301-350

Question 1

A company has a flat network that is deployed in the cloud. Security policy states that all production and development servers must be segmented. Which of the following should be used to design the network to meet the security requirements?

A CASB
B VPC
C Perimeter network
D WAF

Answer 1

B. VPC

Question 2

An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pap back to the machine for analysis. Which of the following tools should the analyst use to further review the pap?

O A Nmap
O B cURI
O c Netcat
O D Wireshark

Answer 2

D. Wireshark

Question 3

On the way into a secure building, an unknown individual strikes up a conversation with an employee. The employee scans the required badge at the door while the unknown individual holds the door open, seemingly out of courtesy, for the employee. Which of the following social engineering techniques is being utilized?

A Shoulder surfing
B Watering-hole attack
C Tailgating
D Impersonation

Answer 3

C. Tailgating

Question 4

Which of the following components can be used to consolidate and forward inbound internet traffic to multiple cloud environments though a single firewall?

A Transit gateway
B Cloud hot site
C Edge computing
D DNS sinkhole

Answer 4

A. Transit Gateway

Question 5

Which of the following is the GREATEST security concern when outsourcing code development to third-party contractors for an internet-facing application?

A Intellectual property theft
B Elevated privileges
C Unknown backdoor
D Quality assurance

Answer 5

C. Unknown backdoor

Question 6

A systems administrator needs to implement an access control scheme that will allow an object’s access policy to be determined by its owner. Which of the following access control schemes
BEST fits the requirements?

A Role-based access control
B Discretionary access control
C Mandatory access control
D Attribute-based access control

Answer 6

B. Discretionary access control

Question 7

Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company’s final software releases? (Choose two.)

A Unsecure protocols
B Use of penetration-testing utilities
C Weak passwords
D Included third-party libraries
E Vendors/supply chain
F Outdated anti-malware software

Answer 7

D. Included third-party libraries
E. Vendors/supply chain

Question 8

A network technician is installing a guest wireless network at a coffee shop. When a customer purchases an item, the password for the wireless network is printed on the receipt so the customer can log in. Which of the following will the technician MOST likely configure to provide the highest level of security with the least amount of overhead?

A WA-EAP
B WEP_TP
C WA-PSK
D WPS-PIN

Answer 8

C. WA-PSK

Question 9

A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicate a directory traversal attack has occurred. Which of the following is the analyst MOST likely seeing?

A http://sample.url.com/«script>Please-Visit-Our-Phishing-Site</script>
B http: //sample.url.com/someotherpageonsite/.///etc/shadow
C http: //sample.url.com/select-from-database where-password-null
D http://redirect.sameple.url sampleurl.com/malicious-dns-redirect

Answer 9

B. http: //sample.url.com/someotherpageonsite/.///etc/shadow

Question 10

Which of the following would BEST provide detective and corrective controls for thermal regulation?

A A smoke detector
B A fire alarm
C An HVAC system
D A fire suppression system
E Guards

Answer 10

C. An HVAC system

Question 11

A security analyst is investigating what appears to be unauthorized access to a corporate web application. The security analyst reviews the web server logs and finds the flowing entries.

Which of the following password attacks is taking place?

Question 12

A security analyst needs to implement security features across smartphones, laptops, and tablets. Which of the following would be the MOST effective across heterogeneous platforms?

A Enforcing encryption
B Deploying GPOs
C Removing administrative permissions
D Applving MDM software

Answer 12

D. Applying MDM software

Question 13

All security analysts’ workstations at a company have network access to a critical server VLAN. The information security manager wants to further enhance the controls by requiring that all access to the secure VLAN be authorized only from a given single location. Which of the following will the information security manager most likely implement?

A A forward proxy server
B A jump server
C A reverse proxy server
D A stateful firewall server

Answer 13

B. A jump server

Question 14

Which of the following supplies non-repudiation during a forensics investigation?

A Dumping volatile memory contents first
B Duplicating a drive with de
C Using a SHA-2 signature of a drive image
D Logging everyone in contact with evidence
E Encrypting sensitive data

Answer 14

C. Using a SHA-2 signature of a drive image

Question 15

A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of the following would BEST meet this objective? (Choose two.)

A Dual power supply
B Off-site backups
C Automatic OS upgrades
D NIC teaming
E Scheduled penetration testing
F Network-attached storage

Answer 15

A. Dual power supply
D. NIC teaming

Question 16

A systems administrator receives the following alert from a file integrity monitoring tool.

The hash of the cmd.exe file has changed.

The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

A The end user changed the file permissions.
B A cryptographic collision was detected.
C A snapshot of the file system was taken.
D A rootkit was deployed.

Answer 16

D. A root kit was deployed

Question 17

A security analyst has been tasked with ensuring all programs that are deployed into the enterprise have been assessed in a runtime environment. Any critical issues found in the program must be sent back to the developer for verification and remediation. Which of the following BEST describes the type of assessment taking place?

A Input validation
B Dynamic code analvsis
C Fuzzing
D Manual code review

Answer 17

B. Dynamic code analysis

Question 18

An organization is building a single virtual environment that will host customer applications and data that require availability at all times. The data center that is hosting the environment will provide generator power and ISP services. Which of the following is the best solution to support the organization’s requirement?

A NIC teaming
B Cloud backups
C A load balancer appliance
D UPS

Answer 18

C. A load balancer appliance

Question 19

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

A Compensating control
B Network segmentation
C Transfer of risk
D SNMP traps

Answer 19

B. Network segmentation

Question 20

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

A Private
B Critical
C Sensitive
D Public

Answer 20

C. Sensitive

Question 21

A web server has been compromised due to a ransomware attack. Further investigation reveals the ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services back up as soon as possible. Which of the following should the administrator use to restore services to a secure state?

A The last incremental backup that was conducted 72 hours ago
B The last known-good configuration
C The last full backup that was conducted seven days ago
D The baseline OS configuration

Answer 21

A. The last incremental backup that was conducted 72 hours ago

Question 22

An administrator identifies some locations on the third floor of the building that have a poor wireless signal Multiple users confirm the incident and report it is not an isolated event. Which of the following should the administrator use to find the areas with a poor or non-existent wireless signal?

A Heat map
B Input validation
C Site survey
D Embedded systems

Answer 22

C. Site survey

Question 23

An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operations in a:

A business continuity plan.
B communications plan.
C disaster recovery plan.
D continuity of operations plan.

Answer 23

C. Disaster recovery plan

Question 24

A forensic analyst needs to prove that data has not been tampered with since it was collected. Which of the following methods will the analyst MOST likely use?

A Look for tampering on the evidence collection bag.
B Encrypt the collected data using asymmetric encryption.
C Ensure proper procedures for chain of custody are being followed
D Calculate the checksum using a hashing algorithm

Answer 24

D. Calculate the checksum using a hashing algorithm

Question 25

The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process? A Updating the playbooks with better decision points B Dividing the network into trusted and untrusted zones C Providing additional end-user training on acceptable use D Implementing manual quarantining of infected hosts

Answer 25

A. Updating the playbooks with better decision points

Question 26

A company is implementing a DLP solution on the file server. The file server has PI, financial information, and health information stored on it. Depending on what type of data that is hosted on the file server, the company wants different DLP rules assigned to the data. Which of the following should the company do to help accomplish this goal? A Classify the data. B Mask the data. C Assign the application owner. D Perform a risk analysis.

Answer 26

A. Classify the data

Question 27

A research company discovered that an unauthorized piece of software has been detected on a small number of machines in its lab. The researchers collaborate with other machines using port 445 and on the Internet using port 443. The unauthorized software is starting to be seen on additional machines outside of the lab and is making oufbound communications using HTTPS and SMB. The security team has been instructed to resolve the problem as quickly as possible while causing minimal disruption to the researchers. Which of the following contains the BEST course of action in this scenario? A Update the host firewalls to block outbound SMB B Place the machines with the unapproved software in containment. C Place the unauthorized application in a blocklist. D Implement a content filter to block the unauthorized software communication.

Answer 27

B. Place the machines with the unapproved software in containment.

Question 28

A Chief Information Security Officer has defined resiliency requirements for a new data center architecture. The requirements are as follows: • Critical fileshares will remain accessible during and after a natural disaster. • Five percent of hard disks can fail at any given time without impacting the data. • Systems will be forced to shut down gracefully when battery levels are below 20%. Which of the following are required to BEST meet these objectives? (Choose three.) A Fiber switching B lac C NAS D RAID E UPS F Redundant power supplies G Geographic dispersal H Snapshots I Load balancing

Answer 28

D. RAID E. UPS F. Redundant power supplies

Question 29

While troubleshooting a firewall configuration, a technician determines that a "deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue? A Documenting the new policy in a change request and submitting the request to change management B Testing the policy in a non-production environment before enabling the policy in the production network C Disabling any intrusion prevention signatures on the "deny any" policy prior to enabling the new policy D Including an "allow any" policy above the "deny any" policy

Answer 29

B. Testing the policy in a non-production environment before enabling the policy in the production network

Question 30

A security analyst is assisting a team of developers with best practices for coding. The security analyst would like to defend against the use of SQL injection attacks. Which of the following should the security analyst recommend first? A Tokenization B Input validation C Code signing D Secure cookies

Answer 30

B. Input validation

Question 31

A company recently moved sensitive videos between on-premises, company-owned websites. The company then learned the videos had been uploaded and shared to the Internet. Which of the following would MOST likely allow the company to find the cause? A Checksums B Watermarks C Order of volatility D A log analysis E A right-to-audit clause

Answer 31

D. A log analysis

Question 32

A security analyst discovers that a company's username and password database was posted on an Internet forum. The usernames and passwords are stored in plain text. Which of the following would mitigate the damage done by this type of data exfiltration in the future? A Create DLP controls that prevent documents from leaving the network. B Implement salting and hashing. C Configure the web content filter to block access to the forum. D Increase password complexity requirements

Answer 32

B. Implement salting and hashing.

Question 33

A security analyst reports a company policy violation in a case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized downloads are occurring. The analyst also discovers a couple of WAPs are using the same SSID, but they have non-standard DHCP configurations and an overlapping channel. Which of the following attacks is being conducted? A Evil twin B Jamming C DNS poisoning D Bluesnarfing E DDOS

Answer 33

A. Evil twin

Question 34

Which of the following is the MOST effective control against zero-day vulnerabilities? A Network segmentation B Patch management C Intrusion prevention system D Multiple vulnerability scanners

Answer 34

B. Patch management