200-300 Flashcards by Caitlyn Rink

A company Is adopting a new artificial-intelligence-based analytics SaaS solution. This Is the company’s first attempt at using a SaaS solution, and a security architect has been asked to determine any future risks.

Which of the following would be the GREATEST risk In adopting this solution?

A. The inability to assign access controls to comply with company policy
B. The inability to require the service provider process data in a specific country
C. The inability to obtain company data when migrating to another service
D. The inability to conduct security assessments against a service provider

C. The inability to obtain company data when migrating to another service

How well did you know this?

Not at all

Perfectly

A help desk technician just informed the security department that a user downloaded a suspicious file from internet explorer last night. The user confirmed accessing all the files and folders before going home from work. The next morning, the user was no longer able to boot the system and was presented a screen with a phone number. The technician then tries to boot the computer using wake-on-LAN, but the system would not come up.

Which of the following explains why the computer would not boot?

A. The operating system was corrupted.
B. SElinux was in enforced status.
C. A secure boot violation occurred.
D. The disk was encrypted.

A. The operating system was corrupted.

How well did you know this?

Not at all

Perfectly

A small business would like to provide guests who are using mobile devices encrypted WPA3 access without first distributing PSKs or other credentials.

Which of the following features will
enable the business to meet this objective?

A. Simultaneous Authentication of Equals
B. Enhanced open
C. Perfect forward secrecy
D. Extensible Authentication Protocol

A. Simultaneous Authentication of Equals

How well did you know this?

Not at all

Perfectly

Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts partial responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?

A. laaS
B. SaaS
C. FaaS
D. PaaS

D. PaaS

How well did you know this?

Not at all

Perfectly

A large telecommunications equipment manufacturer needs to evaluate the strengths of security controls in a new telephone network supporting first responders. Which of the following techniques would the company use to evaluate data confidentiality controls?

A. Eavesdropping
B. On-path
C. Cryptanalysis
D. Code signing
E. RF sidelobe sniffing

A. Eavesdropping

How well did you know this?

Not at all

Perfectly

A company wants to quantify and communicate the effectiveness of its security controls but must establish measures. Which of the following is MOST likely to be included in an effective assessment roadmap for these controls?

A. Create a change management process.
B. Establish key performance indicators.
C. Create an integrated master schedule.
D. Develop a communication plan.
E. Perform a security control assessment.

B. Establish key performance indicators

How well did you know this?

Not at all

Perfectly

A company launched a new service and created a landing page within its website network for
users to access the service. Per company policy, all websites must utilize encryption for any
authentication pages. A junior network administrator proceeded to use an outdated procedure to
order new certificates. Afterward, customers are reporting the following error when accessing a
new web page:

NET:ERR_CERT_COMMON_NAME_INVALID.

Which of the following BEST describes what the administrator should do NEXT?

A. Request a new certificate with the correct subject alternative name that includes the new websites.
B. Request a new certificate with the correct organizational unit for the company’s website.
C. Request a new certificate with a stronger encryption strength and the latest cipher suite.
D. Request a new certificate with the same information but including the old certificate on the CRL.

A. Request a new certificate with the correct subject alternative name that includes the new websites.

How well did you know this?

Not at all

Perfectly

An enterprise is undergoing an audit to review change management activities when promoting
code to production. The audit reveals the following:
- Some developers can directly publish code to the productionenvironment.
- Static code reviews are performed adequately.
- Vulnerability scanning occurs on a regularly scheduled basis perpolicy.

Which of the following should be noted as a recommendation within the audit report?

A. Implement short maintenance windows.
B. Perform periodic account reviews.
C. Implement job rotation.
D. Improve separation of duties.

D. Improve separation of duties.

How well did you know this?

Not at all

Perfectly

An organization requires a contractual document that includes:

An overview of what is covered
Goals and objectives
Performance metrics for each party
A review of how the agreement is managed by all parties.

Which of the following BEST describes this type of contractual document?

A. SLA
B. BAA
C. NDA
D. ISA

A. SLA

How well did you know this?

Not at all

Perfectly

Based on PCI DSS v3.4, One Particular database field can store data, but the data must be
unreadable.

Which of the following data objects meets this requirement?

A. PAN
B. CVV2
C. Cardholder name
D. expiration date

A. PAN

How well did you know this?

Not at all

Perfectly

A developer wants to develop a secure external-facing web application. The developer is looking for an online community that produces tools, methodologies, articles, and documentation in the field of web-application security.

Which of the following is the BEST option?

A. ICANN
B. PCI DSS
C. OWASP
D. CSA
E. NIST

C. OWASP

How well did you know this?

Not at all

Perfectly

Which of the following is the BEST disaster recovery solution when resources are running in a
cloud environment?

A. Remote provider BCDR
B. Cloud provider BCDR
C. Alternative provider BCDR
D. Primary provider BCDR

B. Cloud provider BCDR

How well did you know this?

Not at all

Perfectly

A company uses AD and RADIUS to authenticate VPN and WiFi connections. The Chief Information Security Officer (CISO) initiates a project to extend a third-party MFA solution to VPN. During the pilot phase, VPN users successfully get an MFA challenge, however they also get the challenge when connecting to WiFi which is not desirable.

Which of the following BEST explains why users are getting the MFA challenge when using WiFi?

A. In the RADIUS server, the proxy rule has not specified the NAS-Port-Type attribute that should be matched
B. In the firewall, in the AAA configuration the IP address of the third-party MFA solution needs to beset as a secondary RADIUS server
C. In the third-party MFA solution authentication properties need to be configured to recognize WiFi
authentication requests
D. In the WiFi configuration authentication needs to be changed to WPA2 Enterprise using EAP-TLS
to support the configuration

A. In the RADIUS server, the proxy rule has not specified the NAS-Port-Type attribute that should be matched

How well did you know this?

Not at all

Perfectly

A company’s finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access.

Which of the following risk techniques did the department use in this situation?

A. Accept
B. Avoid
C. Transfer
D. Mitigate

D. Mitigate

How well did you know this?

Not at all

Perfectly

An organization requires a legacy system to incorporate reference data into a new system. The organization anticipates the legacy system will remain in operation for the next 18 to 24 months. Additionally, the legacy system has multiple critical vulnerabilities with no patches available to resolve them.

Which of the following is the BEST design option to optimize security?

A. Limit access to the system using a jump box.
B. Place the new system and legacy system on separate VLANs
C. Deploy the legacy application on an air-gapped system.
D. Implement MFA to access the legacy system.

B. Place the new system and legacy system on separate VLANs

How well did you know this?

Not at all

Perfectly

A user experiences an HTTPS connection error when trying to access an Internet banking website from a corporate laptop. The user then opens a browser on a mobile phone and is able to access the same Internet banking website without issue.

Which of the following security configurations is MOST likely the cause of the error?

A. HSTS
B. TLS 1.2
C. Certificate pinning
D. Client authentication

C. Certificate pinning

How well did you know this?

Not at all

Perfectly

A company security engineer arrives at work to face the following scenario:

1) Website defacement
2) Calls from the company president indicating the website needs to be fixed Immediately because It Is damaging the brand
3) A Job offer from the company’s competitor
4) A security analyst’s investigative report, based on logs from the past six months, describing how lateral movement across the network from various IP addresses originating from a foreign adversary country resulted in exfiltrated data

Which of the following threat actors Is MOST likely involved?

A. Organized crime
B. Script kiddie
C. APT/nation-state
D. Competitor

C. APT/nation-state

How well did you know this?

Not at all

Perfectly

A company wants to improve Its active protection capabilities against unknown and zero-day
malware.

Which of the following Is the MOST secure solution?

A. NIDS
B. Application allow list
C. Sandbox detonation
D. Endpoint log collection
E. HIDS

C. Sandbox detonation

How well did you know this?

Not at all

Perfectly

A bank is working with a security architect to find the BEST solution to detect database management system compromises. The solution should meet the following requirements:

Work at the application layer
Send alerts on attacks from both privileged and malicious users- Have a very low false positive

Which of the following should the architect recommend?

A. FIM
B. WAF
C. NIPS
D. DAM
E. UTM

D. DAM

How well did you know this?

Not at all

Perfectly

An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors.

Which of the following categories BEST describes this type of vendor risk?

A. SDLC attack
B. Side-load attack
C. Remote code signing
D. Supply chain attack

D. Supply chain attack

How well did you know this?

Not at all

Perfectly

An organization is assessing the security posture of a new SaaS CRM system that handles sensitive Pll and identity information, such as passport numbers. The SaaS CRM system does not meet the organization’s current security standards. The assessment identifies the following:

1) There will be a $20,000 per day revenue loss for each day the system is delayed going intoproduction.
2) The inherent risk is high.
3) The residual risk is low.
4) There will be a staged deployment to the solution rollout to the contact center.

Which of the following risk-handling techniques will BEST meet the organization’s requirements?

A. Apply for a security exemption, as the risk is too high to accept.
B. Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.
C. Accept the risk, as compensating controls have been implemented to manage the risk.
D. Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.

D. Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.

How well did you know this?

Not at all

Perfectly

A company Invested a total of $10 million lor a new storage solution Installed across live on-site datacenters. Fitly percent of the cost of this Investment was for solid-state storage. Due to the high rate of wear on this storage, the company Is estimating that 5% will need to be replaced per year.

Which of the following is the ALE due to storage replacement?

A. $50,000
B. $125,000
C. $250,000
D. $500.000
E. $51,000,000

C. $250,000

How well did you know this?

Not at all

Perfectly

An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation. The environment has back-to back firewalls separating the corporate and OT systems.

Which of the following is the MOST likely security consequence of this attack?

A. A turbine would overheat and cause physical harm.
B. The engineers would need to go to the historian.
C. The SCADA equipment could not be maintained.
D. Data would be exfiltrated through the data diodes.

C. The SCADA equipment could not be maintained.

How well did you know this?

Not at all

Perfectly

A software development company makes Its software version available to customers from a web
portal. On several occasions, hackers were able to access the software repository to change the
package that is automatically published on the website.

Which of the following would be the BEST technique to ensure the software the users download
is the official software released by the company?

A. Distribute the software via a third-party repository.
B. Close the web repository and deliver the software via email.
C. Email the software link to all customers.
D. Display the SHA checksum on the website.

D. Display the SHA checksum on the website.

How well did you know this?

Not at all

Perfectly

An organization is establishing a new software assurance program to vet applications before they are introduced into the production environment, Unfortunately. many Of the applications are provided only as compiled binaries. Which Of the following should the organization use to analyze these applications? (Choose two). A. Regression testing B. SAST C. Third-party dependency management D. IDE SAST E. Fuzz testing F. IAST

E & F

A company was recently infected by malware. During the root cause analysis, the company determined that several users were installing their own applications. To prevent further compromises, the company has decided it will only allow authorized applications to run on its systems. Which of the following should the company implement? A. Signing B. Access control C. HIPS D. Permit listing

D. Permit listing

A security analyst sees that a hacker has discovered some keys and they are being made available on a public website. The security analyst is then able to successfully decrypt the data using the keys from the website. Which of the following should the security analyst recommend to protect the affected data? A. Key rotation B. Key revocation C. Key escrow D. Zeroization E. Cryptographic obfuscation

B. Key revocation

An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations: - Protection from DoS attacks against its infrastructure and web applications is in place. - Highly available and distributed DNS is implemented. - Static content is cached in the CDN. - A WAF is deployed inline and is in block mode. - Multiple public clouds are utilized in an active-passive architecture. With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause? A. The public cloud provider is applying QoS to the inbound customer traffic. B. The API gateway endpoints are being directly targeted. C. The site is experiencing a brute-force credential attack. D. A DDoS attack is targeted at the CDN.

A. The public cloud provider is applying QoS to the inbound customer traffic.

A company is looking at sending historical backups containing customer PII to a cloud service provider to save on storage costs. Which of the following is the MOST important consideration before making this decision? A. Availability B. Data sovereignty C. Geography D. Vendor lock-in

B. Data sovereignty

A security analyst wants to keep track of alt outbound web connections from workstations. The analyst's company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT. Which of the following would be the BEST option to inject in the HTTP header to include the real source IP from workstations? A. X-Forwarded-Proto B. X-Forwarded-For C. Cache-Control D. Strict-Transport-Security E. Content-Security-Policy

B. X-Forwarded-For

A security architect is tasked with scoping a penetration test that will start next month. The architect wants to define what security controls will be impacted. Which of the following would be the BEST document to consult? A. Rules of engagement B. Master service agreement C. Statement of work D. Target audience

C. Statement of work

A security architect needs to implement a CASB solution for an organization with a highly distributed remote workforce. One Of the requirements for the implementation includes the capability to discover SaaS applications and block access to those that are unapproved or identified as risky. Which of the following would BEST achieve this objective? A. Deploy endpoint agents that monitor local web traffic to enforce DLP and encryption policies. B. Implement cloud infrastructure to proxy all user web traffic to enforce DI-P and encryption policies. C. Implement cloud infrastructure to proxy all user web traffic and control access according to centralized policy. D. Deploy endpoint agents that monitor local web traffic and control access according to centralized policy.

C. Implement cloud infrastructure to proxy all user web traffic and control access according to centralized policy.

An administrator at a software development company would like to protect the integrity Of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the signature failing? A. The NTP server is set incorrectly for the developers. B. The CA has included the certificate in its CRL. C. The certificate is set for the wrong key usage. D. Each application is missing a SAN or wildcard entry on the certificate.

C. The certificate is set for the wrong key usage.

A security engineer is working to secure an organization's VMs. While reviewing the workflow for creating VMs on demand, the engineer raises a concern about the integrity of the secure boot process of the VM guest. Which of the following would BEST address this concern? A. Configure file integrity monitoring of the guest OS. B. Enable the vTPM on a Type 2 hypervisor. C. Only deploy servers that are based on a hardened image. D. Protect the memory allocation of a Type 1 hypervisor.

B. Enable the vTPM on a Type 2 hypervisor.

When implementing a penetration testing program, the Chief Information Security Officer (CISO) designates different organizational groups within the organization as having different responsibilities, attack vectors, and rules of engagement. First, the CISO designates a team to operate from within the corporate environment. This team is commonly referred to as: A. the blue team. B. the white team. C. the operations team. D. the red team. E. the development team.

B. the white team.

An enterprise's Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) are meeting to discuss ongoing capacity and resource planning issues. The enterprise has experienced rapid, massive growth over the last 12 months, and the technology department is stretched thin for resources. A new accounting service is required to support the enterprise's growth, but the only available compute resources that meet the accounting service requirements are on the virtual platform, which is hosting the enterprise's website. Which of the following should the CISO be MOST concerned about? A. Poor capacity planning could cause an oversubscribed host, leading to poor performance on the company's website. B. A security vulnerability that is exploited on the website could expose the accounting service. C. Transferring as many services as possible to a CSP could free up resources. D. The CTO does not have the budget available to purchase required resources and manage growth.

B. A security vulnerability that is exploited on the website could expose the accounting service.

A regional transportation and logistics company recently hired its first Chief Information Security Officer (CISO). The CISO's first project after onboarding involved performing a vulnerability assessment against the company's public facing network. The completed scan found a legacy collaboration platform application with a critically rated vulnerability. While discussing this issue with the line of business, the CISO learns the vulnerable application cannot be updated without the company incurring significant losses due to downtime or new software purchases. Which of the following BEST addresses these concerns? A. The company should plan future maintenance windows such legacy application can be updated as needed. B. The CISO must accept the risk of the legacy application, as the cost of replacing the application greatly exceeds the risk to the company. C. The company should implement a WAF in front of the vulnerable application to filter out any traffic attempting to exploit the vulnerability. D. The company should build a parallel system and perform a cutover from the old application to the new application, with less downtime than an upgrade.

C. The company should implement a WAF in front of the vulnerable application to filter out any traffic attempting to exploit the vulnerability.

Ann, a retiring employee, cleaned out her desk. The next day, Ann's manager notices company equipment that was supposed to remain at her desk is now missing. Which of the following would reduce the risk of this occurring in the future? A. Regular auditing of the clean desk policy B. Employee awareness and training policies C. Proper employee separation procedures D. Implementation of an acceptable use policy

C. Proper employee separation procedures

A security analyst for a bank received an anonymous tip on the external banking website showing the following: Protocols supported - TLS 1.0 - SSL 3 - SSL 2 Cipher suites supported - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA-ECDH p256r1 - TLS_DHE_RSA_WITH_AES_256_CBC_SHA-DH 1024bit - TLS_RSA_WITH_RC4_128_SHA TLS_FALLBACK_SCSV non supported - POODLE - Weak PFS - OCSP stapling supported Which of the following should the analyst use to reproduce these findings comprehensively? A. Query the OCSP responder and review revocation information for the user certificates. B. Review CA-supported ciphers and inspect the connection through an HTTP proxy. C. Perform a POODLE (SSLv3) attack using an exploitations framework and inspect the output. D. Inspect the server certificate and simulate SSL/TLS handshakes for enumeration.

A. The employees are using an old link that does not use the new SAML authentication.

A penetration tester is trying to gain access to a remote system. The tester is able to see the secure login page and knows one user account and email address, but has not yet discovered a password. Which of the following would be the EASIEST method of obtaining a password for the known account? A. Man-in-the-middle B. Reverse engineering C. Social engineering D. Hash cracking

C. Social engineering

A Chief Information Security Officer (CISO) is creating a security committee involving multiple business units of the corporation. Which of the following is the BEST justification to ensure collaboration across business units? A. A risk to one business unit is a risk avoided by all business units, and liberal BYOD policies create new and unexpected avenues for attackers to exploit enterprises. B. A single point of coordination is required to ensure cybersecurity issues are addressed inprotected, compartmentalized groups. C. Without business unit collaboration, risks introduced by one unit that affect another unit maygo without compensating controls. D. The CISO is uniquely positioned to control the flow of vulnerability information between business units.

C. Without business unit collaboration, risks introduced by one unit that affect another unit maygo without

Due to a recent acquisition, the security team must find a way to secure several legacy applications. During a review of the applications, the following issues are documented: - The applications are considered mission-critical. - The applications are written in code languages not currently supported by the development staff. - Security updates and patches will not be made available for the applications. - Username and passwords do not meet corporate standards.- The data contained within the applications includes both PII and PHI.- The applications communicate using TLS 1.0. - Only internal users access the applications. Which of the following should be utilized to reduce the risk associated with these applications and their current architecture? A. Update the company policies to reflect the current state of the applications so they are not out of compliance. B. Create a group policy to enforce password complexity and username requirements. C. Use network segmentation to isolate the applications and control access. D. Move the applications to virtual servers that meet the password and account standards.

C. Use network segmentation to isolate the applications and control access.

A new security policy states all wireless and wired authentication must include the use of certificates when connecting to internal resources within the enterprise LAN by all employees. Which of the following should be configured to comply with the new security policy? (Choose two.) A. SSO B. New pre-shared key C. 802.1X D. OAuth E. Push-based authentication F. PKI

C & F

A security consultant was hired to audit a company's password are account policy. The company implements the following controls: - Minimum password length: 16 - Maximum password age: 0 - Minimum password age: 0 - Password complexity: disabled - Store passwords in plain text: disabled - Failed attempts lockout: 3 - Lockout timeout: 1 hour The password database uses salted hashes and PBKDF2. Which of the following is MOST likely to yield the greatest number of plain text passwords in the shortest amount of time? A. Offline hybrid dictionary attack B. Offline brute-force attack C. Online hybrid dictionary password spraying attack D. Rainbow table attack E. Online brute-force attack F. Pass-the-hash attack

C. Online hybrid dictionary password spraying attack

As part of the asset management life cycle, a company engages a certified equipment disposal vendor to appropriately recycle and destroy company assets that are no longer in use. As part of the company's vendor due diligence, which of the following would be MOST important to obtain from the vendor? A. A copy of the vendor's information security policies. B. A copy of the current audit reports and certifications held by the vendor. C. A signed NDA that covers all the data contained on the corporate systems. D. A copy of the procedures used to demonstrate compliance with certification requirements.

D. A copy of the procedures used to demonstrate compliance with certification requirements.

Following a complete outage of the electronic medical record system for more than 18 hours, the hospital's Chief Executive Officer (CEO) has requested that the Chief Information Security Officer (CISO) perform an investigation into the possibility of a disgruntled employee causing the outage maliciously. To begin the investigation, the CISO pulls all event logs and device configurations from the time of the outage. The CISO immediately notices the configuration of a top-of-rack switch from one day prior to the outage does not match the configuration that was in place at the time of the outage. However, none of the event logs show who changed the switch configuration, and seven people have the ability to change it. Because of this, the investigation is inconclusive. Which of the following processes should be implemented to ensure this information is available for future investigations? A. Asset inventory management B. Incident response plan C. Test and evaluation D. Configuration and change management

D. Configuration and change management

A company's user community is being adversely affected by various types of emails whose authenticity cannot be trusted. The Chief Information Security Officer (CISO) must address the problem. Which of the following solutions would BEST support trustworthy communication solutions? A. Enabling spam filtering and DMARC. B. Using MFA when logging into email clients and the domain. C. Enforcing HTTPS everywhere so web traffic, including email, is secure. D. Enabling SPF and DKIM on company servers. E. Enforcing data classification labels before an email is sent to an outside party.

A. Enabling spam filtering and DMARC.

The audit team was only provided the physical and logical addresses of the network without any type of access credentials. Which of the following methods should the audit team use to gain initial access during the security assessment? (Choose two.) A. Tabletop exercise B. Social engineering C. Runtime debugging D. Reconnaissance E. Code review F. Remote access tool

B & F

A product manager is concerned about the unintentional sharing of the company's intellectual property through employees' use of social media. Which of the following would BEST mitigate this risk? A. Virtual desktop environment B. Network segmentation C. Web application firewall D. Web content filter

D. Web content filter

An organization is evaluating options related to moving organizational assets to a cloud-based environment using an IaaS provider. One engineer has suggested connecting a second cloud environment within the organization's existing facilities to capitalize on available datacenter space and resources. Other project team members are concerned about such a commitment of organizational assets, and ask the Chief Security Officer (CSO) for input. The CSO explains that the project team should work with the engineer to evaluate the risks associated with using the datacenter to implement: A. a hybrid cloud. B. an on-premises private cloud. C. a hosted hybrid cloud. D. a private cloud.

C. a hosted hybrid cloud.

A company uses an application in its warehouse that works with several commercially available tablets and can only be accessed inside the warehouse. The support department would like the selection of tablets to be limited to three models to provide better support and ensure spares are on hand. Users often keep the tablets after they leave the department, as many of them store personal media items. Which of the following should the security engineer recommend to meet these requirements? A. COPE with geofencing B. BYOD with containerization C. MDM with remote wipe D. CYOD with VPN

A. COPE with geofencing

During a recent incident, sensitive data was disclosed and subsequently destroyed through a properly secured, cloud-based storage platform. An incident response technician is working with management to develop an after action report that conveys critical metrics regarding the incident. Which of the following would be MOST important to senior leadership to determine the impact of the breach? A. The likely per-record cost of the breach to the organization B. The legal or regulatory exposure that exists due to the breach C. The amount of downtime required to restore the data D. The number of records compromised

B. The legal or regulatory exposure that exists due to the breach

After an employee was terminated, the company discovered the employee still had access to emails and attached content that should have been destroyed during the off-boarding. The employee's laptop and cell phone were confiscated and accounts were disabled promptly. Forensic investigation suggests the company's DLP was effective, and the content in QUESTION 2was not sent outside of work or transferred to removable media. Personality owned devices are not permitted to access company systems or information. Which of the following would be the MOST efficient control to prevent this from occurring in the future? A. Install application whitelist on mobile devices. B. Disallow side loading of applications on mobile devices. C. Restrict access to company systems to expected times of day and geographic locations. D. Prevent backup of mobile devices to personally owned computers. E. Perform unannounced insider threat testing on high-risk employees.

C. Restrict access to company systems to expected times of day and geographic locations.

A newly hired Chief Information Security Officer (CISO) wants to understand how the organization's CIRT handles issues brought to their attention, but needs to be very cautious about impacting any systems. The MOST appropriate method to use would be: A. an internal vulnerability assessment. B. a red-team threat-hunt exercise. C. a white-box penetration test. D. a guided tabletop exercise.

D. a guided tabletop exercise.

A systems analyst is concerned that the current authentication system may not provide the appropriate level of security. The company has integrated WAYF within its federation system and implemented a mandatory two-step authentication system. Some accounts are still becoming compromised via phishing attacks that redirect users to a fake portal, which is automatically collecting and replaying the stolen credentials. Which of the following is a technical solution that would BEST reduce the risk of similar compromises? A. Security awareness training B. Push-based authentication C. Software-based TOTP D. OAuth tokens E. Shibboleth

C. Software-based TOTP

A security architect has designated that a server segment of an enterprise network will require each server to have secure and measured boot capabilities. The architect now wishes to ensure service consumers and peers can verify the integrity of hosted services. Which of the following capabilities must the architect consider for enabling the verification? A. Centralized attestation server B. Enterprise HSM C. vTPM D. SIEM

B. Enterprise HSM

A PaaS provider deployed a new product using a DevOps methodology. Because DevOps is used to support both development and production assets inherent separation of duties is limited. To ensure compliance with security frameworks that require a specific set of controls relating to separation of duties the organization must design and implement an appropriate compensating control. Which of the following would be MOST suitable in this scenario? A. Configuration of increased levels of logging, monitoring and alerting on production access B. Configuration of MFA and context-based login restrictions for all DevOps personnel C. Development of standard code libraries and usage of the WS-security module on all web servers D. Implementation of peer review, static code analysis and web application penetration testing against the staging environment

A. Configuration of increased levels of logging, monitoring and alerting on production access

A company recently experienced a security incident in which its domain controllers were the target of a DoS attack. In which of the following steps should technicians connect domain controllers to the network and begin authenticating users again? A. Preparation B. Identification C. Containment D. Eradication E. Recovery F. Lessons learned

E. Recovery

A company uses an enterprise desktop imaging solution to manage deployment of its desktop computers. Desktop computer users are only permitted to use software that is part of the baseline image. Which of the following technical solutions was MOST likely deployed by the company to ensure only known-good software can be installed on corporate desktops? A. Network access control B. Configuration Manager C. Application whitelisting D. File integrity checks

C. Application whitelisting

A government contracting company issues smartphones to employees to enable access to corporate resources. Several employees will need to travel to a foreign country for business purposes and will require access to their phones. However, the company recently received intelligence that its intellectual property is highly desired by the same country's government. Which of the following MDM configurations would BEST reduce the risk of compromise while on foreign soil? A. Disable firmware OTA updates. B. Disable location services. C. Disable push notification services. D. Disable wipe

B. Disable location services.

A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies? A. PCI DSS B. GDPR C. NIST D. ISO 31000

B. GDPR

A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement? A. Asymmetric B. Symmetric C. Homomorphic D. Ephemeral

C. Homomorphic

A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patching routine. Which of the following steps should also be taken to harden the smart switch? A. Set up an air gap for the switch. B. Change the default password for the switch. C. Place the switch in a Faraday cage. D. Install a cable lock on the switch.

B. Change the default password for the switch.

Which of the following attacks can be used to exploit a vulnerability that was created by untrained users? A. A spear-phishing email with a file attachment B. A DoS using IoT devices C. An evil twin wireless access point D. A domain hijacking of a bank website

A. A spear-phishing email with a file attachment

An organization is struggling to differentiate threats from normal traffic and access to systems. A security engineer has been asked to recommend a system that will aggregate data and provide metrics that will assist in identifying malicious actors or other anomalous activity throughout the environment. Which of the following solutions should the engineer recommend? A. Web application firewall B. SIEM C. IPS D. UTM E. File integrity monitor

B. SIEM

Which of the following attacks can be mitigated by proper data retention policies? A. Dumpster diving B. Man-in-the browser C. Spear phishing D. Watering hole

A. Dumpster diving

Which of the following may indicate a configuration item has reached end-of-life? A. The device will no longer turn on and indicated an error. B. The vendor has not published security patches recently. C. The object has been removed from the Active Directory. D. Logs show a performance degradation of the component.

B. The vendor has not published security patches recently.

The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained. Which of the following would BEST to improve the incident response process? A. Updating the playbook with better decision points B. Dividing the network into trusted and untrusted zones C. Providing additional end-user training on acceptable use D. Implementing manual quarantining of infected hosts

A. Updating the playbook with better decision points

A large industrial system's smart generator monitors the system status and sends alerts to third party maintenance personnel when critical failures occur. While reviewing the network logs, the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities? A. Segmentation B. Firewall whitelisting C. Containment D. Isolation

A. Segmentation

Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company's final software releases? (Choose two.) A. Unsecure protocols B. Use of penetration-testing utilities C. Weak passwords D. Included third-party libraries E. Vendors/supply chain F. Outdated anti-malware software

D & E

A security manager needed to protect a high-security data center, so the manager installed a mantrap that can detect an employee's heartbeat, weight, and badge. Which of the following did the security manager implement? A. A physical control B. A corrective control C. A compensating control D. A managerial control

A. A physical control

An organization is concerned that its hosted web servers are not running the most updated version of software. Which of the following would work BEST to help identify potential vulnerabilities? A. hping3 -S comptia.org -p 80 B. nc 1 v comptia.org p 80 C. nmap comptia.org p 80 sV D. nslookup port=80 comptia.org

C. nmap comptia.org p 80 sV

A security administrator adding a NAC requirement for all VPN users to ensure the connecting devices are compliant with company policy. Which of the following items provides the HIGHEST assurance to meet this requirement? A. Implement a permanent agent. B. Install antivirus software. C. Use an agentless implementation. D. Implement PKI.

A. Implement a permanent agent.

Ann, a security manager, is reviewing a threat feed that provides information about attacks that allow a malicious user to gain access to private contact lists. Ann receives a notification that the vulnerability can be exploited within her environment. Given this information, Ann can anticipate an increase in: A. vishing attacks B. SQL injections attacks C. web application attacks D. brute-force attacks

B. SQL injections attacks

A company wants to configure its wireless network to require username and password authentication. Which of the following should the system administrator implement? A. WPS B. PEAP C. TKIP D. PKI

B. PEAP

A DevOps team wants to move production data into the QA environment for testing. This data contains credit card numbers and expiration dates that are not tied to any individuals. The security analyst wants to reduce risk. Which of the following will lower the risk before moving the data? A. Redacting all but the last four numbers of the cards B. Hashing the card numbers C. Scrambling card and expiration data D. Encrypting card and expiration numbers

B. Hashing the card numbers

Following the most recent patch deployment, a security engineer receives reports that the ERP application is no longer accessible. The security engineer reviews the situation and determines a critical security patch that was applied to the ERP server is the cause. The patch is subsequently backed out. Which of the following security controls would be BEST to implement to mitigate the threat caused by the missing patch? A. Anti-malware B. Patch testing C. HIPS D. Vulnerability scanner

B. Patch testing

A Chief Information Security Officer (CISO) is running a test to evaluate the security of the corporate network and attached devices. Which of the following components should be executed by an outside vendor? A. Penetration tests B. Vulnerability assessment C. Tabletop exercises D. Blue-team operations

A. Penetration tests

A security manager is determining the best DLP solution for an enterprise. A list of requirements was created to use during the source selection. The security manager wants to confirm a solution exists for the requirements that have been defined. Which of the following should the security manager use? A. NDA B. RFP C. RFQ D. MSA E. RFI

B. RFP

Designing a system in which only information that is essential for a particular job task is allowed to be viewed can be accomplished successfully by using: A. mandatory vacations. B. job rotations C. role-based access control D. discretionary access E. separation of duties

C. role-based access control

The information security manager of an e-commerce company receives an alert over the weekend that all the servers in a datacenter have gone offline. Upon discussing this situation with the facilities manager, the information security manager learns there was planned electrical maintenance. The information security manager is upset at not being part of the maintenance planning, as this could have resulted in a loss of: A. data confidentiality. B. data security. C. PCI compliance D. business availability.

D. business availability.

A company contracts a security consultant to perform a remote white-box penetration test. The company wants the consultant to focus on Internet-facing services without negatively impacting production services. Which of the following is the consultant MOST likely to use to identify the company's attack surface? (Choose two) A. Web crawler B. WHOIS registry C. DNS records D. Company's firewall ACL E. Internal routing tables F. Directory service queries

B & C

A company is concerned about disgruntled employees transferring its intellectual property data through covert channels. Which of the following tools would allow employees to write data into ICMP echo response packets? A. Thor B. Jack the Ripper C. Burp Suite D. Loki

D. Loki

A security engineer is making certain URLs from an internal application available on the Internet. The development team requires the following: - The URLs are accessible only from internal IP addresses- Certain countries are restricted - TLS is implemented. - System users transparently access internal application services in around robin to maximize performance Which of the following should the security engineer deploy? A. DNS to direct traffic and a WAF with only the specific external URLs configured B. A load balancer with GeolP restrictions and least-load-sensing traffic distribution C. An application-aware firewall with geofencing and certificate services using DNS for traffic direction D. A load balancer with IP ACL restrictions and a commercially available PKI certificate

C. An application-aware firewall with geofencing and certificate services using DNS for traffic direction

A company enlists a trusted agent to implement a way to authenticate email senders positively. Which of the following is the BEST method for the company to prove Vie authenticity of the message? A. issue PlN-enabled hardware tokens B. Create a CA win all users C. Configure the server to encrypt all messages in transit D. include a hash in the body of the message

A. issue PlN-enabled hardware tokens

A company recently migrated to a SaaS-based email solution. The solution is configured as follows: - Passwords are synced to the cloud to allow for SSO - Cloud-based antivirus is enabled - Cloud-based anti-spam is enabled - Subscription-based blacklist is enabled Although the above controls are enabled, the company's security administrator is unable to detect an account compromise caused by phishing attacks in a timely fashion because email logs are not immediately available to review. Which of the following would allow the company to gam additional visibility and reduce additional costs? (Choose two.) A. Migrate the email antivirus and anti-spam on-premises B. Implement a third-party CASB solution. C. Disable the current SSO model and enable federation D. Feed the attacker IPs from the company IDS into the email blacklist E. Install a virtual SIEM within the email cloud provider F. Add email servers to NOC monitoring

B & E

The Chief Information Security Officer (CISO) of a company that has highly sensitive corporate locations wants its security engineers to find a solution to growing concerns regarding mobile devices. The CISO mandates the following requirements: - The devices must be owned by the company for legal purposes. - The device must be as fully functional as possible when off site. - Corporate email must be maintained separately from personal email- Employees must be able to install their own applications. Which of the following will BEST meet the CISO's mandate? (Choose two.) A. Disable the device's camera B. Allow only corporate resources in a container. C. Use an MDM to wipe the devices remotely D. Block all sideloading of applications on devices E. Use geofencing on certain applications F. Deploy phones in a BYOD model

B & E

A security administrator receives reports that several workstations are unable to access resources within one network segment. A packet capture shows the segment is flooded with ICMPv6 traffic from the source: fe80::21ae;4571:42ab:1fdd and for the destination: ff02::1. Which of the following should the security administrator integrate into the network to help prevent this from occurring? A. Raise the dead peer detection interval to prevent the additional network chatter B. Deploy honeypots on the network segment to identify the sending machine. C. Ensure routers will use route advertisement guards. D. Deploy ARP spoofing prevention on routers and switches.

D. Deploy ARP spoofing prevention on routers and switches.

An organization implemented a secure boot on its most critical application servers which produce content and capability for other consuming servers A recent incident, however led the organization to implement a centralized attestation service for these critical servers. Which of the following MOST likely explains the nature of the incident that caused the organization to implement this remediation? A. An attacker masqueraded as an internal DNS server B. An attacker leveraged a heap overflow vulnerability in the OS C. An attacker was able to overwrite an OS integrity measurement register D. An attacker circumvented IEEE 802.1X network-level authentication requirements.

C. An attacker was able to overwrite an OS integrity measurement register

An attacker has been compromising banking institution targets across a regional area. The Chief Information Security Officer (CISO) a t a local bank wants to detect and prevent an attack before the bank becomes a victim. Which of the following actions should the CISO take? A. Utilize cloud-based threat analytics to identify anomalous behavior in the company's B2B and vendor traffic B. Purchase a CASB solution to identify and control access to cloud-based applications and services and integrate them with on-premises legacy security monitoring C. Instruct a security engineer to configure the IDS to consume threat intelligence feeds from an information-sharing association in the banking sector D. Attend and present at the regional banking association lobbying group meetings each month and facilitate a discussion on the topic.

B. Purchase a CASB solution to identify and control access to cloud-based applications and services and integrate them with on-premises legacy security monitoring

Users have reported that an internally developed web application is acting erratically, and the response output is inconsistent. The issue began after a web application dependency patch was applied to improve security. Which of the following would be the MOST appropriate tool to help identify the issue? A. Fuzzer B. SCAP scanner C. Vulnerability scanner D. HTTP interceptor

D. HTTP interceptor

A company makes consumer health devices and needs to maintain strict confidentiality of unreleased product designs. Recently unauthorized photos of products still in development have been for sale on the dark web. The Chief Information Security Officer (CISO) suspects an insider threat, but the team that uses the secret outdoor testing area has been vetted many times and nothing suspicious has been found. Which of the following is the MOST likely cause of the unauthorized photos? A. The location of the testing facility was discovered by analyzing fitness device information the test engineers posted on a website B. One of the test engineers is working for a competitor and covertly installed a RAT on the marketing department's servers C. The company failed to implement least privilege on network devices, and a hacktivist published stolen public relations photos D. Pre-release marketing materials for a single device were accidentally left in a public location

D. Pre-release marketing materials for a single device were accidentally left in a public location

A manufacturing company's security engineer is concerned a remote actor may be able to access the ICS that is used to monitor the factory lines. The security engineer recently proposed some techniques to reduce the attack surface of the ICS to the Chief Information Security Officer (CISO). Which of the following would BEST track the reductions to show the CISO the engineer's plan is successful during each phase? A. Conducting tabletop exercises to evaluate system risk B. Contracting a third-party auditor after the project is finished C. Performing pre- and post-implementation penetration tests D. Running frequent vulnerability scans during the project

D. Running frequent vulnerability scans during the project

A new corporate policy requires that all employees have access to corporate resources on personal mobile devices. The information assurance manager is concerned about the potential for inadvertent and malicious data disclosure if a device is lost, while users are concerned about corporate overreach. Which of the following controls would address these concerns and should be reflected in the company's mobile device policy? A. Place corporate applications in a container B. Enable geolocation on all devices C. install remote wiping capabilities D. Ensure all company communications use a VPN

A. Place corporate applications in a container

A security consultant is conducting a penetration test against a customer enterprise local comprises local hosts and cloud-based servers. The hosting service employs a multitenancy model with elastic provisioning to meet customer demand. The customer runs multiple virtualized servers on each provisioned cloud host. The security consultant is able to obtain multiple sets of administrator credentials without penetrating the customer network. Which of the following is the MOST likely risk the tester exploited? A. Data-at-rest encryption misconfiguration and repeated key usage B. Offline attacks against the cloud security broker service C. The ability to scrape data remnants in a multitenancy environment D. VM escape attacks against the customer network hypervisors

C. The ability to scrape data remnants in a multitenancy environment

A security administrator is concerned about employees connecting their personal devices to the company network. Doing so is against company policy. The network does not have a NAC solution. The company uses a GPO that disables the firewall on all company-owned devices while they are connected to the internal network. Additionally, all company-owned devices implement a standard naming convention that uses the device's serial number. The security administrator wants to identify active personal devices and write a custom script to disconnect them from the network. Which of the following should the script use to BEST accomplish this task? A. Recursive DNS logs B. DHCP logs C. AD authentication logs D. RADIUS logs E. Switch and router ARP tables

E. Switch and router ARP tables

An organization designs and develops safety-critical embedded firmware (inclusive of embedded OS and services) for the automotive industry. The organization has taken great care to exercise secure software development practices for the firmware Of paramount importance is the ability to defeat attacks aimed at replacing or corrupting running firmware once the vehicle leaves production and is in the field Integrating, which of the following host and OS controls would BEST protect against this threat? A. Configure the host to require measured boot with attestation using platform configuration registers extended through the OS and into application space. B. Implement out-of-band monitoring to analyze the state of running memory and persistent storage and, in a failure mode, signal a check-engine light condition for the operator. C. Perform reverse engineering of the hardware to assess for any implanted logic or other supply chain integrity violations D. Ensure the firmware includes anti-malware services that will monitor and respond to any introduction of malicious logic. E. Require software engineers to adhere to a coding standard, leverage static and dynamic analysis within the development environment, and perform exhaustive state space analysis before deployment

A. Configure the host to require measured boot with attestation using platform configuration registers extended through the OS and into application space.

A consultant is planning an assessment of a customer-developed system. The system consists of a custom-engineered board with modified open-source drivers and a one off management GUI. The system relies on two- factor authentication for interactive sessions, employs strong certificate-based data-in-transit encryption, and randomly switches ports for each session. Which of the following would yield the MOST useful information'? A. Password cracker B. Wireless network analyzer C. Fuzzing tools D. Reverse engineering principles

D. Reverse engineering principles

An organization's mobile device inventory recently provided notification that a zero-day vulnerability was identified in the code used to control the baseband of the devices. The device manufacturer is expediting a patch, but the rollout will take several months. Additionally several mobile users recently returned from an overseas trip and report their phones now contain unknown applications, slowing device performance. Users have been unable to uninstall these applications, which persist after wiping the devices. Which of the following MOST likely occurred and provides mitigation until the patches are released? A. Unauthentic firmware was installed, disable OTA updates and carrier roaming via MDM. B. Users opened a spear-phishing email: disable third-party application stores and validate all signed code prior to execution. C. An attacker downloaded monitoring applications; perform a full factory reset of the affected devices. D. Users received an improperly encoded emergency broadcast message, leading to an integrity loss condition; disable emergency broadcast messages

A. Unauthentic firmware was installed, disable OTA updates and carrier roaming via MDM.

Several recent ransomware outbreaks at a company have cost a significant amount of lost revenue. The security team needs to find a technical control mechanism that will meet the following requirements and aid in preventing these outbreaks: - Stop malicious software that does not match a signature- Report on instances of suspicious behavior - Protect from previously unknown threats - Augment existing security capabilities Which of the following tools would BEST meet these requirements? A. Host-based firewall B. EDR C. HIPS D. Patch management

C. HIPS

A company's human resources department recently had its own shadow IT department spin up ten VMs that host a mixture of differently labeled data types (confidential and restricted) on the same VMs. Which of the following cloud and visualization considerations would BEST address the issue presented in this scenario? A. Vulnerabilities associated with a single platform hosting multiple data types on VMs should have been considered B. Vulnerabilities associated with a single server hosting multiple data types should have been considered. C. Type 1vs Type 2 hypervisor approaches should have been considered D. Vulnerabilities associated with shared hosting services provided by the IT department should have been considered.

B. Vulnerabilities associated with a single server hosting multiple data types should have been considered.

An electric car company hires an IT consulting company to improve the cybersecurity of us vehicles. Which of the following should achieve the BEST long-term result for the company? A. Designing Developing add-on security components for fielded vehicles B. Reviewing proposed designs and prototypes for cybersecurity vulnerabilities C. Performing a cyber-risk assessment on production vehicles D. Reviewing and influencing requirements for an early development vehicle

B. Reviewing proposed designs and prototypes for cybersecurity vulnerabilities

An enterprise is configuring an SSL client-based VPN for certificate authentication. The trusted root certificate from the CA is imported into the firewall, and the VPN configuration in the firewall is configured for certificate authentication. Signed certificates from the trusted CA are distributed to user devices. The CA certificate is set as trusted on the end-user devices, and the VPN client is configured on the end-user devices. When the end users attempt to connect however, the firewall rejects the connection after a brief period. Which of the following is the MOST likely reason the firewall rejects the connection?A. In the firewall, compatible cipher suites must be enabled B. In the VPN client, the CA CRL address needs to be specified manually C. In the router, IPSec traffic needs to be allowed in bridged mode D. In the CA, the SAN field must be set for the root CA certificate and then reissued

200-300 Flashcards

(103 cards)