Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

PFS V.2 > 301-350 > Flashcards

301-350 Flashcards

1
Q

A company has a flat network that is deployed in the cloud. Security policy states that all production and development servers must be segmented. Which of the following should be used to design the network to meet the security requirements?

A CASB
B VPC
C Perimeter network
D WAF

A

B. VPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pap back to the machine for analysis. Which of the following tools should the analyst use to further review the pap?

O A Nmap
O B cURI
O c Netcat
O D Wireshark

A

D. Wireshark

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

On the way into a secure building, an unknown individual strikes up a conversation with an employee. The employee scans the required badge at the door while the unknown individual holds the door open, seemingly out of courtesy, for the employee. Which of the following social engineering techniques is being utilized?

A Shoulder surfing
B Watering-hole attack
C Tailgating
D Impersonation

A

C. Tailgating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following components can be used to consolidate and forward inbound internet traffic to multiple cloud environments though a single firewall?

A Transit gateway
B Cloud hot site
C Edge computing
D DNS sinkhole

A

A. Transit Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is the GREATEST security concern when outsourcing code development to third-party contractors for an internet-facing application?

A Intellectual property theft
B Elevated privileges
C Unknown backdoor
D Quality assurance

A

C. Unknown backdoor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A systems administrator needs to implement an access control scheme that will allow an object’s access policy to be determined by its owner. Which of the following access control schemes
BEST fits the requirements?

A Role-based access control
B Discretionary access control
C Mandatory access control
D Attribute-based access control

A

B. Discretionary access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company’s final software releases? (Choose two.)

A Unsecure protocols
B Use of penetration-testing utilities
C Weak passwords
D Included third-party libraries
E Vendors/supply chain
F Outdated anti-malware software

A

D. Included third-party libraries
E. Vendors/supply chain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A network technician is installing a guest wireless network at a coffee shop. When a customer purchases an item, the password for the wireless network is printed on the receipt so the customer can log in. Which of the following will the technician MOST likely configure to provide the highest level of security with the least amount of overhead?

A WA-EAP
B WEP_TP
C WA-PSK
D WPS-PIN

A

C. WA-PSK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicate a directory traversal attack has occurred. Which of the following is the analyst MOST likely seeing?

A http://sample.url.com/«script>Please-Visit-Our-Phishing-Site</script>
B http: //sample.url.com/someotherpageonsite/.///etc/shadow
C http: //sample.url.com/select-from-database where-password-null
D http://redirect.sameple.url sampleurl.com/malicious-dns-redirect

A

B. http: //sample.url.com/someotherpageonsite/.///etc/shadow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following would BEST provide detective and corrective controls for thermal regulation?

A A smoke detector
B A fire alarm
C An HVAC system
D A fire suppression system
E Guards

A

C. An HVAC system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A security analyst is investigating what appears to be unauthorized access to a corporate web application. The security analyst reviews the web server logs and finds the flowing entries.

Which of the following password attacks is taking place?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A security analyst needs to implement security features across smartphones, laptops, and tablets. Which of the following would be the MOST effective across heterogeneous platforms?

A Enforcing encryption
B Deploying GPOs
C Removing administrative permissions
D Applving MDM software

A

D. Applying MDM software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

All security analysts’ workstations at a company have network access to a critical server VLAN. The information security manager wants to further enhance the controls by requiring that all access to the secure VLAN be authorized only from a given single location. Which of the following will the information security manager most likely implement?

A A forward proxy server
B A jump server
C A reverse proxy server
D A stateful firewall server

A

B. A jump server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following supplies non-repudiation during a forensics investigation?

A Dumping volatile memory contents first
B Duplicating a drive with de
C Using a SHA-2 signature of a drive image
D Logging everyone in contact with evidence
E Encrypting sensitive data

A

C. Using a SHA-2 signature of a drive image

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of the following would BEST meet this objective? (Choose two.)

A Dual power supply
B Off-site backups
C Automatic OS upgrades
D NIC teaming
E Scheduled penetration testing
F Network-attached storage

A

A. Dual power supply
D. NIC teaming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A systems administrator receives the following alert from a file integrity monitoring tool.

The hash of the cmd.exe file has changed.

The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

A The end user changed the file permissions.
B A cryptographic collision was detected.
C A snapshot of the file system was taken.
D A rootkit was deployed.

A

D. A root kit was deployed

17
Q

A security analyst has been tasked with ensuring all programs that are deployed into the enterprise have been assessed in a runtime environment. Any critical issues found in the program must be sent back to the developer for verification and remediation. Which of the following BEST describes the type of assessment taking place?

A Input validation
B Dynamic code analvsis
C Fuzzing
D Manual code review

A

B. Dynamic code analysis

18
Q

An organization is building a single virtual environment that will host customer applications and data that require availability at all times. The data center that is hosting the environment will provide generator power and ISP services. Which of the following is the best solution to support the organization’s requirement?

A NIC teaming
B Cloud backups
C A load balancer appliance
D UPS

A

C. A load balancer appliance

19
Q

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

A Compensating control
B Network segmentation
C Transfer of risk
D SNMP traps

A

B. Network segmentation

20
Q

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

A Private
B Critical
C Sensitive
D Public

A

C. Sensitive

21
Q

A web server has been compromised due to a ransomware attack. Further investigation reveals the ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services back up as soon as possible. Which of the following should the administrator use to restore services to a secure state?

A The last incremental backup that was conducted 72 hours ago
B The last known-good configuration
C The last full backup that was conducted seven days ago
D The baseline OS configuration

A

A. The last incremental backup that was conducted 72 hours ago

22
Q

An administrator identifies some locations on the third floor of the building that have a poor wireless signal Multiple users confirm the incident and report it is not an isolated event. Which of the following should the administrator use to find the areas with a poor or non-existent wireless signal?

A Heat map
B Input validation
C Site survey
D Embedded systems

A

C. Site survey

23
Q

An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operations in a:

A business continuity plan.
B communications plan.
C disaster recovery plan.
D continuity of operations plan.

A

C. Disaster recovery plan

24
Q

A forensic analyst needs to prove that data has not been tampered with since it was collected. Which of the following methods will the analyst MOST likely use?

A Look for tampering on the evidence collection bag.
B Encrypt the collected data using asymmetric encryption.
C Ensure proper procedures for chain of custody are being followed
D Calculate the checksum using a hashing algorithm

A

D. Calculate the checksum using a hashing algorithm

25
Q

The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process?

A Updating the playbooks with better decision points
B Dividing the network into trusted and untrusted zones
C Providing additional end-user training on acceptable use
D Implementing manual quarantining of infected hosts

A

A. Updating the playbooks with better decision points

26
Q

A company is implementing a DLP solution on the file server. The file server has PI, financial information, and health information stored on it. Depending on what type of data that is hosted on the file server, the company wants different DLP rules assigned to the data. Which of the following should the company do to help accomplish this goal?

A Classify the data.
B Mask the data.
C Assign the application owner.
D Perform a risk analysis.

A

A. Classify the data

27
Q

A research company discovered that an unauthorized piece of software has been detected on a small number of machines in its lab. The researchers collaborate with other machines using port 445 and on the Internet using port 443. The unauthorized software is starting to be seen on additional machines outside of the lab and is making oufbound communications using HTTPS and SMB. The security team has been instructed to resolve the problem as quickly as possible while causing minimal disruption to the researchers. Which of the following contains the BEST course of action in this scenario?

A Update the host firewalls to block outbound SMB
B Place the machines with the unapproved software in containment.
C Place the unauthorized application in a blocklist.
D Implement a content filter to block the unauthorized software communication.

A

B. Place the machines with the unapproved software in containment.

28
Q

A Chief Information Security Officer has defined resiliency requirements for a new data center architecture. The requirements are as follows:

• Critical fileshares will remain accessible during and after a natural disaster.
• Five percent of hard disks can fail at any given time without impacting the data.
• Systems will be forced to shut down gracefully when battery levels are below 20%.

Which of the following are required to BEST meet these objectives? (Choose three.)

A Fiber switching
B lac
C NAS
D RAID
E UPS
F Redundant power supplies
G Geographic dispersal
H Snapshots
I Load balancing

A

D. RAID
E. UPS
F. Redundant power supplies

29
Q

While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?

A Documenting the new policy in a change request and submitting the request to change management
B Testing the policy in a non-production environment before enabling the policy in the production network
C Disabling any intrusion prevention signatures on the “deny any” policy prior to enabling the new policy
D Including an “allow any” policy above the “deny any” policy

A

B. Testing the policy in a non-production environment before enabling the policy in the production network

30
Q

A security analyst is assisting a team of developers with best practices for coding. The security analyst would like to defend against the use of SQL injection attacks. Which of the following should the security analyst recommend first?

A Tokenization
B Input validation
C Code signing
D Secure cookies

A

B. Input validation

31
Q

A company recently moved sensitive videos between on-premises, company-owned websites. The company then learned the videos had been uploaded and shared to the Internet. Which of the following would MOST likely allow the company to find the cause?

A Checksums
B Watermarks
C Order of volatility
D A log analysis
E A right-to-audit clause

A

D. A log analysis

32
Q

A security analyst discovers that a company’s username and password database was posted on an Internet forum. The usernames and passwords are stored in plain text. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

A Create DLP controls that prevent documents from leaving the network.
B Implement salting and hashing.
C Configure the web content filter to block access to the forum.
D Increase password complexity requirements

A

B. Implement salting and hashing.

33
Q

A security analyst reports a company policy violation in a case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized downloads are occurring. The analyst also discovers a couple of WAPs are using the same SSID, but they have non-standard DHCP configurations and an overlapping channel. Which of the following attacks is being conducted?

A Evil twin
B Jamming
C DNS poisoning
D Bluesnarfing
E DDOS

A

A. Evil twin

34
Q

Which of the following is the MOST effective control against zero-day vulnerabilities?

A Network segmentation
B Patch management
C Intrusion prevention system
D Multiple vulnerability scanners

A

B. Patch management

PFS V.2 (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions