another one Flashcards
An organization has a growing workforce that is mostly driven b additions to the sales department. EWach newly hired salesperson relies on a mobile device to conduct business. The CIO is wondering if the organization may need to scale down just as quickly as it scaled up. The CIO is also concerned about the organization’s security and customer privacy.
Which of the following would be BEST to address the CIO’s concerns?
Implement BYOD for the sales department while leveraging the MDM
A University with remote campuses, which all use different service providers, loses internet connectivity across all locations. After a few minutes, Internet and VoIP services are restroed, only to go offline again at random intervals, typically within four minutes of services being restored. Outages continue throughout the day, impacting all inbound and outbound connections and services. Services that are limited to the local LAN or WiFi network are not impacted, but all WAN and VoIP services are affected.
Later that day, the edge-router manufacturer releases a CVE outlining the ability of an attacker to exploit the SIP protocol handling on devices, leading to resource exhaustion and system reloads.
Which of the following BEST describe this type of attack? (Choose two)
DoS
Memory leak
A company’s CIO is meeting with the CISO to plan some activities to enhance the skill levels of the company’s developers.
Which of the following would be MOST suitable for training the developers’?
A phishing simulation
A network administrator has been asked to install an IDS to improve the secuirty posture of an organization.
Which of the following control types is an IDS?
Detective
Which of the following will Most likely adversely impact the operations of unpatched traditional programmable-logic controllers, running a back-end LAMP server and OT systems with human management interfaces that are accessible over the Internet via a web interface? (Choose Two)
WeakEncryption
Server-side request forgery
A finacial organization has adopted a new secure, encrypted document-sharing application to help with its customer loan process. Some important PII needs to be shared across this new platform, but it is getting blocked by the DLP systems.
Which of the following actions will BEST allow the PII to be shared with the secure application without compromising the orgaization’s securit posture?
Configure the DLP policies to whitelist this application with the specific PII
An organization wants to implement a third factor to an existing multifactor authentication. The organization already uses a smart card and password.
Which of the folowing would meet the organizations needs for a third factor.
FIngerprints
A network admin is setting up wireless access points in all the conference rooms and wants to authenticate device using PKI
Which of the following should the admin configure?
802.1X
Malicious actor recently penetration a company’s network and moved laterally to the datacenter. Upon investigation, a forensics firm wants to know was in the memory on the compromised server.
Which of the following files should be given to the forensics firm?
Dump
After entering a userna,me and password, and admin must gesture on a touch screen.
Which of the follwoing demonstrates what the admin is providing?
Two-factor authentication
A worldwide manufaturing company has been experiencing email account compromised. In one incident a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil.
Which of the following account policies would BEST prevent this type of attack?
Geofencing
A security admin needs to create a RAID configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drivers will fail simultaneously.
Which of the following RAID configs should the admin use?
Raid 5
Which of the following incident response steps involves actions to protect critical systems while maintaining business operations?
Containment
A securityy analyst receives a SIEM alert that someone logged in to the appadmin test account, which is only used for the early detection of attacks. The security analyst then reviews the following application log:
Which of the following can the security analyst conclude?
A service acount password may have been changed, resulting in continuous failed logins within the application.
Which of the following types of controls is a turnstile
Physical
Which of the following BEST explains the reason why a server admin would place a document named password.txt on the desktop of an admin account on a server?
The document is a honeyfile and is meant to attract the attention of a cyberintruder.
A startup company is using mulitple SaaS and IaaS platforms to stand up a corporate infastructure and build out a customer-facing web application.
Which of the following solutions would be BEST to provide security, managability, and visibility into the platforms ?
CASB
On which of the following is the live acquistion of data for forensic analysis MOST dependent? (Choose Two )
Value and volatility of data
Right-to-audit clauses
The CSO ata major hospital wants to implement SSO to help improve in the environment patient data, particularly at shared terminals. The CRO is concerned that training and guidance have been provided to frontline staff, and a risk analysis has not been performed.
Which of the following is the MOST likely cause of the CRO’s concerns?
SSOwould reduce the resilience and availability of a system if the provider goes offline.
DRAG DROP (Place in order) chmod 644 ~/.ssh/id_rsa chmod 777 ~/.ssh/authorized_keys scp ~/.ssh/id_rsa user@server:.ssh/authorized_keys ssh root@ server shh-keygen ~t rsa ssh-copy-id ~/.ssh/id_rsa.pub user@server ssh ~i ~/.ssh/id_rsa user@server
- ssh root@ server
- scp ~/.ssh/id_rsa user@server:.ssh/authorized_keys
- ssh ~i ~/.ssh/id_rsa user@server
- shh-keygen ~t rsa
- ssh-copy-id ~/.ssh/id_rsa.pub user@server
- chmod 777 ~/.ssh/authorized_keys
- chmod 644 ~/.ssh/id_rsa
A cybersecurity manager has scheduled biannual meetings with the IT team and department leaders to discuss how they would respond to hypothetical cyberattacks. During these mettings, the manager presents a scenario and injects additional information throughout the session to replicate what might occur in a dynamic cybersecurity event involving the company, its facilities, its data, and its staff.
Which of the following describes what the manager is doing?
Conducting a tabletop excercise
A user contacts the help desk to report the following :
Two days ago, a pop-up browser window prompted the user for a name and password after connecting to the corporate wireless SSID. This had never happened before, but the user entered the information as requested. The user was able to access the internet by had trouble accessing the department share until the next day. The user is now getting notifications from the bank about anauthorized transactions.
Which of the following attack vectors was MOST likely used in the scenario?
Rogue acces point
A startup company is using multiple SaaS and Iaas platform to stand up a corporate infrastructure and build out a customer-facing web application.
Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?
CASB
A consultant is configuring a bulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative priviliges on a weekly basis, but there is a concern that hackers could gain acces to account to the account and pivot through the global network.
Which of the following would be BEST to help mitigate this concern?
Create different accounts for each region. limit their logon times, and alert on risky logins.
A development team employs a practive of bringing all the code changes from multiple team members into the same development project throug hautomation a tool is utilized to validate the code and track source code through version control.
Which of the following BEST describes this process?
Continuous Integration
A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patch routine.
Which of the following steps should also be taken to harden the smart switch?
Change the default password for the switch.
Company engineers regularly participate in a public internet forum with other engineers. thorughout the industry.
Which of the following tactivs would an attacker MOST likely use in this scenario?
Watering-hole attack
Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the real data?
Data masking
Which of the following is a team of people dedicated testing the effectiveness of organizational security programs by emulating the techniques of potential attackers?
Red Team
An employee has been charged with fraud and is suspected of using corporate assets. As authorities collect evidence, and to preserve the admissibility of the evidence, which of the following forensic techniques should be used?
Chain of Custody
