Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ Study > CompTIA Security + > Flashcards

CompTIA Security + Flashcards

1
Q

Which of the following secure coding techniques makes compromised code more difficult for hackers to use?

A

Obfuscation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following would be the BEST way to analyze diskless malware that has infected a VDI?

A

Take a memory snapshot of the running system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following documents provides expectations at a technical level for quality, availability, and responsibilities?

A

SLA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process?

A

Updating the playbooks with better decision points

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A security analyst is using OSINT to gather information to verify whether company data is available publicly. Which of the following is the best application for the analyst to use?

A

theHarvester

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given the documentation only available to the customers of the applications. Which of the following BEST represents the type of testing that will occur?

A

Gray-Box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A security analyst reviews web server logs and notices the following line:

104.35.45.53 – [22/MAY/2020:07:00:58 +-1–] “GET/WORDPRESS/wp-content/plugins/custom_plugin/check_user.php?userid=1 UNION ALL SELECT user_login,user_pass,user_email from wp_users–HTTP/1.1” 200 1072 “http://www.example.com/wordpress/wp-admin/”

Which of the following vulnerabilities is the attacker trying to exploit?

A

CSRF

Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. CSRF attacks exploit the trust a Web application has in an authenticated user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An organization has developed an application that needs a patch to fix a critical vulnerability. In which of the following environments should the patch be deployed LAST?

A

Production

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An organization is outlining data stewardship roles and responsibilities. Which of the following employees roles would determine the purpose of data and how to process it?

A

Data controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following prevents an employee from seeing a colleague who is visiting an inappropriate website?

A

AUP

An AUP sets rules related to an organization’s IT security policies. These include rules around accessing restricted information; changing access data, such as passwords; opening questionable email attachments; using public Wi-Fi services; and using company approved authentication procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A document that appears to be malicious has been discovered in an email that was sent to a company’s CFO. Which of the following would be BEST to allow a security analyst to gather information and confirm it is malicious document without executing any code it may contain?

A

Detonate the document in an analysis sandbox

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A security analyst notices that specific files are being deleted each time a systems administrator is on vacation. Which of the following BEST describes the type of malware that is running?

A

Logic bomb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A candidate attempts to go to http://comptia.org but accidentally visits http://comptiia.org. The malicious website looks exactly like the legitimate website. Which of the following BEST describes this type of attack?

A

Typosquatting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better:

A

Prioritize remediation of vulnerabilities based on the possible impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A company is looking to migrate some servers to the cloud to minimize its technologies footprint. The company has 100 databases that are on premises. Which of the following solutions will require LEAST management and support from the company?

A

IaaS

Infrastructure as a Service (IaaS) is a business model that delivers IT infrastructure like compute, storage, and network resources on a pay-as-you-go basis over the internet. You can use IaaS to request and configure the resources you require to run your applications and IT systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A security analyst needs to implement security features across smartphones, laptops, and tablets. Which of the following would be the MOST effective across heterogeneous platforms?

A

Applying MDM Software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor?

A

Utilizing SIEM correlation engines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

In a rush to meet an end of year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following BEST describes the security engineer’s response?

A

Risk acceptance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A business is looking for a cloud service provider that offers a la carte services, including cloud backups, VM elasticity, and secure networking. Which of the following cloud service providers types should the business engage?

A

IaaS

Infrastructure as a Service (IaaS) is a business model that delivers IT infrastructure like compute, storage, and network resources on a pay-as-you-go basis over the internet. You can use IaaS to request and configure the resources you require to run your applications and IT systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following BEST represents an application that does not have an on-premises requirement and is accessible from anywhere?

A

SaaS

Software as a Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A small local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server is set up on the router to forward al polls so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets were never patched. Which the following should be done to prevent an attack like this from happening again?

A

Use the latest version of software

Implement a screened subnet for the web server

Install an endpoint security solution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

An administrator needs to protect user passwords and has been advised to hash the passwords. Which of the following BEST describes what the administrator is being advised to do?

A

Perform a mathematical operation on the passwords that will convert them into unique strings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A data center has experienced an increase in under-voltage events following electrical grid maintenance outside the facility. These events are leading to occasional losses of system availability. Which of the following would be the most cost-effective solution for th data center to implement?

A

Uninterruptible power supplies with battery backup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which of the following best describes a technique that compensates researchers for finding vulnerabilities?

A

Bug Bounty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which of the following would be MOST effective to contain a rapidly spreading attack that is affecting a large number of organizations?

A

DNS sinkhole

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan, the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them?

A

HTTP, HTTPS

Telnet, SSH

TLS, SSL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

The new CISO at a company has asked the security team to implement stronger user account policies. The new policies require:
-Users to choose a password unique to their last ten passwords
-Users to not login from certain high-risk countries

Which of the following should the security team implement?

A

Password history

Geolocation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A third party asked a user to share a public key of secure communication. Which of the following file formats should the user choose to share the key?

A

.cer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. One the password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user’s intranet account? Choose 2

A

Federation

Password complexity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Users have been issued smart cards that provide physical access to a building. The cards also contain tokens that can be used to access information systems. Users can log in to any thin client located throughout the building and see the same desktop each time. Which of the following technologies are being utilized to provide these capabilities? choose two

A

VDI and RFID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which of the following would be the best way to block unknown programs from executing?

A

Application allow list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer to the NAS, even thought the data is still viewable from the users’ PC. Which of the following is the MOST likely cause of this issue?

A

SSH was turned of instead of modifying the configuration file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which of the following is the MOST effective control against zero-day vulnerabilities?

A

Patch management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which of the following algorithms has the SMALLEST key size?

A

DES

Data Encryption Standard (DES) is an outdated symmetric key method of data encryption. It was adopted in 1977 for government agencies to protect sensitive data and was officially retired in 2005. IBM researchers originally designed the standard in the early 1970s.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

A security policy states that common words should not be used as passwords. A security auditor was able to perform a dictionary attack against corporate credentials. Which of the following controls was being violated?

A

Password complexity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

A company has limited storage space available and an online presence that cannot be down for more than four hours. Which of the following backup methodologies should the company implement to allow of the FASTEST database restore time in the event of a failure, while being mindful of the limited available storage space?

A

Implement full backups every Sunday at 8:00PM and nightly differential backups at 8:00 PM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

A company wants to simplify the certificate management process. The company has a single domain with several dozen subdomains, all of which are publicly accessible on the internet. Which of the following BEST describes the type of certificate the company should implement?

A

Wildcard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Which of the following would BEST provide a systems administrator with the ability to more efficiently identify systems and manage permissions and policies based on location, role, and service level?

  • Standard naming conventions
  • Domain services
    -Baseline configurations
    -Diagrams
A

Domain Services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

A security analyst is reviewing the following output form a system:

TCP 192.168.10.10:80 192.168.1.2:60101 TIME_WAIT
TCP 192.168.10.10:80 192.168.1.2:60102 TIME_WAIT
TCP 192.168.10.10:80 192.168.1.2:60103 TIME_WAIT

Which of the following most likely being observed?

-ARP poisoning
-Man in the middle
-Denial of service
-DNS poisoning

A

Denial of Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Which of the following actions would be recommended to improve an incident response process?

  • Train the team to identify the difference between events and incidents
  • Modify access so the IT team has full access to the compromised assets
  • Contact the authorities of a cybercrime is suspected
  • Restrict communication surrounding the response to the IT team
A

Train the team to identify the differences between events and incidents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

A security engineer is deploying g anew wireless network for a company. The company shares office space with multiple tenants. Which of the following should the engineer configure on the wireless network to ensure that confidential data is not exposed to unauthorized users?

-EAP
-TLS
-HTTPS
-AES

A

AES

The Advanced Encryption Standard (AES) is a symmetric block cipher chosen by the U.S. government to protect classified information. AES is implemented in software and hardware throughout the world to encrypt sensitive data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

A user is having network connectivity issues when working from a coffee shop. The user has used the coffee shop as a workspace for several months without any issues. None of the other customers at the coffee shop are experiencing these issues. A help desk analyst at the user’s company reviews the following wi-fi log:

08:13:40. Coffee_Wifi. Network connected. 5GHz
08:13:45. Coffee_Wifi. Network disconnected. 5GHz
09:04:10. Coffee_Wifi. Network connected. 5GHz
09:04:15. Coffee_Wifi. Network disconnected. 5GHz

-Another customer has configured a rogue access point
-The coffee shop network is using multiple frequencies
-A denial-of-service attack by disassociation is occurring
-An evil twin access point is being utilized

A

A denial-of-service attack by disassociation is occurring

A denial-of-service (DoS) attack is a cyberattack on devices, information systems, or other network resources that prevents legitimate users from accessing expected services and resources. This is usually accomplished by flooding the targeted host or network with traffic until the target can’t respond or crashes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

While checking logs, a security engineer notices a number of users suddenly downloading files with the .tar .gz extension. Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following MOST likely occurring?

-A RAT was installed and is transferring additional exploit tools
-The workstations are beaconing to a command-and-control server
-A logic bomb was executed and is responsible for the data transfers
-A fileless virus is spreading in the local network environment

A

The workstations are beaconing to a command-and-control server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

A systems administrator receives the following alert from a file integrity monitoring tool:

The hash of the cmd.exe files has changed

The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

-The end user changed the file permissions
-A cryptographic collision was detected
-A snapshot of the file system was taken
-A rootkit was deployed

A

A rootkit was deployed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

A systems analyst is responsible for generating a new digital forensics chain of custody form. Which of the following should the analyst include in this documentation? Choose two

-The order of volatility
-A forensics NDA
-The provenance of the artifacts
-The vendor’s name
-The date and time
-A warning banner

A

The order of volatility

The date and time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned, one of the batch jobs failed and caused a major disruption. Which of the following would work best to prevent this type of incident from recurring?

  • Job rotation
  • Retention
  • Outsourcing
    -Separation of duties
A

Job rotation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

-Data masking
-Encryption
-Geolocation policy
-Data sovereignty regulation

A

Geolocation policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Which of the following authentication methods is considered to be LEAST secure?

-TOTP
-SMS
-HOTP
-Token Key

A

SMS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

A penetration-testing firm is working with local community bank to create a proposal that best fits the needs of the bank. The bank’s information security manager would like the penetration test to resemble a real attack scenario, but it cannot afford the hours required by the penetration-testing firm. Which of the following would best address the bank’s desired scenario and budget?

-Engage the penetration testing firm’s real-team services to fully mimic possible attackers
-Give the penetration tester data diagrams of core banking applications in a known-environment test
-Limit the scope of the penetration test to only the system that is used for teller workstations
-Provide limited networking details in a partially known-environment test to reduce reconnaissance efforts.

A

-Provide limited networking details in a partially known-environment test to reduce reconnaissance efforts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

A company is auditing the manner in which its European customers’ personal information is handled. Which of the following should the company consult.

-GDPR
-ISO
-NIST
-PCI DSS

A

GDPR

General Data Protection Regulation (GDPR). Only if a processing of data concerns personal data, the General Data Protection Regulation applies. The term is defined in Art.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Which of the following is a reason to publish files’ hashes?

-To validate the integrity of the files
-To verify if the software was digitally signed
-To use the hash as a software activation key
-To use the hash as a decryption passphrase

A

To validate the integrity of the files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

After installing a patch on a security appliance, an organization realized a massive data exfiltration had occurred. Which of the following BEST describes the incident?

-Supply Chain Attack
-Ransomware Attack
-Cryptographic Attack
-Password Attack

A

Supply Chain Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Stakeholders at an organization must be kept aware of any incidents and receive updates on status changes as they occur. Which of the following plans would fulfill this requirement?

-Communication plan
-Disaster recovery plan
-Business continuity plan
-Risk plan

A

Communication plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Which of the following is the FIRST environment in which proper, secure coding should be practiced?

-Stage
-Development
-Production
-Test

A

Development

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Ann, a customer, received a notification from her mortgage company stating her PII may be shared with partners, affiliates, and associates to maintain day to day business operations. Which of the following documents did Ann receive?

-An annual privacy notice
-A non disclosure agreement
-A privileged user agreement
-A memorandum of understanding

A

An annual privacy notice

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

A network engineer and a security engineer are discussing ways to monitor network operations. Which of the following is the BEST method?

  • Disable Telnet and force SSH
  • Establish a continuous ping
  • Utilize an agentless monitor
  • Enable SNMPv3 with passwords
A

Utilize an agentless monitor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Which of the following is the GREATEST security concern when outsourcing code development to third-party contractors for an internet-facing application?

  • Intellectual property theft
    -Elevated privileges
    -Unknown backdoor
    -Quality assurance
A

Unknown backdoor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output:

CPU 0 percent busy, from 300 sec ago
1 sec ave: 99 percent busy
5 sec ave: 97 percent busy
1 min ave: 83 percent busy

Which of the following is the router experiencing?

-DDoS Attack
-Memory leak
-Buffer overflow
-Resource exhaustion

A

Resource exhaustion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

A security analyst has received an alert about PII being sent via email. The analyst’s CISO has made it clear that PII must be handled with extreme care. From which of the following did the alert MOST likely originate?

  • S/MIME
    -DLP
    -IMAP
    -HIDS
A

DLP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

An analyst visits an Internet forum lookin for information about a tool. The analyst finds a thread that appears to contain relevant information. One of the posts says the following:

Hello everyone,
I’m having the same problem with my server. Can you help. me?

<script type=”text/javascript” src=http://website.com/user.js>Onload=sqlexec(); </script>

Thank you,

Joe

Which of the following BEST describes the attack that was attempted against the forum readers?

-SQLi attack
-DLL attack
-XSS attack
-API attack

A

XSS attack

Cross-site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

An analyst is reviewing logs associated with an attack. The logs indicate an attacker downloaded a malicious file that was quarantined by the AV solution. The attacker utilized a local non-administrative account to restore the malicious file to a new location. The file was then used by another process to execute a payload. Which of the following attacks did the analyst observe?

-Privilege escalation
-Request forgeries
-Infection
-Replay attack

A

Privilege escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

A company reduced the area utilized in its data center by creating virtual networking through automation and by creating provisioning routes and rules through scripting. Which of the following does this example describe?

  • IaC
    -MSSP
    -Containers
    -SaaS
A

IaC

Infrastructure as code (IaC) security is the embedding of consistent, scalable cloud security coverage that helps to detect misconfiguration in code early in the software development life cycle to prevent vulnerabilities at runtime.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

A network manager wants to protect the company’s VPN by multi factor authentication that uses:

-Something you know
-Something you have
-Something you are

Which of the following would accomplish the manager’s goals?

-Domain name, PKI, GeoIP lookup
-VPN IP address, Company ID, Partner Site
-Password, authentication token, thumbprint
-Company URL, TLS certificate, home address

A

Domain name, PKI, GeoIP Lookup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

During a security assessment, a security analyst finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permissions for the existing users and groups a remove the set-user-ID bit from the file?

-Is
-chflags
-chmod
-Isof
-setuid

A

chmod

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

An administrator identifies some locations on the third floor of the building that have a poor wireless signal Multiple users confirm the incident and report it is not an isolated event. Which of the following should the administrator use to find the areas with a poor or non-existent wireless signal?

-Heat map
-Input validation
-Site survey
-Embedded systems

A

Site survey

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

A security administrator wants to implement a program that tests a user’s ability to recognize attacks over the organization’s email system. Which of the following would best suited for this task?

-Social media analysis
-Annual information security training
-Gamification
-Phishing campaign

A

Phishing campaign

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

A company received a “right to be forgotten” request to legally comply, the company must remove data related to the requester from its systems. Which of the following is the most company most likely complying with?

A

GDPR

General Data Protection Legislation. It is a European Union (EU) law that came into effect on 25th May 2018. GDPR governs the way in which we can use, process, and store personal data (information about an identifiable, living person).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place?

-Recovery
-Identification
-Lessons learned
-Preparation

A

Lessons learned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Which of the following BEST describes data streams that are compiled through artificial intelligence that provides insight on current cyber-intrusions, phishing, and other malicious cyber activity?

-Intelligence fusion
-Review reports
-Log reviews
-Threat feeds

A

Threat feeds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

A systems administrator is auditing all company servers to ensure they meet minimum security baseline. While auditing a Linux server, the systems administrator observes the /ect/shadow file has permissions beyond the baseline recommendations. Which of the following commands should the system administrator use to resolve this issue?

-chmod
-grep
-dd
-passwd

A

chmod

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective?

-Security information and event management
-A web application firewall
-A vulnerability scanner
-A next-generation firewall

A

Security information and event management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Which of the following components can be used to consolidate and forward inbound internet traffic to multiple cloud environments through a single firewall?

-Transit gateway
-Cloud hot site
-Edge computing
-DNS sinkhole

A

Transit gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

A cloud service provider has created an environment where customers can connect existing local networks to the cloud for additional computing resources and block internal HR applications from reaching the cloud. Which of the following cloud models is being used?

-Public
-Community
-Hybrid
-Private

A

Hybrid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

After a ransomware attack, a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the company MOST likely review to trace this transaction?

-The public ledger
-The NetFlow data
-A checksum
-The event log

A

The public ledger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

A CISO needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies?

-PCI DSS
-GDPR
-NIST
-ISO 31000

A

GDPR

76
Q

An organization is concerned about intellectual property theft by employees who leave the organization. Which of the following should the organization MOST likely implement?

-CBT
-NDA
-MOU
-AUP

A

NDA

77
Q

A manufacturing organization wants to control and monitor access from the internal business network to the segregated production network, while ensuring minimal exposure of the production network to devices. Which of the following solutions would best accomplish this goal?

-Proxy server
-NGFW
-WAF
-Jump server

A

Jump server

78
Q

To reduce and limit software and infrastructure costs, the CIO has requested to move email services to the cloud. The cloud provider and the organization must have security controls to protect sensitive data. Which of the following cloud services would BEST accommodate the request?

  • IaaS
    -PaaS
    -DaaS
    -SaaS
A

SaaS

79
Q

An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operations in a:

-Business continuity plan
-Communications plan
-Disaster recovery plan
-Continuity of operations plan

A

Disaster recovery plan

80
Q

A security analyst is tasked with defining the “something you are” factor of the company’s MFA settings. Which of the following is BEST to use to complete the configuration?

-Gait analysis
-Vein
-Soft token
-HMAC-based, one-time password

A

HMAC-based, one-time password

81
Q

A security analyst is reviewing computer logs because a host was compromised by malware. After the computer was infected it displayed an error screen and shut down. Which of the following should the analyst review first to determine more information?

-Dump file
-System log
-Web application log
-Security log

A

Dump file

82
Q

A cybersecurity administrator has a reduced team and needs to operate an on-premises network and security infrastructure efficiently. To help with the situation the administrator decides to hire a service provider. Which of the following should the administrator use?

-SDP
-AAA
-IaaS
-MSSP
-Microservices

A

MSSP

83
Q

An administrator assists the legal a compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

-Compromise
-Retention
-Analysis
-Transfer
-Inventory

A

Retention

84
Q

A company is improving security awareness trining regarding the importance of not forwarding social media messages from unverified sources. Which of the following risks would this training help prevent?

-Hoaxes
-SPIMs
-Identity Fraud
-Credential harvesting

A

Hoaxes

85
Q

Physical access to the organization’s servers in the data center requires entry and exit through multiple access points: a lobby, an access control vestibule, three doors leading to the server floor, a door to the server floor itself, and eventually to a caged area solely for the organization’s hardware. Which of the following controls is described in this scenario?

-compensating
-deterrent
-preventive
-detective

A

Preventive

86
Q

A security analyst receives an alert from the company’s SIEM that anomalous activity is coming from a local source IP address of 192.168.34.26. The CISO asks the analyst to block the originating source. Several days later, another employee opens an internal ticket stating that vulnerability scans are no longer being performed properly the IP address the employee provides is 192.168.34.26. Which of the following describes this type of alert?

-True negative
-True positive
-False positive
-False negative

A

False Positive

87
Q

Security analysts have noticed the network becomes flooded with malicious packets at specific times of the day. Which of the following should the analysts use to investigate this issue?

-Web metadata
-Bandwidth monitors
-System files
-Correlation dashboards

A

Correlation dashboards

88
Q

Security analysts are conducting an investigation of an attack that occurred inside the organization’s network. An attacker was able to collect network traffic between workstations throughout the network. The analysts review the following logs:

VLAN. Address
1 0007.1e5d.3213
1 002a.7d.44.8801
1 0011.aab4.344d

The layer 2 address table has hundreds of entries similar to the ones above. Which of the following attacks has MOST likely occurred?

-SQL Infection
-DNS spoofing
-MAC flooding
-ARP Poisoning

A

ARP poisoning

89
Q

The local administrator account for a company’s VPN appliance was unexpectedly used to log into the remote management interface. Which of the following would have prevented this from happening?

-Using least privilege
-Changing the default password
-Assigning individual user IDs
-Implementing multifactor authentication

A

Changing the default password

90
Q

Sales team members have been receiving threatening voicemail messages and have reported these incidents to the IT security team. Which of the following would be MOST appropriate for the IT security team to analyze?

-Access control
-Syslog
-Session initiation protocol traffic logs
-Application logs

A

Session initiation protocol traffic logs

91
Q

An organization recently acquired an ISO 27001 certification. Which of the following would most likely be considered a benefit of this certification?

-It allows for the sharing of digital forensics data across organizations
-It provides insurance in case of data breach
-It provides complementary training and certification resources to IT security staff
-It certifies the organization can work with foreign entities that require a security clearance
-It assures customers that the organization meets security standards

A

-It assures customers that the organization meets security standards

92
Q

An internet company has created a new collaboration application. To expand the user base, the company wants to implement an option that allows users to log in to the application with the credentials of another popular r website. Which of the following should the company implement?

-SSO
-CHAP
-802.1x
-OpenID

A

Open ID

93
Q

After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?

-Console access
-Routing protocols
-VLANs
-Web-based administration

A

Web-based administration

94
Q

All security analysts’ workstations at a company have network access to a critical server VLAN. The information security manager wants to further enhance the controls by requiring that all access to the secure VLAN be authorized only from a given single location. Which of the following will the information security manager most likely implement?

  • A forward proxy server
  • A jump server
  • A reverse proxy server
  • A stateful firewall server
A

A jump server

95
Q

An employee received multiple messages on a mobile device. The messages were instructing the employee to pair the device to an unknown device. Which of the following best describes what a malicious person might be doing to cause this issue to occur?

-Jamming
-Bluesnarfing
-Evil twin attack
-Rogue access point

A

Bluesnarfing

96
Q

A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?

-Encryption at rest
-Masking
-Data classification
-Permission restrictions

A

Encryption at rest

97
Q

A security administrator would like to ensure all cloud servers will have software preinstalled for facilitating vulnerability scanning and continuous monitoring. Which of the following concepts should the administrator utilize?

-Provisioning
-Staging
-Staging
-Quality Assurance

A

Provisioning

98
Q

A CISO wants to ensure the organization is validating and checking the integrity of zone transfers. Which of the following solutions should be implemented?

-DNSSEC
-LDAPS
-NGFW
-DLP

A

DNSSEC

99
Q

Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?

-Client
-Third-party vendor
-Cloud provider
-OBA

A

Client

100
Q

A recent phishing campaign resulted in several compromised user accounts. The security incident response team has been tasked with reducing the manual labor of filtering through all the phishing emails as they arrive a blocking the sender’s email address, along with other time-consuming mitigation actions. Which of the following can be configured to streamline those tasks?

-SOAR playbook
-MDM policy
-Firewall rules
-URL filter
-SIEM data collection

A

SOAR playbook

101
Q

A research company discovered that an unauthorized piece of software has been detected on a small number of machines in its lab. The researchers collaborate with other machines using port 445 and on the internet using port 443. The unauthorized software is starting to be seen on additional machines outside of the lab is making outbound communications using HTTPS and SMP. The security team has been instructed to resolve the problem as quickly as possible while causing minimal distribution to the researchers. Which of the following contains the BEST course of action in this scenario?

-Update the host firewalls to block outbound SMB
-Place the machines with the unapproved software in containment
-Place the unauthorized application in a blocklist
-Implement a content filter to block the unauthorized software communication

A

Place the machines with the unapproved software in containment

102
Q

A routine audit of medical billing claims revealed that several claims were submitted without the subscriber’s knowledge. A review of the audit logs for the medical billing company’s system indicated a company employee downloaded customer records an adjusted the direct deposit information to a personal bank account. Which of the following does this action describe?

-Insider threat
-Social engineering
-Third-party risk
-Data breach

A

Insider threat

103
Q

A security analyst needs to generate a server certificate to be used for 802.1x and secure RDP connections. The analyst is unsure what is required to perform the task and solicits help from a senior colleague. Which of the following is the FIRST step the senior colleague will most likely tell the analyst to perform to accomplish this task?

-Create an OCSP
-Generate a CSR
-Create a CRL
-Generate a .pfx file

A

Generate a CSR

104
Q

The CEO announced a new partnership with a strategic vendor an asked the CISO to federate user digital identifies using SAML-based protocols. Which of the following will this enable?

-SSO
-MFA
-PKI
-DLP

A

SSO

105
Q

A company that provides an online streaming service mode its customers’ personal data, including names and email addresses, publicly available in a cloud storage service. As a result, the company experienced an increase in the number of requests to delete user accounts. Which of the following BEST describes the consequence of this data disclosure?

-Regulatory fines
-Reputation damage
-Increased insurance costs
-Financial loss

A

Reputation damage

106
Q

An attacker is train got gain access by installing malware on a website that is known to be visited by the target victims. Which of the following is the attacker MOST likely attempting?

-A spear-phishing attack
-A watering-hole attack
-Typo squatting
-A phishing attack

A

A watering-hole attack

107
Q

A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital an dis monitored by the facilities department via cloud application. The security administrator isolated the switch on a separate VLAN. and set up a patching routine. Which of the following steps should also be taken to harden the smart switch?

-Setup an air gap for switch
-Change the default password for the switch
-Place the switch in a Faraday cage
-Install a cable lock on the switch

A

Change the default password for the switch

108
Q

Which of the following would provide guidelines on how to label new network devices as part of the initial configuration?

-IP schema
-Application baseline configuration
-Standard naming convention policy
-Wireless LAN and network perimeter diagram

A

Standard naming convention policy

109
Q

A security administrator installed a new web server. The administrator did this to increase the capacity for an application due to resource exhaustion on another server. Which of the following algorithms should the administrator use to split the number of connections on each server in half?

-Weighted response
-Round-robin
-Least Connection
-Weighted least connection

A

Round-robin

110
Q

A host was infected with malware. During the incident response, Joe, a user, reported that he did not receive any emails with links, but he had been browsing the internet all day. Which of the following would MOST likely show where the malware originated?

-The DNS logs
-The web server logs
-The SIP traffic logs
-The SNMP logs

A

The web server logs

111
Q

Which of the following can be used to detect a hacker who is stealing company data over port 80?

-Web application scan
-Threat intelligence
-Log aggregation
-Packet capture

A

Packet capture

112
Q

Which of the following are common VoIP-associated vulnerabilities? choose two

-SPIM
-Vishing
-VLAN hopping
-Phishing
-DHCP snooping
-Tailgating

A

SPIM
Vishing

113
Q

Which of the following BEST describes the team that acts as a referee during a penetration texting exercise?

  • White team
  • Purple team
  • Green team
  • Blue team
  • Red team
A

Purple Team

114
Q

Which of the following is assured when a user signs an email using a private key?

  • Non-repudiation
    -Confidentiality
    -Availability
    -Authentication
A

Authentication

115
Q

Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredential scan?

-Vulnerabilities with a CVSS score greater than 6.9
-Critical infrastructure vulnerabilities on non=IP protocols
-CVEs related to non-microsoft systems such as printers and switches.
-Missing patches for third-party software on windows workstations and servers

A

Missing patches for third-party software on windows workstations and servers

116
Q

Which of the following is a team of people dedicated to testing the effectiveness of organizational security programs by emulating the techniques of potential attackers?

-Red team
-White team
-Blue team
-Purple team

A

Red team

117
Q

Which of the following is an example of risk avoidance?

-Installing security updates directly in production to expedite vulnerability fixes
-Buying insurance to prepare for financial loss associated with exploits
-Not installing new software to prevent compatibility errors
-Not taking preventive measures to stop the theft of equipment

A

Not installing new software to prevent compatibility errors

118
Q

Which of the following documents specifies what to do in the event of catastrophic loss of a physical or virtual system?

-Data retention plan
-Incident response plan
-Disaster recovery plan
-Communication plan

A

Disaster recovery plan

119
Q

A software company adopted the following process before releasing software to production:

Peer review
Static code scanning
Signing

A considerable number of vulnerabilities are still being detected when code is executed on production. Which of the following security tools can improve vulnerability detection on this environment?

-File integrity monitoring for the source code
-Dynamic code analysis tools
-Encrypted code repository
-Endpoint detection and response solution

A

Dynamic code analysis tools

120
Q

Which of the following control types is patch management classified under?

-Deterrent
-Physical
-Corrective
-Detective

A

Corrective

121
Q

Which of the following scenarios BEST describes a risk reduction technique?

-A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches.

-A security control objective cannot be met through a technical change, so the company performs regular audits to determine if violations have occurred

-A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operations

-A security control objective cannot be met through a technical change, so the company performs regular audits to determine if violations have occurred.

-A security control objective cannot be met through a technical change, so the CIO decides to sign off on the risk

A

-A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operations

122
Q

A security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that tin order for mobile users to access corporate resources on their devices, the following requirements must be met:

Mobile devices OSs must be patched up tot the latest release.
A screen lock must be enabled (passcode or biometric)
Corporate data must be removed if the device is reported lost or stolen

Which of the following controls should the security engineer configure?

-Containerization
-Storage Segmentation
-Posturing
-Remote Wipe
-Full-device encryption
-Geofencing

A

Posturing
Remote Wipe

123
Q

A malicious actor recently penetrated a company’s network and moved laterally to the data center. Upon investigation, a forensics firm wants to know what was in the memory on the compromised server. Which of the following files should be given to the forensics firm?

-Security
-Application
-Dump
-Syslog

A

Dump

124
Q

Field workers in an organization are issued mobile phones on a daily basis. All the work is performed within one city, and the mobile phones are not used for any purpose other than work. The organization does not want these phones used for personal purposes. The organization would like to issue the phones to workers as a permanent devices so the phones do not need to be reissued everyday. Given the conditions described, which of the following technologies would BEST meet these requirements?

-Geofencing
-Mobile Device Management
-Containerization
-Remote Wiping

A

MDM - Mobile Device Management

125
Q

Certain users are reporting their accounts are being used to send unauthorized emails and conduct suspicious activities. After further investigation, a security analyst notices the following:

All users share workstations throughout the day.
Endpoint protection was disabled on several workstation throughout the network
Travel times on logins from the affected users are impossible
Sensitive data is being uploaded to external sites
All user account passwords were forced to be reset and the issue continued

Which of the following attacks is being used to compromise the user account?

-Brute-force
-Keylogger
-Dictionary
-Rainbow

A

Brute-force

126
Q

Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?

-SCAP
-NetFlow
-Antivirus
-DLP

A

DLP

127
Q

A security engineer is reviewing log files after a third party discovered usernames and passwords for the organization’s accounts. The engineer sees there was a change in the IP address for a vendor website one week earlier. This change lasted eight hours. Which of the following attacks was MOST likely used?

-Man-in-the-middle
-Spear-phishing
-Evil Twin
-DNS poisoning

A

DNS poisoning

128
Q

A crypto mining company recently deployed a new antivirus application to a ll of its mining systems. The installation of the antivirus application was tested on many personal devices, and no issues were observed. once the antivirus application was rolled out to the servers, constant issues were reported. As a result, the company decided to remove the mining software. The antivirus application was MOST likely classifying the software as:

-A rootkit
-A PUP
-A backdoor
-A ransomeware
-A RAT

A

A PUP

129
Q

Server administrators want to configure a cloud solution so that computing memory and processor usage is maximized most efficiently across a number of virtual servers. They also need to avoid potential denial of service situations caused by availability. Which of the following should administrators configure to maximize system availability while efficiently utilizing available computing power?

-Dynamic resource allocation
-High availability
-Segmentation
-Container security

A

High Availability

130
Q

A security analyst has been asked by the CISO to:

Develop a secure method of providing centralized management of infrastructure
Reduce the need to constantly replace aging end user machines
Provide a consistent user desktop experience

Which of the following BEST meets these requirements?

-BYOD
-MDM
-VDI
-Containerization

A

VDI

131
Q

The CISO directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access. Which of the following is the BEST security solution to reduce this risk?

-A CASB
-VPN concentrator
-MFA
-VPC endpoint

A

A CASB

132
Q

Which of the following secure application development concepts aims to block verbose error messages from being shown in a user’s interface?

-OWASP
-Obfuscation/camouflage
-Test environment
-Prevention of information exposure

A

Prevention of information exposure

133
Q

A security architect is required to deploy to conference rooms some workstation that will allow sensitive data to be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The file share is located in a local data center. Which of the following should the security architect recommend to BEST meet the requirement?

-Fog computing and KVMs
-VDI and thin clients
-Private cloud and DLP
-Full drive encryption and thick clients

A

VDI and thin clients

134
Q

Which of the following is a common source of unintentional corporate credential leakage in cloud environments?

-Code repositories
-Dark web
-Threat feeds
-State actors
-Vulnerability databases

A

Code repositories

135
Q

A security administrator needs to create a RAID configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drives will fail simultaneously. Which of the following RAID configurations should the administrator use?

-RAID 0
-RAID 1
-RAID 5
-RAID 10

A

RAID 5

136
Q

A company has decided to move its operations to the cloud. It wants to utilize technology that will prevent users from downloading company applications for personal use, restrict data that is uploaded, and have visibility into which applications are being used across the company. Which of the following solutions will best meet these requirements?

-An NGFW
-A CASB
-Application whitelisting
-An NG-SWG

A

An NG-SWG

137
Q

An organization is building backup server rooms in geographically diverse locations. The CISO implemented a requirement on the project that states the new hardware cannot be susceptible to the same vulnerabilities in the existing server room. Which o the following should the systems engineer consider?

-Purchasing hardware from different vendors
-Migrating workloads to public cloud infrastructure
-Implementing a robust patch management solution
-Designing new detective security controls

A

Implementing a robust patch management solution

138
Q

A website visitor is required to provide properly formatted information in a specific field on a website form. Which of the following security measures is most likely used for this mandate?

-Input validation
-Code signing
-SQL injection
-Form submission

A

Input validation

139
Q

Digital signatures use asymmetric encryption. This means the message is encrypted with:

-The sender’s private key and decrypted with the sender’s public key
-The sender’s public key and decrypted with the senders’ private key
-The sender’s private key and decrypted with the recipient’s public key
-The sender’s private key and decrypted with the recipient’s private key

A

The sender’s private key and decrypted with the recipient’s public key

140
Q

Audit logs indicate an administrative account that belongs to a security engineer has been locked out multiple times during the day. The security engineer has been on vacation for a few days. Which of the following attacks can the account lockout be attributed to?

-Backdoor
-Brute-force
-Rootkit
-Trojan

A

Brute-force

141
Q

Which of the following security controls can be used to prevent multiple people from using a unique card swipe and being admitted to a secure entrance?

-Visitor logs
-Faraday cages
-Access control vestibules
-Motion detection sensors

A

Access control vestibules

142
Q

A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes. Which of the following should the administer set up to achieve this goal?

-SPF
-GPO
-NAC
-FIM

A

FIM

143
Q

Which of the following descries the BEST approach for deploying application patches?

-Apply patches to systems in a testing environment, then to systems in a staging environment, and finally to production systems

-Test patches in a staging environment, develop against them in a development environment, and then apply them to the production systems

-Test the patches in a test environment, apply them to the production systems, and then apply them to staging environment

-Apply the patches to the production systems, apply them in a staging environment, then then test all of them in a testing environment

A

Apply patches to systems in a testing environment, then to systems in a staging environment, and finally to production systems

144
Q

The database administration team is requesting guidance for a secure solution that will ensure confidentiality of cardholder data at rest only in certain fields in the database schema. The requirement is to substitute a sensitive data field with a non-sensitive field that is rendered useless if a data breach occurs. Which of the following is the BEST solution to meet the requirement?

-A Tokenization
-Masking
-Full disk encryption
-Mirroring

A

A tokenization

145
Q

A penetration tester executes the command crontab -I while working in a Linux server environment. The penetration tester observes the following string in the current users’ list of cron jobs:

/10**root/writable/update.sh

Which of the following action should the penetration tester perform NEXT?

-Privilege escalation
-Memory leak
-Directory traversal
-Race condition

A

Privilege escalation

146
Q

During an incident, an EDR system detects an increase in the number of encrypted outbound connections from multiple hosts. A firewall is also reporting an increase in outbound connections that use random high ports. An analyst plans to review the correlated logs to find the source of the incident. Which of the following tools will best assist the analyst?

-A vulnerability scanner
-A NGFW
-The windows event viewer
-A SIEM

A

A SIEM

147
Q

An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sale systems. The IT administrator has been asked to improve both server-data fault tolerance and site availability under high customer load. Which of the following are the best options to accomplish this objective? choose 2

-Load balancing
-Incremental backups
-UPS
-RAID
-Dual power supply
-VLAN

A

Load balancing
RAID

148
Q

An organization’s CISO is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained. Which of the following roles would MOST likely include these responsibilities?

-Data protection officer
-Data owner
-Backup Administrator
-Data custodian
-Internal auditor

A

Backup Administrator

149
Q

A security incident has been resolved. Which of the following BEST describes the importance of the final phase of the incident response plan?

-It examines and documents how well the team responded, discovered what caused the incident, and determines how the incident can be avoided in the future.

-It returns the affected systems back into production once systems have been fully patched, data restored, and vulnerabilities addressed.

-It identifies the incident and the scope of the breach, how it affects the production environment, and the ingress point

-It contains the affected systems and disconnects them from the network, preventing further spread of the attack or breach.

A

-It examines and documents how well the team responded, discovered what caused the incident, and determines how the incident can be avoided in the future.

150
Q

An organization routes all of its traffic through a VPN. Most users are remote an connected into a corporate data center that houses confidential information. There is a firewall at the internet border, followed by a DLP appliance, the VPN server, and the data center itself. Which of the following is the weakest design element?

-The DLP appliance should be integrated into a NGFW
-Split-tunnel connections can negatively impact the DLP appliance’s performance

-Encrypted VPN traffic will not be inspected when entering or leaving the network

-Adding two hops in the VPN tunnel may slow down remote connections

A

Encrypted VPN traffic will not be inspected when entering or leaving the network

151
Q

An organization wants to enable built-in FDE on all laptops. Which of the following should the organization ensure is installed on all laptops.

-TPM
-CA
-SAML
-CRL

A

TPM

152
Q

Which of the following provides a catalog of security and privacy controls related to the United States federal information systems?

-GDPR
-PC DSS
-ISO 27000
-NIST 800-53

A

NIST 800-53

153
Q

Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

-Preparation
-Recovery
-Lessons Learned
-Analysis

A

Preparation

154
Q

During an engagement, penetration testers left USB keys that contained specially crafted malware in the company’s parking lot. A couple of days later, the malware contacted the command-and-control server, giving the penetration testers unauthorized access to the company endpoints. Which of the following will most likely be a recommendation in the engagement report?

-Conduct an awareness campaign on the usage of removable media
-Issue a user guidance program focused on fishing campaigns
-Implement more complex password management practices
-Establish a procedure on identifying and reporting suspicious messages.

A

Conduct awareness campaign on the usage of removable media.

155
Q

A financial analyst is expecting an email containing sensitive information from a client. When the email arrives the analyst receives an error and is unable to open the encrypted message. Which of the following is the MOST likely cause of the issue?

-The S/MIME plug-in not enabled
-The SSL certificate has expired
-Secure IMAP was not implemented
-POP3S is not supported

A

The S/MIME plug-in not enabled

156
Q

A company labeled some documents with the public sensitivity classification. This means the documents can be accessed by:

-Employees of other companies and the press.
-All members of the department that created the documents
-Only the company’s employees and those listed in the document
-Only the individuals listed in the documents

A

Only the company’s employees and those listed in the document

157
Q

A systems engineer thinks a business system has been compromised and is being used to exfiltrate data to a competitor. The engineer contracts the CSIRT. The CSIRT tells the engineer to immediately disconnect the network cable and to not do anything else. Which of the following is the most likely reason for this request.

-The CSIRT thinks an insider threat is attacking the network
-Outages of business-critical systems cost too much money
-The CSIRT does not consider the systems engineer to be trustworthy
-Memory contents, including fileless malware, are lost when th power is turned off.

A

Memory contents, including fileless malware, are lost when th power is turned off.

158
Q

A network administrator would like to configure a site-to-site VPN utilizing IPSec. The administrator wants the tunnel to be established with data integrity, encryption, authentication, and anti-replay functions. Which of the following should the administrator use when configuring the VPN?

-AH
-EDR
-ESP
-DNSSEC

A

ESP

159
Q

An employee receives an email stating the employee won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm employee’s identity before sending the prize. Which of the following best describes this type of email?

-Spear phishing
-Whaling
-Phishing
-Vishing

A

Phishing

160
Q

Due to unexpected circumstances, an IT company must vacate its main office, forcing all operations to alternate, off-site locations. Which of the following will the company MOST likely reference for guidance during this change?

-The business continuity plan
-The retention policy
-The disaster recovery plan
-Th incident response plan

A

The business continuity plan

161
Q

A security analyst is evaluating the risks of authorizing multiple security solutions to collect data from the company’s cloud environment. Which of the following is an immediate consequence of these integrations?

-Non-compliance with data sovereignty rules
-Loss of the vendor’s interoperability support
-Mandatory deployment of a SIEM solution
-Increase in the attack surface

A

Increase in the attack surface

162
Q

Which of the following is the correct order of volatility from most to least volatile?

-Memory, temporary filesystems, routing tables, disk, network storage
-Cache memory, temporary filesystems, disk, archival media
-Memory, disk temporary filesystems, cache, archival media
-Cache, disk, temporary filesystems, network storage, archival media

A

Cache memory, temporary filesystems, disk, archival media

163
Q

A bakery has a secret recipe that it wants to protect. Which of the following objectives should be added to the company’s security awareness training?

-Insider threat detection
-Risk analysis
-Phishing awareness
-Business continuity planning

A

Insider threat detection

164
Q

An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?

-SLA
-BPA
-NDA
-MOU

A

SLA

165
Q

A security analyst is assisting a team of developers with best practices for coding. The security analyst would like to. defend against the use of SQL infection attacks. Which of the following should the security analyst recommend first?

-Tokenization
-Input validation
-Code signing
-Secure cookies

A

Input validation

166
Q

Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?

-Digital signatures
-Salting
-Hashing
-Perfect forward secrecy

A

Salting

167
Q

A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive’s accounts. Which of the following security practices would have addressed the issue?

-A non-disclosure agreement
-Least privilege
-An acceptable use policy
-Offboarding

A

Offboarding

168
Q

A worldwide manufacturing company has been experiencing email account compromises. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would BEST prevent this type of attack?

-Network locations
-Impossible travel time
-Geolocation
-Geofencing

A

Geofencing

169
Q

Which of the following concepts BEST describes tracking an documenting changes to software and managing access to files and systems?

-Version control
-Continuous monitoring
-Stored procedures
-Automation

A

Version control

170
Q

Which of the following is a reason why a forensic specialist would create a plan to preserve data after an incident and prioritize the sequence for performing forensic analysis?

-Order of volatility
-Preservation of event logs
-Chain of custody
-Compliance with legal hold

A

Preservation of event logs

171
Q

A security analyst is tasked with classifying data to be stored on company servers. Which of the following should be classified as proprietary?

-Customers’ dates of birth
-Customers’ email address
-Marketing strategies
-Employee salaries

A

Marketing strategies

172
Q

An untrusted SSL certificate was discovered during the most recent vulnerability scan. A security analyst determines the certificate is signed properly and is a valid wildcard. This same certificate is installed on the other company servers without issue. Which of the following is the MOST likely reason for this finding?

-The required intermediate certificate is not loaded as part of the certificate chain
-The certificate is on the CRL and is no longer valid
-THe corporate CA has expired on every server, causing the certificate to fail verification
-The scanner is incorrectly configured to not trust this certificate when detected on the server.

A

The scanner is incorrectly configured to not trust this certificate when detected on the server.

173
Q

An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the. number of devices that were replaced due to loss, damage, or theft steadily increased by 10%. Which of the following would BEST describe the estimated number of devices to be replaced next year?

-ALE
-ARO
-RPO
-SLE

A

ARO (Annual Rate of Occurrence)

174
Q

An information security manager for an organization is completing a PCI DSS self-assessment for the first time. Which of the following is the MOST likely reason for this type of assessment?

-An international expansion project is currently underway
-Outside consultants utilize this tool to measure security maturity
-The organization is expecting the process credit card information
-A government regulator has requested this audit to be completed

A

The organization is expecting the process credit card information

175
Q

A security team is engaging a third-party vendor to do a penetration test of a new proprietary application prior to its release. Which of the following documents would the third-party vendor MOST likely be required to review and sign?

-SLA
-NDA
-MOU
-AUP

A

NDA

176
Q

A technician is setting up a new firewall on a network segment to allow web traffic to the internet while hardening the network. After the firewall is configured, users receive errors stating the website could not be located. Which o the following would best correct the issue?

-Setting an explicit deny to all traffic using port 80 instead of 443
-Moving the implicit deny from the bottom of the rule set to the top
-Configuring the first line in the rule set to allow all traffic
-Ensuring that port 53 has been explicitly allowed in the rule set

A

Ensuring that port 53 has been explicitly allowed in the r

177
Q

Which of the following exercises should an organization use to improve its incident response process?

-Tabletop
-Replication
-Failover
-Recovery

A

Tabletop

178
Q

Which of the following social engineering attacks BEST describes an email that is primarily intended to mislead recipients into forwarding the email to others?

-Hoaxing
-Pharming
-Watering-hole
-Phishing

A

Phishing

179
Q

A systems administrator is troubleshooting a server’s connection to an internal web server. The administrator needs to determine the correct ports to use. Which of the following tools BEST shows which ports on the web server are in a listening state?

-ipconfig
-ssh
-ping
-netstat

A

netstat

180
Q

Which of the following uses SAML for authentication?

-TOTP
-Federation
-Kerberos
-HOTP

A

Federation

181
Q

Which of the following best describes the situation where a successfully onboarded employee who is using a fingerprint reader is denied access at the company’s main gate?

-Crossover error rate
-False match rate
-False rejection
-False positive

A

False rejection

182
Q

A network administrator is concerned about users being exposed to malicious content when accessing company cloud applications. The administrator wants to be able to block access to sites based on the AUP. The users must also be protected because many of them work from home or at remote locations, providing on-site customer support. Which of the following should the administrator employ to meet these criteria?

-Implement NAC
-Implement an SWG
-Implemented a URL filter
-Implement an MDM

A

Implement an SWG

183
Q

A company’s help desk received several AV alerts indicating Mimikatz attempted to run on the remote systems. Several users also reported that the new company flash drives they picked up in the break room only have 512kb of storage. Which of the following is most likely the cause?

-The GPO prevents the use of flash drives, which triggers a false positive AV indication and restricts the drives to only 512kb of storage
-The new flash drives need a driver that is being blocked by the AV software because the flash drivers are not on the application’s allow list, temporarily restricting the drives to 512kb of storage
-The new flash drives are incorrectly partitioned, and the systems are automatically trying to use an unapproved application to repartition the drives
-The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory

A

The GPO blocking the flash drives is being bypassed by a malicious flash drive that is attempting to harvest plaintext credentials from memory

184
Q

A social media company based in North America is looking to expand into new, global market and needs to maintain compliance with international standards. With which of the following is the company’s data protection officer MOST likely concerned?

-NIST Framework
-ISO 27001
-GDPR
-PCI-DSS

A

GDPR

185
Q

Which of the following must be considered when designing a high-availability network?

-Ease of recovery
-Ability to patch
-Physical isolation
-Responsiveness
-Attack surface
-Extensible authentication

A

Ease of recover
Responsiveness

186
Q
A

Security+ Study (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions