208 - 2068 Flashcards
a security analyst is hardening a linux workstation and must ensure it has public keys forwarded to remote systems for secure login.
Which of the following steps should the analyst perform to meet these requirments?
Forward the keys using ssh-copy-id
Forward the keys using openssl -s
A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company’s network. The company;s lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts.
While reciewing the log files, the analyst discovers the following:
Which of the following attacks MOST likely occurred?
Brute-force
A security analyst is investigating an incident that was first reported as an issue connecting to network shares and the internet. While reviewing logs and tool output, the analyst sees the following:
Which of the following attacks has occurred.
Arp Poisoning
A well-known organization has been experiencing attacks from APIs. The organization is concerened that custom malware is being created and emailed into the company or installed on USB sticks that are dropped in parking lots.
Which of the following is the BEST defense against this scenario?
Implementing application execution in a sandbox for unknown software.
Which of the following would be BEST to establish between organizations that have agreed cooperate and are engaged in early discussion to define the reponsibilitiesof each party, but do not want to establish a contractually binding agreement?
An MOU
An organization hired a consultant to assist with an active attack, and the consultant was able to identify the compromised accounts and computers.
Which of the following is the consultant MOST likely to recommend to prepare for eradication?
Segmenting the compromised accounts and computers into a honeynet so as to not alert the attackers.
Users at organization have been installing programs from the internet on their workstations without first proper authorization. The organization mainatains a portal from which users can install standardized programs. However some users have adminisrative access on their workstations to enable legacy programs to function property.
Which of the following should the security administrator consider implementing to address this issue?
Application whitelisting.
Which of the following would be BEST to establish between organizations to define the responsibilities of each part outline the key deliverables and include monetary penalties for breaches to manage third-party risk?
An SLA
An Organization hired a consultant to assist with an active attack, and the consultant was able to identify the compromised accounts and computers.
Which of the following is the consultant MOST likely to recommend to prepare for eradication?
Segmenting the compromised accountgs and computers into a honeynet so as to not alert the attackers.
Users at organization have been installing programs from the internet on their workstations without first proper authorizatiopn. The organizastion maintains a portal from which users can install standardized programs. However, some users have admin access on their workstations to enable legacy programs to function properly.
Which of the following should the security admin consider implementing to address this issue?
Application whitelisting
Which of the following would bve BEST to establish between organizations to define the responsibilities of each party outline the key deliverables and incluide monetary penalties for breaches to manage third-party risk?
SLA
An atta ker is exploiting a vulnerability that does not have a patch available.
Which of the following is the attacker exploiting
Zero - Day
A system analyst is responsible for generating a new digital forensics chain of custody form.
Which of the following should the analyst include in this documentation (Select TWO)
The Order of volatility
The date and time
A CISO is concerned about the organization’s ability to continue business operation in the event of a prolonged DDOS attack on its local datacenter.
Which of the following will the CISO MOST liekly recommend to mitigate this risk?
Implement a challenge response test on all end-user queries
A cybersecurity admin is using iptables as an enterprise firewall. The admin created some rules, but the network now seems to be unresponsive. All connections are being dropped by the firewall.
Which of the follwoing would be the BEST option to remove the rules?
iptables -PINPUT -j DROP
A security admin checks the table of a network switch, which shows the following output:
Which of the following is happening to this switch?
MAC Flooding
A security analyst is reviewing information regarding recent vulnerabilities.
Which of the following will the analyst MOST lekely consult to validate which platforms have been affected?
CVE
An analyst has determined that a server was not patched and an external actor exfiltrated data on port 139.
Which of the following sources should the analyst review to BEST ascertain how the incident could have been prevented?
The vulnerabilities scan output
A security analyst discovers several .jpg photos from a cellular phone during a forensics investigation involving a compromised system. The anlayst runs a forensics tool to gather file metadata. w
Which of the following would be part of the images if all the metadata is still intact?
The GPS location
A forensics examiner is attempting to dump password cached in the physical memory of a live system but keeps recieving an error message.
Which of the following BEST describes the cause of the error?
The swap file needs to be unlocked before it can be accessed.
Which of the following will MOST liekly cause machine learning and AI-enabled systems to operate with unintended consequences?
Data Bias
An incendent response technician collected a mobile device during an investigation.
Which of the following should the tech do to maintain chain of custody?
Document the collection and require a sign-off when possession changes.
A security analyst is preparing a threat for an upcoming internal penetration test. The analyst needs to identify a method for determining the tactics, techniques, and procedures of a threat against the organization’s network
Which of the following will the analyst MOST likely use to accomplish the objective?
MTRE Att$ck
Which of the following organizational policies are MOST likely to detect fraud that is being conducted by existing emplotees? (SELECT TWO )
Mandatory Vacation
Job Rotation
A company is designing the layout of a new datacenter so it will have an optimal environmental temperture.
Which of the following must be included? (Select TWO)
A cold Site
A hot aisle