CompTIA SYO-701 (ET) Test Flashcards

Question 1

Q

Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?

A. Hacktivist
B. Whistleblower
C. Organized crime
D. Unskilled attacker

Answer

A

C. Organized crime

In the context of CompTIA Security+, organized crime refers to structured groups that are engaged in illegal activities, typically for financial gain. These groups are often highly sophisticated, well-funded, and operate with a high degree of coordination.

Question 2

Q

Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

A. Key stretching
B. Data masking
C. Steganography
D. Salting

Answer

A

D. Salting

In the context of CompTIA Security+, salting is a technique used to enhance the security of stored passwords. It involves adding a random value, known as a “salt,” to a password before hashing it. This process helps to prevent various types of attacks, such as rainbow table attacks and certain brute-force attacks.

Question 3

Q

An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a “page not found” error message. Which of the following types of social engineering attacks occurred?

A. Brand impersonation
B. Pretexting
C. Typosquatting
D. Phishing

Answer

A

D. Phishing

Phishing involves tricking individuals into providing sensitive information, such as login credentials, by pretending to be a legitimate entity. In this case, the employee was deceived into entering their login information on a fake website that impersonated a payment website.

Question 4

Q

A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?

A. SSO
B. LEAP
C. MFA
D. PEAP

Answer

A

A. SSO

Single Sign-On (SSO) enables users to authenticate once with their domain credentials and then access multiple applications without needing to re-enter their credentials each time. This aligns with the company’s preference to use domain credentials and reduces the burden of managing multiple sets of credentials for different applications.

Question 5

Q

An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

A. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53
B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
C. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53
D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

Answer

A

D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

Question 6

Q

Which of the following scenarios describes a possible business email compromise attack?

A. An employee receives a gift card request in an email that has an executive’s name in the display field of the email.
B. Employees who open an email attachment receive messages demanding payment in order to access files.
C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.
D. An employee receives an email with a link to a phishing site that is designed to look like the company’s email portal.

Answer

A

C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.

Question 7

Q

A company prevented direct access from the database administrators’ workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?

A. Jump server
B. RADIUS
C. HSM
D. Load balancer

Answer

A

A. Jump server

A jump server, also known as a jump host or bastion host, is a secure system used to bridge the gap between a secure network segment and a less secure one. It acts as a gateway, allowing authorized users to connect to servers in a restricted network segment securely.

Question 8

Q

An organization’s internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to best protect against similar attacks in the future?

A. NGFW
B. WAF
C. TLS
D. SD-WAN

Answer

A

B. WAF (Web Application Firewall)

A WAF inspects incoming and outgoing web traffic to detect and block malicious payloads that may exploit application vulnerabilities, such as buffer overflows.
Next-Generation Firewall
Transport Layer Security
SD-WAN (Software-Defined Wide Area Network)

Question 9

Q

An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users’ passwords. Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?

A. Multifactor authentication
B. Permissions assignment
C. Access management
D. Password complexity

Answer

A

A. Multifactor authentication

Multifactor authentication (MFA) requires users to provide two or more verification factors to gain access to a resource such as an application, online account, or VPN. This security measure significantly reduces the likelihood of unauthorized access because even if an attacker has the password, they would still need the additional verification factor(s), such as a code from a mobile device, a fingerprint, or a hardware token.

Question 10

Q

An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)

A. Typosquatting
B. Phishing
C. Impersonation
D. Vishing
E. Smishing
F. Misinformation

Answer

A

C. Impersonation
E. Smishing

Question 11

Q

Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated:
“I’m in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address.”
Which of the following are the best responses to this situation? (Choose two).

A. Cancel current employee recognition gift cards.
B. Add a smishing exercise to the annual company training.
C. Issue a general email warning to the company.
D. Have the CEO change phone numbers.
E. Conduct a forensic investigation on the CEO’s phone.
F. Implement mobile device management.

Answer

A

B. Add a smishing exercise to the annual company training.
C. Issue a general email warning to the company.

Question 12

Q

A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?

A. A thorough analysis of the supply chain
B. A legally enforceable corporate acquisition policy
C. A right to audit clause in vendor contracts and SOWs
D. An in-depth penetration test of all suppliers and vendors

Answer

A

A. A thorough analysis of the supply chain

A penetration test would be checking the security practices of your supply chain to ensure they are not easily tampered with, but does not address the lack of reliability, & authenticity that would protect a company from the possible procurement of faulty supplies/hardware like an analysis would. An enforced acquisition policy would be a bad practice especially if the parts were faulty. A right to audit clause, & Statement of Work (SOW) is the first step to allowing an analysis, or penetration test of vendor services, & goods.

Question 13

Q

Which of the following provides the details about the terms of a test with a third-party penetration tester?

A. Rules of engagement
B. Supply chain analysis
C. Right to audit clause
D. Due diligence

Answer

A

A. Rules of engagement

Rules of engagement (RoE) outline the scope, objectives, limitations, and boundaries of the penetration test. This document ensures both parties understand what is allowed and expected during the testing process, including which systems can be tested, the methods to be used, the timing of the tests, and how the results will be reported and handled. Supply Chain Analysis involves assessing the risks associated with the supply chain and third-party vendors, not specifically the terms of a penetration test. Right to Audit Clause is a clause in a contract allows one party to audit the other, typically related to compliance and security practices, but does not detail the terms of a penetration test. Due Dilligence is the process of investigating and evaluating a business or person before signing a contract, but it doesn’t provide the specific terms of a penetration test.

Question 14

Q

A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement. Which of the following reconnaissance types is the tester performing?

A. Active
B. Passive
C. Defensive
D. Offensive

Answer

A

A. Active

Active reconnaissance involves actively probing and scanning the target environment to gather information. This typically includes activities such as port and service scans, vulnerability scans, and other direct interactions with the target systems to identify potential weaknesses or entry points. Passive reconnaissance, on the other hand, involves gathering information without directly interacting with the target systems, such as monitoring network traffic or analyzing publicly available information. defensive and offensive reconnaissance, respectively, are not standard reconnaissance types typically used in the context of penetration testing.

Question 15

Q

Which of the following is required for an organization to properly manage its restore process in the event of system failure?

A. IRP
B. DRP
C. RPO
D. SDLC

Answer

A

B. DRP (Disaster Recovery Plan)

A Disaster Recovery Plan (DRP) is essential for managing the restore process in the event of system failure. It provides a detailed strategy for recovering data, systems, and applications, ensuring that business operations can resume as quickly as possible after a disaster. While an Incident Response Policy (IRP) handles immediate incident response, and Recovery Point Objective (RPO) and Software Development LifeCycle (SDLC) are related to specific aspects of data recovery and system development, the DRP is specifically focused on comprehensive recovery and continuity planning.

Question 16

Q

Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?

A. Jailbreaking
B. Memory injection
C. Resource reuse
D. Side loading

Answer

A

D. Side loading

**Side loading ** is the process of installing applications or files onto a device, such as a smartphone, tablet, or computer, without using the device’s official app store or authorized distribution channels. This method allows users to bypass the standard app store or marketplace and install software directly, often from an external source like a third-party website or local storage.

Question 17

Q

A security analyst is reviewing the following logs:

[10:00:00 AM] Login rejected - username administrator - password Sprinq2023
[10:00:01 AM] Login rejected - username jsmith - password Spring2023
[10:00:01 AM] Login rejected - username guest - password Spring2023

Which of the following attacks is most likely occurring?

A. Password spraying
B. Account forgery
C. Pass-the-hash
D. Brute-force

Answer

A

A. Password spraying

Password spraying is a type of brute-force attack used to gain unauthorized access to user accounts by systematically attempting a small number of commonly used passwords against many user accounts. Unlike traditional brute-force attacks, which attempt many different passwords against a single user account, password spraying involves trying a few commonly used passwords against a large number of accounts. Pass the Hash Attack is hacking technique that allows the attacker to authenticate to a remote server or service by using the underlying hash of a user’s password instead of requiring the associated plaintext password.

Question 18

Q

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?

A. Secured zones
B. Subject role
C. Adaptive identity
D. Threat scope reduction

Answer

A

B. Subject role

To achieve zero trust, we use the control and data planes.

Control Plane uses Adaptive identity, threat scope reduction, policy-driven access control, and secured zones.

Data Plan uses Subject/system, policy engine, policy administrator, and
establishing policy enforcement points

Question 19

Q

An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be the best solution?

A. RDP server
B. Jump server
C. Proxy server
D. Hypervisor

Answer

A

B. Jump server

A jump server (or jump box) acts as a controlled access point that administrators must go through to access internal resources. It creates an additional layer of security by acting as a secure intermediary, allowing only authorized users to access internal servers and systems. This reduces the attack surface by limiting direct access to sensitive resources and can be closely monitored and secured. A proxy server acts as intermediaries between clients and servers and provides content caching, requests filtering, and login management. A Hypervisor is used to run and manage one or more virtual machines on a computer. Remote Desktop Protocol (RDP) Server is a protocol which provides a user with graphical interface to connect to another computer.

Question 20

Q

A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?

A. encryption=off
B. http://
C. www.*.com
D. :443

Answer

A

B. http://

Question 21

Q

During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization’s network. Which of the following fulfills this request?

A. access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32
B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0
C. access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0
D. access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

Answer

A

B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

Question 22

Q

A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following methods is most secure?

A. Implementing a bastion host
B. Deploying a perimeter network
C. Installing a WAF
D. Utilizing single sign-on

Answer

A

A. Implementing a bastion host

A **bastion host ** is a highly secured server located on a perimeter network (also known as a DMZ) that is designed to withstand attacks. It acts as a gateway between internal and external networks, allowing access only to specific services and applications. Users must authenticate themselves to the bastion host before accessing internal resources. This option provides a controlled entry point into the internal network, reducing the attack surface.

Question 23

Q

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

A. Application
B. IPS/IDS
C. Network
D. Endpoint

Answer

A

D. Endpoint

Endpoint logs, also known as host logs, record events and activities that occur on individual endpoints (such as laptops, desktops, or servers). These logs can include information about processes, applications, system events, user logins, file accesses, and more. Endpoint logs are a valuable source of data for investigating security incidents on specific devices, including information about the executables running on the machine.

Question 24

Q

A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.
SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?

A. Digital forensics
B. E-discovery
C. Incident response
D. Threat hunting

Answer

A

D. Threat hunting

**Threat hunting ** involves proactively searching for and identifying potential security threats or indicators of compromise (IOCs) within an organization’s network environment. It typically involves the use of advanced analytics, threat intelligence, and specialized tools to detect suspicious behavior or anomalies that may indicate the presence of a threat actor.

Question 25

Q

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

A. Accept
B. Transfer
C. Mitigate
D. Avoid

Answer

A

B. Transfer

Transferring a risk involves shifting some or all of the risk to another party, such as an insurance provider, through contractual agreements or financial arrangements.

Question 26

Q

A security administrator would like to protect data on employees’ laptops. Which of the following encryption techniques should the security administrator use?

A. Partition
B. Asymmetric
C. Full disk
D. Database

Answer

A

C. Full disk

Fulldisk encryption, this encrypts the whole storage drive of the device, including OS, files, app data, etc. the reason its not the other options partition encryption - only encrypts the partition, meaning if there are multiple partitions then some of them could be left unencrypted and a threat actor could steal data in them. Asymmetric encryption - is an encryption technique using Public Key, private key methodology. Database encryption - is used to encrypt databases (schema) or data within the databases.

Question 27

Q

Which of the following security control types does an acceptable use policy best represent?

A. Detective
B. Compensating
C. Corrective
D. Preventive

Answer

A

D. Preventive

An acceptable use policy is designed to prevent security incidents by defining the acceptable and unacceptable behaviors and actions for users within an organization. By setting clear guidelines and expectations, it aims to prevent misuse and ensure that users adhere to security protocols, thereby reducing the risk of security breaches.

Question 28

Q

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?

A. Hardening
B. Employee monitoring
C. Configuration enforcement
D. Least privilege

Answer

A

D. Least privilege

Least privilege is a security principle that states that users should only be granted the minimum level of access or permissions necessary to perform their job functions. By restricting access to the administrator console of the help desk software to only the IT manager and the help desk lead, the IT manager is adhering to the principle of least privilege, ensuring that only those individuals who require administrative access have it, thereby reducing the risk of unauthorized access and potential misuse.

Question 29

Q

Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

A. Risk tolerance
B. Risk transfer
C. Risk register
D. Risk analysis

Answer

A

C. Risk register

A risk register is a tool commonly used in risk management that records details of all identified risks, including descriptions, responsible parties, risk categories, likelihood and impact, mitigation measures, and thresholds for action. It serves as a central repository for all information about risks, making it easier to manage and track them.

Question 30

Q

Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

A. Disaster recovery plan
B. Incident response procedure
C. Business continuity plan
D. Change management procedure

Answer

A

D. Change management procedure

Implementing new firewall rules is a significant change to the network security infrastructure. Adhering to change management procedures ensures these changes are made systematically, reducing the risk of errors and enhancing the security posture.

Question 31

Q

A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

A. Open-source intelligence
B. Bug bounty
C. Red team
D. Penetration testing

Answer

A

B. Bug bounty

A bug bounty program incentivizes external security researchers to find and report vulnerabilities in a company’s applications or systems. Researchers are compensated based on the severity and impact of the vulnerabilities they uncover, helping the company to improve its security posture by leveraging a wide range of expertise. Offensive Penetration Testing is also known as Red Team. Penetration Testing Actively seeks vulnerabilities and attempts to exploit them, like a real cyber attack, also Helps uncover and report vulnerabilities to improve security,

Question 32

Q

Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?

A. Insider
B. Unskilled attacker
C. Nation-state
D. Hacktivist

Answer

A

C. Nation-state

Nation-state actors are government-backed groups or organizations that engage in cyber activities as part of national interests. They have significant financial and technical resources and often target critical infrastructure, defense systems, and other high-value targets in foreign countries. The nation-state is the most likely threat actor to use vast financial resources for international cyber attacks, aligning with the scenario’s description of attacking critical systems across borders.

Question 33

Q

Which of the following enables the use of an input field to run commands that can view or manipulate data?

A. Cross-site scripting
B. Side loading
C. Buffer overflow
D. SQL injection

Answer

A

D. SQL injection

SQL injection is a type of attack that involves inserting malicious SQL statements into an input field. These statements can then be executed by the database, allowing the attacker to view or manipulate the data. This can lead to unauthorized access to the database, data leakage, or even the modification and deletion of data. Cross-Site Scripting involves injecting malicious scripts into webpages viewed by other users, but it does not specifically involve running commands that directly view or manipulate data in a database. Side Loading typically refers to installing applications from unofficial sources, not related to input fields and running commands. Buffer Overflow involves exploiting a program by writing more data to a buffer than it can hold, potentially allowing the execution of arbitrary code, but it does not specifically use input fields to run commands on data.

Question 34

Q

Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?

A. Encrypted
B. Intellectual property
C. Critical
D. Data in transit

Answer

A

B. Intellectual property

Research and development teams typically handle sensitive information related to new inventions, designs, processes, and technologies. This type of data is considered intellectual property (IP) and is crucial for maintaining a competitive edge in the market. Protecting this data from unauthorized access, theft, or misuse is a primary concern, hence the extensive training provided to these employees.

Question 35

Q

A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work. Which of the following is the best option?

A. Send out periodic security reminders.
B. Update the content of new hire documentation.
C. Modify the content of recurring training.
D. Implement a phishing campaign.

Answer

A

C. Modify the content of recurring training.

To improve the situational and environmental awareness of existing users as they transition from remote to in-office work, the best option is: C. Modify the content of recurring training. Modifying the content of recurring training to include specific topics relevant to the transition from remote to in-office work will ensure that users are aware of the new security protocols and potential threats they might face in the office environment. This approach provides a structured and comprehensive way to address the unique aspects of both environments and helps reinforce best practices.

Question 36

Q

A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?

A. Packet captures
B. Vulnerability scans
C. Metadata
D. Dashboard

Answer

A

D. Dashboard

Dashboards offer a clear and intuitive way to present complex data, making it easier for board members to grasp the overall security posture and trends over time.

Question 37

Q

A systems administrator receives the following alert from a file integrity monitoring tool:
The hash of the cmd.exe file has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

A. The end user changed the file permissions.
B. A cryptographic collision was detected.
C. A snapshot of the file system was taken.
D. A rootkit was deployed.

Answer

A

D. A rootkit was deployed.

A change in the hash of a critical system file like cmd.exe, without any corresponding patches or updates being applied, is a strong indicator of potential malicious activity. A rootkit is a type of malware that can modify system files and hide its presence to maintain persistent and privileged access to a system. If a rootkit has altered cmd.exe, it could be an attempt to replace the legitimate command prompt with a malicious version, or to modify its behavior for nefarious purposes. This is a serious security concern and should be investigated immediately.

Question 38

Q

Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?

A. Client
B. Third-party vendor
C. Cloud provider
D. DBA

Answer

A

A. Client

The client is the one who is utilizing the data, & would be responsible in the handling, & security of database within the infrastructure provided by the Cloud Provider, or Third-Party Vendor.

Question 39

Q

A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?

A. MSA
B. SLA
C. BPA
D. SOW

Answer

A

D. SOW

The company should provide the client with a Statement of Work (SOW). A Statement of Work is a document that outlines the details of a project, including the scope, deliverables, timeline, and cost. It is used to ensure that both the client and the service provider have a clear understanding of the project’s requirements and expectations. - MSA (Master Service Agreement) An overarching contract that defines the terms and conditions under which services will be provided. - SLA (Service Level Agreement) A contract that defines the level of service expected from the service provider. - BPA (Business Partnership Agreement) An agreement that defines the relationship and responsibilities between business partners.

Question 40

Q

A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?

A. Secure cookies
B. Version control
C. Input validation
D. Code signing

Answer

A

C. Input validation

Question 41

Q

Which of the following must be considered when designing a high-availability network? (Choose two).

A. Ease of recovery
B. Ability to patch
C. Physical isolation
D. Responsiveness
E. Attack surface
F. Extensible authentication

Answer

A

A. Ease of recovery
D. Responsiveness

Ease of recovery. This is essential for high availability because the network must be able to recover quickly from failures to minimize downtime. -

Responsiveness. Ensuring that the network can handle high traffic loads and respond quickly to user requests is crucial for maintaining high availability.

Other factors like physical isolation, ability to patch, attack surface, and extensible authentication are important for security and maintenance but are not primary considerations for high availability.

Question 42

Q

A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?

A. Air gap the system.
B. Move the system to a different network segment.
C. Create a change control request.
D. Apply the patch to the system.

Answer

A

C. Create a change control request.

Change Control is the process that management uses to identify, document and authorize changes to an IT environment. It minimizes the likelihood of disruptions, unauthorized alterations and errors. The change control procedures should be designed with the size and complexity of the environment in mind.

Question 43

Q

Which of the following describes the reason root cause analysis should be conducted as part of incident response?

A. To gather IoCs for the investigation
B. To discover which systems have been affected
C. To eradicate any trace of malware on the network
D. To prevent future incidents of the same nature

Answer

A

D. To prevent future incidents of the same nature

Root cause analysis is fundamental to preventing future incidents by addressing the underlying issues rather than merely treating the symptoms. This approach helps build a more resilient security infrastructure. Also, Conducting RCA contributes to continuous improvement in security practices, policies, and technologies, enhancing the organization’s overall security posture.

Question 44

Q

Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?

A. Fines
B. Audit findings
C. Sanctions
D. Reputation damage

Question 45

Q

A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?

A. Capacity planning
B. Redundancy
C. Geographic dispersion
D. Tabletop exercise

Answer

A

A. Capacity planning

Capacity planning involves determining the staffing levels needed to sustain business operations during a disruption. This ensures that the organization has sufficient human resources to maintain essential functions and minimize downtime.

Question 46

Q

A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

A. Data masking
B. Encryption
C. Geolocation policy
D. Data sovereignty regulation

Answer

A

C. Geolocation policy

Implementing a geolocation policy allows the company to configure the SaaS application to block access from IP addresses originating in high-risk countries. This is accomplished by using IP geolocation data to determine where a connection attempt is coming from. Geolocation policies are effective for preventing unauthorized access based on geographic location, ensuring that sensitive documents remain secure from individuals in regions identified as high-risk.

Question 47

Q

Which of the following is a hardware-specific vulnerability?

A. Firmware version
B. Buffer overflow
C. SQL injection
D. Cross-site scripting

Answer

A

A. Firmware version

the firmware version (option A) is directly related to the hardware and represents a potential point of vulnerability that attackers could exploit. Firmware is the software that controls the basic functionality of hardware devices, and vulnerabilities in firmware can lead to security breaches. Options B, C, and D (buffer overflow, SQL injection, and cross-site scripting) are software vulnerabilities and are not inherently tied to hardware components.

Question 48

Q

While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.
Which of the following actions would prevent this issue?

A. Documenting the new policy in a change request and submitting the request to change management
B. Testing the policy in a non-production environment before enabling the policy in the production network
C. Disabling any intrusion prevention signatures on the “deny any” policy prior to enabling the new policy
D. Including an “allow any” policy above the “deny any” policy

Answer

A

B. Testing the policy in a non-production environment before enabling the policy in the production network

By testing the policy in a non-production environment, the technician can identify potential issues, such as legitimate traffic being blocked, before applying the changes to the production network. This approach allows for adjustments and troubleshooting in a safe setting, minimizing the risk of disruption to business operations.

Question 49

Q

An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?

A. Real-time recovery
B. Hot
C. Cold
D. Warm

Answer

A

D. Warm

The primary difference between a hot site and cold site is the readiness to be up and running. With a recent backup of data and all IT systems operating, a hot site provides redundancy and is essentially a second data center that will result in minimal to no downtime. To get a cold site up and running means planning for setup time and resources.

Question 50

Q

A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?

A. Enumeration
B. Sanitization
C. Destruction
D. Inventory

Answer

A

B. Sanitization

Sanitization involves securely erasing data from hard drives to ensure that it cannot be recovered or accessed by unauthorized individuals. This process is essential before decommissioned systems are sent to recycling to protect sensitive information. Enumeration, destruction, and inventory do not specifically refer to the secure erasure of data from hard drives.

Question 51

Q

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

A. Private
B. Critical
C. Sensitive
D. Public

Answer

A

C. Sensitive

Question 52

Q

A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider first?

A. Local data protection regulations
B. Risks from hackers residing in other countries
C. Impacts to existing contractual obligations
D. Time zone differences in log correlation

Answer

A

A. Local data protection regulations

When a U.S.-based cloud-hosting provider is considering expanding its data centers to new international locations, the first thing they should consider is local data protection regulations. These regulations govern how personal or sensitive data is collected, stored, processed, and transferred across borders. Different countries have different regulations, such as the GDPR in the EU or PIPEDA in Canada. Compliance with these regulations is crucial to avoid legal penalties, fines, or reputational damage

Question 53

Q

Which of the following would be the best way to block unknown programs from executing?

A. Access control list
B. Application allow list
C. Host-based firewall
D. DLP solution

Answer

A

B. Application allow list

Question 54

Q

A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering.
Which of the following teams will conduct this assessment activity?

A. White
B. Purple
C. Blue
D. Red

Answer

A

D. Red

Offensive Penetration Testing , Known as “red teaming” Actively seeks vulnerabilities and attempts to exploit them, like a real cyber attack. Helps uncover and report vulnerabilities to improve security, & Can simulate real-world attacks and gain support for cybersecurity investments

Question 55

Q

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

A. Testing input validation on the user input fields
B. Performing code signing on company-developed software
C. Performing static code analysis on the software
D. Ensuring secure cookies are use

Answer

A

B. Performing code signing on company-developed software

Code signing involves applying a digital signature to software, verifying the identity of the developer and ensuring that the code has not been altered or tampered with since it was signed. This process provides assurance of the authenticity and integrity of the software. Testing input validation, performing static code analysis, and ensuring secure cookies are important security practices but do not specifically address the need to verify the authenticity of the code.

Question 56

Q

Which of the following can be used to identify potential attacker activities without affecting production servers?

A. Honeypot
B. Video surveillance
C. Zero Trust
D. Geofencing

Answer

A

A. Honeypot

Honeypot - a network-attached system set up as a decoy to lure cyber attackers and detect, deflect and study hacking attempts on systems.
Geofencing - Virtual boundaries to restrict data access based on location
**Zero Trust **- demands verification for every device, user, and transaction within the network, regardless of its origin

Question 57

Q

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

A. Analysis
B. Lessons learned
C. Detection
D. Containment

Answer

A

A. Analysis

During an investigation, the incident response team engages in the process of understanding the source of an incident through analysis. This involves examining the data and evidence collected to determine how the incident occurred, its origin, and its impact.

Question 58

Q

A security practitioner completes a vulnerability assessment on a company’s network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

A. Conduct an audit.
B. Initiate a penetration test.
C. Rescan the network.
D. Submit a report.

Answer

A

C. Rescan the network.

Rescanning the network is essential to verify that the previously identified vulnerabilities have been successfully remediated and to ensure that no new vulnerabilities have been introduced. This step confirms the effectiveness of the remediation efforts before moving on to further actions such as audits, penetration tests, or reporting.

Question 59

Q

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device. Which of the following best describes the user’s activity?

A. Penetration testing
B. Phishing campaign
C. External audit
D. Insider threat

Answer

A

D. Insider threat

Question 60

Q

Which of the following allows for the attribution of messages to individuals?

A. Adaptive identity
B. Non-repudiation
C. Authentication
D. Access logs

Answer

A

B. Non-repudiation

Question 61

Q

Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

A. Automation
B. Compliance checklist
C. Attestation
D. Manual audit

Answer

A

A. Automation

Automation involves using tools and scripts to regularly check and report on the security settings of servers. This method ensures consistent, real-time monitoring and can quickly detect any unauthorized changes. It is more reliable and efficient compared to manual methods, compliance checklists, or periodic attestations, which may not capture changes as promptly or consistently.

Question 62

Q

Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?

A. SCAP
B. NetFlow
C. Antivirus
D. DLP

Answer

A

D. DLP

Data Loss Prevention (DLP) solutions monitor, detect, and block sensitive data from being sent outside an organization through email, file transfers, and other communication methods. DLP can be configured to detect specific data patterns, such as social security numbers, credit card information, or other forms of PII.

Question 63

Q

An organization recently updated its security policy to include the following statement:
Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application.
Which of the following best explains the security technique the organization adopted by making this addition to the policy?

A. Identify embedded keys
B. Code debugging
C. Input validation
D. Static code analysis

Answer

A

C. Input validation

Input validation is the process of analyzing inputs and disallowing those which are considered unsuitable. Ie: Only allowing accepted inputs based on specific criteria

Question 64

Q

A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

A. Place posters around the office to raise awareness of common phishing activities.
B. Implement email security filters to prevent phishing emails from being delivered.
C. Update the EDR policies to block automatic execution of downloaded programs.
D. Create additional training for users to recognize the signs of phishing attempts.

Answer

A

C. Update the EDR policies to block automatic execution of downloaded programs.

Implementing EDR policy updates directly addresses the risk posed by phishing attacks by stopping malicious code from executing, thereby reducing the potential impact of users clicking on phishing links.

Endpoint Detection and Response (EDR) focuses on identifying and addressing security threats at the endpoint level, such as laptops, desktops, and mobile devices

Answer 64

A

A. Compensating control

A compensating control is a security measure that is put in place to satisfy the requirements of a security policy or standard when the primary control cannot be implemented. In this case, the host-based firewall on a legacy Linux system allowing connections from only specific internal IP addresses serves as a compensating control to protect the system by limiting access to trusted sources.

Answer 65

A

D. User provisioning script

A user provisioning script automates the process of creating user accounts, ensuring that each new account is set up with the correct access and permissions consistently. This helps prevent errors that can occur with manual account creation.

Answer 66

A

C. Detective

A Security Information and Event Management (SIEM) system is primarily used to detect security incidents by collecting and analyzing logs from various sources.The setup of a SIEM system and regular log reviews is focused on identifying incidents, making it a classic example of a detective control, which is intended to uncover issues rather than prevent them.

Answer 67

A

A. Serverless framework

A serverless framework is a cloud-based application-hosting solution that allows developers to build and run applications without managing the underlying infrastructure. It is typically a low-cost option because it charges based on the actual usage of the resources rather than requiring the provisioning of dedicated servers.

Answer 68

A

A. Tuning

Tuning refers to the process of adjusting the configuration of a system, in this case, the security operations center’s detection systems, to reduce or eliminate the number of false positives. In this context, if the so-called “malicious activity” is determined to be normal and is expected to recur, the system can be tuned to ignore this activity in the future, preventing unnecessary alerts.

Answer 69

A

C. An attacker is attempting to brute force ismith’s account.

The log entries show multiple successful password authentications followed by multiple failed MA (Multi-Factor Authentication) attempts due tc invalid codes. This pattern suggests that the user’s password has been correctly entered multiple times, but the MrA codes are consistently fallin
The best explanation Tor what the security analyst nas discovered Is.
C. An attacker is attempting to brute force smith’s account
The repeated successtul password authentications followed by tailed MA attempts indicate that an attacker may have obtained the user’s password and is now tring to bypass the second laver of security, the MFA, by attempting multiple invalid codes

Answer 70

A

B. Geographic dispersion

Geographic dispersion involves placing critical infrastructure in multiple, geographically distant locations. This strategy ensures that even if one si
Is attected by a weather event, operations can continue at another site, minImizing downtime and maintaining avallability.

Answer 71

A

D. Jailbreaking

Jailbreaking is the correct answer because it directly affects the security of personal devices used in a BYOD program. Jalibreaking removes bullt-in security controls, making devices vulnerable to various threats and is a primary concern for companies allowing personal devices to access corporate networks and data.

Answer 72

A

C. ARO

MTTR = mean time to repair
RTO = recovery time objective
ARO = annualized rate of occurance
MTBF = mean time between failures.

Answer 73

A

A. Reporting phishing attempts or other suspicious activIties

Answer 74

A

A. Preparation

Answer 75

A

D. Web-based administration

Web-based administration, also known as remote management or HTTP/HTTPS access, is a common feature in routers that allows administrators to manage the device remotely using a web browser. However, this feature also introduces a potential vulnerability, as it opens up the router to potential web-based attacks. Disabling web-based administration would reduce the attack surface and prevent potential exploits, making the router more secure
Console access (A) is necessary for local management, routing protocols (B) are essential for network operation, and **VLANs (C) **are used fol network segmentation and securit. Disabling web-based administration (D) is the most appropriate option to harden the router.

Answer 76

A

D. FIM (File Integrity Monitoring)

File Integrity Monitoring (FIM) is a security technology that monitors and detects changes in files. FIM solutions can track modifications, access, deletions of files and notity administrators of any changes, thus ensuring data integrity and security.

Group Policy Objects (GPOs) let system admins control and implement cybersecurity measures from a single location

Sender Policy Framework (SPF) is an email authentication method designed to detect and prevent email spoofing

Network access control (NAC) is a security solution that enforces policy on devices that access networks to increase network visibility and reduce risk.

Answer 77

A

A. Key Escrow
B. ТРМ presence

Key escrow This is important to ensure that encryption keys can be recovered in case they are lost or forgotten. It is a crucial consideratior for Full Disk Encryption (FDE) to maintain access to data even if issues arise with the primary encryption keys.
TPM presence: Trusted Platform Module (TPM) is a hardware-based security feature that can store encryption keys securely. Ensuring the presence of TPM on laptops enhances the security of FDE by protecting the encryption keys being accessed or tampered with.

Answer 78

A

B. Setting up a VPN and placing the jump server inside the firewall

Setting up a VPN and placing the jump server inside the firewall is the most secure approach because it reduces the attack surface and ensures only authorized users can access the remote desktop service. This solution addresses the primary security concern ot protecting sensitive production systems by ensuring that only verified users can gain access, thus minimizing the attack surface and potential vulnerabilities.

Answer 79

A

D. IPS (Intrusion Prevention System)

A. ACL (Access control List: ACLS are used to control the flow of trattic based on rules, but they are not dynamic enough to monitor or block signature-based attacks effectively.
B. DLP (Data Loss Prevention): DLP systems are focused on preventing data breaches by detecting and blocking potential data leaks/exfiltration not on monitoring or blocking attacks per se.
C. IDS (Intrusion Detection Svstem): While an IDS can detect known sianature-based attacks. it does not block them: it only alerts the system administrators of the potential threat.
D. IPS Intrusion Prevention System): As mentioned, an IPS actively monitors and blocks attacks, making it the most suitable option for the scenario described

Answer 80

A

C. Safety controls should fail open.

satety controls falling open is a critical design principle that ensures human life is prioritized in the event ot a failure. This principle applies to situations where failing open provides an immediate satety benefit, such as allowing exit doors to unlock automatically during a fire.
Fail Close: Locks controls such as access to the perimeter. & devices to protect from exfiltration

Answer 81

A

B. Containers

Containers is the correct answer because they are specifically designed to provide flexibility and scalabity in constantly changing environments. containers allow for rapid deployment and scaling. making them ideal for dynamic applications that need to adapt to frequent changes and updates. furthermore containers are particularly well-suited for microservices architectures, continuos integration continuous deplovment (CI/CD) pipelines, and environments that need to rapidly adapt to change.
RTOS = Real Time Operating System
Supervisory Control and Data Acquisition (SCADA)

Answer 82

A

B. Chain of custody

Chain of custody is the process that ensures evidence is properly handled and documented throughout its lifecycle.

Answer 83

A

D. updating processes for sending wire transfers

Updating the processes for sending wire transfers would most likely prevent this type of activity in the future. This could include implementing additional verification steps, such as requiring multiple levels of approval, verifying new payment instructions through a separate communication channel, or implementing
a callback procedure to contirm the authenticity of the instructions.

Answer 84

A

B. Orchestration

Orchestration provides a comprehensive approach to automating complex workflows, making it an excellent choice for efficiently managing account creation processes in large-scale environments.Orchestration is ideal for automating the creation of user accounts, as it can handle the sequence of tasks required to set up accounts, such as creating usernames, assigning permissIons, contIgurIng email, and setting up directory

Answer 85

A

C. Subject

In this scenario, the customers are the data subjects because the sensitive information collected, modified, and stored by the marketing department pertains to them. The customers are the individuals whose data is being processed

Answer 86

A

D. Risk Threshold

Answer 87

A

B. Data is being exfiltrated.

The scenario describes an internal system sending unusual and large amounts of DNS queries to external systems, especially during non-busines hours. This behavior Is indicative ot data exfiltration, where an attacker tries to move data out ot the network covertly.

Answer 88

A

D. Vulnerable software

Vulnerable software is the correct answer because:
* Direct Risk Connection: Opening firewall ports directly exposes the system’s software to external threats. If the software has vulnerabilities, thes can be exploited by attackers, especially when exposed to the internet or external networks.
* Exploitation Potential Known Vulnerabilities in software can be easIiy targeted by attackers using automated tooIs to scan an exploit open ports.
*Immediate security concern: The primary concern with opening ports is exposing internal systems to external attacks, making any vulnerabilities in the software a direct threat.

Answer 89

A

B. SQL injection

SQL injection is an attack that targets vulnerabilities in a database by injecting malicious SQL code into input fields. It takes advantage of misconfigured or improperly secured databases that do not validate or sanitize user input.

Answer 90

A

A. OCSP

OCSP (Online Certification Status Protocol), is the protocol that checks a certificate for validitiy and if its been revoked by CA (Certificate Authroity).

Answer 91

A

B. Firmware

BIOS update addresses vulnerabilities at the firmware level. The BIOS is an essential component of the system’s firmware, and updates to it are intended to fix security vulnerabilities, improve compatibility, and enhance overall system stability.

Answer 92

A

B. CVSS (Common Vulnerability Scoring System)

CVSS is specitically designed to quantitatively measure the criticality ot a vulnerability.

CVE (Common Vulnerabilities & Exposures) is a dictionary of known threats

CIA (Confidentiality, Integritv & Availability) is a security concept.

CERT (Computer Emergency Response Team) - the title speaks for itself!

Answer 93

A

D. Install endpoint management software on a systems

Install endpoint management software on all systems is the correct answer because it offers a comprehensive solution for monitoring and managing workstations and servers. Endpoint management software provides visibility into unauthorized changes, detects unapproved software installations, and enforces security policies, making it the most effective choice for ensuring system integrity and compliance.

Answer 94

A

B. Data in transit

Data in transit is the correct answer because a VPN is specifically designed to protect data as it moves between two locations.

Answer 95

A

D. Compensating controls

compensating controls are security measures that are implemented to mitigate risk when the primary controls are not feasible or sufficient. In this case, since the legacy system might have inherent vulnerabilities that cannot be fully addressed, the organization has implemented additional controls to reduce the risk.

Answer 96

A

B. Infrastructure as code (IaC)

Infrastructure as Code (laC) is the correct answer because it provides the necessary tools and practices for automating and simplifving the deplovment of infrastructure resources in a cloud environment. laC enables efficient and repeatable resource provisioning. making it the most effective solution for the systems administrator’s needs.

Answer 97

A

C. IPSec

IPsec Is Ideal for establishing a secure connection between a security consultant’s devIce and a clients network, ensuring contidentiality, integrity and authenticity of data transmitted over the connection.

EAP (Extensible Authentication Protocol)
NAT ( Network Address Translation)
DHCP (Dynamic Host Configuration Protocol)

Answer 98

A

C. Social engineering

SocIal engineerIng Is a manipulation technique that exploits human error to gain private intormation, access, or valuables.

Executive Whaling is a type of phishing attack that specifically targets high-profile executives (also known as “whales”) to steal sensitive information.

Answer 99

A

C. Apply classifications to the data.

Apply classitications to the data is the correct first step because it establishes a foundational understanding of what data is sensitive and needs protection. By classifying the data, the security administrator can ensure that subsequent DLP policies are effectively tailored to prevent the exfiltration of sensitive customer data, while minimizing unnecessary restrictions on non-sensitive aata

Answer 100

A

B. Retention

The administrator is tasked with ensuring that transaction data Is archived for the appropriate duration. This task involves adhering to retention schedules that dictate how long such data must be kept to meet compliance obligations.

Answer 101

A

A. SOW

SOW: statement of work
BPA: business partnership agreement
SLA: service level agreement
NDA: no disclosure agreement

Answer 102

A

D. Organized crime

Ransomware Is blackmailing for monetary gain which Is a CRIME. It also does not fit the criteria for any other threat actor listed.

Answer 103

A

D. Peer review and approval

Peer review and approval is a practice that involves having other developers or experts review the code before it is deployed or released. Peer review and approval can help detect and prevent malicious code, errors, bugs, vulnerabilities, and poor quality in the development process.

Answer 104

A

D. Application allow list

Ву using an application allow lIst, employees cannot inadvertently install or run unauthorized software, including malware, because only approved applications are permiiied to execute.

Answer 105

A

C. Jailbreaking

Answer 106

A

C. Badge Access
D. Access Control Vestibule

Answer 107

A

A. Segmentation

Network segmentation involves dividing a network into subnets to control access and traffic flow.

Answer 108

A

D. Removable devices

In an air-gapped network. which is physically Isolated from other networks. the most common data loss path would typicallv be through removable devices

Answer 109

A

C. Watering-hole

A Watering-hole attack targets a specific group of people by compromising a website they frequently visit.

Answer 110

A

A. Deploying a SASE solution to remote employees

SASE (Secure Access Service Edge) is a comprehensive networking and security approach that combines wide-area networking (WAN) capabilities with security features. It provides secure access to applications and data, including encrypted tunnel access to the data center while also offering monitoring capabilities for remote employee internet traffic. By implementing a SASE solution, the organization can reduce trattic on the VPN and internet circuit by routing trattic intelligently through the cloud, closer to the users. This approach helps optimize pertormance and security, addressing the scaling issues effectivelv.

Answer 111

A

A. Regulatory requirement

Answer 112

A

C. Confidentiality

The primary goal of applying least privilege to HR files is to protect sensitive data from unauthorized access, aligning directly with the confidentiality aspect ot intormation security.

Answer 113

A

E. The device’s encryption level cannot meet organizational standards.
F. The device is unable to receive authorized updates

Encryption Level: If a device’s encryption level cannot meet the organization’s standards, it poses a significant security risk and should be decommissioned
Authorized Updates: If a device is unable to receive authorized updates, it becomes vulnerable to known exploits and cannot be maintained securely, thus it should also be decommissioned.

Answer 114

A

C. Recurring

Recurring risk assessments are those that are scheduled to take place at regular intervals, such as annually, semi-annually, or quarterly.

Answer 115

A

B. Detective

Detective is the correct answer because reviewing log files after a ransomware attack is an example of a detective control. It is used to identify analvze, and understand security incidents post-occurrence, providing valuable information for future prevention and response strategies

Answer 116

A

A. Tabletop

Tabletop exercises are specifically desianed to evaluate and improve incident response processes by allowing teams to simulate responses to hypothetical incidents.

Failover refers to switching to a computer, system, network, or hardware component that is on standby if the initial system or component fails

Answer 117

A

B. Off-site replication

Off-site replication is crucial for disaster recovery plannina, particularly in areas susceptible to natural disasters.

Answer 118

A

C. Segmentation

Legacy loT Devices: These devices often lack the ability to be quickly patched or replaced due to hardware limitations or operational constraints. Segmentation offers a rapid response by limiting access and isolating these devices from critical network resources.

Answer 119

A

D. Access control lists

Access control lists (ACLs) should be used to restrict access to the data quickly. ACLs allow the administrator to specify which users or groups hav permission to access certain files or directories on the file server, providing a straightforward and immediate way to enforce access controls and protect contidential data.

Answer 120

A

D. SLA (Service Level Agreement)

The SLA is the appropriate document to specify this uptime requirement and any associated metrics.

Answer 121

A

A. Certification

Answer 122

A

A. Geographic dispersion

Geographic dispersion is the practice of having backup data stored in different locations that are far enough apart to minimize the risk of a single natural disaster attecting both sites.

Answer 123

A

D. Query the file’s metadata

Metadata is data that describes other data, such as its format, origin, creation date, author, and other attributes.

Answer 124

A

C. Purple

Red = offensive
Blue = Defensive
Yellow = Builders
Purple = mix of offensive and defensive. Also the color you get when you mix red and blue

Answer 125

A

A. Patch availability

Patch availability is a critical concern for maintaining the security and integrity of systems.

Answer 126

A

A. A full inventory of all hardware and software

A full inventory of all hardware and software is the correct answer because it provides the essential information needed to accurately assess the risk posed by a new vulnerability.

Answer 127

A

B. Scheduled downtime

Scheduled downtime is the correct answer because it specifically involves setting a designated time for
changes to occur. balancing the need for system maintenance with minimizing business impacts.

Answer 128

A

C. Encryption

Answer 129

A

D. End Of Life

Answer 130

A

A. Encryption at rest

Answer 131

A

D. Reflected denial of service

Answer 132

A

A. RBAC

Role-based access control (RBAC) restricts users to only access data based on their job responsibilities

Answer 133

A

A. Federation
C. Password complexIty

Federation facilitates access to multiple systems using a single intranet profile, and password complexity ensures that the passwords used are strong and secure.

Answer 134

A

A. SIEM (Security Information Event Management)

SIEM systems are specifically desianed to collect. centralize, and analyze logs from multiple sources, providing security alerting and monitoring capabilities essential for detecting and responsning to potential threats.

DLP = Data Loss Prevention
IDS = Intrusion Detection System
SNMPA = Simple Network Management Protocol

Answer 135

A

C. Password, autnentication token, thumbprint

Answer 136

A

C. Hardening

Hardening involves implementing security measures to protect the application from threats while maintaining its availability. Segmentation and isolation can also be part of a security strategy, they are more about limiting access or separating the legacy system from other network segment
which might not be feasible for a critical business application that requires interaction with other systems.

Answer 137

A

C. Buffer overflow

In a buffer overflow attack, the attacker might overwrite a register or a return address on the stack with a malicious address, redirecting the program’s control flow to execute arbitrary code.

Answer 138

A

B. Retain any communications related to the security breach until further notice

Retain any communications related to the security breach until further notice is the correct answer. This approach ensures that all relevant evidence Is preserved in compliance with the legal hold, covering the full scope of communications and documents needed for the lawsuit.

Answer 139

A

A. Mitigate

when a legacy application is critical to business operations and there are preventative controls that are not yet implemented, the tirst risk management strategy an enterprise should adopt is to mitigate the risks.

Answer 140

A

B. Changing the default password

Answer 141

A

B. Access badge

Answer 142

A

A. Role-based

Role-based is the correct answer because the issue arises from the engineers account not being updated to include the new role associated with the new teams shared tolders. Role-Based Access control Is the tramework in place that determines access based on roles assigned to users, making it the most relevant explanation for the engineer’s access issue.

Answer 143

A

C. Threat vectors based on the industry in which the organization operates
E. Cadence and duration of training events

Threat vectors based on the industry in which the organization operates (C): Understanding the specific threats that are most relevant to the industry helps tailor the training content to address the most pressing risks and vulnerabilities that employees might face.
Cadence and duration of training events (E): Establishing an appropriate schedule and duration for training ensures that employees receive regular, ongoing education to keep security top-of-mind and adapt to evolving threats.

Answer 144

A

D. Availability

Availability is the correct answer because deploying a load balancer enhances the availability of applications and services by distributing traffic, providing redundancy, and ensuring continued access to resources even in the event of server failures. This project directly supports the availabil aspect of the security triad.

Answer 145

A

B. Pushing GPO update

Pushing GPO (Group Policy Objects) update Is the correct answer because it allows the systems administrator to implement a new password policy across all systems quickly and etticiently through centralized management. GOs provide the necessary tools to entorce security settings consistently throughout tr enterorise environment.

PAP = Password Authentication Protocol
EDR = Endpoint detection and Response

Answer 146

A

D. ALE (Anual Loss Expectancy)

ARO: Annual Rate of Occurrence
RTO: Recover Time Obiective
RPO: Recovery Point Obiective
ALE: Annual Loss Expectancy
SLE: Single Loss Expectancy

Answer 147

A

D. Salting

Salting Is the correct answer because it involves adding a random string to a password betore hashing to strengthen security.

Answer 148

A

D. Conduct a site survey

A site survey is essential to determine the best locations for camera installation. ensuring optimal coverage and siana strenath. It involves assessing the physical environment to identity any potential issues that could attect the camera’s performance, such as obstructions, lighting conditions, and power source availability.

Answer 149

A

D. DDoS

DDoS is the correct answer because the sudden increase in network traftic leading to a web services outage is characteristic of a Distributed Denial of Service attack.

Answer 150

A

C. Organized crime

Profit is the main driver for organized crime, making them the most likely threat actor motivated by financial incentives.

Answer 151

A

C. DHCP
E. Firewall

Firewall logs capture network traftic and can show which internal hosts communicated with external IP addresses, including the command-and-control server. By analyzing firewall logs, you can identity the internal IP addresses that initiated or received communication with the command-and-control server, helping to pinpoint the impacted host.
It you have already identified suspicIous network traffic (e.g., connections to a C2 server) in firewall or network logs, the next step is often to determine which device was responsible for that traffic.
DHCP logs are necessary for this step because they map IP addresses to specifIc devices.

Answer 152

A

A. Symmetric

In this type of encryption, there is only one key, and all parties involved use the same key to encrypt and decrypt intormation.

Answer 153

A

A. Port security

Port Security: This is a network security feature that restricts input to an interface by limiting and identifying MAC addresses of the devices allowed to access the port.

Answer 154

A

B. Certification
E. Sanitization

Answer 155

A

A. Backout Plan

A backout plan is a predefined strategy to reverse and recover from changes made to a system if the changes produce undesirable results. It’s a safety measure that ensures data integrity and system availability. See also: backup, recovery time objective, mean time to recovery.

Answer 156

A

C. Virtualization

Answer 157

A

C. File Integrity monitoring

File Integrity Monitoring is the correct answer because it specifically addresses the need to monitor and detect unauthorized modifications to sensitive data.

Answer 158

A

D. Updating the categorization in the content filter

By updating the categorization in the content filter to accurately reflect the nature of the retail website (shopping instead of gambling), the content filter will allow users to access the site.

Answer 159

A

B. Patch availability

Patch availability most impacts an administrator’s ability to address common Vulnerabilities and Exposures (CVES) discovered on a server. It patches are not available to fix the vulnerabilities. the administrator cannot remediate the issues, regardless of other factors.

Answer 160

A

B. Having a backout plan when a patch fails

When applving patches or making system changes, there’s alwavs a risk of unforeseen issues. An effective backout plan allows for a quick and organized response, ensuring that systems can be returned to their last known good state, thereby maintaining business continuity and reducing the potential impact on operations.

Answer 161

A

B. NGFW utilizing application inspection

A Next-Generation Firewall (NGFW) utilizing application inspection could have identified and blocked the use of HTTP over port 53. NGFWs have advanced capabilities that allow them to inspect and identify traffic based on the application layer, not just the port and protocol, enabling them detect and prevent non-standard use of ports for malicious activities.

UNI = Unified Threat Management
WAF = Web Application Firewall
SD-WAN = Software Defined Wide Area Network

Answer 162

A

B. IPSec

IPSec is the correct answer because it provides comprehensive encryption for all IP traffic between the internal networks of both parties. ensuring secure file migration. IPsec’s ability to encrypt, authenticate, and ensure the integrity of all data packets makes it the most suitable solution for protecting communications between the enterprise and the third party.

Answer 163

A

A. DLP (Data Loss Prevention)

DLP Is the correct answer because it is specitically designed to detect, monitor, and prevent the unauthorized transter of sensitive data, such as fingerprinted files, outside the organization. DLP solutions provide the necessary tools to ensure data security by generating alerts and blocking
unauthorized data exfiltration attempts.

Answer 164

A

A. Hashes

Hashes is the correct answer because they provide a straightforward and reliable method for verifying the integrity of downloaded files. By comparing the hash of a downloaded file with the hash provided on the website, users can ensure that the file has not been altered, confirming its Integrity and authenticity.

Answer 165

A

B. Hashing

Hashing Is the most likely recommendation for protecting a log-in database. By hashing passwords, the organization ensures that even it the database is breached, the actual passwords are not exposed in plaintext.

Answer 166

A

D. Ransomware

Ransomware encrypts files on a victim’s system and displays a message demanding payment to decrypt the files or restore access.

Answer 167

A

D. Mean time to repair

Mean Time to Repair (MITR) Is the correct answer because it directly relates to calculating the time needed to resolve hardware issues and restor the server to full functionality.

Answer 168

A

D. Active

Answer 169

A

C. DLP

XDR = Xtended Detection and Response
SPF = Sender Policy Framework
DLP = Data Loss Prevention
DMARC = Domain-based Message Authentication Reporting and Conformance

Answer 170

A

C. EDR

IDS = Introsion Detection System
ACL = Access Control List
EDR = Endpoint Detection and Response
NAC = Network Access Card

Answer 171

A

B. Confidentiality

Answer 172

A

D. Critical

Answer 173

A

B. Social engineering

Answer 174

A

A. SLA (Service Level Agreement)

Answer 175

A

C. Compensating

Answer 176

A

C. Due diligence

Answer 177

A

C. Role as controller or processor

Answer 178

A

B. Firewall

Answer 179

A

A. Business Continuity

Business Continuity is a document that consists of the critical information an organization needs to continue operating during an unplanned event.

Answer 180

A

A. Virtualization and isolation of resources

Answer 181

A

A. End user training

End user training is the process of educating end users (AKA customers) about how to use your products or services.

Answer 182

A

A. Validate the code signature.

Answer 183

A

B. Placing the system in an isolated VLAN

Answer 184

A

B. Internal audit

Answer 185

A

D. Shadow IT

Shadow IT is the use of IT-related hardware or software by a department or individual without the knowledge of the IT or security group within the organization. It refers only to unsanctioned assets deployed by the network’s authorized end users

Answer 186

A

A. Shadow IT

Shadow IT is the use of IT-related hardware or software by a department or individual without the knowledge of the IT or security group within the organization. It refers only to unsanctioned assets deployed by the network’s authorized end users

Answer 187

A

A. To track the status of patching installations

Answer 188

A

D. Load Balancer

A load balancer is the device or service that sits between the user and the server group and acts as an invisible facilitator, ensuring that all resource servers are used equally. Cloud HSM is a cloud-hosted Hardware Security Module (HSM) service that allows you to host encryption keys and perform cryptographic operations in a cluster of FIPS 140-2 Level 3 certified HSMs.

Answer 189

A

A. Encrypted connection

Answer 190

A

A. Unidentified removable devices

Answer 191

A

C. MaskIng

Answer 192

A

C. False positive

Answer 193

A

A. Memory Injection

A memory injection attack is a type of cyber attack that involves injecting malicious code into a computer’s memory in order to execute unauthorized commands or steal sensitive information.

Answer 194

A

A. Asset inventory

Answer 195

A

A. Playbooks

Playbooks are tools used by cybersecurity professionals to identify and respond to security issues

Framework is a set of guidelines that outlines standards to define the processes and procedures that an organization must take to assess, monitor, and mitigate cybersecurity risk

Baseline is The set of controls that are applicable to information or an information system to meet legal, regulatory, or policy requirements, as well as address protection needs for the purpose of managing risk.

Benchmarks are best practices for securely configuring IT systems, software, networks and cloud infrastructure.

Answer 196

A

C. Tabletop exercise

Answer 197

A

B. Availability

Answer 198

A

B. SLA (Service Level Agreement)

SOW = Statement of Work
SLA = Service Level Agreement
MOA = Memorandum of Agreement
MOU= Memorandum of Understanding

Answer 199

A

B. Automated response actions

Security information and event management (SIEM) technology supports threat detection, compliance and security incident management through the collection and analysis (both near real time and historical) of security events, as well as a wide variety of other event and contextual data sources.

Answer 200

A

B. Deterrent
F. Detective

Answer 201

A

B. Port Security

Port Security helps secure the network by preventing unknown devices from forwarding packets. When a link goes down, all dynamically locked addresses are freed.
Next-generation firewalls (NGFWs) are deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.

Answer 202

A

C. Jailbreaking

**Sideloading **is the practice of installing mobile apps on a device that are not from the official app stores

**Jailbreaking **is the process of removing software restrictions imposed by the operating system on devices, particularly smartphones and tablet

Cross-site scripting (XSS) is an exploit where the attacker attaches code onto a legitimate website that will execute when the victim loads the website

An SQL injection, sometimes abbreviated to** SQLi**, is a type of vulnerability in which an attacker uses a piece of SQL (structured query language) code to manipulate a database and gain access to potentially valuable information.

Answer 203

A

C. Lessons learned

Answer 204

A

B. Vulnerability scan

Answer 205

A

C. VPN

A VPN, which stands for virtual private network, establishes a digital connection between your computer and a remote server owned by a VPN provider, creating a point-to-point tunnel that encrypts your personal data, masks your IP address, and lets you sidestep website blocks and firewalls on the internet.

A security zone comprises users, applications, servers, or networks that share common trust requirements and expectations within a system

A proxy server is a system or router that provides a gateway between users and the internet. Therefore, it helps prevent cyber attackers from entering a private network. It is a server, referred to as an “intermediary” because it goes between end-users and the web pages they visit online.

A next-generation firewall (NGFW) is an advanced version of the traditional firewall that makes authentication decisions based on the context of the user, content and application.

Answer 206

A

B. Enabling malware detection through a UTM

Unified threat management (UTM) refers to when multiple security features or services are combined into a single device within your network

Answer 207

A

D. To prevent a single point of failure

Answer 208

A

B. Containerization

Containerization works by virtualizing all the required pieces of a specific application into a single unit. Under the hood, that means containers include all the binaries, libraries, and configuration an app requires. However, containers do NOT include virtualized hardware or kernel resources.

Answer 209

A

A. Disable default accounts
C. Remove unnecessary servIces.

Answer 210

A

C. Internal auditing

Answer 211

A

B. AAA

AAA = Authentication, Authorization, and Accounting
CIA = Confidentiality, Integrity, and Availability
ACL = Access Control List
PEM = Privacy-Enhanced Mail

Answer 212

A

D. Version control

Answer 213

A

B. Cold site

Answer 214

A

C. Implement security awareness training

Answer 215

A

C. Red team

Answer 216

A

A. Trusted Devices

Answer 217

A

C. Honeypots
E. DNS sinkhole

Answer 218

A

A. Hashing

Answer 219

A

B. SAML

SAML = Security Assertion Markup Language (SAML) is an open federation standard that allows an identity provider (IdP) to authenticate users and then pass an authentication token to another application known as a service provider (SP).

EAP = Extensible Authentication Protocol (EAP) is used to pass the authentication information between the supplicant (the Wi-Fi workstation) and the authentication server (Microsoft IAS or other). The EAP type actually handles and defines the authentication.

OpenID = OpenID Connect is a popular authentication protocol. It helps standardize the process for user authentication when users try to access a browser or mobile app

RADIUS = Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that authorizes and authenticates users who access a remote network. A protocol is a collection of rules that control how something communicates or operates.

Answer 220

A

D. On-path attack

On-path attackers place themselves between two devices (often a web browser and a web server) and intercept or modify communications between the two. The attackers can then collect information as well as impersonate either of the two agents.

Answer 221

A

D. There is a single point of failure

Answer 222

A

E. Compensating
F. Technical

Answer 223

A

D. Containerization

Containerization is a type of virtualization in which all the components of an application are bundled into a single container image and can be run in isolated user space on the same shared operating system. To ensure that all data on a mobile device is unrecoverable if the device is lost or stolen, a company can use containerization

Answer 224

A

A. Residual

Residual risk is the level of cyber risk remaining after all your security controls are accounted for, any threats have been addressed and the organization is meeting security standards. It’s the risk that slips through the cracks of your system.

Answer 225

A

B. Performing code obfuscation

Code Obfuscation is the process of modifying an executable so that it is no longer useful to a hacker but remains fully functional. While the process may modify actual method instructions or metadata, it does not alter the output of the program

Answer 226

A

B. Something you have

MFA = Multi factor authentication

Answer 227

A

A. Increasing the minimum password length to 14 characters.
F. Including a requirement for at least one special character.

Answer 228

A

D. The software contained a backdoor.

Answer 229

A

B. Transitioning the platform to an laaS provider

Logistics as a service (LaaS) falls along these same lines. LaaS solutions offer organizations a way to manage their logistics through a cloud-based platform, sometimes with the assistance of remote logistics experts. LaaS falls under the overall umbrella of managed transportation services.

Answer 230

A

C. A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers.

Answer 231

A

B. Metadata

Answer 232

A

D. To ensure non-repudiation

Secure/Multipurpose Internet Mail Extensions, or S/MIME, is an internet standard to digitally sign and encrypt email messages. It ensures the integrity of email messages remains intact while being received.

Answer 233

A

D. Dumpster diving

Answer 234

A

A. Resource constraints

Internet of Things (IoT) is a network of devices equipped with sensors, software, and other technologies to connect and exchange data with other devices and systems over the internet.

Answer 235

A

B. Captive portal

Answer 236

A

B. SOC 2 Type 2 report

A SOC 2 Type 2 report outlines a company’s internal controls and details how well they safeguard customer data, specifically for cloud service providers. Specifically, it’s a third-party audit that shows if the security protocols are safe and effective.

Answer 237

A

C. DRP

DRP = Disaster Recovery Plan
IRP = Incident Recovery Plan
BCP = Business Continuity Planning

Answer 238

A

D. Segregation of duties

Answer 239

A

B. Send the dead domain to a DNS sinkhole

Answer 240

A

A. Disk Encryption

Answer 241

A

C. Retention policy

Retention Policy describes how long a business needs to keep a piece of information (record), where it’s stored and how to dispose of the record when its time.

Answer 242

A

A. Code repositories

A code repository is a storage location for code and other software development assets, such as documentation, tests, and scripts. They are often used to manage and organize a software project’s codebase and collaborate with other project developers.

Answer 243

A

C. The organization will have the ability to create security requirements based on classification levels

Answer 244

A

A. Non-credentialed scan

Answer 245

A

A. MITRE ATT&CK

MITRE ATT&CK (Adversarial Tactics, Techniques and Common Knowledge) is a framework, set of data matrices, and assessment tool developed by MITRE Corporation to help organizations understand their security readiness and uncover vulnerabilities in their defenses.

Answer 246

A

D. Microservices using API

Microservices is an approach to building an application that breaks its functionality into modular components. APIs are part of an application that communicates with other applications. So, APIs can be used to enable microservices. As a result, you can make it easier to create software

Secure File Transfer Protocol (SFTP) is a network protocol that enables secure and encrypted file transfers between a client and a server.

JSON (JavaScript Object Notation) is a text-based, human-readable data interchange format used to exchange data between web clients and web servers.

Answer 247

A

A. GDPR

GDPR: general data protection regulation (GDPR) is the strongest privacy and security law in the world.

PCI DSS: The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.

NIST: National Institute of Standards and Technology. The NIST Cybersecurity Framework helps businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data. The Framework is voluntary.

ISO: International Organization for Standardization

Answer 248

A

B. The administrator needs to install the server certiticate into the local truststore

Answer 249

A

B. Lack of vendor support

Answer 250

A

B. A packet capture tool was used to steal the password.

Answer 251

A

C. SSH

SNMPv3 Simple Network Management Protocol Version 3 is an advanced version of SNMP. Primarily used for network management, SNMPv3 ensures secure access to devices by providing enhanced security features.

**SSH (Secure Shell or Secure Socket Shell) **is a network protocol that gives users – particularly systems administrators – a secure way to access a computer over an unsecured network.

RDP Remote Desktop Protocol, is one of the main protocols used for remote desktop sessions, which is when employees access their office desktop computers from another device.

SMTP Simple Mail Transfer Protocol

Answer 252

A

A. Wildcard

A **wildcard ** certificate is a type of SSL/TLS certificate that can be used to secure multiple domains (hosts), indicated by a wildcard character (*) in the domain name field. This can be helpful if you have a lot of domains or subdomains that you need to secure, as it can save you time and money

**Client certificates ** are digital certificates for users and individuals to prove their identity to a server. Client certificates tend to be used within private organizations to authenticate requests to remote servers.

** Self-signed certificate** means choosing to proceed without the support of a trusted certificate authority to guarantee the validity of the certificate details

Code signing is the process of applying a digital signature to a software binary or file. This digital signature validates the identity of the software author or publisher and verifies that the file has not been altered or tampered with since it was signed

Answer 253

A

A. Nessus

Nessus is a remote security scanning tool, which scans a computer and raises an alert if it discovers any vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a network.

Curl (Client URL) is a command line tool that enables data exchange between a device and a server through a terminal.

Wireshark is a network protocol analyzer, or an application that captures packets from a network connection

Netcat is a networking tool for reading from and writing to network connections. It’s called the “Swiss Army Knife” of networking due to its range of functions. Netcat establishes TCP and UDP connections with remote hosts. This allows communication between devices over a network.

Answer 254

A

A. Encapsulation

Encapsulation refers to a programming approach that revolves around data and functions contained, or encapsulated, within a set of operating instructions.

Answer 255

A

A. Serverless architecture

Serverless architecture is an approach to software design that allows developers to build and run services without having to manage the underlying infrastructure

A** thin client** connects to a server-based environment that hosts the majority of applications, memory, and sensitive data the user needs.

** private cloud** is defined as computing services offered either over the Internet or a private internal network and only to select users instead of the general public.

Answer 256

A

B. File integrity monitor

Answer 257

A

B. VoIP

Voice over Internet Protocol (VoIP), is a technology that allows you to make voice calls using a broadband Internet connection instead of a regular (or analog) phone line.

The Secure Real-Time Transport Protocol (SRTP) adds encryption, authentication, and replay protection to the Real-time Transport Protocol (RTP). This enables private, tamper-proof conversations over untrusted networks.

Answer 258

A

A. Whaling

A whaling attack is a type of phishing attack where a particularly important person in the organization is targeted.

Spear phishing is a type of phishing attack that targets a specific individual, group or organization

Answer 259

A

A. Updating the CRL

A certificate revocation list (CRL) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their actual or assigned expiration date.

Public key infrastructure (PKI) governs the issuance of digital certificates to protect sensitive data, provide unique digital identities for users, devices and applications and secure end-to-end communications.

Answer 260

A

E. PAM software

Privileged access management (PAM) is an identity security solution that helps protect organizations against cyberthreats by monitoring, detecting, and preventing unauthorized privileged access to critical resources.

Security Assertion Markup Language (SAML) is an open federation standard that allows an identity provider (IdP) to authenticate users and then pass an authentication token to another application known as a service provider (SP).

TACACS, which stands for Terminal Access Controller Access-Control System, is a network protocol that was developed by Cisco. TACACS+ is an improved version of the original TACACS protocol, which is now popularly used in the industry for Authentication, Authorization, and Accounting (AAA) in network security.

Role-based access control (RBAC), also known as role-based security, is a mechanism that restricts system access. It involves setting permissions and privileges to enable access to authorized users.

SSO Single Sign On

Answer 261

A

C. Add a quest captive portal requiring visitors to accept terms and conditions

802.1X is a network authentication protocol that opens ports for network access when an organization authenticates a user’s identity and authorizes them for access to the network.

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that authorizes and authenticates users who access a remote network.

Wi-Fi Protected Setup (WPS) is a feature supplied with many routers. It is designed to make the process of connecting to a secure wireless network from a computer or other device easier.

Answer 262

A

A. Owner

A Data Owner is the person accountable for the classification, protection, use, and quality of one or more data sets within an organization

A Data Steward is a subject expert with a thorough understanding of a particular data set.

A Data Custodian is responsible for implementing and maintaining security controls for a given data set in order to meet the requirements specified by the Data Owner in the Data Governance Framework.

The Data Controller is the entity that determines the purposes and methods for processing personal data. It makes key decisions about data handling and bears the primary responsibility for the data.

Answer 263

A

A. Lighting
D. Sensor

Answer 264

A

A. Load balancer

A load balancer is the device or service that sits between the user and the server group and acts as an invisible facilitator, ensuring that all resource servers are used equally

Answer 265

A

B. Code signing

Code signing is the process of applying a digital signature to a software binary or file. This digital signature validates the identity of the software author or publisher and verifies that the file has not been altered or tampered with since it was signed.

Input validation is performed to ensure only properly formed data is entering the workflow in an information system, preventing malformed data from persisting in the database and triggering malfunction of various downstream components.

fuzzing is an automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities

Answer 266

A

A. Lack of security updates

Answer 267

A

A. Wireshark

Wireshark is used to trace connections, view the contents of suspect network transactions and identify bursts of network traffic.

Netcat is a networking tool for reading from and writing to network connections. It’s called the “Swiss Army Knife” of networking due to its range of functions. Netcat establishes TCP and UDP connections with remote hosts. This allows communication between devices over a network.

Nessus is a remote security scanning tool, which scans a computer and raises an alert if it discovers any vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a network.

Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Answer 268

A

A. Fuzzing

fuzzing is an automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities

Answer 269

A

C. Design review process

Answer 270

A

D. CVSS

CVE = Common Vulnerabilities and Exposure
OSINT = Open Source Intelligence
SOAR = Security Orchestration Automation and Response
CVSS = Common Vulnerability Scoring System

Answer 271

A

B. The attacker performed a pass-the-hash attack using a shared support account

A pass the hash attack is an exploit in which an attacker steals a hashed user credential and – without cracking it – reuses it to trick an authentication system into creating a new authenticated session on the same network.

Answer 272

A

A. OWASP

The Open Web Application Security Project, or OWASP, is an international non-profit organization dedicated to web application security.

Structured Threat Information eXpression (STIX) is a standardized language that uses a JSON-based lexicon to express and share threat intelligence information in a readable and consistent format.

Open Vulnerability and Assessment Language (OVAL) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services.

A threat intelligence feed is a stream of data about potential attacks (known as “threat intelligence”) from an external source

Answer 273

A

B. Conditional access policies
D. Implementation of additional authentication factors

Answer 274

A

E. WAF
F. SIEM

NIDS, or network intrusion detection systems, provide continuous network monitoring across on-premise and cloud infrastructure to detect malicious activity like policy violations, lateral movement or data exfiltration.

Host-based Intrusion Prevention System (HIPS) protects your system from malware and unwanted activity attempting to negatively affect your computer.

WAF or web application firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet

SIEM, Security information and event management, is a solution that helps organizations detect, analyze, and respond to security threats before they harm business operations.

Answer 275

A

C. Snapshot

Answer 276

A

B. Decommissioning

decommissioning means the process of systematic removal and permanent shutdown of an outdated computer system, server, hardware, software, or associated infrastructure.

Answer 277

A

A. Santization

Answer 278

A

D. Time-based tokens

Answer 279

A

C. Phishing campaign

Answer 280

A

D. Supply chain

Answer 281

A

A. A web shell has been deployed to the server through the page

Answer 282

A

D. Illumination tool

Answer 283

A

A. Agentless solution

Agentless network analysis involves monitoring and evaluating network traffic from a central location without deploying agents on network devices

Answer 284

A

D. SOW

A Statement of Work (SOW) specifies the detailed scope of work, tasks, deliverables, timelines, and costs for a specific project or engagement with the vendor. A Service-Level Agreement (SLA) is a specific type of agreement that defines the level of service expected from the vendor, including performance metrics, response times, and other service-related terms. An MSA is a comprehensive contract that sets forth the general terms and conditions that will govern multiple future engagements between the parties. It may reference specific work orders or statements of work for individual projects. A Memorandum of Agreement (MOA) typically outlines a broader understanding or collaboration between parties, but it may not necessarily include specific services, timelines, and costs as in this context.

Answer 285

A

C. Hardware

The hardware aspect of a BPA focuses on identifying the specific technological resources, like servers or data centers, that perform the processing for a mission essential function. Process flow gives a sequential description of operational steps but does not specify the hardware used in the process. Inputs pertain to the initial information sources needed for a function’s execution, not the processing hardware. While staff and other resources includes the workforce and supplementary resources needed for the function, it does not refer to the technological processing equipment.

Answer 286

A

C. Serverless

Serverless is an architecture model that allows running code without managing any underlying infrastructure. It can offer benefits such as flexibility, scalability, cost-efficiency, and security.** Virtualization** is a technology that allows creating multiple virtual machines or environments on a single physical device, not running code without managing any underlying infrastructure.** Infrastructure as code (IaC)** is a method of managing and provisioning IT infrastructure through code, not running code without managing any underlying infrastructure. Software-defined networking (SDN) is a network technology that involves dynamically configuring and managing network devices and services through software, not creating multiple isolated environments on a single physical device.

Answer 287

A

A. SPF

SPF (Sender Policy Framework) helps prevent email spoofing by enabling domain owners to define which servers can send emails on their behalf. SMTP (Simple Mail Transfer Protocol) is the protocol used for sending emails, but it doesn’t dictate server authorizations for a specific domain. DMARC (Domain-based Message Authentication, Reporting, and Conformance) utilizes the results from** DKIM (Domain Keys Identified Mail)** and SPF checks to determine the action to take with non-conforming messages, but it doesn’t list authorized servers itself. DKIM provides a method to validate the domain name identity associated with a message through cryptographic authentication, but it doesn’t specify server authorizations.

Brainscape's Knowledge GenomeTM

CompTIA SYO-701 (ET) Test Flashcards

Brainscape's Knowledge Genome^TM