700-800

Question 1

A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would best detect the presence of a rootkit in the future?

A. FDE
B. NIDS
C. EDR
D. DLP

Answer 1

C. EDR

Question 2

An organization is building a single virtual environment that will host customer applications and data that require availability at all times. The data center that is hosting the environment will provide generator power and ISP services. Which of the following is the best solution to support the organization’s requirement?

A. NIC teaming
B. Cloud backups
C. A load balancer appliance
D. UPS

Answer 2

D. UPS

Unified Power supplies

Question 3

A new company wants to avoid channel interference when building a WLAN. The company needs to know the radio frequency behavior, identify dead zones, and determine the best place for access points. Which of the following should be done first?

A. Configure heat maps.
B. Utilize captive portals.
C. Conduct a site survey.
D. Install Wi-Fi analyzers.

Answer 3

C. Conduct a site survey.

Question 4

A software company adopted the following processes before releasing software to production:

• Peer review
• Static code scanning
• Signing

A considerable number of vulnerabilities are still being detected when code is executed on production. Which of the following security tools can improve vulnerability detection on this environment?

A. File integrity monitoring for the source code
B. Dynamic code analysis tool
C. Encrypted code repository
D. Endpoint detection and response solution

Answer 4

B. Dynamic code analysis tool

Question 5

A security analyst needs to harden access to a network. One of the requirements is to authenticate users with smart cards. Which of the following should the analyst enable to best meet this requirement?

A. CHAP
B. PEAP
C. MS-CHAPv2
D. EAP-TLS

Answer 5

D. EAP-TLS

Question 6

A penetration-testing firm is working with a local community bank to create a proposal that best fits the needs of the bank. The bank’s information security manager would like the penetration test to resemble a real attack scenario, but it cannot afford the hours required by the penetration-testing firm. Which of the following would best address the bank’s desired scenario and budget?

A. Engage the penetration-testing firm’s rea-team services to fully mimic possible attackers.
B. Give the penetration tester data diagrams of core banking applications in a known-environment test.
C. Limit the scope of the penetration test to only the system that is used for teller workstations.
D. Provide limited networking details in a partially known-environment test to reduce reconnaissance effort

Answer 6

D. Provide limited networking details in a partially known-environment test to reduce reconnaissance efforts.

Question 7

A certificate vendor notified a company that recently invalidated certificates may need to be updated. Which of the following mechanisms should a security administrator use to determine whether the certificates installed on the company’s machines need to be updated?

A. SCEP
B. OCSP
C. CSR
D. CRL

Answer 7

D. CRL

CRL (Certificate Revocation List): A CRL is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date. It contains information about revoked certificates, including their serial numbers and the reason for revocation. By checking the CRL, a security administrator can verify if any of the certificates installed on the company’s machines have been invalidated or revoked by the issuing CA.

Question 8

A recent vulnerability scan revealed multiple servers have non-standard ports open for applications that are no longer in use. The security team is working to ensure all devices are patched and hardened. Which of the following would the security team perform to ensure the task is completed with minimal impact to production?

A. Enable HIDS on all servers and endpoints.
B. Disable unnecessary services.
C. Configure the deny list appropriately on the NGFW.
D. Ensure the antivirus is up to date.

Answer 8

B. Disable unnecessary services.

Question 9

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

A. Privilege escalation
B. Buffer overflow
C. SQL injection
D. Pass-the-hash

Answer 9

B. Buffer overflow

Question 10

Which of the following is a common source of unintentional corporate credential leakage in cloud environments?

A. Code repositories
B. Dark web
C. Threat feeds
D. State actors
E. Vulnerability databases

Answer 10

A. Code repositories

Question 11

A company is designing the layout of a new data center so it will have an optimal environmental temperature. Which of the following must be included? (Choose two.)

A. An air gap
B. A cold aisle
C. Removable doors
D. A hot aisle
E. An IoT thermostat
F. A humidity monitor

Answer 11

B. A cold aisle
D. A hot aisle

Question 12

A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident. The systems administrator has just informed investigators that other log files are available for review. Which of the following did the administrator most likely configure that will assist the investigators?

A. Memory dumps
B. The syslog server
C. The application logs
D. The log retention policy

Answer 12

B. The syslog server

Question 13

Local guidelines require that all information systems meet a minimum security baseline to be compliant. Which of the following can security administrators use to assess their system configurations against the baseline?

A. SOAR playbook
B. Security control matrix
C. Risk management framework
D. Benchmarks

Answer 13

D. Benchmarks

Question 14

A company’s public-facing website, https://www.organization.com, has an IP address of 166.18.75.6. However, over the past hour the SOC has received reports of the site’s homepage displaying incorrect information. A quick nslookup search shows https://www.organization.com is pointing to 151.191.122.115. Which of the following is occurring?

A. DoS attack
B. ARP poisoning
C. DNS spoofing
D. NXDOMAIN attack

Answer 14

C. DNS spoofing

Question 15

An employee receives an email stating the employee won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm employee’s identity before sending the prize. Which of the following best describes this type of email?

A. Spear phishing
B. Whaling
C. Phishing
D. Vishing

Answer 15

C. Phishing

Question 16

A company currently uses passwords for logging in to company-owned devices and wants to add a second authentication factor. Per corporate policy, users are not allowed to have smartphones at their desks. Which of the following would meet these requirements?

A. Smart card
B. PIN code
C. Knowledge-based question
D. Secret key

Answer 16

A. Smart card

Question 17

The Chief Technology Officer of a local college would like visitors to utilize the school’s Wi-Fi but must be able to associate potential malicious activity to a specific person. Which of the following would best allow this objective to be met?

A. Requiring all new. on-site visitors to configure their devices to use WPS
B. Implementing a new SSID for every event hosted by the college that has visitors
C. Creating a unique PSK for every visitor when they arrive at the reception area
D. Deploying a captive portal to capture visitors’ MAC addresses and names

Answer 17

D. Deploying a captive portal to capture visitors’ MAC addresses and names

Question 18

Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

A. Hacktivists
B. Script kiddies
C. Competitors
D. Shadow IT

Answer 18

D. Shadow IT

Question 19

A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops. No known indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

A. Contain the impacted hosts.
B. Add the malware to the application blocklist.
C. Segment the core database server.
D. Implement firewall rules to block outbound beaconing.

Answer 19

A. Contain the impacted hosts.

Question 20

A security administrator manages five on-site APs. Each AP uses different channels on a 5GHz network. The administrator notices that another access point with the same corporate SSID on an overlapping channel was created. Which of the following attacks most likely occurred?

A. Jamming
B. NFC attacks
C. Disassociation
D. Bluesnarfing
E. Evil twin

Answer 20

E. Evil twin

Question 21

A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link that is redirecting to a dead domain. Which of the following is the best step for the security team to take?

A. Create a blocklist for all subject lines.
B. Send the dead domain to a DNS sinkhole.
C. Quarantine all emails received and notify all employees.
D. Block the URL shortener domain in the web proxy.

Answer 21

B. Send the dead domain to a DNS sinkhole.

Question 22

A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?

A. SSO
B. LEAP
C. MFA
D. PEAP

Answer 22

A. SSO

Question 23

Which of the following would be best suited for constantly changing environments?

A. RTOS
B. Containers
C. Embedded systems
D. SCADA

Answer 23

B. Containers

Question 24

A newly identified network access vulnerability has been found in the OS of legacy IoT devices. Which of the following would best mitigate this vulnerability quickly?

A. Insurance
B. Patching
C. Segmentation
D. Replacement

Answer 24

C. Segmentation

Question 25

The local administrator account for a company’s VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have prevented this from happening?

A. Using least privilege
B. Changing the default password
C. Assigning individual user IDs
D. Implementing multifactor authentication

Answer 25

B. Changing the default password

Question 26

Which of the following describes the exploitation of an interactive process to gain access to restricted areas?

A. Persistence
B. Port scanning
C. Privilege escalation
D. Pharming

Answer 26

C. Privilege escalation

Question 27

A security analyst is assessing several company firewalls. Which of the following tools would the analyst most likely use to generate custom packets to use during the assessment?

A. hping
B. Wireshark
C. PowerShell
D. netstat

Answer 27

A. hping

hping3 is a network tool able to send custom ICMP/UDP/TCP packets and to display target replies like ping does with ICMP replies. It handles fragmentation and arbitrary packet body and size, and can be used to transfer files under supported protocols. Using hping3, you can test firewall rules, perform (spoofed) port scanning, test network performance using different protocols, do path MTU discovery, perform traceroute-like actions under different protocols, fingerprint remote operating systems, audit TCP/IP stacks, etc. hping3 is scriptable using the Tcl language.

Question 28

A local business was the source of multiple instances of credit card theft. Investigators found that most payments at this business were made at self-service kiosks. Which of the following is the most likely cause of the exposed credit card Information?

A. Insider threat
B. RAT
C. Backdoor
D. Skimming
E. NFC attack

Answer 28

D. Skimming

Question 29

An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned, one of the batch jobs failed and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?

A. Job rotation
B. Retention
C. Outsourcing
D. Separation of duties

Answer 29

A. Job rotation

Question 30

Following a recent security breach, an analyst discovered that user permissions were added when joining another part of the organization but were not removed from existing groups. Which of the following policies would help to correct these issues in the future?

A. Service accounts
B. Account audits
C. Password complexity
D. Lockout policy

Answer 30

B. Account audits

Question 31

Which of the following ensures an organization can continue to do business with minimal interruption in the event of a major disaster?

A. Business recovery plan
B. Incident response plan
C. Communication plan
D. Continuity of operations plan

Answer 31

D. Continuity of operations plan

Question 32

In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following BEST describes the security engineer’s response?

A. Risk tolerance
B. Risk acceptance
C. Risk importance
D. Risk appetite

Answer 32

B. Risk acceptance

Question 33

A security team created a document that details the order in which critical systems should be brought back online after a major outage. Which of the following documents did the team create?

A. Communication plan
B. Incident response plan
C. Data retention policy
D. Disaster recovery plan

Answer 33

D. Disaster recovery plan

Question 34

A company wants to reconfigure an existing wireless infrastructure. The company needs to ensure the projected WAP placement will provide proper signal strength to all workstations. Which of the following should the company use to best fulfill the requirements?

A. Network diagram
B. WPS
C. 802.1X
D. Heat map

Answer 34

D. Heat map

Question 35

A company wants to pragmatically grant access to users who have the same job. Which of the following access controls should the company most likely use?

A. Role-based
B. Need-to-know
C. Mandatory
D. Discretionary

Answer 35

A. Role-based

Question 36

A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach and does not have an on-premises IT infrastructure. Which of the following would best secure the organization?

A. Upgrading to a next-generation firewall
B. Deploying an appropriate in-line CASB solution
C. Conducting user training on software policies
D. Configuring double key encryption in SaaS platforms

Answer 36

B. Deploying an appropriate in-line CASB solution

Question 37

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer’s documentation about the internal architecture. Which of the following best represents the type of testing that will occur?

A. Bug bounty
B. White-box
C. Black-box
D. Gray-box

Answer 37

B. White-box

Question 38

Which of the following are the most likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company’s final software releases? (Choose two).

A. Certificate mismatch
B. Use of penetration-testing utilities
C. Weak passwords
D. Included third-party libraries
E. Vendors/supply chain
F. Outdated anti-malware software

Answer 38

D. Included third-party libraries
E. Vendors/supply chain

Question 39

A hosting provider needs to prove that its security controls have been in place over the last six months and have sufficiently protected customer data. Which of the following would provide the best proof that the hosting provider has met the requirements?

A. NIST CSF
B. SOC 2 Type 2 report
C. CIS Top 20 compliance reports
D. Vulnerability report

Answer 39

B. SOC 2 Type 2 report

Question 40

Which of the following are common VoIP-associated vulnerabilities? (Choose two).

A. SPIM
B. Vishing
C. VLAN hopping
D. Phishing
E. DHCP snooping
F. Tailgating

Answer 40

A. SPIM
B. Vishing

Question 41

Which of the following is a reason why a forensic specialist would create a plan to preserve data after an incident and prioritize the sequence for performing forensic analysis?

A. Order of volatility
B. Preservation of event logs
C. Chain of custody
D. Compliance with legal hold

Answer 41

A. Order of volatility

Question 42

In which of the following scenarios is tokenization the best privacy technique to use?

A. Providing pseudo-anonymization for social media user accounts
B. Serving as a second factor for authentication requests
C. Enabling established customers to safely store credit card information
D. Masking personal information inside databases by segmenting data

Answer 42

C. Enabling established customers to safely store credit card information

Question 43

A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system. Which of the following would detect this behavior?

A. Implementing encryption
B. Monitoring outbound traffic
C. Using default settings
D. Closing all open ports

Answer 43

B. Monitoring outbound traffic

Question 44

A systems administrator is auditing all company servers to ensure they meet the minimum security baseline. While auditing a Linux server, the systems administrator observes the /etc/shadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?

A. chmod
B. grep
C. dd
D. passwd

Answer 44

A. chmod

Question 45

A security team received the following requirements for a new BYOD program that will allow employees to use personal smartphones to access business email:

• Sensitive customer data must be safeguarded.
• Documents from managed sources should not be opened in unmanaged destinations.
• Sharing of managed documents must be disabled.
• Employees should not be able to download emailed images to their devices.
• Personal photos and contact lists must be kept private.
• IT must be able to remove data from lost/stolen devices or when an employee no longer works for the company.

Which of the following are the best features to enable to meet these requirements? (Choose two.)

A. Remote wipe
B. VPN connection
C. Biometric authentication
D. Device location tracking
E. Geofencing
F. Application approve list
G. Containerization

Answer 45

A. Remote wipe
G. Containerization