251-275 Flashcards

1
Q

Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build?

A. Production
B. Test
C. Staging
D. Development

A

D. Development

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An analyst receives multiple alerts for beaconing activity for a host on the network. After analyzing the activity, the analyst observes the following activity:

  • A user enters comptia.org into a web browser.
  • The website that appears is not the comptia.org site.
  • The website is a malicious site from the attacker.
  • Users in a different office are not having this issue.

Which of the following types of attacks was observed?

A. On-path attack
B. DNS poisoning
C. Locator (URL) redirection
D. Domain hijacking

A

B. DNS poisoning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following in the incident response process is the BEST approach to improve the speed of the identification phase?

A. Activate verbose logging in all critical assets.
B. Tune monitoring in order to reduce false positive rates.
C. Redirect all events to multiple syslog servers.
D. Increase the number of sensors present on the environment.

A

B. Tune monitoring in order to reduce false positive rates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A security administrator is analyzing the corporate wireless network. The network only has two access points running on channels 1 and 11. While using airodump-ng, the administrator notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate access points. Which of the following attacks is happening on the corporate network?

A. On-path
B. Evil twin
C. Jamming
D. Rogue access point
E. Disassociation

A

B. Evil twin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When implementing automation with IoT devices, which of the following should be considered FIRST to keep the network secure?

A. Z-Wave compatibility
B. Network range
C. Zigbee configuration
D. Communication protocols

A

D. Communication protocols

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An organization is concerned that its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?

A. hping3 -S comptia-org -p 80
B. nc -l -v comptia.org -p 80
C. nmap comptia.org -p 80 -sV
D. nslookup –port=80 comptia.org

A

C. nmap comptia.org -p 80 -sV

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A news article states hackers have been selling access to IoT camera feeds. Which of the following is the MOST likely reason for this issue?

A. Outdated software
B. Weak credentials
C. Lack of encryption
D. Backdoors

A

B. Weak credentials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A company wants to build a new website to sell products online. The website will host a storefront application that will allow visitors to add products to a shopping cart and pay for the products using a credit card. Which of the following protocols would be the MOST secure to implement?

A. SSL
B. SFTP
C. SNMP
D. TLS

A

D. TLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the number of devices that were replaced due to loss, damage, or theft steadily increased by 10%. Which of the following would BEST describe the estimated number of devices to be replaced next year?

A. ALE
B. ARO
C. RPO
D. SLE

A

B. ARO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An organization is repairing the damage after an incident. Which of the following controls is being implemented?

A. Detective
B. Preventive
C. Corrective
D. Compensating

A

C. Corrective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A Chief Executive Officer’s (CEO) personal information was stolen in a social-engineering attack. Which of the following sources would reveal if the CEO’s personal information is for sale?

A. Automated information sharing
B. Open-source intelligence
C. The dark web
D. Vulnerability databases

A

C. The dark web

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following typically uses a combination of human and artificial intelligence to analyze event data and take action without intervention?

A. TTP
B. OSINT
C. SOAR
D. SIEM

A

C. SOAR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A security analyst has been tasked with creating a new WiFi network for the company. The requirements received by the analyst are as follows:

  • Must be able to differentiate between users connected to WiFi
  • The encryption keys need to change routinely without interrupting the users or forcing reauthentication
  • Must be able to integrate with RADIUS
  • Must not have any open SSIDs

Which of the following options BEST accommodates these requirements?

A. WPA2-Enterprise
B. WPA3-PSK
C. 802.11n
D. WPS

A

A. WPA2-Enterprise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A security administrator is trying to determine whether a server is vulnerable to a range of attacks. After using a tool, the administrator obtains the following output:

HTTP/1.0 200 OK
Content-type: text/html
Server: Apache

root:s9fyf983#:0:1:System Operator:/:/bin/bash
daemon:*1:1::/tmp:
userl:fi@su3FF:183:100:user:/home/users/userl:/bin/bash

Which of the following attacks was successfully implemented based on the output?

A. Memory leak
B. Race conditions
C. SQL injection
D. Directory traversal

A

D. Directory traversal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A Chief Security Officer is looking for a solution that can reduce the occurrence of customers receiving errors from back-end infrastructure when systems go offline unexpectedly. The security architect would like the solution to help maintain session persistence. Which of the following would BEST meet the requirements?

A. Reverse proxy
B. NIC teaming
C. Load balancer
D. Forward proxy

A

C. Load balancer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following should an organization consider implementing in the event executives need to speak to the media after a publicized data breach?

A. Incident response plan
B. Business continuity plan
C. Communication plan
D. Disaster recovery plan

A

C. Communication plan

17
Q

A well-known organization has been experiencing attacks from APTs. The organization is concerned that custom malware is being created and emailed into the company or installed on USB sticks that are dropped in parking lots. Which of the following is the BEST defense against this scenario?

A. Configuring signature-based antivirus to update every 30 minutes
B. Enforcing S/MIME for email and automatically encrypting USB drives upon insertion
C. Implementing application execution in a sandbox for unknown software
D. Fuzzing new files for vulnerabilities if they are not digitally signed

A

C. Implementing application execution in a sandbox for unknown software

18
Q

A company is implementing BYOD and wants to ensure all users have access to the same cloud-based services. Which of the following would BEST allow the company to meet this requirement?

A. IaaS
B. PaaS
C. MaaS
D. SaaS

A

D. SaaS

19
Q

During a recent security incident at a multinational corporation a security analyst found the following logs for an account called user:

User New York 9:00 AM Login; successful
User LA 9:01 AM Login; successful
User Sao Paolo 9:05 AM Login; successful
User Munich 9:05 AM Login; successful

Which of the following account policies would BEST prevent attackers from logging in as user?

A. Impossible travel time
B. Geofencing
C. Time-based logins
D. Geolocation

A

A. Impossible travel time

20
Q

An organization is tuning SIEM rules based off of threat intelligence reports. Which of the following phases of the incident response process does this scenario represent?

A. Lessons learned
B. Eradication
C. Recovery
D. Preparation

A

D. Preparation

21
Q

The database administration team is requesting guidance for a secure solution that will ensure confidentiality of cardholder data at rest only in certain fields in the database schema. The requirement is to substitute a sensitive data field with a non-sensitive field that is rendered useless if a data breach occurs. Which of the following is the BEST solution to meet the requirement?

A. Tokenization
B. Masking
C. Full disk encryption
D. Mirroring

A

A. Tokenization

22
Q

A company’s security team received notice of a critical vulnerability affecting a high-profile device within the web infrastructure. The vendor patch was just made available online but has not yet been regression tested in development environments. In the interim, firewall rules were implemented to reduce the access to the interface affected by the vulnerability. Which of the following controls does this scenario describe?

A. Deterrent
B. Compensating
C. Detective
D. Preventive

A

B. Compensating

23
Q

A security analyst is reviewing the following command-line output:

192.168.1.1 aa-bb-cc-00-11-22 dynamic
192.168.1.2 aa-bb-cc-00-11-22 dynamic
192.168.1.3 aa-bb-cc-00-11-22 dynamic
192.168.1.4 aa-bb-cc-00-11-22 dynamic
192.168.1.5 aa-bb-cc-00-11-22 dynamic

192.168.1.251 aa-bb-cc-00-11-22 dynamic
192.168.1.252 aa-bb-cc-00-11-22 dynamic
192.168.1.253 aa-bb-cc-00-11-22 dynamic
192.168.1.254 aa-bb-cc-00-11-22 dynamic
192.168.1.255 ff-ff-ff-ff-ff-ff static

Which of the following is the analyst observing?

A. ICMP spoofing
B. URL redirection
C. MAC address cloning
D. DNS poisoning

A

C. MAC address cloning

24
Q

A company was recently breached, Part of the company’s new cybersecurity strategy is to centralize the logs from all security devices. Which of the following components forwards the logs to a central source?

A. Log enrichment
B. Log aggregation
C. Log parser
D. Log collector

A

D. Log collector

25
Q

Which of the following is the MOST likely reason for securing an air-gapped laboratory HVAC system?

A. To avoid data leakage
B. To protect surveillance logs
C. To ensure availability
D. To facilitate third-party access

A

C. To ensure availability