200-300 Flashcards
A company Is adopting a new artificial-intelligence-based analytics SaaS solution. This Is the company’s first attempt at using a SaaS solution, and a security architect has been asked to determine any future risks.
Which of the following would be the GREATEST risk In adopting this solution?
A. The inability to assign access controls to comply with company policy
B. The inability to require the service provider process data in a specific country
C. The inability to obtain company data when migrating to another service
D. The inability to conduct security assessments against a service provider
C. The inability to obtain company data when migrating to another service
A help desk technician just informed the security department that a user downloaded a suspicious file from internet explorer last night. The user confirmed accessing all the files and folders before going home from work. The next morning, the user was no longer able to boot the system and was presented a screen with a phone number. The technician then tries to boot the computer using wake-on-LAN, but the system would not come up.
Which of the following explains why the computer would not boot?
A. The operating system was corrupted.
B. SElinux was in enforced status.
C. A secure boot violation occurred.
D. The disk was encrypted.
A. The operating system was corrupted.
A small business would like to provide guests who are using mobile devices encrypted WPA3 access without first distributing PSKs or other credentials.
Which of the following features will
enable the business to meet this objective?
A. Simultaneous Authentication of Equals
B. Enhanced open
C. Perfect forward secrecy
D. Extensible Authentication Protocol
A. Simultaneous Authentication of Equals
Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts partial responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?
A. laaS
B. SaaS
C. FaaS
D. PaaS
D. PaaS
A large telecommunications equipment manufacturer needs to evaluate the strengths of security controls in a new telephone network supporting first responders. Which of the following techniques would the company use to evaluate data confidentiality controls?
A. Eavesdropping
B. On-path
C. Cryptanalysis
D. Code signing
E. RF sidelobe sniffing
A. Eavesdropping
A company wants to quantify and communicate the effectiveness of its security controls but must establish measures. Which of the following is MOST likely to be included in an effective assessment roadmap for these controls?
A. Create a change management process.
B. Establish key performance indicators.
C. Create an integrated master schedule.
D. Develop a communication plan.
E. Perform a security control assessment.
B. Establish key performance indicators
A company launched a new service and created a landing page within its website network for
users to access the service. Per company policy, all websites must utilize encryption for any
authentication pages. A junior network administrator proceeded to use an outdated procedure to
order new certificates. Afterward, customers are reporting the following error when accessing a
new web page:
NET:ERR_CERT_COMMON_NAME_INVALID.
Which of the following BEST describes what the administrator should do NEXT?
A. Request a new certificate with the correct subject alternative name that includes the new websites.
B. Request a new certificate with the correct organizational unit for the company’s website.
C. Request a new certificate with a stronger encryption strength and the latest cipher suite.
D. Request a new certificate with the same information but including the old certificate on the CRL.
A. Request a new certificate with the correct subject alternative name that includes the new websites.
An enterprise is undergoing an audit to review change management activities when promoting
code to production. The audit reveals the following:
- Some developers can directly publish code to the productionenvironment.
- Static code reviews are performed adequately.
- Vulnerability scanning occurs on a regularly scheduled basis perpolicy.
Which of the following should be noted as a recommendation within the audit report?
A. Implement short maintenance windows.
B. Perform periodic account reviews.
C. Implement job rotation.
D. Improve separation of duties.
D. Improve separation of duties.
An organization requires a contractual document that includes:
- An overview of what is covered
- Goals and objectives
- Performance metrics for each party
- A review of how the agreement is managed by all parties.
Which of the following BEST describes this type of contractual document?
A. SLA
B. BAA
C. NDA
D. ISA
A. SLA
Based on PCI DSS v3.4, One Particular database field can store data, but the data must be
unreadable.
Which of the following data objects meets this requirement?
A. PAN
B. CVV2
C. Cardholder name
D. expiration date
A. PAN
A developer wants to develop a secure external-facing web application. The developer is looking for an online community that produces tools, methodologies, articles, and documentation in the field of web-application security.
Which of the following is the BEST option?
A. ICANN
B. PCI DSS
C. OWASP
D. CSA
E. NIST
C. OWASP
Which of the following is the BEST disaster recovery solution when resources are running in a
cloud environment?
A. Remote provider BCDR
B. Cloud provider BCDR
C. Alternative provider BCDR
D. Primary provider BCDR
B. Cloud provider BCDR
A company uses AD and RADIUS to authenticate VPN and WiFi connections. The Chief Information Security Officer (CISO) initiates a project to extend a third-party MFA solution to VPN. During the pilot phase, VPN users successfully get an MFA challenge, however they also get the challenge when connecting to WiFi which is not desirable.
Which of the following BEST explains why users are getting the MFA challenge when using WiFi?
A. In the RADIUS server, the proxy rule has not specified the NAS-Port-Type attribute that should be matched
B. In the firewall, in the AAA configuration the IP address of the third-party MFA solution needs to beset as a secondary RADIUS server
C. In the third-party MFA solution authentication properties need to be configured to recognize WiFi
authentication requests
D. In the WiFi configuration authentication needs to be changed to WPA2 Enterprise using EAP-TLS
to support the configuration
A. In the RADIUS server, the proxy rule has not specified the NAS-Port-Type attribute that should be matched
A company’s finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access.
Which of the following risk techniques did the department use in this situation?
A. Accept
B. Avoid
C. Transfer
D. Mitigate
D. Mitigate
An organization requires a legacy system to incorporate reference data into a new system. The organization anticipates the legacy system will remain in operation for the next 18 to 24 months. Additionally, the legacy system has multiple critical vulnerabilities with no patches available to resolve them.
Which of the following is the BEST design option to optimize security?
A. Limit access to the system using a jump box.
B. Place the new system and legacy system on separate VLANs
C. Deploy the legacy application on an air-gapped system.
D. Implement MFA to access the legacy system.
B. Place the new system and legacy system on separate VLANs
A user experiences an HTTPS connection error when trying to access an Internet banking website from a corporate laptop. The user then opens a browser on a mobile phone and is able to access the same Internet banking website without issue.
Which of the following security configurations is MOST likely the cause of the error?
A. HSTS
B. TLS 1.2
C. Certificate pinning
D. Client authentication
C. Certificate pinning
A company security engineer arrives at work to face the following scenario:
1) Website defacement
2) Calls from the company president indicating the website needs to be fixed Immediately because It Is damaging the brand
3) A Job offer from the company’s competitor
4) A security analyst’s investigative report, based on logs from the past six months, describing how lateral movement across the network from various IP addresses originating from a foreign adversary country resulted in exfiltrated data
Which of the following threat actors Is MOST likely involved?
A. Organized crime
B. Script kiddie
C. APT/nation-state
D. Competitor
C. APT/nation-state
A company wants to improve Its active protection capabilities against unknown and zero-day
malware.
Which of the following Is the MOST secure solution?
A. NIDS
B. Application allow list
C. Sandbox detonation
D. Endpoint log collection
E. HIDS
C. Sandbox detonation
A bank is working with a security architect to find the BEST solution to detect database management system compromises. The solution should meet the following requirements:
- Work at the application layer
- Send alerts on attacks from both privileged and malicious users- Have a very low false positive
Which of the following should the architect recommend?
A. FIM
B. WAF
C. NIPS
D. DAM
E. UTM
D. DAM
An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors.
Which of the following categories BEST describes this type of vendor risk?
A. SDLC attack
B. Side-load attack
C. Remote code signing
D. Supply chain attack
D. Supply chain attack
An organization is assessing the security posture of a new SaaS CRM system that handles sensitive Pll and identity information, such as passport numbers. The SaaS CRM system does not meet the organization’s current security standards. The assessment identifies the following:
1) There will be a $20,000 per day revenue loss for each day the system is delayed going intoproduction.
2) The inherent risk is high.
3) The residual risk is low.
4) There will be a staged deployment to the solution rollout to the contact center.
Which of the following risk-handling techniques will BEST meet the organization’s requirements?
A. Apply for a security exemption, as the risk is too high to accept.
B. Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.
C. Accept the risk, as compensating controls have been implemented to manage the risk.
D. Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.
D. Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.
A company Invested a total of $10 million lor a new storage solution Installed across live on-site datacenters. Fitly percent of the cost of this Investment was for solid-state storage. Due to the high rate of wear on this storage, the company Is estimating that 5% will need to be replaced per year.
Which of the following is the ALE due to storage replacement?
A. $50,000
B. $125,000
C. $250,000
D. $500.000
E. $51,000,000
C. $250,000
An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation. The environment has back-to back firewalls separating the corporate and OT systems.
Which of the following is the MOST likely security consequence of this attack?
A. A turbine would overheat and cause physical harm.
B. The engineers would need to go to the historian.
C. The SCADA equipment could not be maintained.
D. Data would be exfiltrated through the data diodes.
C. The SCADA equipment could not be maintained.
A software development company makes Its software version available to customers from a web
portal. On several occasions, hackers were able to access the software repository to change the
package that is automatically published on the website.
Which of the following would be the BEST technique to ensure the software the users download
is the official software released by the company?
A. Distribute the software via a third-party repository.
B. Close the web repository and deliver the software via email.
C. Email the software link to all customers.
D. Display the SHA checksum on the website.
D. Display the SHA checksum on the website.
An organization is establishing a new software assurance program to vet applications before they
are introduced into the production environment, Unfortunately. many Of the applications are
provided only as compiled binaries.
Which Of the following should the organization use to analyze these applications? (Choose two).
A. Regression testing
B. SAST
C. Third-party dependency management
D. IDE SAST
E. Fuzz testing
F. IAST
E & F
A company was recently infected by malware. During the root cause analysis, the company determined that several users were installing their own applications. To prevent further compromises, the company has decided it will only allow authorized
applications to run on its systems.
Which of the following should the company implement?
A. Signing
B. Access control
C. HIPS
D. Permit listing
D. Permit listing
A security analyst sees that a hacker has discovered some keys and they are being made available on a public website. The security analyst is then able to successfully decrypt the data using the keys from the website.
Which of the following should the security analyst recommend to protect the affected data?
A. Key rotation
B. Key revocation
C. Key escrow
D. Zeroization
E. Cryptographic obfuscation
B. Key revocation
An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations:
- Protection from DoS attacks against its infrastructure and web applications is in place.
- Highly available and distributed DNS is implemented.
- Static content is cached in the CDN.
- A WAF is deployed inline and is in block mode.
- Multiple public clouds are utilized in an active-passive architecture.
With the above controls in place, the bank is experiencing a slowdown on the unauthenticated
payments page.
Which of the following is the MOST likely cause?
A. The public cloud provider is applying QoS to the inbound customer traffic.
B. The API gateway endpoints are being directly targeted.
C. The site is experiencing a brute-force credential attack.
D. A DDoS attack is targeted at the CDN.
A. The public cloud provider is applying QoS to the inbound customer traffic.
A company is looking at sending historical backups containing customer PII to a cloud service provider to save on storage costs.
Which of the following is the MOST important consideration before making this decision?
A. Availability
B. Data sovereignty
C. Geography
D. Vendor lock-in
B. Data sovereignty
A security analyst wants to keep track of alt outbound web connections from workstations. The analyst’s company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT.
Which of the following would be the BEST option to inject in the HTTP header to include the real
source IP from workstations?
A. X-Forwarded-Proto
B. X-Forwarded-For
C. Cache-Control
D. Strict-Transport-Security
E. Content-Security-Policy
B. X-Forwarded-For
A security architect is tasked with scoping a penetration test that will start next month. The architect wants to define what security controls will be impacted.
Which of the following would be the BEST document to consult?
A. Rules of engagement
B. Master service agreement
C. Statement of work
D. Target audience
C. Statement of work
A security architect needs to implement a CASB solution for an organization with a highly distributed remote workforce. One Of the requirements for the implementation includes the capability to discover SaaS applications and block access to those that are unapproved or identified as risky.
Which of the following would BEST achieve this objective?
A. Deploy endpoint agents that monitor local web traffic to enforce DLP and encryption policies.
B. Implement cloud infrastructure to proxy all user web traffic to enforce DI-P and encryption policies.
C. Implement cloud infrastructure to proxy all user web traffic and control access according to centralized policy.
D. Deploy endpoint agents that monitor local web traffic and control access according to centralized policy.
C. Implement cloud infrastructure to proxy all user web traffic and control access according to centralized policy.
An administrator at a software development company would like to protect the integrity Of the company’s applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA.
Which of the following is MOST likely the cause of the signature failing?
A. The NTP server is set incorrectly for the developers.
B. The CA has included the certificate in its CRL.
C. The certificate is set for the wrong key usage.
D. Each application is missing a SAN or wildcard entry on the certificate.
C. The certificate is set for the wrong key usage.
A security engineer is working to secure an organization’s VMs. While reviewing the workflow for
creating VMs on demand, the engineer raises a concern about the integrity of the secure boot process of the VM guest.
Which of the following would BEST address this concern?
A. Configure file integrity monitoring of the guest OS.
B. Enable the vTPM on a Type 2 hypervisor.
C. Only deploy servers that are based on a hardened image.
D. Protect the memory allocation of a Type 1 hypervisor.
B. Enable the vTPM on a Type 2 hypervisor.
When implementing a penetration testing program, the Chief Information Security Officer (CISO)
designates different organizational groups within the organization as having different responsibilities, attack vectors, and rules of engagement. First, the CISO designates a team to operate from within the corporate environment.
This team is commonly referred to as:
A. the blue team.
B. the white team.
C. the operations team.
D. the red team.
E. the development team.
B. the white team.
An enterprise’s Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) are meeting to discuss ongoing capacity and resource planning issues. The enterprise has experienced rapid, massive growth over the last 12 months, and the technology department is stretched thin for resources. A new accounting service is required to support the enterprise’s growth, but the only available compute resources that meet the accounting service requirements are on the virtual platform, which is hosting the enterprise’s website.
Which of the following should the CISO be MOST concerned about?
A. Poor capacity planning could cause an oversubscribed host, leading to poor performance on the company’s website.
B. A security vulnerability that is exploited on the website could expose the accounting service.
C. Transferring as many services as possible to a CSP could free up resources.
D. The CTO does not have the budget available to purchase required resources and manage growth.
B. A security vulnerability that is exploited on the website could expose the accounting service.
A regional transportation and logistics company recently hired its first Chief Information Security
Officer (CISO). The CISO’s first project after onboarding involved performing a vulnerability assessment against the company’s public facing network. The completed scan found a legacy collaboration platform application with a critically rated vulnerability. While discussing this issue with the line of business, the CISO learns the vulnerable application cannot be updated without
the company incurring significant losses due to downtime or new software purchases.
Which of the following BEST addresses these concerns?
A. The company should plan future maintenance windows such legacy application can be updated as needed.
B. The CISO must accept the risk of the legacy application, as the cost of replacing the application greatly exceeds the risk to the company.
C. The company should implement a WAF in front of the vulnerable application to filter out any traffic attempting to exploit the vulnerability.
D. The company should build a parallel system and perform a cutover from the old application to the new application, with less downtime than an upgrade.
C. The company should implement a WAF in front of the vulnerable application to filter out any traffic attempting to exploit the vulnerability.
Ann, a retiring employee, cleaned out her desk. The next day, Ann’s manager notices company equipment that was supposed to remain at her desk is now missing.
Which of the following would reduce the risk of this occurring in the future?
A. Regular auditing of the clean desk policy
B. Employee awareness and training policies
C. Proper employee separation procedures
D. Implementation of an acceptable use policy
C. Proper employee separation procedures
A security analyst for a bank received an anonymous tip on the external banking website showing the following:
Protocols supported
- TLS 1.0
- SSL 3
- SSL 2
Cipher suites supported
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA-ECDH p256r1
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA-DH 1024bit
- TLS_RSA_WITH_RC4_128_SHA
TLS_FALLBACK_SCSV non supported
- POODLE
- Weak PFS
- OCSP stapling supported
Which of the following should the analyst use to reproduce these findings comprehensively?
A. Query the OCSP responder and review revocation information for the user certificates.
B. Review CA-supported ciphers and inspect the connection through an HTTP proxy.
C. Perform a POODLE (SSLv3) attack using an exploitations framework and inspect the output.
D. Inspect the server certificate and simulate SSL/TLS handshakes for enumeration.
A. The employees are using an old link that does not use the new SAML authentication.
A penetration tester is trying to gain access to a remote system. The tester is able to see the
secure login page and knows one user account and email address, but has not yet discovered a
password.
Which of the following would be the EASIEST method of obtaining a password for the known
account?
A. Man-in-the-middle
B. Reverse engineering
C. Social engineering
D. Hash cracking
C. Social engineering
A Chief Information Security Officer (CISO) is creating a security committee involving multiple business units of the corporation.
Which of the following is the BEST justification to ensure collaboration across business units?
A. A risk to one business unit is a risk avoided by all business units, and liberal BYOD policies create new and unexpected avenues for attackers to exploit enterprises.
B. A single point of coordination is required to ensure cybersecurity issues are addressed inprotected, compartmentalized groups.
C. Without business unit collaboration, risks introduced by one unit that affect another unit maygo without compensating controls.
D. The CISO is uniquely positioned to control the flow of vulnerability information between business units.
C. Without business unit collaboration, risks introduced by one unit that affect another unit maygo without