Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

PFS V.2 > 51-100 > Flashcards

51-100 Flashcards

1
Q

Which of the following is the correct order of volatility from most to least volatile?

A Memory, temporary filesystems, routing tables, disk, network storage
B Cache memory, temporary filesystems, disk, archival media
C Memory, disk temporary filesystems, cache, archival media
D Cache, disk, temporary filesystems, network storage, archival media

A

B. Cache memory, temporary filesystems, disk, archival media

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following would detect intrusions at the perimeter of an airport?

A Signage
B Fencing
C Motion sensors
D Lighting
E Bollards

A

C. Motion sensors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An analyst is concerned about data leaks and wants to restrict access to internet services to authorized users only. The analyst also wants to control the actions each user can perform on each service. Which of the following would be the best technology for the analyst to consider Implementing?

A DLP
B VPC
C CASB
D Content filtering

A

C. CASB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An attacker is attempting to harvest user credentials on a client’s website. A security analyst notices multiple attempts of random usernames and passwords. When the analyst types in a random username and password, the logon screen displays the following message:

The username you entered does not exist.
Which of the following should the analyst recommend be enabled?

A Input valuation
B Obfuscation
C Error handling
D Username lockout

A

C. Error handling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following should an organization consider implementing in the event executives need to speak to the media after a publicized data breach?

A Incident response plan
B Business continuity plan
C Communication plan
D Disaster recovery plan

A

C. Communication plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A manufacturing organization wants to control and monitor access from the internal business network to the segregated production network, while ensuring minimal exposure of the production network to devices. Which of the following solutions would best accomplish this goal?

A Proxy server
B NGEW
C WAF
D Jump server

A

D. Jump server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A company wants to build a new website to sell products online. The website will host a storefront application that will allow visitors to add products to a shopping cart and pay for the products using a credit card. Which of the following protocols would be the MOST secure to implement?

A SSL
B SETP
C SNMP
D TLS

A

D. TLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A user wanted to catch up on some work over the weekend but had issues logging in to the corporate network using a VPN. On Monday, the user opened a ticket for this issue but was able to log in successfully. Which of the following BEST describes the policy that is being implemented?

A Time based logins
B Geofencing
C Network location
D Password history

A

B. Geofencing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is assured when a user signs an email using a private key?

A Non-repudiation
B Confidentiality
C Availability
D Authentication

A

D. Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following describes the BEST approach for deploying application patches?

A Apply the patches to systems in a testing environment, then to systems in a staging environment, and finally to production systems.
B Test the patches in a staging environment, develop against them in the development environment, and then apply them to the production systems.
C Test the patches in a test environment, apply them to the production systems, and then apply them to a staging environment.
D Apply the patches to the production systems, apply them in a staging environment, and then test all of them in a testing environment.

A

A. Apply the patches to systems in a testing environment, then to systems in a staging environment, and finally to production systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A secunty analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?

A DDOS
B Privilege escalation
C DNS poisoning
D Buffer overflow

A

A. DDOS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere?

A PaaS
B Hybrid cloud
C Private cloud
D laaS
E SaaS

A

E. SaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels, however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee’s COPE tablet and passed to the competitor via cloud storage. Which of the following is the BEST remediation for this data leak?

A User training
B CASB
C MDM
D DLP

A

D. DLP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Recent changes to a company’s BYOD policy require all personal mobile devices to use a two-factor authentication method that is not something you know or have. Which of the following will meet this requirement?

A Facial recognition
B Six-digit PIN
C PKI certificate
D Smart card

A

A. Facial recognition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A cybersecurity analyst at Company A is working to establish a secure communication channel with a counterpart at Company B, which is 3,000 miles (4,828 kilometers) away. Which of the following concepts would help the analyst meet this goal in a secure manner?

A Digital signatures
B Key exchange
C Salting
D PPTP

A

B. Key exchange

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A company wants to improve end users’ experiences when they log in to a trusted partner website. The company does not want the users to be issued separate credentials for the partner website. Which of the following should be implemented to allow users to authenticate using their own credentials to log in to the trusted partner’s website?

A Directory service
B AAA server
C Federation
D Multifactor authentication

A

C. Federation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following documents provides guidance regarding the recommended deployment of network security systems from the manufacturer?

A Cloud control matrix
B Reference architecture
C NIST RME
D CIS Top 20

A

B. Reference architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following controls would provide the BEST protection against tailgating?

A Access control vestibule
B Closed-circuit television
C Proximity card reader
D Faraday cage

A

C. Proximity card reader

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A police department is using the cloud to share information with city officials. Which of the following cloud models describes this scenario?

A Hybrid
B Private
C Public
D Community

A

D. Community

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A technician enables full disk encryption on a laptop that will be taken on a business trip. Which of the following does this process BEST protect?

A Data in transit
B Data in processing
C Data at rest
D Data tokenization

A

C. Data at rest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

An administrator is reviewing a single server’s security logs and discovers the following:

Keywords
Audit
Failure
Audit
Failure
Audit
Failure
Audit
Failure
Audit
Failure
Audit
Failure
Audit
Failure
Audit
Failure
Audit
Failure
Audit
Failure
Audit
Failure
Audit
Failure

Date and Time
09/16/2022
11:13:05 AM
09/16/2022
11:13:07 AM
09/16/2022
11:13:09 AM
09/16/2022
11:13:11 AM
09/16/2022
11:13:13 AM
09/16/2022
11:13:15 AM
09/16/2022
11:13:17 AM
09/16/2022
11:13:19 AM
09/16/2022
11:13:21 AM
09/16/2022
11:13:23 AM
09/16/2022
11:13:25 AM
09/16/2022
11:13:27 AM

Source
Microsoft
Windows security
Microsoft
Windows security
Microsoft
Windows security
Microsoft
Windows security
Microsoft
Windows security
Microsoft
Windows security
Microsoft
Windows security
Microsoft
Windows security
Microsoft
Windows security
Microsoft
Windows security
Microsoft
Windows security
Microsoft
Windows security

Event ID
4625
4625
4625
4625
4625
4625
4625
4625
4625
4625
4625
4628

Task Category
Logon
Logon
Logon
Logon
Logon
Logon
Logon
Logon
Logon
Logon
Logon
Logon

Which of the following best describes the action captured in this log file?

A Brute-force attack
B Privilege escalation
C Failed password audit
D Forgotten password by the user

A

A. Brute-force attack

22
Q

An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

A Smishing
B Phishina
C Impersonating
D Vishing

A

C. Impersonating

23
Q

A security analyst has been tasked with finding the maximum amount of data loss that can occur before ongoing business operations would be impacted. Which of the following terms BEST defines this metric?

A MTTR
B RIO
C RPO
D MTBE

A

C RPO

24
Q

A security analyst is reviewing the following command-line outout:
Internet address
192.168.1.1
192.168.1.2
192.168.1.3
192.168.1.4
192.168.1.5
—output omitted—
192.168.1.251
192.168.1.252
192.168.1.253
192.168.1.254
192.168.1.255
Physical address Type aa-bb-cc-00-11-22 dynamic aa-bb-cc-00-11-22 dynamic aa-bb-cc-00-11-22 dynamic aa-bb-cc-00-11-22 dynamic aa-bb-cc-00-11-22 dynamic
aa-bb-cc-00-11-22 dynamic aa-bb-co-00-11-22 dynamic aa-bb-cc-00-11-22 dynamic aa-bb-cc-00-11-22 dynamic
ff-ff-ff-ff-ff-ff- Static
Which of the following is the analyst observing?

A ICMP spoofing
B URL redirection
C MAC address cloning
D DNS poisoning

A

C. MAC address cloning

25
Q

A network engineer created two subnets that will be used for production and development servers. Per security policy production and development servers must each have a dedicated network that cannot communicate with one another directly. Which of the following should be deployed so that server administrators can access these devices?

A VLANS
B Internet proxy servers
C NIDS
D Jump servers

A

D. Jump servers

26
Q

A major manufacturing company updated its internal infrastructure and just recently started to allow Auth applications to access corporate data. Data leakage is now being reported. Which of the following MOST likely caused the issue?

A Privilege creep
B Unmodified default settings
C TLS protocol vulnerabilities
D Improper patch management

A

B. Unmodified default settings

27
Q

An organization is repairing the damage after an incident. Which of the following controls is being implemented?

A Detective
B Preventive
C Corrective
D Compensating

A

C. Corrective

28
Q

Which of the following processes would most likely help an organization that has conducted an incident response exercise to improve performance and identify challenges?

A Lessons learned
B Identification
C Simulation
D Containment

A

C. Simulation

29
Q

A document that appears to be malicious has been discovered in an email that was sent to a company’s Chief Financial Officer (CFO). Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?

A Open the document on an air-gapped network.
B View the document’s metadata for origin clues
C Search for matching file hashes on malware websites.
D Detonate the document in an analvsis sandbox.

A

D. Detonate the document in an analvsis sandbox.

30
Q

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters.
Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user’s intranet account? (Choose two.)

A Federation
B Identity proofing
C Password complexity
D Default password changes
E Password manager
OF Open authentication

A

A. Federation
C. Password complexity

31
Q

Which of the following BEST explains the reason why a server administrator would place a document named password txt on the desktop of an administrator account on a server?

A The document is a honeyfile and is meant to attract the attention of a cyberintruder
B The document is a backup file if the system needs to be recovered
C The document is a standard file that the OS needs to verify the login credentials.
D The document is a keylogger that stores all keystrokes should the account be compromised.

A

A. The document is a honeyfile and is meant to attract the attention of a cyberintruder

32
Q

A candidate attempts to go to http://comptia.org but accidentally visits http://comptia org. The malicious website looks exactly like the legitimate website. Which of the following BEST describes this type of attack?

A Reconnaissance
B Impersonation
C Typosquatting
D Watering-hole

A

C. Typosquatting

33
Q

A user enters a password to log in to a workstation and is then prompted to enter an authentication code. Which of the following MA factors or attributes are being utilized in the authentication process? (Choose two.)

A Something vou know
B Something you have
C Somewhere vou are
D Someone vou know
E Something you are
F Something you can do

A

A. Something vou know
B. Something you have

34
Q

A company is receiving emails with links to phishing sites that look very similar to the company’s own website address and content. Which of the following is the BEST way for the company to mitigate this attack?

A Create a honeynet to trap attackers who access the VPN with credentials obtained by phishing.
B Generate a list of domains similar to the company’s own and implement a DNS sinkhole for each.
C Disable POP and IMAP on all Internet facing email servers and implement SMTPS
D Use an automated tool to flood the phishing websites with fake usernames and passwords.

A

B. Generate a list of domains similar to the company’s own and implement a DNS sinkhole for each.

35
Q

The technology department at a large global company is expanding its Wi-Fi network infrastructure at the headquarters building. Which of the following should be closely coordinated between the technology, cybersecurity, and physical security departments? Select 1

A Authentication protocol
B Encryption type
C WAP placement
D VPN configuration

A

C. WAP placement

36
Q

A security analyst generated a file named host1 pap and shared it with a team member who is going to use it for further incident analysis. Which of the following tools will the other team member
MOST likely use to open this file?

A Autopsy
B Memdump
C FTK imager
D Wireshark

A

D. Wireshark

37
Q

Which of the following terms should be included in a contract to help a company monitor the ongoing security maturity of a new vendor?

A A right-to-audit clause allowing for annual security audits
B Requirements for event logs to be kept for a minimum of 30 days
C Integration of threat intelligence in the company’s AV
D A data-breach clause requiring disclosure of significant data loss

A

A. A right-to-audit clause allowing for annual security audits

38
Q

A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive’s accounts. Which of the following security practices would have addressed the issue?

A A non-disclosure agreement
B Least privilege
C An acceptable use policy
D Offboarding

A

D. Offboarding

39
Q

An information security manager for an organization is completing a PCI DSS self-assessment for the first time. Which of the following is the MOST likely reason for this tpe of assessment?

A An international expansion project is currently underway.
B Outside consultants utilize this tool to measure security maturity.
C The organization is expecting to process credit card information
D A government regulator has requested this audit to be completed.

A

C. The organization is expecting to process credit card information

40
Q

Which of the following can be used to identify potential attacker activities without affecting production servers?

A Honeypot
B Video surveillance
C Zero trust
D Geofencing

A

A. Honeypot

41
Q

The Chief Security Officer (CSO) at a major hospital wants to implement SO to help improve security in the environment and protect patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO’s concerns?

A SSO would simplify username and password management, making it easier for hackers to guess accounts.
B SSO would reduce password fatigue, but staff would still need to remember more complex passwords.
C SSO would reduce the password complexity for frontline staff.
D SSO would reduce the resilience and availability of systems if the identity provider goes offline

A

D. SSO would reduce the resilience and availability of systems if the identity provider goes offline

42
Q

A security architect is working on an email solution that will send sensitive data. However, funds are not currently available in the budget for building additional infrastructure. Which of the following should the architect choose?

A POP
B IPSec
C IMAP
D PGP

A

D. PGP

43
Q

Digital signatures use asymmetric encryption. This means the message is encrypted with:

A the sender’s private key and decrypted with the sender’s public key.
B the sender’s public key and decrypted with the sender’s private key.
C the sender’s private key and decrypted with the recipient’s public key.
D the sender’s public key and decrypted with the recipient’s private key.

A

C. the sender’s private key and decrypted with the recipient’s public key.

44
Q

A security analyst is reviewing web-application logs and finds the following log:

https://ww.comptia.org/contact-us/43Ffilet3D..62..428.42Fetch2Epasswd

Which of the following attacks is being observed?

A Directory traversal
B XSS
C CSRE
D On-path attack

A

A. Directory traversal

45
Q

Multiple business accounts were compromised a few days after a public website had its credentials database leaked on the Internet. No business emails were identified in the breach, but the security team thinks that the list of passwords exposed was later used to compromise business accounts. Which of the following would mitigate the issue? Select 1

A Complexity requirements
B Password history
C Acceptable use policy
D Shared accounts

A

A. Complexity requirements

46
Q

A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?

A Change the default settings on the PC.
B Define the PC firewall rules to limit access.
C Encrypt the disk on the storage device.
D Plug the storage device in to the UPS

A

C. Encrypt the disk on the storage device.

47
Q

Two hospitals merged into a single organization. The privacy officer requested a review of all records to ensure encryption was used during record storage, in compliance with regulations. During the review, the officer discovered that medical diagnosis codes and patient names were left unsecured. Which of the following types of data does this combination BEST represent?

A Personal health information
B Personally identifiable information
C Tokenized data
D Proprietary data

A

B. Personally identifiable information

48
Q

Which of the following best describes the situation where a successfully onboarded employee who is using a fingerprint reader is denied access at the company’s main gate?

A Crossover error rate
B False match rate
C False rejection
D False positive

A

C. False rejection

49
Q

Which of the following is a security implication of newer ICS devices that are becoming more common in corporations?

A Devices with cellular communication capabilities bypass traditional network security controls
B Many devices do not support elliptic-curve encryption algorithms due to the overhead the require
C These devices often lack privacy controls and do not meet newer compliance regulations
D Unauthorized voice and audio recording can cause loss of intellectual property

A

A. Devices with cellular communication capabilities bypass traditional network security controls

50
Q

During an investigation, events from two affected servers in the same subnetwork occurred at the same time:

Server 1: 192.168.10.1 [01/Apr/2021:06:00:00 PST SAN access denied for user ‘admin

Server 2: 192.168.10.6 [01/Apr/2021:06:01:01 CST] SAN access successful for user ‘admin

Which of the following should be consistently configured to prevent the issue seen in the logs?

A Geolocation
B TOTP
C NTP
D MFA

A

C. NTP

PFS V.2 (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions