CYOD
B MDM
C COPE
D VDI

Answer 24

C. COPE

Question 25

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO’s report?

A Insider threat
B Hacktivist
C Nation-state
D Organized crime

Answer 25

D. Organized crime

Question 26

An administrator needs to protect user passwords and has been advised to hash the passwords. Which of the following BEST describes what the administrator is being advised to do?

A Perform a mathematical operation on the passwords that will convert them into unique strings
B Add extra data to the passwords so their length is increased, making them harder to brute force.
C Store all passwords in the system in a rainbow table that has a centralized location.
D Enforce the use of one-time passwords that are changed for every login session.

Answer 26

A. Perform a mathematical operation on the passwords that will convert them into unique strings

Question 27

A vulnerability has been discovered and a known patch to address the vulnerability does not exist. Which of the following controls works BEST until a proper fix is released?

A Detective
B Compensating
C Deterrent
D Corrective

Answer 27

B. Compensating

Question 28

A security team suspects that the cause of recent power consumption overloads is the unauthorized use of empty power outlets in the network rack. Which of the following options will mitigate this issue without compromising the number of outlets available?

A Adding a new UPS dedicated to the rack
B Installing a managed PDU
C Using only a dual power supplies unit
D Increasing power generator capacity

Answer 28

B. Installing a managed PDU

Question 29

An attacker is targeting a company. The attacker notices that the company’s employees frequently access a particular website. The attacker decides to infect the website with malware and hopes the emplovees’ devices will also become infected. Which of the follow ng techniques is the attacker using?

A Watering-hole attack
B Pretexting
C Typosquatting
D Impersonation

Answer 29

A. Watering-hole attack

Question 30

A security analyst is looking for a solution to help communicate to the leadership team the severity levels of the organization’s vulnerabilities. Which of the following would BEST meet this need?

A CVE
B SIEM
C SOAR
D CVSS

Answer 30

D. CVSS

Question 31

A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels, however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee’s COPE tablet and passed to the competitor via cloud storage. Which of the following is the best mitigation strategy to prevent this from happening in the future?

A User training
B CASB
C MDM
D EDR

Answer 31

B. CASB

Question 32

A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resoive the issue. The security administrator is concerned that servers in the company’s perimeter network will be vulnerable to external attack, however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the perimeter network as a workaround to protect the servers?
[Choose two.)

A 135
B 139
C 143
D 161
E 443
F 445

Answer 32

A. 135
F. 445

Question 33

Server administrators want to configure a cloud solution so that computing memory and processor usage is maximized most efficiently across a number of virtual servers. They also need to avoid potential denial-of-service situations caused by availability. Which of the following should administrators configure to maximize system availability while efficiently utilizing available computing power?

A Dynamic resource allocation
B High availability
C Segmentation
D Container security

Answer 33

B. High availability

Question 34

DDoS attacks are causing an overload on the cluster of cloud servers. A security architect is researching alternatives to make the cloud environment respond to load fluctuation in a cost-effective way. Which of the following options BEST fulfills the architect’s requirements?

A An orchestration solution that can adjust scalability of cloud assets
B Use of multipath by adding more connections to cloud storage
C Cloud assets replicated on geographically distributed regions
D An on-site backup that is displayed and only used when the load increases

Answer 34

A. An orchestration solution that can adjust scalability of cloud assets

Question 35

Which of the following incident response phases should the proper collection of the detected loCs and establishment of a chain of custody be performed before?

A Containment
B Identification
C Preparation
D Recovery

Answer 35

B. Identification

Question 36

An audit report indicates multiple suspicious attempts to access company resources were made. These attempts were not detected by the company. Which of the following would be the best solution to implement on the company’s network?

A Intrusion prevention system
B Proxy server
C Jump server
D Security zones

Answer 36

A. Intrusion prevention system

Question 37

A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

A Data masking
B Encryption
C Geolocation policy
D Data sovereignty regulation

Answer 37

C. Geolocation policy

Question 38

A news article states hackers have been selling access to loT camera feeds. Which of the following is the MOST likely reason for this issue?

A Outdated software
B Weak credentials
C Lack of encryption
D Backdoors

Answer 38

B. Weak credentials

Question 39

An attacker replaces a digitally signed document with another version that goes unnoticed. Upon reviewing the document’s contents, the author notices some additional verbiage that was not originally in the document but cannot validate an integrity issue. Which of the following attacks was used?

A Cryptomalware
B Hash substitution
C Collision
D Phishing

Answer 39

B. Hash substitution

Question 40

Which of the following best describes why a company would erase a newly purchased device and install its own image with an operating system and applications?

A Installing a new operating system thoroughly tests the equipment
B Removing unneeded applications reduces the system’s attack surface
C Reimaging a system creates an updated baseline of the computer image
D Wiping the device allows the company to evaluate its performance

Answer 40

B. Removing unneeded applications reduces the system’s attack surface

Question 41

Which of the following uses SAML for authentication?

A TOTP
B Federation
C Kerberos
D HOTP

Answer 41

B. Federation

Question 42

A company develops a complex platform that is composed of a single application. After several issues with upgrades, the systems administrator recommends breaking down the application into unique, independent modules. Which of the following best identifies the systems administrator’s recommendation?

A Virtualization
B Serverless
C Microservices
D API gateway

Answer 42

C. Microservices

Question 43

Which of the following examples would be best mitigated by input sanitization?

A

alert("Warning!") 

B map -p- 10.11.1.130
C Email message: “Click this link to get your free gift card.?
D Browser message: “Your connection is not private.?

Answer 43

A.

alert("Warning!") 

Question 44

A security analyst is evaluating solutions to deploy an additional layer of protection for a web application. The goal is to allow only encrypted communications without relying on network devices.
Which of the following can be implemented?

A HTTP security header
B DNSSEC implementation
C SRTP
D S/MIME

Answer 44

C. SRTP

Question 45

Which of the following is an effective tool to stop or prevent the exfiltration of data from a network?

A DLP
B NIDS
C TPM
D FDE

Answer 45

A. DLP

Question 46

A data center has experienced an increase in under-voltage events following electrical grid maintenance outside the facility. These events are leading to occasional losses of system availability
Which of the following would be the most cost-effective solution for the data center to implement?

A Uninterruptible power supplies with battery backup
B Managed power distribution units to track these events
C Agenerator to ensure consistent, normalized power delivery
D Dual power supplies to distribute the load more evenly

Answer 46

A. Uninterruptible power supplies with battery backup

Question 47

A company labeled some documents with the public sensitivity classification. This means the documents can be accessed by

A employees of other companies and the press
B all members of the department that created the documents.
C only the company’s employees and those listed in the document.
D onlv the individuals listed in the documents.

Answer 47

C. only the company’s employees and those listed in the document.

Question 48

To reduce costs and overhead, an organization wants to move from an on-premises email solution to a cloud-based email solution. At this time, no other services will be moving. Which of the following cloud models would best meet the needs of the organization?

A MaaS
B laaS
C SaaS
D PaaS

Answer 48

C. SaaS

Question 49

A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The file share is located in a local data center. Which of the following should the security architect recommend to BEST meet the requirement?

A Fog computing and KVMs
B VDI and thin clients
C Private cloud and DLP
D Full drive encryption and thick clients

Answer 49

B. VDI and thin clients

Question 50

An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?

A Exception
B Segmentation
C Risk transfer
D Compensating controls

Answer 50

D. Compensating controls