208 - 2068 Flashcards

1
Q

a security analyst is hardening a linux workstation and must ensure it has public keys forwarded to remote systems for secure login.

Which of the following steps should the analyst perform to meet these requirments?

A

Forward the keys using ssh-copy-id

Forward the keys using openssl -s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company’s network. The company;s lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts.

While reciewing the log files, the analyst discovers the following:

Which of the following attacks MOST likely occurred?

A

Brute-force

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A security analyst is investigating an incident that was first reported as an issue connecting to network shares and the internet. While reviewing logs and tool output, the analyst sees the following:

Which of the following attacks has occurred.

A

Arp Poisoning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A well-known organization has been experiencing attacks from APIs. The organization is concerened that custom malware is being created and emailed into the company or installed on USB sticks that are dropped in parking lots.

Which of the following is the BEST defense against this scenario?

A

Implementing application execution in a sandbox for unknown software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following would be BEST to establish between organizations that have agreed cooperate and are engaged in early discussion to define the reponsibilitiesof each party, but do not want to establish a contractually binding agreement?

A

An MOU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An organization hired a consultant to assist with an active attack, and the consultant was able to identify the compromised accounts and computers.

Which of the following is the consultant MOST likely to recommend to prepare for eradication?

A

Segmenting the compromised accounts and computers into a honeynet so as to not alert the attackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Users at organization have been installing programs from the internet on their workstations without first proper authorization. The organization mainatains a portal from which users can install standardized programs. However some users have adminisrative access on their workstations to enable legacy programs to function property.

Which of the following should the security administrator consider implementing to address this issue?

A

Application whitelisting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following would be BEST to establish between organizations to define the responsibilities of each part outline the key deliverables and include monetary penalties for breaches to manage third-party risk?

A

An SLA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An Organization hired a consultant to assist with an active attack, and the consultant was able to identify the compromised accounts and computers.

Which of the following is the consultant MOST likely to recommend to prepare for eradication?

A

Segmenting the compromised accountgs and computers into a honeynet so as to not alert the attackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Users at organization have been installing programs from the internet on their workstations without first proper authorizatiopn. The organizastion maintains a portal from which users can install standardized programs. However, some users have admin access on their workstations to enable legacy programs to function properly.

Which of the following should the security admin consider implementing to address this issue?

A

Application whitelisting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following would bve BEST to establish between organizations to define the responsibilities of each party outline the key deliverables and incluide monetary penalties for breaches to manage third-party risk?

A

SLA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An atta ker is exploiting a vulnerability that does not have a patch available.

Which of the following is the attacker exploiting

A

Zero - Day

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A system analyst is responsible for generating a new digital forensics chain of custody form.

Which of the following should the analyst include in this documentation (Select TWO)

A

The Order of volatility

The date and time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A CISO is concerned about the organization’s ability to continue business operation in the event of a prolonged DDOS attack on its local datacenter.

Which of the following will the CISO MOST liekly recommend to mitigate this risk?

A

Implement a challenge response test on all end-user queries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A cybersecurity admin is using iptables as an enterprise firewall. The admin created some rules, but the network now seems to be unresponsive. All connections are being dropped by the firewall.

Which of the follwoing would be the BEST option to remove the rules?

A

iptables -PINPUT -j DROP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A security admin checks the table of a network switch, which shows the following output:

Which of the following is happening to this switch?

A

MAC Flooding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A security analyst is reviewing information regarding recent vulnerabilities.

Which of the following will the analyst MOST lekely consult to validate which platforms have been affected?

A

CVE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

An analyst has determined that a server was not patched and an external actor exfiltrated data on port 139.

Which of the following sources should the analyst review to BEST ascertain how the incident could have been prevented?

A

The vulnerabilities scan output

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A security analyst discovers several .jpg photos from a cellular phone during a forensics investigation involving a compromised system. The anlayst runs a forensics tool to gather file metadata. w

Which of the following would be part of the images if all the metadata is still intact?

A

The GPS location

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A forensics examiner is attempting to dump password cached in the physical memory of a live system but keeps recieving an error message.

Which of the following BEST describes the cause of the error?

A

The swap file needs to be unlocked before it can be accessed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following will MOST liekly cause machine learning and AI-enabled systems to operate with unintended consequences?

A

Data Bias

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

An incendent response technician collected a mobile device during an investigation.

Which of the following should the tech do to maintain chain of custody?

A

Document the collection and require a sign-off when possession changes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A security analyst is preparing a threat for an upcoming internal penetration test. The analyst needs to identify a method for determining the tactics, techniques, and procedures of a threat against the organization’s network

Which of the following will the analyst MOST likely use to accomplish the objective?

A

MTRE Att$ck

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which of the following organizational policies are MOST likely to detect fraud that is being conducted by existing emplotees? (SELECT TWO )

A

Mandatory Vacation

Job Rotation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A company is designing the layout of a new datacenter so it will have an optimal environmental temperture.

Which of the following must be included? (Select TWO)

A

A cold Site

A hot aisle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

An attacker is attempting to exploit users by creating a fake website with teh URL users.

Which of the following social-engineering attacks does this describe?

A

Watering Hole Attack

27
Q

A security modern may have occurred on the dektop PC of an organization’s CEO. A duplicate copy of the CEO’s hard drive must be stored securely to ensure appropriate forensic processes and teh chain of custody are followed.

Which of the following should be performed to accompish this task?

A

Connect a write blocker to the hard drive. Then leveraging a forensic workstation, utilize the dd command rn a live Linux environment to create a duplicate copy.

28
Q

A security analyst needs to perform periodic vulnerability scans on production systems.

Which of the following scan Types would produce the BEST vulnerability scan report?

A

Credentialed

29
Q

A security analyst reviews the data center access logs for fingerprint scanner and notices an abundance of errors that correlate with users’ reports of issues accessing the facility.

Which of the following MOST likely the cause of the access issues?

A

False rejection

30
Q

A technician needs to prevent data loss in a laboratory. The Laboratory is not connected to any external networks.

Which of the following methods would BEST prevent the exfilitration of data? (Select TWO)

A

Drive encryption

USB blocker

31
Q

A cybersecurity department purchased on new PAM solution. The team is planning to randomize the service account credentials of the Windows server first.

Which of the following would be the BEST method to increase the security on the Linux server?

A

Use SSH keys and remove generic passwords.

32
Q

A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place?

A

Lessons learned

33
Q

A security engineer needs to Implement the following requirements:

  • All Layer 2 switches should leverage Active Directory for authentication.

All layer 2 switches should use local fallback authentication if Active Directory is Offline.

-All layer 2 switches are not the same and are manufactured by several vendors.

Which of the following actions should the engineer take to meet these requirments? (Select TWO)

A

Implement RADIUS

Configure AAA on the switch with local login as secondary

34
Q

A client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager darned the reports were previously sent via email but then quickly generated and backdated the reports before submitting them via a new email message.

Which of the following actions MOST likely supports an investigation for fraudulent submission?

A

Review the email event logs.

35
Q

A network engineer is troubleshooting wireless network connectivity issues that were reported by users. The issues are occuring only in the section of the building that is closest to the parking lot. Users are intermitently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return desks after using their devices in other areas of the building. There have also been reprots of users being required to enter their credentials on web pages in order to gain access to them.

Which of the following is the MOST likely cause of this issue?

A

AN external access point is engaging in an evil-twin attack.

36
Q

An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims.

Which of the following is the attacker dMOST likely attempting?

A

A watering-hole attack

37
Q

A company has determined that if its computer based manufacturing is not functioning for 12 consecutive hours, it will lose more money that it costs to maintain the equipment.

Which of the following must be less than 12 hours to maintain a positive total cost of ownership?

A

RTO

38
Q

An analyst needs to set up a method for securely transferring files between systems. One of the requirements is to authenticate the IP Header and teh payload.

Which of the following services would BEST meet the criteria?

A

TLS

39
Q

A company needs to centralize its logs to create a baseline and have visibility on its security ecents.

Which of the following tech will accomplish this objective?

A

Security information and event management.

40
Q

A privileged user ata company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident. The systems admin has just informed investigators that other log files are available for review.

Which of the following did the admin MOST likely configure that will assist the investigators?

A

The syslog server

41
Q

A company is upgrading its wireless infastructure to WPA2-Enterprise using EAP-TLS

Which of the following must be part of teh security architecture to achieve AAA (Select TWO)

A

Active directory

RADIUS

42
Q

A company has decided to move its operations to the cloud. It wants to utilize technology that will prevent users from downloading company applications for personal use, restrict data that is uploaded, and have visibilty into which applications are being used across the company.

Which of the following solutions will BEST ameet these requirements?

A

A CASB

43
Q

A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers the company is unable to upgrade the encryption standard .

Which of the following types of controls should be used to reduce the risk created by this scenario?

A

Compensating

44
Q

Local guidlines require that all information systems meet a minimum-security baseline to be compliant.

WHich of teh following can security administartors use to assess their system configurations against the baseline?

A

Benchmarks.

45
Q

A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks.

Which of the following methods would BEST precent data? (Select TWO)

A

Drive encryption

USB Blocker

46
Q

Which of the following scenarios would make a DNS sinkhole effective in thwarting an attack?

A

Routing tables have been compromised, and a n attacker is rerouting traffic to malicious websites.

47
Q

A security admin currently spends a large amount of time on common security tasks, such aa report generation, phishing investigations , and user provisioning and deprovisioning. This prevents the administrator from spending time on other security projects. HTe business does not have the budget to add more staff members.

Which of the following should the admin implement?

A

SOAR

48
Q

Given the following logs

Which of teh following best descrives the type of attack that is occurring?

A

Password spraying

49
Q

The process of passivelyt gathering information prior to launching a cyber attack is called:

A

Reconnaissance.

50
Q

Which of the following would BEST identify and remediate a data-loss event in an enterprise using third-party, web based services and file sharing platforms?

A

CASB

51
Q

The manager who is responsible for a data set has asked a security engineer to apply encryptiokn to the data on a hard disk. The security engineer is an example of a:

A

Data Processor

52
Q

AN attacker has successfully exfiltrated several non-salted password hashes from an online system. given the logs below:

Which of the following BEST describes the type of password attack the attacker is performing?

A

Dictionary

53
Q

A security analyst sees the following log output while revieing web logs:

Which of the following mitigation strategies would be BEST to prevent this attack from being successful?

A

Input validation

54
Q

Under GDPR which of the following is most responsible for the protection of privacy and website user rights?

A

The Data Owner

55
Q

A user is concerned that a web application will not be able to handle unexpected or random input without crashing.

Which of the following BEST describes the type of testing teh user should perform?

A

Dynamic code analysis

56
Q

A user recently attended an exposition and received some digital promotional materials. THe user later noticed blue boxes popping up and disappearing on the computer, and reported receiving several spam emails, which of the user did not open. Which of the following is MOST likely the cause of the reported issue?

A

There was malicious code on the USB drive.

57
Q

Which of the following would be the BEST resource or a software developer who is looking to improve secure coding practices for web applications?

A

OWASP

58
Q

Which of the following control sets should a well-written BCP include?

Select three

A

Preventative

Corrective

Recovery

59
Q

The website http://companywebsite.com requires uses to provide personal information. Including security question responses, for registration.

WHich of the following would MOST likely cause a data breach?

A

Unsecure protocol

60
Q

A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked.

Which of the following would best these requirement?

A

CRL

61
Q

An organization’s Chief Security Officer wants to validate the business’s involvment in the incident response plan to ensure its validity and thoroughness.

Which of the following will the CSO MOST likely use?

A

A table top exercise

62
Q

A network technician is installing a guest wireless network at a coffee shop. When a customer purchases an item, the password for the wireless network is printed on the recent so teh customer can logt in.

Which of the following will the technician MOST likely configure to provide the highest level of security with the least amount of overhead?

A

WPA-EAP

63
Q

Which of the following job roles would sponsor data quality and data entry initiatives that ensure business and regulatory requirements are met?

A

The data steward

64
Q

A security analyst is configuring a large number of new company issued laptops. The analyst received the following requirements:

The devices will be used internationally by staff who travel extensively.

Occasional personal use is acceptable due to the travel requirements.

Users must be able to install and configure sanctioned programs and productivity suites.

The devices must be encrypte

The devices must be capable of operating in low-bandwidth environments.

Which of the following would provide the GREATEST benifit to the security posture of the devices?

A

Configuring an always-on VPN