Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Sec+ > 326-350 > Flashcards

326-350 Flashcards

1
Q

An organization wants to enable built-in FDE on all laptops. Which of the following should the organization ensure is installed on all laptops?

A. TPM
B. CA
C. SAML
D. CRL

A

A. TPM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A security analyst needs to centrally manage credentials and permissions to the company’s network devices. The following security requirements must be met:

  • All actions performed by the network staff must be logged.
  • Per-command permissions must be possible.
  • The authentication server and the devices must communicate through TCP.

Which of the following authentication protocols should the analyst choose?

A. Kerberos
B. CHAP
C. TACACS+
D. RADIUS

A

C. TACACS+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An organization recently released a software assurance policy that requires developers to run code scans each night on the repository. After the first night, the security team alerted the developers that more than 2,000 findings were reported and need to be addressed. Which of the following is the MOST likely cause for the high number of findings?

A. The vulnerability scanner was not properly configured and generated a high number of false positives.
B. Third-party libraries have been loaded into the repository and should be removed from the codebase.
C. The vulnerability scanner found several memory leaks during runtime, causing duplicate reports for the same issue.
D. The vulnerability scanner was not loaded with the correct benchmarks and needs to be updated.

A

A. The vulnerability scanner was not properly configured and generated a high number of false positives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An organization is concerned about intellectual property theft by employees who leave the organization. Which of the following should the organization MOST likely implement?

A. CBT
B. NDA
C. MOU
D. AUP

A

B. NDA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A security analyst reviews web server logs and notices the following lines:

104.35.45.53 –[date] [url]

Which of the following vulnerabilities is the attacker trying to exploit?
A. Token reuse
B. SQLi
C. CSRF
D. XSS

A

D. XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A network manager is concerned that business may be negatively impacted if the firewall in its data center goes offline. The manager would like to implement a high availability pair to:

A. decrease the mean time between failures.
B. remove the single point of failure.
C. cut down the mean time to repair.
D. reduce the recovery time objective.

A

B. remove the single point of failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A major manufacturing company updated its internal infrastructure and just recently started to allow OAuth applications to access corporate data. Data leakage is now being reported. Which of the following MOST likely caused the issue?

A. Privilege creep
B. Unmodified default settings
C. TLS protocol vulnerabilities
D. Improper patch management

A

B. Unmodified default settings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

While preparing a software inventory report, a security analyst discovers an unauthorized program installed on most of the company’s servers. The program utilizes the same code signing certificate as an application deployed to only the accounting team. After removing the unauthorized program, which of the following mitigations should the analyst implement to BEST secure the server environment?

A. Revoke the code signing certificate used by both programs.
B. Block all unapproved file hashes from installation
C. Add the accounting application file hash to the allowed list.
D. Update the code signing certificate for the approved application.

A

A. Revoke the code signing certificate used by both programs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A security analyst is reviewing the latest vulnerability scan report for a web server following an incident. The vulnerability report showed no concerning findings. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause?

A. Security patches failed to install due to a version incompatibility.
B. An adversary altered the vulnerability scan reports.
C. A zero-day vulnerability was used to exploit the web server.
D. The scan reported a false negative for the vulnerability.

A

D. The scan reported a false negative for the vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The help desk has received calls from users in multiple locations who are unable to access core network services. The network team has identified and turned off the network switches using remote commands. Which of the following actions should the network team take NEXT?

A. Disconnect all external network connections from the firewall.
B. Send response teams to the network switch locations to perform updates.
C. Turn on all the network switches by using the centralized management software.
D. Initiate the organization’s incident response plan.

A

D. Initiate the organization’s incident response plan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims. Which of the following is the attacker MOST likely attempting?

A. A spear-phishing attack
B. A watering-hole attack
C. Typo squatting
D. A phishing attack

A

B. A watering-hole attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An organization is moving away from the use of client-side and server-side certificates for EAP. The company would like for the new EAP solution to have the ability to detect rogue access points. Which of the following would accomplish these requirements?

A. PEAP
B. EAP-FAST
C. EAP-TLS
D. EAP-TTLS

A

B. EAP-FAST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A security analyst receives a SIEM alert that someone logged in to the appadmin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log:

Which of the following can the security analyst conclude?

A. A replay attack is being conducted against the application.
B. An injection attack is being conducted against a user authentication system.
C. A service account password may have been changed, resulting in continuous failed logins within the application.
D. A credentialed vulnerability scanner attack is testing several CVEs against the application.

A

B. An injection attack is being conducted against a user authentication system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A security team is engaging a third-party vendor to do a penetration test of a new proprietary application prior to its release. Which of the following documents would the third-party vendor MOST likely be required to review and sign?

A. SLA
B. NDA
C. MOU
D. AUP

A

B. NDA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following is an administrative control that would be MOST effective to reduce the occurrence of malware execution?

A. Security awareness training
B. Frequency of NIDS updates
C. Change control procedures
D. EDR reporting cycle

A

A. Security awareness training

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Employees at a company are receiving unsolicited text messages on their corporate cell phones. The unsolicited text messages contain a password reset link. Which of the following attacks is being used to target the company?

A. Phishing
B. Vishing
C. Smishing
D. Spam

A

C. Smishing

17
Q

During a Chief Information Security Officer (CISO) convention to discuss security awareness, the attendees are provided with a network connection to use as a resource. As the convention progresses, one of the attendees starts to notice delays in the connection, and the HTTPS site requests are reverting to HTTP. Which of the following BEST describes what is happening?

A. Birthday collision on the certificate key
B. DNS hijacking to reroute traffic
C. Brute force to the access point
D. A SSL/TLS downgrade

A

D. A SSL/TLS downgrade

18
Q

A user enters a password to log in to a workstation and is then prompted to enter an authentication code. Which of the following MFA factors or attributes are being utilized in the authentication process? (Choose two.)

A. Something you know
B. Something you have
C. Somewhere you are
D. Someone you know
E. Something you are
F. Something you can do

A

A. Something you know
B. Something you have

19
Q

A company uses specially configured workstations for any work that requires administrator privileges to its Tier 0 and Tier 1 systems. The company follows a strict process to harden systems immediately upon delivery. Even with these strict security measures in place, an incident occurred from one of the workstations. The root cause appears to be that the SoC was tampered with or replaced. Which of the following MOST likely occurred?

A. Fileless malware
B. A downgrade attack
C. A supply-chain attack
D. A logic bomb
E. Misconfigured BIOS

A

C. A supply-chain attack

20
Q

Audit logs indicate an administrative account that belongs to a security engineer has been locked out multiple times during the day. The security engineer has been on vacation for a few days. Which of the following attacks can the account lockout be attributed to?

A. Backdoor
B. Brute-force
C. Rootkit
D. Trojan

A

B. Brute-force

21
Q

A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money:

yourbank,com

Which of the following types of attacks is MOST likely being conducted?

A. SQLi
B. CSRF
C. Spear phishing
D. API

A

B. CSRF

22
Q

After installing a patch on a security appliance, an organization realized a massive data exfiltration had occurred. Which of the following BEST describes the incident?

A. Supply chain attack
B. Ransomware attack
C. Cryptographic attack
D. Password attack

A

A. Supply chain attack

23
Q

A security analyst reviews web server logs and notices the following lines:

Which of the following vulnerabilities has the attacker exploited? (Choose two.)

A. Race condition
B. LFI
C. Pass the hash
D. XSS
E. RFI
F. Directory traversal

A

B. LFI
F. Directory traversal

24
Q

An information security manager for an organization is completing a PCI DSS self-assessment for the first time. Which of the following is the MOST likely reason for this type of assessment?

A. An international expansion project is currently underway.
B. Outside consultants utilize this tool to measure security maturity.
C. The organization is expecting to process credit card information.
D. A government regulator has requested this audit to be completed.

A

C. The organization is expecting to process credit card information.

25
Q

Physical access to the organization’s servers in the data center requires entry and exit through multiple access points: a lobby, an access control vestibule, three doors leading to the server floor, a door to the server floor itself, and eventually to a caged area solely for the organization’s hardware. Which of the following controls is described in this scenario?

A. Compensating
B. Deterrent
C. Preventive
D. Detective

A

C. Preventive

Sec+ (30 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions