Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cloud Engineering > compTIA Security+ > Flashcards

compTIA Security+ Flashcards

1
Q

An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be the best solution?
* RDP server
* Jump server
* Proxy server
* Hypervisor

A

Answer: JUMP SERVER | Secure Gateway requiring authentication before accesing internal systems
RDP server: While RDP can be used for remote access, it doesn’t provide the same level of security as a jump server, as it directly connects users to internal systems.
Proxy server: Proxy servers are primarily used for caching and filtering network traffic, not for preventing unauthorized access.
Hypervisor: Hypervisors are used for virtualization and don’t directly address security concerns related to unauthorized access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?
* Jailbreaking
* Memory injection
* Resource reuse
* Side loading

A

Side Loading | Process of installing software onto a device from sources other than official app store

Jailbreaking: This refers to the process of modifying a device’s operating system to allow for more customization, but it doesn’t directly relate to the risk of installing malicious software.
Memory injection: This is a type of attack that involves injecting malicious code into a running process, but it’s not directly related to the source of the software.
Resource reuse: This is a type of vulnerability that can occur in certain programming languages or frameworks, but it’s not specifically associated with installing software from unofficial sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?
* Application
* IPS/IDS
* Network
* Endpoint

A

Endpoint Logs capture information about activities and processes running on indiv devices

Application logs: While application logs can provide information about specific applications, they may not capture the necessary details about the executable running on the device.
IPS/IDS logs: IPS/IDS logs primarily record network-level traffic and intrusion attempts, which might not provide the specific details about the executable running on the endpoint.
Network logs: Network logs can provide information about network traffic, but they may not capture detailed information about the specific executable running on the device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks. SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?
* Digital Forensics
* E Discovery
* Incident Response
* Threat Hunting

A

Threat Hunting | Proactively searching for malicious activity within a network

Digital forensics: Digital forensics is typically used to investigate a specific incident or breach after it has occurred. In this case, there is no specific incident to investigate yet.
E-discovery: E-discovery is a legal process for identifying, preserving, retrieving, and producing electronically stored information. It’s not directly relevant to the task of proactively identifying malicious activity.
Incident response: Incident response involves responding to a specific security incident after it has occurred. Since there is no known incident yet, incident response would not be appropriate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?
* Accept
* Transfer
* Mitigate
* Avoid

A

Transfer | Company is transferring financial risk associated with cyberattacks to insurance provider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A security administrator would like to protect data on employees’ laptops. Which of the following encryption techniques should the security administrator use?
* Partition
* Asymmetric
* Full Disk
* Database

A

Full Disk Encryption | Encryptes the entire contents of a hard drive - ensuring all data is protected even if the laptop is stolen or lost

Partition: Partitioning divides a hard drive into multiple logical sections, but it doesn’t provide encryption for the data stored on those partitions.
Asymmetric: Asymmetric encryption is a type of encryption that uses a pair of keys (public and private). While it can be used for data encryption, it’s not as suitable for protecting the entire contents of a hard drive.
Database: Database encryption specifically protects data within a database, but it doesn’t protect the entire contents of the laptop.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following security control types does an acceptable use policy best represent?
* Detective
* Compensating
* Corrective
* Preventitive

A

Preventitive -> An AUP is preventative because it outlines rules and guidelines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?
* Risk tolerance
* Risk transfer
* Risk register
* Risk analysis

A

Risk register is the most likely tool to document risks, thresholds, etc..

Risk Tolerance is the level of risk an organization is willing to accept.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is used to add extra complexity before using a one-way data transformation algorithm?
* Key stretching
* Data masking
* Steganography
* Salting

A

Key Stretching - Password or passphrase from cryptographic key

Data Masking: Obscuring or hiding sensitive data
Stenography: Hiding information within other data
Salting: Adding a random value to a password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?
* Open-source intelligence
* Bug bounty - Answer
* Red team
* Penetration testing

A

Bug Bounty: Program where individuals or groups are rewarded for discovering and reporting vulnerabilities in a company’s systems or applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?
* Insider
* Unskilled attacker
* Nation-state - Answer
* Hacktivist

A

Nation State

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following enables the use of an input field to run commands that can view or manipulate data?
* Cross-site scripting
* Side loading
* Buffer overflow
* SQL injection

A

SQL Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following security benefits do these actions provide? (Choose two.)
* If a security incident occurs on the device, the correct employee can be notified.
* The security team will be able to send user awareness training to the appropriate device.
* Users can be mapped to their devices when configuring software MFA tokens.
* User-based firewall policies can be correctly targeted to the appropriate laptops.
* When conducting penetration testing, the security team will be able to target the desired laptops.
* Company data can be accounted for when the employee leaves the organization.

A

If a security incident occurs on the device && company data can be accounted for when the employee leaves the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work. Which of the following is the best option?
* Send out periodic security reminders.
* Update the content of new hire documentation.
* Modify the content of recurring training. -ANSWER
* Implement a phishing campaign.

A

Modify the content of recurring training

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A systems administrator receives the following alert from a file integrity monitoring tool: The hash of the cmd.exe file has changed. The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?
* The end user changed the file permissions.
* A cryptographic collision was detected.
* A snapshot of the file system was taken.
* A rootkit was deployed.

A

Rootkit: Type of malicious software that is designed to gain unauthorized access to a computer system and maintain control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?
* Client
* Third-party vendor
* Cloud provider
* DBA

A

Client: In an Infrastructure as a Cloud model the client takes on most of the responsibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?
* MSA
* SLA –Service Level Agreement
* BPA –Business plan analysis
* SOW- Statement of Work

A

Statement of Work

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following must be considered when designing a high-availability network?
* Ease of Recovery
* Ability to Patch
* Physical Isolation
* Responsiveness
* Attack Surface
* Extensible Authentication

A

Ease of Recovery && Responsiveness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?
* Fines
* Audit findings
* Sanctions
* Reputation damage

A

Audit Findings

KEY is the internal PCI DSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?
A. Capacity planning
B. Redundancy
C. Geographic dispersion
D. Tabletop exercise

A

Capacity Planning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following can best protect against an employee inadvertently installing malware on a company system?
A. Host-based firewall
B. System isolation
C. Least privilege
D. Application allow list

A

Application Allow List is a policy restricts the installation and execution of only approved applications on company systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following describes the reason root cause analysis should be conducted as part of incident response?
A. To gather IoCs for the investigation
B. To discover which systems have been affected
C. To eradicate any trace of malware on the network
D. To prevent future incidents of the same nature

A

Prevent future incidents of the same natures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?
A. Preparation
B. Recovery
C. Lessons learned
D. Analysis

A

Preparation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

The management team notices that new accounts that are set up manually do not always have correct access or permissions. Which of the following automation techniques should a systems administrator use to streamline account creation?
A. Guard rail script
B. Ticketing workflow
C. Escalation script
D. User provisioning script

A

User Provisioning Script

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis. Which of the following types of controls is the company setting up?
A. Corrective
B. Preventive
C. Detective
D. Deterrent

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?
* Default credentials
* Non-segmented network-Answer
* Supply chain vendor
* Vulnerable software

A

Vulnerable Software: Outdated or Unpatched Software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A systems administrator is working on a solution with the following requirements: * Provide a secure zone. * Enforce a company-wide access control policy. * Reduce the scope of threats. Which of the following is the systems administrator setting up?
* Zero Trust
* AAA
* Non-repudiation
* CIA

A

Zero Trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which of the following involves an attempt to take advantage of database misconfigurations?
A. Buffer overflow
B. SQL injection
C. VM escape
D. Memory injection

A

SQL Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which of the following is used to validate a certificate when it is presented to a user?
A. OCSP- Online Certificate Status Protocol
B. CSR - Certificate Signing Request
C. CA – Cert Authority
D. CRC- Cyclic Redundancy Check

A

OCSP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?
A. Configure all systems to log scheduled tasks.
B. Collect and monitor all traffic exiting the network.
C. Block traffic based on known malicious signatures.
D. Install endpoint management software on all systems

A

Install endpoint management software on all systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

One of a company’s vendors sent an analyst a security bulletin that recommends a BIOS update. Which of the following vulnerability types is being addressed by the patch?
A. Virtualization
B. Firmware
C. Application
D. Operating system

A

Firmware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which of the following is used to quantitatively measure the criticality of a vulnerability?
A. CVE- Common Vulnerabilities and Exposures
B. CVSS - Common Vulnerability Scoring System
C. CIA- Confidentiality, Integrity, and Availability
D. CERT- Computer Emergency Response Team

A

CVSS - Common Vulnerability Scoring System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which of the following would the security analyst conclude for this reported vulnerability?
A. It is a false positive.
B. A rescan is required.
C. It is considered noise.
D. Compensating controls exist.

A

It is a false positive.-

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?
A. Data in use
B. Data in transit
C. Geographic restrictions
D. Data sovereignty

A

Data in transit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?
* Software as a service
* Infrastructure as code
* Internet of Things
* Software-defined networking

A

Infrastructure as code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

A organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?
* Exception
* Segmentation
* Risk transfer
*Compensating controls

A

Compensating Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?
* Insider threat
* Email phishing
* Social engineering
* Executive whaling

A

Social Engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access?
* EAP- Extensible Authentication Protocol
* DHCP - Dynamic Host Configuration Protocol
* IPSec- Internet Protocol Security
* NAT- Network Address Translation

A

IPSec - Internet Protocol Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which of the following is a hardware-specific vulnerability?
A. Firmware version - Answer
B. Buffer overflow
C. SQL injection
D. Cross-site scripting

A

Firmware Version

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which of the following would be the best way to block unknown programs from executing?
A. Access control list
B. Application allow list
C. Host-based firewall
D. DLP solution

A

Application Allow List

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering. Which of the following teams will conduct this assessment activity?
* White
* Purple
* Blue
* Red-

A

Red

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Malware spread across a company’s network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?
* Impersonation
* Disinformation
* Watering-hole
* Smishing

A

Watering Hole: attack targets a specific group of people by compromising websites or blogs they frequently visit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?
A. SCAP
B. NetFlow
C. Antivirus
D. DLP

A

Data Loss Prevention: Solutions that are specifically designed to identify, monitor, and protect sensitive data INLUDING PII

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?
A. Accept
B. Transfer
C. Mitigate
* Avoid

A

Transfer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Which of the following allows for the attribution of messages to individuals?
A. Adaptive identity
B. Non-repudiation
C. Authentication
D. Access logs

A

Non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

A company’s marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?
* Processor
* Custodian
* Subject
* Owner

A

Subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?
A. Testing input validation on the user input fields
B. Performing code signing on company-developed software - Answer
C. Performing static code analysis on the software
D. Ensuring secure cookies are use

A

Performing code signing on company-developed software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer data. Which of the following should the administrator do first?
* Block access to cloud storage websites.
* Create a rule to block outgoing email attachments.
* Apply classifications to the data.
* Remove all user permissions from shares on the file server.

A

Apply classifications to the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Which of the following security concepts is the best reason for permissions on a human resources fileshare to follow the principle of least privilege?
A. Integrity
B. Availability
C. Confidentiality
D. Non-repudiation

A

Confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q
A

Rules of Engagement

46
Q

A security administrator needs a method to secure data in an environment that includes some form of checks so track any changes. Which of the following should the administrator set up to achieve this goal?
* SPF – Sender Policy Framework
* GPO – Group Policy Object
* NAC – Network Equipment Center
* FIM – File Integrity Monitoring

A

File Integrity Monitor (FIM)

47
Q

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate? TRICKY QUESTION
* Secured zones
* Subject role
* Adaptive identity
* Threat scope reduction

A

Subject to the Role

48
Q

Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?
A. Hacktivist
B. Whistleblower
C. Organized crime-Answer
D. Unskilled attacker

A

Organized Crime

49
Q

Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?
A. Insider
B. Unskilled attacker
C. Nation-state - Answer
D. Hacktivist

A

Nation State

50
Q

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?
A. Hardening
B. Employee monitoring
C. Configuration enforcement
D. Least privilege

A

Least privilege

51
Q

An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?
A. Deploying a SASE (secure access service edge) solution to remote employees
B. Building a load-balanced VPN solution with redundant internet
C. Purchasing a low-cost SD-WAN solution for VPN traffic
D. Using a cloud provider to create additional VPN concentrators

A

Deploying a SASE (secure access service edge) solution to remote employees

52
Q

Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?
A. Client
B. Third-party vendor
C. Cloud provider
D. DBA

A

Client

53
Q

Which of the following is required for an organization to properly manage its restore process in the event of system failure?
* A. IRP
* B. DRP
* C. RPO
* D. SDLC

A

DRP

53
Q

Which of the following practices would be best to prevent an insider from introducing malicious code into a company’s development process?
A. Code scanning for vulnerabilities
B. Open-source component usage
C. Quality assurance testing
D. Peer review and approval

A

Peer Review & Approval

54
Q

A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks. Which of the following analysis elements did the company most likely use in making this decision?
* MTTR
* RTO
* ARO
* MTBF

A

A. MTTR-mean time to repair
B. RTO-recovery time objective
C. ARO- annualized rate of occurrence - Answer
D. MTBF-Mean time between Failures

54
Q

An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?
A. Data in use
B. Data in transit
C. Geographic restrictions
D. Data sovereignty

A

Data In Transit

54
Q

An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users’ passwords. Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?
A. Multifactor authentication
B. Permissions assignment
C. Access management
D. Password complexity

A

Multifactor Authentication

55
Q

An organization’s internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to best protect against similar attacks in the future?
A. NGFW
B. WAF - Answer
C. TLS
D. SD-WAN

A

Web Application Firewall (WAF)

56
Q

During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization’s network. Which of the following fulfills this request?
A. access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32
B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0
C. access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0
D. access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

A

access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

57
Q

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?
A. Capacity planning- Answer
B. Redundancy
C. Geographic dispersion
D. Tabletop exercise

A

Capacity Planning

58
Q

A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?
A. Clustering servers B. Geographic dispersion - Answer
C. Load balancers
D. Off-site backups

A

Geographic Dispersion

59
Q

A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the act of ignoring detected activity in the future?
A. Tuning
B. Aggregating
C. Quarantining
D. Archiving

A

Tuning

60
Q

Which of the following should a security administrator adhere to when setting up a new set of firewall rules?
A. Disaster recovery plan
B. Incident response procedure
C. Business continuity plan
D. Change management procedure

A

Change management procedure outlines the steps and approvals required for making changes to IT systems, including firewall rules

61
Q

Which of the following is used to quantitatively measure the criticality of a vulnerability?
A. CVE- Common Vulnerabilities and Exposures
B. CVSS - Common Vulnerability Scoring System
C. CIA- Confidentiality, Integrity, and Availability
D. CERT- Computer Emergency Response Team

A

B. CVSS - Common Vulnerability Scoring System

62
Q

A security team is reviewing a report. One of the findings indicated that a web application from field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?
* Secure Cookies
* Version Control
* Input Validation
* Code Signing

A

Input Validations

Cross-site scripting occurs when an application allows user input to be executed as code in the browser. Proper input validation ensures that any input data is sanitized and does not contain executable scripts or malicious content, which can protect the application from XSS attacks.

63
Q

A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Choose two.)
A. Key escrow
B. TPM presence
C. Digital signatures
D. Data tokenization
E. Public key management
F. Certificate authority linking

A

TPM presence: A Trusted Platform Module (TPM) is a hardware component that can securely generate, store, and manage cryptographic keys. It’s essential for FDE as it provides a secure and tamper-resistant environment for key storage and management.
Public key management: FDE uses public key cryptography, which involves a pair of keys: a public key and a private key. The public key is used to encrypt data, while the private key is used to decrypt it. Proper public key management is crucial to ensure that data can be decrypted and accessed when needed.

64
Q

What is CVSS?

A

Common Vulnerability Scoring System scores range from 0 to 10, with higher scores indicating more severe vulnerabilities.

65
Q

A security analyst is reviewing the source code of an application in order to identify misconfigurations and vulnerabilities. Which of the following kinds of analysis best describes this review?
* Dynamic
* Static
* Gap
* Impact

A

Static analysis involves examining the code without actually executing it, looking for potential issues like vulnerabilities and misconfigurations.

Dynamic analysis involves running the application to observe its behavior and identify security issues.
Gap analysis is a process of comparing the current state of a system against a desired or ideal state.
Impact analysis assesses the potential consequences of a security incident.

66
Q

A systems administrator deployed a monitoring solution that does not require installation on the endpoints that the solution is monitoring. Which of the following is described in this scenario?
A. Agentless solution
B. Client-based soon
C. Open port
D. File-based solution

A

Agentless Solution

67
Q

An organization requests a third-party full-spectrum analysis of its supply chain. Which of the following would the analysis team use to meet this requirement?
A. Vulnerability scanner
B. Penetration test
C. SCAP –Security Content Automation protocol
D. Illumination tool

A
68
Q

A company web server is initiating outbound traffic to a low-reputation, public IP on non-standard pat. The web server is used to present an unauthenticated page to clients who upload images the company. An analyst notices a suspicious process running on the server hat was not created by the company development team. Which of the following is the most likely explanation for his security incident? A. A web shell has been deployed to the server through the page.
B. A vulnerability has been exploited to deploy a worm to the server.
C. Malicious insiders are using the server to mine cryptocurrency.
D. Attackers have deployed a rootkit Trojan to the server over an exposed RDP port.

A

A web shell has been deployed to the server through the page.

69
Q

A malicious update was distributed to a common software platform and disabled services at many organizations. Which of the following best describes this type of vulnerability?
A. DDoS attack
B. Rogue employee
C. Insider threat
D. Supply chain

A

Supply Chain

70
Q

A security officer is implementing a security awareness program and has placed security-themed posters around the building and assigned online user training. Which of the following will the security officer most likely implement?
A. Password policy
B. Access badges
C. Phishing campaign
D. Risk assessment

A

Phishing Campaign

71
Q

An organization wants to improve the company’s security authentication method for remote employees. Given the following requirements: * Must work across SaaS and internal network applications * Must be device manufacturer agnostic * Must have offline capabilities

Which of the following would be the most appropriate authentication method?
A. Username and password
B. Biometrics
C. SMS verification
D. Time-based tokens

A

Time Based Tokens

72
Q

Which of the following is a common data removal option for companies that want to wipe sensitive data from hard drives in a repeatable manner but allow the hard drives to be reused?
A. Sanitization
B. Formatting
C. Degaussing
D. Defragmentation

A

Sanitization

73
Q

A security administrator notices numerous unused, non-compliant desktops are connected to the network. Which of the following actions would the administrator most likely recommend to the management team?

A. Monitoring
B. Decommissioning
C. Patching
D. Isolating

A

Decommissioning

74
Q

A systems administrator would like to create a point-in-time backup of a virtual machine. Which of the following should the administrator use?

A. Replication
B. Simulation
C. Snapshot
D. Containerization

A

Snapshot

75
Q

A security analyst at an organization observed several user logins from outside the organization’s network. The analyst determined that these logins were not performed by individuals within the
organization. Which of the following recommendations would reduce the likelihood of future attacks? (Choose two.)

A. Disciplinary actions for users
B. Conditional access policies
C. More regular account audits
D. Implementation of additional authentication factors
E. Enforcement of content filtering policies
F. A review of user account permissions

A

Conditional Access Policies and Implementation of additional authentication factors

75
Q

A security team is addressing a risk associated with the attack surface of the organization’s web application over port 443. Currently, no advanced network security capabilities are in place. Which of the following would be best to set up? (Choose two.)

A. NIDS –Answer
B. Honeypot
C. Certificate revocation list
D. HIPS
E. WAF –Answer
F. SIEM

A

Web Application Firewall (WAF) and Network Intrusion Detection System (NIDS)

NIDS can network traffic for signs of malicious activity - detect and alert the security team

76
Q

Which of the following is the best resource to consult for information on the most common application exploitation methods?

A. OWASP –Answer
B. STIX
C. OVAL
D. Threat intelligence feed
E. Common Vulnerabilities and Exposures

A

OWASP

77
Q

An organization experienced a security breach that allowed an attacker to send fraudulent wire transfers from a hardened PC exclusively to the attacker’s bank through remote connections. A security analyst is creating a timeline of events and has found a different PC on the network containing malware. Upon reviewing the command history, the analyst finds the following:
PS>.\mimikatz.exe “sekurlsa::pth /user:localadmin /domain:corp-domain.com /ntlm:B4B9B02E1F29A3CF193EAB28C8D617D3F327

Which of the following best describes how the attacker gained access to the hardened PC?
A. The attacker created fileless malware that was hosted by the banking platform. B. The attacker performed a pass-the-hash attack using a shared support account.
C. The attacker utilized living-off-the-land binaries to evade endpoint detection and response software.
D. The attacker socially engineered the accountant into performing bad transfers.

A

The attacker performed a pass-the-hash attack using a shared support account

78
Q

During an annual review of the system design, an engineer identified a few issues with the currently released design. Which of the following should be performed next according to best practices?
A. Risk management process
B. Product design process
C. Design review process D. Change control process

A

Change Control Process

79
Q

A development team is launching a new public-facing web product. The Chief Information Security Officer has asked that the product be protected from attackers who use malformed or invalid inputs to destabilize the system. Which of the following practices should the development team implement?
A. Fuzzing
B. Continuous deployment
C. Static code analysis
D. Manual peer review

A

Fuzzing

80
Q

A security analyst recently read a report about a flaw in several of the organization’s printer models that causes credentials to be sent over the network in cleartext, regardless of the encryption settings. Which of the following would be best to use to validate this finding?
A. Wireshark
B. netcat
C. Nessus
D. Nmap

A

Wireshark

80
Q

A third-party vendor is moving a particular application to the end-of-life stage at the end of the current year. Which of the following is the most critical risk if the company chooses to continue running the application?
A. Lack of security updates
B. Lack of new features
C. Lack of support
D. Lack of source code access

A

Lack of Security Updates

81
Q

Which of the following physical controls can be used to both detect and deter? (Choose two.)
A. Lighting
B. Fencing
C. Signage
D. Sensor
E. Bollard
F. Lock

A

Lighting and Sensor

81
Q

The author of a software package is concerned about bad actors repackaging and inserting malware into the software. The software download is hosted on a website, and the author exclusively controls the website’s contents. Which of the following techniques would best ensure the software’s integrity?
A. Input validation
B. Code signing
C. Secure cookies
D. Fuzzing

A

Code Signing

82
Q

A multinational bank hosts several servers in its data center. These servers run a business-critical application used by customers to access their account information. Which of the following should the bank use to ensure accessibility during peak usage times?
A. Load balancer
B. Cloud backups
C. Geographic dispersal
D. Disk multipathing

A

Load Balancer

83
Q

Which of the following data roles is responsible for identifying risks and appropriate access to data?
A. Owner
B. Custodian
C. Steward
D. Controller

A

Owner

84
Q

A company hired an external consultant to assist with required system upgrades to a critical business application. A systems administrator needs to secure the consultant’s access without sharing passwords to critical systems. Which of the following solutions should most likely be utilized?
A. TACACS+
B. SAML
C. An SSO platform
D. Role-based access control
E. PAM software

A

Privelege Access Management Software (PAM) provides centralized platform managing and controlling priveleged accounts

85
Q

During a penetration test, a flaw in the internal PKI was exploited to gain domain administrator rights using specially crafted certificates. Which of the following remediation tasks should be completed as part of the cleanup phase?
A. Updating the CRL
B. Patching the CA
C. Changing passwords
D. Implementing SOAR

A

Patching the Certificate Authority

86
Q

A company wants to implement MFA. Which of the following enables the additional factor while using a smart card? A. PIN
B. Hardware token
C. User ID
D. SMS

A

PIN

87
Q

Which of the following best describes a social engineering attack that uses a targeted electronic messaging campaign aimed at a Chief Executive Officer?
A. Whaling
B. Spear phishing
C. Impersonation
D. Identity fraud

A

Whaling

88
Q

A security administrator needs to create firewall rules for the following protocols: RTP, SIP, H.323. and SRTP. Which of the following does this rule set support?
A. RTOS-Real Time Operating System
B. VoIP
C. SoC-system on a chip
D. HVAC-heating, vent, air conditioning

A

VoIP

89
Q

A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize? A. Serverless architecture
B. Thin clients
C. Private cloud
D. Virtual machines

A

Serverless Architecture

89
Q

A company is adding a clause to its AUP (Acceptable Use Policy) that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
A. Cross-site scripting
B. Buffer overflow
C. Jailbreaking
D. Side loading

A

Jailbreaking is the process of removing restrictions imposed by the manufacturer on a mobile device’s operating system. This allows users to install unauthorized apps and modify the device’s software. Jailbreaking can introduce security vulnerabilities and compromise the device’s integrity.

90
Q

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO’s report?
A. Insider threat
B. Hacktivist
C. Nation-state
D. Organized crime

A

Organized Crime

91
Q

An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?
A. Compromise
B. Retention
C. Analysis
D. Transfer
E. Inventory

A

Retention

91
Q

A company is discarding a classified storage array and hires an outside vendor to complete the disposal. Which of the following should the company request from the vendor?
A. Certification
B. Inventory list
C. Classification
D. Proof of ownership

A

Certification | Certification of Disposal

92
Q

After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?
A. Group Policy
B. Content filtering
C. Data loss prevention
D. Access control lists

A

Access Control Lists

93
Q

After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?
A. Console access
B. Routing protocols
C. VLANs
D. Web-based administration

A

Web Based Administration

94
Q

A security administrator is hardening corporate systems and applying appropriate mitigations by consulting a real-world knowledge base for adversary behavior. Which of the following would be best for the administrator

  • MITRE ATT&CK
  • CSIRT
  • CVSS
  • SOAR
A

MITRE ATT&CK is a comprehensive knowledge base of adversary tactics, techniques, and procedures (TTPs) that security professionals use to understand and defend against real-world cyber threats.
CSIRT (Computer Security Incident Response Team): A team responsible for responding to security incidents and coordinating responses.
CVSS (Common Vulnerability Scoring System): A system used to assess the severity of security vulnerabilities, but it doesn’t focus on adversary behaviors.
SOAR (Security Orchestration, Automation, and Response):

94
Q

A coffee shop owner wants to restrict access to only paying customers by prompting them for a receipt number. Which of the following is the best method to use given this requirement?
* WPA3
* Captive Portal
* PSK
* IEEE 802.1X

A

Captive Portal is a web page that users must interact with before gaining access to a network. It is commonly used in places like coffee shops, hotels, and airports, where users are required to enter credentials, such as a receipt number or voucher, to get internet access.

95
Q

A city municipality lost its primary data center when a tornado hit the facility. Which of the following should the city staff use immediately after the disaster to handle essential public services?
* BCP
* Communication Plan
* DRP
* IRP

A

DRP - Disaster Recovery Plan

96
Q

An auditor discovered multiple insecure ports on some servers. Other servers were found to have legacy protocols. Which of the following tools did the auditor use to discover these issues?
* Nessus
* curl
* Wireshark
* netcat

A

Nessus is a popular vulnerability scanner that can detect open ports, insecure services, and outdated or vulnerable protocols on servers. It performs comprehensive scans to identify misconfigurations, vulnerabilities, and compliance issues.

97
Q

An administrator is installing an LDAP browser tool in order to view objects in the corporate LDAP directory. Secure connections to the LDAP server are required. When the browser connects to the server, certificate errors are being displayed, and then the connection is terminated. Which of the following is the most likely solution?
A. The administrator should allow SAN certificates in the browser configuration. B. The administrator needs to install the server certificate into the local truststore.
C. The administrator should request that the secure LDAP port be opened to the server.
D. The administrator needs to increase the TLS version on the organization’s RA

A

B. The administrator needs to install the server certificate into the local truststore.

98
Q

Which of the following describes effective change management procedures?
A. Approving the change after a successful deployment
B. Having a backout plan when a patch fails
C. Using a spreadsheet for tracking changes
D. Using an automatic change control bypass for security updates

A

Having a backout plan when a patch fails

99
Q

Which of the following best describes the risk present after controls and mitigating factors have been applied?
A. Residual
B. Avoided
C. Inherent
D. Operational

A

Residual

100
Q

A bank set up a new server that contains customers’ PII. Which of the following should the bank use to make sure the sensitive data is not modified?
A. Full disk encryption
B. Network access control
C. File integrity monitoring
D. User behavior analytics

A

File Integrity Monitor

101
Q

The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?
A. Shadow IT
B. Insider threat
C. Data exfiltration
D. Service disruption

A

Shadow IT

102
Q

Easy-to-guess passwords led to an account compromise. The current password policy requires at least 12 alphanumeric characters, one uppercase character, one lowercase character, a password history of
two passwords, a minimum password age of one day, and a maximum password age of 90 days. Which of the following would reduce the risk of this incident from happening again? (Choose two.)
A. Increasing the minimum password length to 14 characters.
B. Upgrading the password hashing algorithm from MD5 to SHA-512.
C. Increasing the maximum password age to 120 days.
D. Reducing the minimum password length to ten characters.
E. Reducing the minimum password age to zero days.
F. Including a requirement for at least one special character.

A

Increase the minimum password length to 14 characters and a requirement for a special character.

103
Q

A security administrator needs to create firewall rules for the following protocols: RTP, SIP, H.323 and SRTP

Which of the following does this rule set support?

  • RTOS
  • VOIP
  • SOC
  • HVAC
A

VoIP

104
Q

A company hired an external consultant to assist with required system upgrades to a critical business application. A systems administrator needs to secure the consultant’s access without sharing passwords to critical systems. Which of the following solutions should most likely be utilized?
A. TACACS+
B. SAML
C. An SSO platform
D. Role-based access control
E. PAM software

A

PAM Software

105
Q

Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?
A. Mitigate
B. Accept
C. Transfer
D. Avoid

A

Mitigate

106
Q

A security investigation revealed that malicious software was installed on a server using a server administrator’s credentials. During the investigation, the server administrator explained that Telnet was regularly used to log in. Which of the following most likely occurred?
A. A spraying attack was used to determine which credentials to use. B. A packet capture tool was used to steal the password.
C. A remote-access Trojan was used to install the malware.
D. A dictionary attack was used to log in as the server administrator.

A

A Packet Capture Tool was used to Steal the Password

107
Q
A
107
Q

After a company was compromised, customers initiated a lawsuit. The company’s attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?
A. Retain the emails between the security team and affected customers for 30 days.
B. Retain any communications related to the security breach until further notice.
C. Retain any communications between security members during the breach response.
D. Retain all emails from the company to affected customers for an indefinite period of time.

A

B. Retain any communications related to the security breach until further notice.

108
Q

A manager receives an email that contains a link to receive a refund. After hovering over the link, the manager notices that the domain’s URL points to a suspicious link. Which of the following security practices helped the manager to identify the attack?
A. End user training
B. Policy review
C. URL scanning
D. Plain text email

A

End user trainer

108
Q
A

Cloud Engineering (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions