201-250

Question 1

An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?

A Exception
B Segmentation
C Risk transfer
D Compensating controls

Answer 1

D. Compensating controls

Question 2

A security manager has tasked the security operations center with locating all web servers that respond to an unsecure protocol. Which of the following commands could an analyst run to find the requested servers?

A nslookup 10.10.10.0
B nmар -p 80 10.10.10.0/24
C pathping 10.10.10.0 -p 80
D ne -I-p 80

Answer 2

B. nmар -p 80 10.10.10.0/24

Question 3

The Chief Information Security Officer (CIS) requested a report on potential areas of improvement following a security incident. Which of the following incident response processes is the CISO requesting?

A Lessons learned
B Preparation
C Detection
D Containment
E Root cause analvsis

Answer 3

E. Root cause analysis

Question 4

An administrator is configuring a firewall rule set for a subnet to only access DHCP, web pages, and SHTP, and to specifically block FTP. Which of the following would BEST accomplish this goal?

A [Permission Source Destination Port]
Allow: An An 80
Allow: Any An 443
Allow: An An 67
Allow: Any Any 68
Allow: Any An 22
Deny: Any Any 21
Deny: Any Any

B [Permission Source Destination Port]
Allow: Any Any 80
Allow: Any Any 443
Allow: Any Any 67
Allow: Any Any 68
Deny: Any Any 22
Allow: Any Any 21
Deny Any Any

C
[Permission Source Destination Port]
Allow: Any Anv 80
Allow: Anv Anv 443
Allow: An Anv 22
Deny: Any Any 67
Deny: Any Any 68
Deny: Any Any 21
Allow. Any Any

D
[Permission Source Destination Port]
Allow: Any Any 80
Allow: Any Any 443
Deny: Any Any 67
Allow: Any Any 68
Allow: Any Any 22
Allow: Any Any 21
Allow Any Any

Answer 4

D
[Permission Source Destination Port]
Allow: Any Any 80
Allow: Any Any 443
Deny: Any Any 67
Allow: Any Any 68
Allow: Any Any 22
Allow: Any Any 21
Allow Any Any

Question 5

Which of the following ISO standards is certified for privacy?

A ISO 9001
B ISO 27002
C ISO 27701
D ISO 31000

Answer 5

C. ISO 27701

Question 6

A security assessment determines DES and 3DES are still being used on recently deployed production servers. Which of the following did the assessment identity?

A Unsecure protocols
B Default settings
C Open permissions
D Weak encryption

Answer 6

D. Weak encryption

Question 7

Practical(Q. 206)

Question 8

A root cause analysis reveals that a web application outage was caused by one of the company’s developers uploading a newer version of the third-party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent this issue from reoccurring?

A CASB
B SWG
C Containerization
D Automated failover

Answer 8

C. Containerization

Question 9

A security analyst is investigating suspicious traffic on the web server located at IP address 10.10.1.1. A search of the WAF logs reveals the following output

Source IP
172.16.1.3 10.10.1.1
172.16.1.3
10.10.1.1
Destination IP
Requested URI
/web/cgi-bin/contact? categorv-custname’_-/web/cgi-bin/contact?
category=custname+OR+1=1-
Action Taken
permit and log
permit and log

Which of the following is MOST likely occurring?

A XSS attack
B SQLi attack
C Replay attack
D XSRF attack

Answer 9

B. SQLi attack

Question 10

An attacker has determined the best way to impact operations is to infiltrate third-party software vendors. Which of the following vectors is being exploited?

A Social media
B Cloud
C Supply chain
D Social Engineering

Answer 10

C. Supply chain

Question 11

A security administrator checks the table of a network switch, which shows the following output:

VLAN
1
1
1
1
1
1
Physical address
001a:42ff: 5113
Ofaa: abcf: ddee c6a9:6616:758e а3aa:b6a3: 1212
8025:2ad8: bfac b839:£995:00a
Type
Dynamic
Dynamic
Dynamic
Dynamic
Dynamic
Dynamic
Port
GE0/5
GE0/5
GEO/5
GEO/5
GEO/5
GE0/5

Which of the following is happening to this switch?

A MAC flooding
B DNS poisoning
C MAC cloning
D ARP poisoning

Answer 11

A. MAC flooding

Question 12

An organization just implemented a new security system. Local laws state that citizens must be notified prior to encountering the detection mechanism to deter malicious activities. Which of the following is being implemented?

A Proximity cards with guards
B Fence with electricity
C Drones with alarms
D Motion sensors with signage

Answer 12

D. Motion sensors with signage

Question 13

A network administrator would like to configure a site to-site VPN utilizing IPSec. The administrator wants the tunnel to be established with data integrity, encryption, authentication, and anti-replay functions. Which of the following should the administrator use when configuring the VPN?

A AH
B EDR
C ESP
D DNSSEC

Answer 13

C. ESP

Question 14

A security administrator examines the ARP table of an access switch and sees the following output:

IVIAN MAC Address Type.
PArE
A11
01261203£77b STATIC EPO
A11 c656 a1009£1 STATIC CPU
59 de 6ed78385 DYNAMIC FA0/1
Ecadae38506 DYNAMIC Fa0/2
7£40367c6598 DYNAMIC FA0/2
£4182c262c61 DYNAMIC FA0/2

A DDoS on Fa0/2 port
B MAC flooding on Fa0/2 port
C ARP poisoning on Fa0/1 port
D DNS poisoning on port Fa0/1

Answer 14

B. MAC flooding on Fa0/2 port

Question 15

Which of the following provides a catalog of security and privacy controls related to the United States federal information systems?

A GDPR
B PCIDSS
C ISO 27000
D NIST 800-53

Answer 15

D. NIST 800-53

Question 16

A company has limited storage space available and an online presence that cannot be down for more than four hours. Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time in the event of a failure, while being mindful of the limited available storage space?

A Implement full tape backups every Sunday at 8:00 p.m. and perform nightly tape rotations.
B Implement differential backups every Sunday at 8:00 p.m. and nightly incremental backups at 8:00 p.m.
C Implement nightly full backups every Sunday at 8:00 p.m.
Make Notes
D Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m.

Answer 16

D. Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m.

Question 17

The concept of connecting a user account across the systems of multiple enterprises is BEST known as

A federation.
B a remote access policy.
C multifactor authentication.
D single sign-on.

Answer 17

D. Single sign-on

Question 18

A security analyst needs to be proactive in understanding the types of attacks that could potentially target the company’s executives. Which of the following intelligence sources should the security analvst review?

A Vulnerability feeds
B Trusted automated exchange of indicator information
C Structured threat information expression
D Industry information-sharing and collaboration groups

Answer 18

D. Industry information-sharing and collaboration groups

Question 19

A company has installed badge readers for building access but is finding unauthorized individuals roaming the hallways. Which of the following is the most likely cause?

A Shoulder surfing
B Phishing
C Tailgating
D Identity fraud

Answer 19

C. Tailgating

Question 20

A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to the account and pivot throughout the global network. Which of the following would be BEST to help mitigate this concern?

A Create different accounts for each region, each configured with push MA notifications
B Create one global administrator account and enforce Kerberos authentication.
C Create different accounts for each region, limit their logon times, and alert on risky logins.
D Create a guest account for each region, remember the last ten passwords, and block password reuse.

Answer 20

C. Create different accounts for each region, limit their logon times, and alert on risky logins.

Question 21

A security analyst needs to harden access to a network. One of the requirements is to authenticate users with smart cards. Which of the following should the analyst enable to best meet this requirement?

A CHAP
B PEAP
C MS-CHAPV2
D EAP-TLS

Answer 21

D. EAP-TLS

Question 22

A security analyst is hardening a network infrastructure. The analyst is given the following requirements.

• Preserve the use of public IP addresses assigned to equipment on the core router.
• Enable “in transport” encryption protection to the web server with the strongest ciphers.
Which of the following should the analyst implement to meet these requirements? (Choose two.)

A Configure VLANs on the core router.
B Configure NAT on the core router.
C Configure BGP on the core router.
D Enable AES encryption on the web server.
E Enable 3DES encryption on the web server.
F Enable TLSv2 encryption on the web server.

Answer 22

B. Configure NAT on the core router.
F. Enable TLSv2 encryption on the web server.

Question 23

A security engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses. Which of the following will the engineer most likely recommend?

A A content filter
B AWAF
C A next-generation firewall
D AnDS

Answer 23

C. A next generation firewall

Question 24

A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressina?

A Cross-site scripting
B Buffer overflow
C Jailbreaking
D Side loading

Answer 24

C. Jailbreaking

Question 25

The marketing department at a retail company wants to publish an internal website to the internet so it is reachable by a limited number of specific, external service providers in a secure manner.
Which of the following configurations would be BEST to fulfil this requirement?

A NAC
B ACL
C WAF
D NAT

Answer 25

B. ACL

Question 26

An audit identified PII being utilized in the development environment of a critical application. The Chief Privacy Officer (CO) is adamant that this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to BEST satisfy both the CO’s and the development team’s requirements?

A Data anonvmization
B Data encrvotion
C Data masking
D Data tokenization

Answer 26

C. Data masking

Question 27

During a recent security incident at a multinational corporation a security analyst found the following logs for an account called user:

Account Login location
Time (UTC)
user
user
user
user
New York
Los Angeles
Sao Paolo
Munich
19:00 a.m.
9:01 a.m.
9:05 a.m.
9:12 a.m.
Message
Login: user, successful
Login: user, successful
Login: user, successful
Login: user, successful

Which of the following account policies would BEST prevent attackers from logging in as user?

A Impossible travel time
B Geofencing
C Time-based logins
D Geolocation

Answer 27

B. Geofencing

Question 28

A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has 100 databases that are on premises. Which of the following solutions will require the LEAST management and support from the company?

A SaaS
B laaS
C PaaS
D SDN

Answer 28

B. LaaS

Question 29

A security analyst wants to reference a standard to develop a risk management program. Which of the following is the BEST source for the analyst to use?

A SSAE SOC 2
B ISO 31000
C NIST OSE
D GDPR

Answer 29

B. ISO 31000

Question 30

An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Choose two.)

A Application
B Authentication
C Error
D Network
E Firewall
F Svstem

Answer 30

D. Network
E. Firewall

Question 31

A security analyst wants to fingerprint a web server. Which of the following tools will the security analyst MOST likely use to accomplish this task?

A nmap-p1-65535 192.168.0.10
B dig 192.168.0.10
C curl -head htto://192.168 0 10
D ping 192.168.0.10

Answer 31

A. nmap-p1-65535 192.168.0.10

Question 32

A company recently experienced an inside attack using a corporate machine that resulted in data compromise. Analysis indicated an unauthorized change to the software circumvented technological protection measures. The analyst was tasked with determining the best method to ensure the integrity of the systems remains intact and local and remote boot attestation can take place. Which of the following would provide the BEST solution?

A HIPS
B EM
C TPM
D DLP

Answer 32

C. TPM

Question 33

Which of the following prevents an employee from seeing a colleague who is visiting an inappropriate website?

A Job rotation policy
B NDA
C AUP
D Separation of duties policy

Answer 33

C. AUP

Question 34

A cybersecurity administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive. All connections are being dropped by the firewall. Which of the following would be the BEST option to remove the rules?

A # iptables -† mangle -x
B # iptables -F
C # iptables -Z
D # iptables -P INPUT ¡ DROP

Answer 34

B. # iptables -F

Question 35

Field workers in an organization are issued mobile phones on a daily basis. All the work is performed within one city, and the mobile phones are not used for any purpose other than work. The organization does not want these phones used for personal purposes. The organization would like to issue the phones to workers as permanent devices so the phones do not need to be reissued every day. Given the conditions described, which of the following technologies would BEST meet these requirements?

A Geofencing
B Mobile device management
C Containerization
D Remote wiping

Answer 35

B. Mobile device management

Question 36

A large industrial system’s smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company’s security manager notices the generator’s IP is sending packets to an internal file server’s IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

A. Segmentation
B. Firewall allow list
C. Containment
D. Isolation

Answer 36

B. Firewall allow list

Question 37

An organization has decided to purchase an insurance policy because a risk assessment determined that the cost to remediate the risk is greater than the five-year cost of the insurance policy.
The organization is enabling risk:

A avoidance
B acceptance
C mitigation.
D transference

Answer 37

D. Transference

Question 38

A penetration-testing firm is working with a local community bank to create a proposal that best fits the needs of the bank. The bank’s information security manager would like the penetration test to resemble a real attack scenario, but it cannot afford the hours required by the penetration testing firm. Which of the following would best address the bank’s desired scenario and budget?

A Engage the penetration-testing firm’s rea-team services to fully mimic possible attackers.
B Give the penetration tester data diagrams of core banking applications in a known-environment test.
C Limit the scope of the penetration test to only the system that is used for teller workstations.
D Provide limited networking details in a partially known-environment test to reduce reconnaissance efforts

Answer 38

D. Provide limited networking details in a partially known-environment test to reduce reconnaissance efforts

Question 39

A social media company based in North America is looking to expand into new, global markets and needs to maintain compliance with international standards. With which of the following is the company’s data protection officer MOST likely concerned?

A NIST Framework
B ISO 27001
C GDPR
D PCIDSS

Answer 39

C. GDPR

Question 40

The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of
A data controller.
B data owner.
C data custodian
D data processor.

Answer 40

D. Data processor

Question 41

Practical (Q. 240)

Question 42

A company’s Chief Information Security Officer (CIS) recently warned the security manager that the company’s Chief Executive Officer (CEO) is planning to publish a controversial opinion article in a national newspaper, which may result in new cyberattacks. Which of the following would be best for the security manager to use in a threat model?

A Hacktivists
B White-hat hackers
C Script kiddies
D Insider threats

Answer 42

A. Hacktivists

Question 43

An organization is concerned about intellectual property theft by employees who leave the organization. Which of the following should the organization MOST likely implement?

A CBT
B NDA
C MOU
D AUP

Answer 43

B. NDA

Question 44

A large retail store’s network was breached recently, and this news was made public. The store did not lose any intellectual property, and no customer information was stolen. Although no fines were incurred as a result, the store lost revenue after the breach. Which of the following is the most likely reason for this issue?

A Employee training
B Leadership changes
C Reputation damage
D Identity theft

Answer 44

C. Reputation damage

Question 45

To reduce and limit software and infrastructure costs, the Chief Information Officer has requested to move email services to the cloud. The cloud provider and the organization must have security controls to protect sensitive data. Which of the following cloud services would BEST accommodate the request?

A laaS
B PaaS
C DaaS
D SaaS

Answer 45

D. SaaS

Question 46

In the middle of a cyberattack, a security engineer removes the infected devices from the network and locks down all compromised accounts. In which of the following incident response phases is the security engineer currently operating?

A Identification
B Preparation
C Lessons learned
D Eradication
E Recovery
F Containment

Answer 46

F. Containment

Question 47

A security administrator, who is working for a government organization, would like to utilize classification and granular planning to secure top secret data and grant access on a need-to-know basis. Which of the following access control schemas should the administrator consider?

A Mandatory
B Rule-based
C Discretionary
D Role-based

Answer 47

D. Role-based

Question 48

A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL, hitos://www site com the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite com. Which of the following describes this attack?

A On-path
B Domain hijacking
C DNS poisoning
D Evil twin

Answer 48

B. Domain hijacking

Question 49

An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be used to accomplish this task?

A Application allow list
B SWG
C Host-based firewall
D VPN

Answer 49

C. Host-based firewall

Question 50

Which of the following would BEST provide a systems administrator with the ability to more efficiently identify systems and manage permissions and policies based on location, role, and service level?

A Standard naming conventions
B Domain services
C Baseline configurations
D Diagrams

Answer 50

B. Domain services

Question 51

After entering a username and password, an administrator must draw a gesture on a touch screen. Which of the following demonstrates what the administrator is providing?

A Multifactor authentication
B Something you can do
C Biometrics
D Two-factor authentication

Answer 51

B. Something you can do