Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Sec 101 > 400-500 > Flashcards

400-500 Flashcards

You may prefer our related Brainscape-certified flashcards:
Chemistry 101 flashcards Psychology 101 flashcards Sociology 101 flashcards Organic Chemistry 101 flashcards Physics 101 flashcards Biology 101 flashcards
1
Q

A company is launching a website in a different country in order to capture user information that a marketing business can use. The company itself will not be using the information. Which of the following roles is the company assuming?

A. Data owner
B. Data processor
C. Data steward
D. Data collector

A

A. Data owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?

A. SLA
B. BPA
C. NDA
D. MOU

A

A. SLA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following secure application development concepts aims to block verbose error messages from being shown in a user’s interface?

A. OWASP
B. Obfuscation/camouflage
C. Test environment
D. Prevention of information exposure

A

D. Prevention of information exposure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

If a current private key is compromised, which of the following would ensure it cannot be used to decrypt all historical data?

A. Perfect forward secrecy
B. Elliptic-curve cryptography
C. Key stretching
D. Homomorphic encryption

A

A. Perfect forward secrecy

Perfect Forward Secrecy (PFS), also called forward secrecy (FS), refers to an encryption system that changes the keys used to encrypt and decrypt information frequently and automatically.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An organization has expanded its operations by opening a remote office. The new office is fully furnished with office resources to support up to 50 employees working on any given day. Which of the following VPN solutions would BEST support the new office?

A. Always-on
B. Remote access
C. Site-to-site
D. Full tunnel

A

C. Site-to-site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following scenarios BEST describes a risk reduction technique?

A. A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches.

B. A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.

C. A security control objective cannot be met through a technical change, so the company performs regular audits to determine if violations have occurred.

D. A security control objective cannot be met through a technical change, so the Chief Information Officer decides to sign off on the risk.

A

B. A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following social engineering attacks BEST describes an email that is primarily intended to mislead recipients into forwarding the email to others?

A. Hoaxing
B. Pharming
C. Watering-hole
D. Phishing

A

A. Hoaxing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following will provide the BEST physical security countermeasures to stop intruders? (Choose two.)

A. Alarms
B. Signage
C. Lighting
D. Access control vestibules
E. Fencing
F. Sensors

A

D. Access control vestibules
E. Fencing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Choose two.)

A. MAC filtering
B. Zero trust segmentation
C. Network access control
D. Access control vestibules
E. Guards
F. Bollards

A

C. Network access control
D. Access control vestibules

  • I REALLY DONT KNOW
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An employee used a corporate mobile device during a vacation. Multiple contacts were modified in the device during the employee’s vacation. Which of the following attack methods did an attacker use to insert the contacts without having physical access to the device?

A. Jamming
B. Bluejacking
C. Disassociation
D. Evil twin

A

B. Bluejacking

The attack method used to insert contacts into the corporate mobile device without physical access is called “Bluejacking.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A security administrator wants to implement a program that tests a user’s ability to recognize attacks over the organization’s email system. Which of the following would be best suited for this task?

A. Social media analysis
B. Annual information security training
C. Gamification
D. Phishing campaign

A

D. Phishing campaign

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A security analyst is reviewing packet capture data from a compromised host on the network. In the packet capture, the analyst locates packets that contain large amounts of text. Which of the following is most likely installed on the compromised host?

A. Keylogger
B. Spyware
C. Trojan
D. Ransomware

A

A. Keylogger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A systems analyst is responsible for generating a new digital forensics chain-of-custody form. Which of the following should the analyst include in this documentation? (Choose two).

A. The order of volatility
B. A forensics NDA
C. The provenance of the artifacts
D. The vendor’s name
E. The date and time
F. A warning banner

A

C. The provenance of the artifacts

E. The date and time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the project include:

  • Check-in/checkout of credentials
  • The ability to use but not know the password
  • Automated password changes
  • Logging of access to credentials

Which of the following solutions would meet the requirements?

A. OAuth 2.0
B. Secure Enclave
C. A privileged access management system
D. An OpenID Connect authentication system

A

C. A privileged access management system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is a physical security control that ensures only the authorized user is present when gaining access to a secured area?

A. A biometric scanner
B. A smart card reader
C. A PKI token
D. A PIN pad

A

A. A biometric scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

During a forensic investigation, a security analyst discovered that the following command was run on a compromised host:

crackmapexec smb 192.168.10.232 -u localadmin -H 0A3CE8D07A46E5C51070F03593E0A5E6

Which of the following attacks occurred?

A. Buffer overflow
B. Pass the hash
C. SQL injection
D. Replay attack

A

B. Pass the hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A company is moving to new location. The systems administrator has provided the following server room requirements to the facilities staff:

  • Consistent power levels in case of brownouts or voltage spikes
  • A minimum of 30 minutes runtime following a power outage
  • Ability to trigger graceful shutdowns of critical systems

Which of the following would BEST meet the requirements?

A. Maintaining a standby, gas-powered generator
B. Using large surge suppressors on computer equipment
C. Configuring managed PDUs to monitor power levels
D. Deploying an appropriately sized, network-connected UPS device

A

D. Deploying an appropriately sized, network-connected UPS device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following would provide guidelines on how to label new network devices as part of the initial configuration?

A. IP schema
B. Application baseline configuration
C. Standard naming convention policy
D. Wireless LAN and network perimeter diagram

A

C. Standard naming convention policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A systems engineer thinks a business system has been compromised and is being used to exfiltrate data to a competitor. The engineer contacts the CSIRT. The CSIRT tells the engineer to immediately disconnect the network cable and to not do anything else. Which of the following is the most likely reason for this request?

A. The CSIRT thinks an insider threat is attacking the network.
B. Outages of business-critical systems cost too much money.
C. The CSIRT does not consider the systems engineer to be trustworthy.
D. Memory contents, including fileless malware, are lost when the power is turned off.

A

D. Memory contents, including fileless malware, are lost when the power is turned off.

Memory contents including files and malware are lost when the power is turned off. This is because memory is a volatile storage device that requires constant power to retain data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following best describes the situation where a successfully onboarded employee who is using a fingerprint reader is denied access at the company’s main gate?

A. Crossover error rate
B. False match rate
C. False rejection
D. False positive

A

C. False rejection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following should customers who are involved with UI developer agreements be concerned with when considering the use of these products on highly sensitive projects?

A. Weak configurations
B. Integration activities
C. Unsecure user accounts
D. Outsourced code development

A

D. Outsourced code development Most Voted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following identifies the point in time when an organization will recover data in the event of an outage?

A. ALE
B. RPO
C. MTBF
D. ARO

A

B. RPO

Recovery Point Objective (RPO).

RPO is a metric that represents the maximum amount of data loss that an organization is willing to accept in the event of an outage. It specifies the point in time to which an organization must recover its data in order to resume business operations with acceptable data loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A police department is using the cloud to share information with city officials. Which of the following cloud models describes this scenario?

A. Hybrid
B. Private
C. Public
D. Community

A

D. Community

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A user reports that a bank’s website no longer displays a padlock symbol. A security analyst views the user’s screen and notices the connection is using HTTP instead of HTTPS. Which of the following attacks is most likely occurring?

A. Memory leak
B. SSL stripping
C. API
D. Pass the hash

A

B. SSL stripping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A data center has experienced an increase in under-voltage events following electrical grid maintenance outside the facility. These events are leading to occasional losses of system availability. Which of the following would be the most cost-effective solution for the data center to implement?

A. Uninterruptible power supplies with battery backup
B. Managed power distribution units to track these events
C. A generator to ensure consistent, normalized power delivery
D. Dual power supplies to distribute the load more evenly

A

A. Uninterruptible power supplies with battery backup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A security architect is designing a remote access solution for a business partner. The business partner needs to access one Linux server at the company. The business partner wants to avoid managing a password for authentication and additional software installation. Which of the following should the architect recommend?

A. Soft token
B. Smart card
C. CSR
D. SSH key

A

D. SSH key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A security analyst is assisting a team of developers with best practices for coding. The security analyst would like to defend against the use of SQL injection attacks. Which of the following should the security analyst recommend first?

A. Tokenization
B. Input validation
C. Code signing
D. Secure cookies

A

B. Input validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Cloud security engineers are planning to allow and deny access to specific features in order to increase data security. Which of the following cloud features is the most appropriate to ensure access is granted properly?

A. API integrations
B. Auditing
C. Resource policies
D. Virtual networks

A

C. Resource policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A security operations technician is searching the log named /var/messages for any events that were associated with a workstation with the IP address 10.1.1.1. Which of the following would provide this information?

A. cat /var/messages | grep 10.1.1.1
B. grep 10.1.1.1 | cat /var/messages
C. grep /var/messages | cat 10.1.1.1
D. cat 10.1.1.1 | grep /var/messages

A

A. cat /var/messages | grep 10.1.1.1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which of the following processes would most likely help an organization that has conducted an incident response exercise to improve performance and identify challenges?

A. Lessons learned
B. Identification
C. Simulation
D. Containment

A

A. Lessons learned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which of the following control types is patch management classified under?

A. Deterrent
B. Physical
C. Corrective
D. Detective

A

C. Corrective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

A company that provides an online streaming service made its customers’ personal data, including names and email addresses, publicly available in a cloud storage service. As a result, the company experienced an increase in the number of requests to delete user accounts. Which of the following BEST describes the consequence of this data disclosure?

A. Regulatory fines
B. Reputation damage
C. Increased insurance costs
D. Financial loss

A

B. Reputation damage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of the following can be used to detect a hacker who is stealing company data over port 80?

A. Web application scan
B. Threat intelligence
C. Log aggregation
D. Packet capture

A

D. Packet capture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sale systems. The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load. Which of the following are the best options to accomplish this objective? (Choose two.)

A. Load balancing
B. Incremental backups
C. UPS
D. RAID
E. Dual power supply
F. VLAN

A

A. Load balancing
D. RAID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

A company recently enhanced mobile device configuration by implementing a set of security controls biometrics context-aware authentication and full device encryption. Even with these settings in place, an unattended phone was used by a malicious actor to access corporate data. Which of the following additional controls should be put in place first?

A. GPS tagging
B. Remote wipe
C. Screen lock timer
D. SEAndroid

A

C. Screen lock timer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

An organization wants to quickly assess how effectively the IT team hardened new laptops. Which of the following would be the best solution to perform this assessment?

A. Install a SIEM tool and properly configure it to read the OS configuration files
B. Load current baselines into the existing vulnerability scanner
C. Maintain a risk register with each security control marked as compliant or non-compliant
D. Manually review the secure configuration guide checklists

A

B. Load current baselines into the existing vulnerability scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

A user is trying to upload a tax document which the corporate finance department requested but a security program is prohibiting the upload. A security analyst determines the file contains PII. Which of the following steps can the analyst take to correct this issue?

A. Create a URL filter with an exception for the destination website
B. Add a firewall rule to the outbound proxy to allow file uploads
C. Issue a new device certificate to the user’s workstation
D. Modify the exception list on the DLP to allow the upload

A

D. Modify the exception list on the DLP to allow the upload Most Voted

36
Q

A cybersecurity analyst at Company A is working to establish a secure communication channel with a counterpart at Company B, which is 3,000 miles (4,828 kilometers) away. Which of the following concepts would help the analyst meet this goal in a secure manner?

A. Digital signatures
B. Key exchange
C. Salting
D. PPTP

A

B. Key exchange

Key exchange (also key establishment) is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm.

37
Q

A security analyst is reviewing computer logs because a host was compromised by malware. After the computer was infected it displayed an error screen and shut down. Which of the following should the analyst review first to determine more information?

A. Dump file
B. System log
C. Web application log
D. Security log

A

B. System log

38
Q

A security architect is working on an email solution that will send sensitive data. However, funds are not currently available in the budget for building additional infrastructure. Which of the following should the architect choose?

A. POP
B. IPSec
C. IMAP
D. PGP

A

D. PGP

38
Q

A user reset the password for a laptop but has been unable to log in to it since then. In addition, several unauthorized emails were sent on the user’s behalf recently. The security team investigates the issue and identifies the following findings:

  • Firewall logs show excessive traffic from the laptop to an external site.
  • Unknown processes were running on the laptop.
  • RDP connections that appeared to be authorized were made to other network devices from the laptop.
  • High bandwidth utilization alerts from that user’s username.

Which of the following is most likely installed on the laptop?

A. Worm
B. Keylogger
C. Trojan
D. Logic bomb

A

C. Trojan

A Trojan is a type of malware that disguises itself as legitimate software to gain access to a system and carry out malicious activities. The

39
Q

A systems administrator is required to enforce MFA for corporate email account access, relying on the possession factor. Which of the following authentication methods should the systems administrator choose? (Choose two.)

A. Passphrase
B. Time-based one-time password
C. Facial recognition
D. Retina scan
E. Hardware token
F. Fingerprints

A

B. Time-based one-time password
E. Hardware token

40
Q

Which of the following best describes a technique that compensates researchers for finding vulnerabilities?

A. Penetration testing
B. Code review
C. Wardriving
D. Bug bounty

A

D. Bug bounty

41
Q

Which of the following biometric authentication methods is the most accurate?

A. Gait
B. Retina
C. Signature
D. Voice

A

B. Retina

42
Q

A security team will be outsourcing several key functions to a third party and will require that:

  • Several of the functions will carry an audit burden
  • Attestations will be performed several times a year
  • Reports will be generated on a monthly basis

Which of the following best describes the document that is used to define these requirements and stipulate how and when they are performed by the third party?

A. MOU
B. AUP
C. SLA
D. MSA

A

C. SLA

service-level agreement (SLA) defines the level of service expected by a customer from a supplier, laying out the metrics by which that service is measured, and the remedies or penalties, if any, should the agreed-on service levels not be achieved

43
Q

A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server is set up on the router to forward all polls so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets were never patched. Which of the following should be done to prevent an attack like this from happening again? (Choose three.)

A. install DLP software to prevent data loss
B. Use the latest version of software
C. Install a SIEM device
D. Implement MDM
E. Implement a screened subnet for the web server
F. Install an endpoint security solution
G. Update the website certificate and revoke the existing ones
H. Deploy additional network sensors

A

B. Use the latest version of software
E. Implement a screened subnet for the web server
F. Install an endpoint security solution

44
Q

A security investigation revealed that malicious software was installed on a server using a server administrator’s credentials. During the investigation, the server administrator explained that Telnet was regularly used to log in. Which of the following most likely occurred?

A. A spraying attack was used to determine which credentials to use
B. A packet capture tool was used to steal the password
C. A remote-access Trojan was used to install the malware
D. A dictionary attack was used to log in as the server administrator

A

B. A packet capture tool was used to steal the password

45
Q

Which of the following roles would most likely have direct access to the senior management team?

A. Data custodian
B. Data owner
C. Data protection officer
D. Data controller

A

C. Data protection officer

46
Q

Stakeholders at an organization must be kept aware of any incidents and receive updates on status changes as they occur. Which of the following plans would fulfill this requirement?

A. Communication plan
B. Disaster recovery plan
C. Business continuity plan
D. Risk plan

A

A. Communication plan

47
Q

An employee who is using a mobile device for work, is required to use a fingerprint to unlock the device. Which of the following is this an example of?

A. Something you know
B. Something you are
C. Something you have
D. Somewhere you are

A

B. Something you are

48
Q

Which of the following security controls can be used to prevent multiple people from using a unique card swipe and being admitted to a secure entrance?

A. Visitor logs
B. Faraday cages
C. Access control vestibules
D. Motion detection sensors

A

C. Access control vestibules

49
Q

Unauthorized devices have been detected on the internal network. The devices’ locations were traced to Ethernet ports located in conference rooms. Which of the following would be the best technical controls to implement to prevent these devices from accessing the internal network?

A. NAC
B. DLP
C. IDS
D. MFA

A

A. NAC

Network access control (NAC) is a security solution that enforces policy on devices that access networks to increase network visibility and reduce risk.

50
Q

A Chief Information Security Officer (CISO) wants to implement a new solution that can protect against certain categories of websites whether the employee is in the office or away. Which of the following solutions should the CISO implement?

A. WAF
B. SWG
C. VPN
D. HIDS

A

B. A Secure Web Gateway (SWG) is the best solution for protecting against certain categories of websites whether the employee is in the office or away.

A SWG is a security solution that protects users and devices from web-based threats by filtering web traffic based on policies set by the organization. It acts as a proxy server between the user and the internet, scanning web traffic for malicious content and blocking access to unauthorized or inappropriate websites.

51
Q

A security analyst is using OSINT to gather information to verify whether company data is available publicly. Which of the following is the best application for the analyst to use?

A. theHarvester
B. Cuckoo
C. Nmap
D. Nessus

A

A. theHarvester

52
Q

A security administrator needs to add fault tolerance and load balancing to the connection from the file server to the backup storage. Which of the following is the best choice to achieve this objective?

A. Multipath
B. RAID
C. Segmentation
D. 802.11

A

A. Multipath

Multipath - Another method to add redundancy to data or disks is to use multipath, also known as multipath I/O.

53
Q

Which of the following incident response phases should the proper collection of the detected IoCs (Indicators of Compromise) and establishment of a chain of custody be performed before?

A. Containment
B. Identification
C. Preparation
D. Recovery

A

A. Containment

54
Q

Which of the following measures the average time that equipment will operate before it breaks?

A. SLE
B. MTBF
C. RTO
D. ARO

A

B. MTBF

55
Q

Topic 1
Which of the following documents specifies what to do in the event of catastrophic loss of a physical or virtual system?

A. Data retention plan
B. Incident response plan
C. Disaster recovery plan
D. Communication plan

A

C. Disaster recovery plan

56
Q

Which of the following rales is responsible for defining the protection type and classification type for a given set of files?

A. General counsel
B. Data owner
C. Risk manager
D. Chief Information Officer

A

B. Data owner

57
Q

An employee’s company email is configured with conditional access and requires that MFA is enabled and used. An example of MFA is a phone call and:

A. a push notification
B. a password
C. an SMS message
D. an authentication application

A

B. a password

58
Q

Which of the following is a security implication of the newer (Industrial Control System.) ICS devices that are becoming more common in corporations?

A. Devices with cellular communication capabilities bypass traditional network security controls
B. Many devices do not support elliptic-curve encryption algorithms due to the overhead they require
C. These devices often lack privacy controls and do not meet newer compliance regulations
D. Unauthorized voice and audio recording can cause loss of intellectual property

A

A. Devices with cellular communication capabilities bypass traditional network security controls

59
Q

Which of the following is required in order for an IDS and a WAF to be effective on HTTPS traffic?

A. Hashing
B. DNS sinkhole
C. TLS inspection
D. Data masking

A

C. TLS inspection

TLS inspection is required for an IDS and WAF to be effective on HTTPS traffic. This is because TLS encryption prevents inspection of the contents of the HTTPS traffic. TLS inspection involves the IDS and WAF decrypting the HTTPS traffic, inspecting it, and then re-encrypting it before forwarding it to its destination.

60
Q

A company policy requires third-party suppliers to self-report data breaches within a specific time frame. Which of the following third-party risk management policies is the company complying with?

A. MOU
B. SLA
C. EOL
D. NDA

A

B. SLA

61
Q

While troubleshooting service disruption on a mission-critical server, a technician discovered the user account that was configured to run automated processes was disabled because the user s password failed to meet password complexity requirements. Which of the following would be the best solution to securely prevent future issues?

A. Using an administrator account to run the processes and disabling the account when it is not in use
B. Implementing a shared account the team can use to run automated processes
C. Configuring a service account to run the processes
D. Removing the password complexity requirements for the user account

A

C. Configuring a service account to run the processes

62
Q

A security analyst is assessing a newly developed web application by testing SQL injection, CSRF, and XML injection. Which of the followIng frameworks should the analyst consider?

A. ISO
B. MITRE ATT&CK
C. OWASP
D. NIST

A

C. OWASP

OWASP (Open Web Application Security Project) framework. OWASP provides a comprehensive set of guidelines, tools, and techniques to help secure web applications.

63
Q

A user’s laptop constantly disconnects from the Wi-Fi network. Once the laptop reconnects, the user can reach the internet but cannot access shared folders or other network resources. Which of the following types of attacks is the user most likely experiencing?

A. Bluejacking
B. Jamming
C. Rogue access point
D. Evil twin

A

D. Evil twin

64
Q

Which of the following procedures would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring?

A. Walk-throughs
B. Lessons learned
C. Attack framework alignment
D. Containment

A

B. Lessons learned

65
Q

A security administrator is integrating several segments onto a single network. One of the segments, which includes legacy devices, presents a significant amount of risk to the network. Which of the following would allow users to access to the legacy devices without compromising the security of the entire network?

A. NIDS
B. MAC filtering
C. Jump server
D. IPSec
E. NAT gateway

A

C. Jump server. A jump server is a secure device that provides access to other devices within a network. By implementing a jump server, users can access the legacy devices without having direct access to the main network.

66
Q

Which of the following would a security analyst use to determine if other companies in the same sector have seen similar malicious activity against their systems?

A. Vulnerability scanner
B. Open-source intelligence
C. Packet capture
D. Threat feeds

A

B. Open-source intelligence

67
Q

Which of the following types of disaster recovery plan exercises requires the least interruption to IT operations?

A. Parallel
B. Full-scale
C. Tabletop
D. Simulation

A

C. Tabletop

Tabletop exercises are discussion-based exercises that typically involve key personnel discussing their roles and responses to a particular disaster scenario.

68
Q

Which of the following disaster recovery sites is the most cost-effective to operate?

A. Warm site
B. Cold site
C. Hot site
D. Hybrid site

A

B. Cold site

69
Q

A security operations center wants to implement a solution that can execute files to test for malicious activity. The solution should provide a report of the files’ activity against known threats. Which of the following should the security operations center implement?

A. the Harvester
B. Nessus
C. Cuckoo
D. Sn1per

A

C. Cuckoo

Cuckoo, is the best choice because it is an open-source automated malware analysis system designed to test files in a safe environment and provide a detailed report of their behavior and characteristics.

70
Q

A security administrator would like to ensure all cloud servers will have software preinstalled for facilitating vulnerability scanning and continuous monitoring. Which of the following concepts should the administrator utilize?

A. Provisioning
B. Staging
C. Staging
D. Quality assurance

A

A. Provisioning

The concept that the security administrator should utilize is “Provisioning”. Provisioning is the process of setting up IT infrastructure and resources, which includes installing and configuring the necessary software and tools on servers to meet the security requirements of the organization.

71
Q

A network architect wants a server to have the ability to retain network availability even if one of the network switches it is connected to goes down. Which of the following should the architect implement on the server to achieve this goal?

A. RAID
B. UPS
C. NIC teaming
D. Load balancing

A

C. NIC teaming

72
Q

An employee received multiple messages on a mobile device. The messages were instructing the employee to pair the device to an unknown device. Which of the following best describes what a malicious person might be doing to cause this issue to occur?

A. Jamming
B. Bluesnarfing
C. Evil twin attack
D. Rogue access point

A

B. Bluesnarfing

Bluesnarfing is a type of attack that targets Bluetooth-enabled devices, such as mobile phones and laptops, with the aim of gaining unauthorized access to the device’s data and features.

73
Q

A security administrator installed a new web server. The administrator did this to increase the capacity for an application due to resource exhaustion on another server. Which of the following algorithms should the administrator use to split the number of the connections on each server in half?

A. Weighted response
B. Round-robin
C. Least connection
D. Weighted least connection

A

B. Round-robin

The security administrator should use the round-robin algorithm to split the number of connections on each server in half. Round-robin is a load-balancing algorithm that evenly distributes incoming network traffic across multiple servers or resources.

74
Q

Security analysts have noticed the network becomes flooded with malicious packets at specific times of the day. Which of the following should the analysts use to investigate this issue?

A. Web metadata
B. Bandwidth monitors
C. System files
D. Correlation dashboards

A

B. Bandwidth monitors

75
Q

A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator’s activities?

A. Continuous deployment
B. Continuous integration
C. Data owners
D. Data processor

A

C. Data owners

76
Q

An attacker is targeting a company. The attacker notices that the company’s employees frequently access a particular website. The attacker decides to infect the website with malware and hopes the employees’ devices will also become infected. Which of the following techniques is the attacker using?

A. Watering-hole attack
B. Pretexting
C. Typosquatting
D. Impersonation

A

A. Watering-hole attack

The attacker is using a watering-hole attack. This technique involves infecting a legitimate website that is frequented by the target organization’s employees, with the goal of compromising their devices.

77
Q

A website visitor is required to provide properly formatted information in a specific field on a website form. Which of the following security measures is most likely used for this mandate?

A. Input validation
B. Code signing
C. SQL injection
D. Form submission

A

A. Input validation

78
Q

A technician is setting up a new firewall on a network segment to allow web traffic to the internet while hardening the network. After the firewall is configured, users receive errors stating the website could not be located. Which of the following would best correct the issue?

A. Setting an explicit deny to all traffic using port 80 instead of 443
B. Moving the implicit deny from the bottom of the rule set to the top
C. Configuring the first line in the rule set to allow all traffic
D. Ensuring that port 53 has been explicitly allowed in the rule set

A

D. Ensuring that port 53 has been explicitly allowed in the rule set

79
Q

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

A. Private
B. Critical
C. Sensitive
D. Public

A

C. Sensitive

80
Q

A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?

A. Patch availability
B. Product software compatibility
C. Ease of recovery
D. Cost of replacement

A

A. Patch availability

81
Q

During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization’s network. Which of the following fulfills this request?

A. access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32
B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0
C. access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0
D. access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

A

B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

82
Q

Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

A. Preparation
B. Recovery
C. Lessons learned
D. Analysis

A

A. Preparation

83
Q

Which of the following can be used to identify potential attacker activities without affecting production servers?

A. Honeypot
B. Video surveillance
C. Zero trust
D. Geofencing

A

A. Honeypot

84
Q

A company wants the ability to restrict web access and monitor the websites that employees visit. Which of the following would best meet these requirements?

A. Internet proxy
B. VPN
C. WAF
D. Firewall

A

A. Internet proxy

85
Q

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?

A. DDoS
B. Privilege escalation
C. DNS poisoning
D. Buffer overflow

A

A. DDoS

86
Q

A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective?

A. Security information and event management
B. A web application firewall
C. A vulnerability scanner
D. A next-generation firewall

A

A. Security information and event management

87
Q

Two organizations are discussing a possible merger. Both organizations’ Chief Financial Officers would like to safely share payroll data with each other to determine if the pay scales for different roles are similar at both organizations. Which of the following techniques would be best to protect employee data while allowing the companies to successfully share this information?

A. Pseudo-anonymization
B. Tokenization
C. Data masking
D. Encryption

A

A. Pseudo-anonymization

Pseudo-anonymization translates a sensitive data field into a pseudorandom string. The resulting string is always the same for the same input, so that analytical correlations are still possible.

88
Q

A large retail store’s network was breached recently, and this news was made public. The store did not lose any intellectual property, and no customer information was stolen. Although no fines were incurred as a result, the store lost revenue after the breach. Which of the following is the most likely reason for this issue?

A. Employee training
B. Leadership changes
C. Reputation damage
D. Identity theft

A

C. Reputation damage

Sec 101 (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions