CYSA+ Flashcards
A cyber security consultant is examining security control classes for an Infrastructure as a Service (IaaS) provider. The classes measure how effectively assets are protected. Which security control class would the consultant examine to gain oversight of the information system?
a. technical
b. managerial
c. operational
d. detective
B. Managerial
The managerial control gives oversight of the information system. Examples could include risk identification or a tool allowing the evaluation and selection of other security controls.
A mission-critical system is offline at an organization due to a zero-day attack. The associated software vendor plans to release a patch to remediate the vulnerability. Which of the following are important patch management considerations for this scenario? (Select the three best options.)
A. a patch test environment
B. speedy push delivery of critical security patches
C. a specific team responsible for reviewing vendor-supplied newsletters and security patch bulletins
D. a routine schedule for the rollout of noncritical patches
A, B, and C
A support manager is giving essential security training to the help desk. Which control class is the support manager implementing?
a. operational
b. technical
c. detective
d. managerial
A. operational
Operational controls are primarily implemented and executed by people (as opposed to systems). For instance, security guards and training programs are examples of operational controls.
An IT director reviews a cyber security audit and learns that an old accounting server is significantly out of compliance. Rather than attempting repairs, the director concludes that decommissioning the server is the safest course of action. What is the risk management principle the IT director is following?
a. risk acceptance
b. risk mitigation
c. risk avoidance
d. risk transference
C. risk avoidance
An organization recently had an attack that resulted in system data loss. The system administrator must now restore the system with a data backup. What functional security control was the system administrator able to implement?
a. preventative
b. responsive
c. corrective
d. compensating
C. corrective
A good example of a corrective control is a backup system that can restore data that an attacker damages during an intrusion.
A CEO of a small corporation has decided to continue using a legacy system despite security concerns. This is an example of which risk management principle?
a. risk acceptance
b. risk avoidance
c. risk mitigation
d. risk transference
a. risk acceptance
A security engineer installs a next-generation firewall on the perimeter of a network. This installation is an example of what type of security control class?
a. managerial
b. operational
c. detective
d. technical
d. technical
The legal affairs team of an international conglomerate elects to assign certain risks to a third party. Which risk management principle are they implementing?
a. risk acceptance
b. risk avoidance
c. risk mitigation
d. risk transference
d. risk transference
Risk transference (or sharing) means the company would assign risk to a third party, which they would typically accomplish through insurance policies. Insurance transfers financial risks to a third party.
An engineer is considering appropriate risk responses using threat modeling. They are trying to understand which threat actors are in scope for their organization. How does threat modeling identify the principal risks and tactics, techniques, and procedures (TTPs) for which their system may be susceptible? (Select the three best options.)
a. by evaluating the system from an attacker’s point of view
b. by evaluating a system from a neutral perspective
c. through using tools such as diagrams
d. by analyzing the system from the defender’s perspective
A, C, and D
A system administrator is performing patchwork on their organization’s system. The administrator realizes the maintenance window will close before they complete the patchwork. What action must the administrator take to abide by the change management policy?
a. rollback to the system’s previous state
b. rollout earlier patches
c. rollback to a system’s initial state
d. rollout system patches
a. rollback to the system’s previous state
A system administrator is hardening a newly provisioned server with software patches and security updates. What functional security control is the system administrator performing?
a. detective
b. preventative
c. corrective
d. compensating
b. preventative
A support team is preparing for an upcoming maintenance window. What tasks should the support team accomplish during the proactive maintenance windows? (Select the three best options.)
a. implement untested patches
b. restart devices
c. analyze events
d. restore critical services after a backup test
B, C, and D
A security analyst reviews a firewall log’s source IP addresses to investigate an attack. These logs are a representation of what type of functional security control?
a. corrective
b. preventative
c. detective
d. compensating
c. detective
A large corporation’s security operations center (SOC) team is processing a recent incident. The team refers to a playbook for guidance about the incident. What type of functional security control does the playbook represent?
a. corrective
b. preventative
c. responsive
d. compensating
c. responsive
Responsive controls serve to direct corrective actions enacted after the SOC team confirms the incident. The team often documents these actions in a playbook.
A systems administrator runs a scan on an application server and finds several vulnerabilities. The issues are not severe, and patches are available in each instance. The administrator decided to install the available patches. What risk management principle did they demonstrate?
a. risk mitigation
b. risk acceptance
c. risk avoidance
d. risk transference
a. risk mitigation
A cybersecurity analyst wants to collect indicators of compromise (IoCs) to identify, investigate, and mitigate threats. What are some examples of IoCs that the analyst will be collecting? (Select the three best options.)
a. expected configuration changes
b. odd network patterns
c. unusual account behaviors
d. unfamiliar new files
B, C, and D
A geographically diverse group of hackers commit fraud against a small company for commercial gain. What type of threat actor committed this fraud?
a. organized crime
b. hacktivist
c. nation-state
d. insider threat
a. organized crime
A security analyst is analyzing systems for potential misconfiguration. Misconfiguration hunting is an important focus area. What are some key items the analyst should search for while misconfiguration hunting? (Select the three best options.)
a. weak passwords
b. open ports
c. unpatched software
d. isolated networks
A, B, and C
A security consultant is using the dark web as a source of defensive open-source intelligence (OSINT). Which of the following should the consultant be aware of when using the dark web? (Select the three best options.)
a. the dark web is protected by a single layer of encryption
b. the dark web serves as an operating platform for cybercrimes
c. threat actors leverage the dark web for criminal activities
d. the dark web can provide evidence of previously undiscovered breaches
B, C , and D
A threat actor obtains and releases confidential information about a political candidate to the public domain. The information damages the person’s candidacy and helps the opposing party. These actions were likely performed by which type of threat actor?
a. insider threat
b. script kiddie
c. organized crime
d. hacktivist
D. hacktivist
A security analyst is reviewing an announcement from the Cybersecurity and Infrastructure Security Agency. Which source of defensive open-source intelligence (OSINT) does the agency represent?
a. CERT
b. internal sources
c. government bulletins
d. CSIRT
c. government bulletins
Agents from a sovereign region in North Africa perform a cyber attack against the energy infrastructure of a neighboring republic. What type of threat actor does this scenario illustrate?
a. insider threat
b. organized crime
c. hacktivist
d. nation-state
d. nation-state
Nation-state actors have participated in many attacks, particularly on energy and electoral systems. The goals of nation-state actors are primarily espionage and strategic advantage.
An attacker is browsing social media accounts associated with a targeted organization. Why is the attacker using social media in this manner? (Select the three best options.)
a. attackers can use social media sites to find an organization information
b. attackers can leverage social media as a vector to launch attacks against targets
c. attackers can use information from social media as a source of defensive OSINT
d. an attacker may find posts or user profiles that give away sensitive information
A, B, and D
An attacker is planning to target a business-critical database for a large enterprise. What are some business-critical asset-hunting methods that security analysts use to protect systems? (Select the two best options.)
a. search for unauthorized access attempts
b. search for misconfigured systems
c. search for unusual traffic patterns
d. search for routine activity
A and C
Business-critical asset hunting involves searching for vulnerabilities and threats that could impact these assets.
A large corporation has established a team specifically tasked with responding to routine, non-emergency security incidents. Which of the following terms best describes this team?
a. CERT
b. internal sources
c. CSIRT
d. government bulletins
c. CSIRT
A computer security incident response team (CSIRT) is a group responsible for responding to security incidents involving computer systems.
Someone with a casual interest in hacking techniques launches a random attack against a widely known enterprise using tools readily available online. What type of threat actor is likely behind this attack?
a. insider threat
b. script kiddie
c. organized crime
d. hacktivist
b. script kiddie
A computer emergency response team (CERT) is quickly reacting to an attack on the network infrastructure of a semiconductor manufacturer. What is true about a CERT? (Select the three best options.)
a. CERTS mitigate cybercrime
b. CERTS work with local law enforcement
c. CERTS provide knowledge of trending attacks
d. CERTS publish a wide variety of information concerning threats
A, b, and C
A systems administrator is researching active defense approaches. The administrator decides to install a honeypot to lure attackers away from assets of actual value. What is true of a honeypot? (Select the three best options.)
a. honeypots seek to redirect malicious traffic away from live production systems
b. honeypots can provide an early warning regarding ongoing attacks
c. honeypots help collect intelligence on the attackers and their techniques
d. honeypots assist defensive teams in identifying and responding after an attack has taken place on critical systems
A, b, and c
A systems administrator is searching for potential vulnerabilities in the network. Which threat-hunting focus area should the administrator examine, as attackers often exploit it through connected systems or physical access?
a. isolated networks
b. misconfigured systems
c. business-critical assets
d. lateral movements
a. isolated networks
Isolated networks, such as air-gapped networks or networks with limited connectivity to the internet, are often thought to be more secure. However, attackers can still target these networks by exploiting vulnerabilities in connected systems or through physical access.
Which of the following are characteristics of an advanced persistent threat? (Select the three best options.)
a. remove evidence of the attack
b. target large organizations
c. spend little time gathering intelligence
d. develop highly specific exploits
A, B, and D
A cloud architect advises an associate to consider a serverless platform for their new endeavor. What benefits would the architect highlight about a serverless platform? (Select the two best options.)
a. serverless platforms require the mgmt of physical or virtual server instances
b. there are considerable mgmt demands for file system security monitoring
c. there is no requirement to provision multiple servers for redundancy or load balancing
d. the service provider manages the underlying architecture
C and D
A security analyst needs a data loss prevention (DLP) solution to prevent users from transferring data without authorization. What components typically make up DLP solutions? (Select the three best options.)
a. policy servers
b. USB devices
c. endpoint agents
d. network agents
A, C, and D
What computing environment can an administrator use to install multiple independent operating systems on a single hardware platform and run them simultaneously?
a. container
b. serverless computing
c. microservices
d. virtualization
d. virtualization
A systems administrator is setting up single sign-on (SSO) for a company. What are some of the primary benefits of SSO to an organization? (Select the two best options.)
a. SSO allows users to access multiple resources using only a single set of credentials
b. SSO allows users to access multiple websites using only a single set of credentials
c. SSO dramatically reduces usability
d. SSO eliminates the risk of breached credentials
A and B
A cloud consultant is investigating cloud deployment types for a client. The client requires both onsite and offsite infrastructure. Which of the following deployment types should the consultant recommend to their client?
a. public
b. hybrid
c. microservices
d. private
b. hybrid
An engineer is studying the hardware architecture of a company’s various systems. The engineer can find the x86 architecture in which of the following items? (Select the three best options.)
a. desktops
b. ARM-based tablets
c. laptops
d. servers
A, C, and D
Advanced RISC Machines (ARM) and x86 are common architectures. The x86 architecture dominates desktops, laptops, and server computers, while the ARM architecture dominates smartphones, tablets, and single-board computers.
Data loss prevention (DLP) systems detect and prevent users from storing information on unauthorized systems or transmitting information over unauthorized networks. Which of the following are examples of DLP systems an organization can set for users? (Select the three best options.)
a. enforce the use of external media
b. implement clipboard privacy controls
c. use print blocking
d. restrict virtual desktop infrastructure (VDI) implementation
B, C, and D
After provisioning a server, a support technician conducts system hardening. Why is system hardening such a vital practice? (Select the three best options.)
a. system hardening eliminates monitoring software
b. system hardening reduces the attack surface of a system
c. system hardening includes disabling unnecessary services
d. system hardening involves patching the operating system
B, C, and D
A support manager is deploying multifactor authentication (MFA) in a corporate office. What is true of MFA? (Select the three best options.)
a. using at least two of the three factors of authentication is called multifactor authentication (MFA)
b. MFA can use multiple authentication factors combined with authentication attributes
c. when using MFA, abusing authentication becomes far more simplified
d. with MFA in place, a username and password can be breached but are unusable without the additional factor
A, B, and D
A systems administrator is developing a plan for deploying Zero Trust architecture throughout the enterprise. What components of Zero Trust architecture should the administrator consider essential? (Select the three best options.)
a. increased granularity
b. network and endpoint security
c. identity and access mgmt (IAM)
d. network segmentation
B, C, and D
A security engineer wants to implement Zero Trust architecture at their workplace. What key benefits would the engineer mention to their company for using a Zero Trust architecture? (Select the three best options.)
a. greater security
b. better access controls
c. improved governance and compliance
d. decreased granularity
A, B, and C
A support technician examines the Windows registry for a host on a local area network (LAN). The technician uses which subkey to find username information for accounts used on a computer?
a. SAM
b. SECURITY
c. DEFAULT
d. SYSTEM
a. SAM
The Windows registry is a database for storing operating system, device, and software application configuration information. The support technician can use the Security Accounts Manager (SAM), which stores username information for accounts on the current computer.
A systems administrator installs a syslog server to capture and report events for wireless infrastructure. Following a requirement from the Chief Information Officer (CIO), recorded logging levels should include a status if an access point is unusable and if any immediate action is required. Which logging levels does the administrator evaluate and configure? (Select the two best options.)
a. 2-criitical
b. 4-warning
c. 0-emergency
d. 1-alert
C and D
A network engineer wants to simplify network and security services. How could Secure Access Service Edge (SASE) help to simplify these services for the engineer?
a. it combines network and security functions into a single cloud-hosted service
b. it requires dedicated hardware
c. it offers elementary features
d. it blocks the remote mgmt of networks and systems
A
Secure Access Service Edge (SASE) aims to simplify the complexity of managing multiple network and security services by combining networking and security functions into a single cloud-hosted service.
A system technician reviews system logs from various devices and notices discrepancies between recorded events. The events between the systems are not synchronizing in the correct order. Which configuration should the technician analyze and adjust to ensure proper and accurate logging? (Select the two best options.)
a. NTP
b. GPS
c. PKI
d. SSL
A and B
An organization looks to utilize an approach with minimal human engagement in security scanning and reporting. What actions does the organization put in place to achieve this goal? (Select the three best options.)
a. effective communication
b. trigger actions
c. application integration
d. data enrichment
B, C, and D
A new software development organization looks to provide a security solution for an existing security product. In doing so, developers at the organization utilize which technology from the existing product’s toolkit to provide an integrated solution?
a. SOAR
b. SOC
c. SIEM
d. API
d. API
An application programming interface (API) is a set of functions and procedures that allow two or more applications to integrate. Developers can use the existing product’s toolkit for integration.
An organization looks to strengthen team coordination in a security operations center (SOC) without needing to rely on self-operating support. In doing so, which policies should management implement for team members to achieve this goal? (Select the three best options.)
a. information sharing
b. streamlined automation
c. communication protocols
d. effective collaboration
A, C, and D
The success of a data security program at an organization relies on which factors from personnel within a security operations center (SOC)? (Select the two best options.)
a. effective collaboration
b. diverse threat feeds
c. automation accuracy
d. information sharing
A and D
An automation engineer utilizes an application programming interface (API) to enable communications between software applications. The engineer configures systems this way to minimize which management approach?
a. extended functionality
b. information relevancy
c. trigger actions
d. human engagement
d. human engagement
To improve security posture, an organization gathers information from varying sources to gain a larger picture of the threat landscape. What general approach is the organization implementing to achieve this level of reporting?
a. effective collaboration
b. automated trigger actions
c. threat feed combination
d. human engagement
c. threat feed combination
A group of security engineers looks to achieve high data enrichment while compiling threat information for review. Which solution will the engineers apply to achieve this goal?
a. using different data sources
b. using automation
c. identifying threat areas
d. improving accuracy
a. using different data sources
Data enrichment is the process of analyzing data from different sources to better understand the threat landscape. Using different sources for high data enrichment is essential to providing a well-rounded view of threat information.
An engineer wants to automate threat response mechanisms by leveraging a solution that can act on threat-related events. Which solution does the engineer implement?
a. API
b. SOAR
c. SOC
d. SIEM
b. SOAR
Security orchestration, automation, and response (SOAR) use technology to automate acting upon security threats. The engineer uses a SOAR approach to meet the specified goal.
An engineer enables a lightweight data sharing technology for trigger-based message sharing between security software applications. What automation feature does the engineer implement?
a. add-ons
b. APIs
c. webhooks
d. plugins
c. webhooks
The engineer will utilize webhooks in an automated messaging solution. They will implement webhooks to send automated messages from applications to other applications when certain events occur.
A security engineer suggests using a single pane of glass approach while monitoring a server farm and delegates the orchestration to several server administrators. To utilize this approach, the server administrators apply which solution?
a. a series of automated messages configured as webhooks
b. a customized and unified graphical user interface
c. a set of functions within an API procedure
d. application add-ons that help to tailor a software package
b. a customized and unified graphical user interface
A local city council tasked its Information Technology (IT) department to implement an international-scale cybersecurity framework. The requirement is coming from their cyber security insurance vendor. The vendor warned that this set of frameworks is not freely available. Which industry framework should the IT department investigate?
a. CIS
b. PCI DSS
c. OWASP
d. ISO
d. ISO
The International Organization for Standardization (ISO) manages and publishes a cybersecurity framework called ISO 27k. Obtaining the ISO 27001 standard is not free of charge
A boutique crafts company would like to set up a new eCommerce website. They are checking out vendors who have put a high level of detail in the security practices and implementation. They want to test a specific vendor’s system to verify that it is not vulnerable to malicious actors injecting malformed data into the checkout process. Which kind of scan or test can the company run with permission?
a. baseline scan
b. map scan
c. fuzzing
d. internal scan
c. fuzzing
Fuzzing is an unknown environment testing method using specialty software tools designed to identify problems and issues with an application by injecting malformed data into it.
A defense contractor discovered that a competitor duplicated some of their products. While the contractor is afraid of losing revenue, the more significant concern is how the competitor was able to duplicate the product. What term describes how this situation occurred?
a. reverse engineering
b. internal scan
c. fuzzing
d. external scan
a. reverse engineering
The Security Operations (SecOps) completed a rollout of a next-generation antivirus solution that will better protect the company from known viruses and provide heuristic scanning for unknown viruses. After the implementation, the team received a flood of tickets complaining about computer sluggishness. What did the SecOps team fail to consider with the new antivirus and its effects on potential settings?
a. segmentation
b. sensitivity levels
c. performance
d. operations
c. performance
Recent industry reports are pushing a data analytics company to implement better vulnerability scanning to prevent improper access and distribution of intellectual property. What should the company take into account when running the next scan to ensure proper classification of the data?
a. scheduling
b. host performance
c. sensitivity levels
d. segmentation
c. sensitivity levels
The data inventory describes the data in terms of what it contains, such as its classification and sensitivity. Having a clear view of data is the first step in protecting it.
A helpdesk technician receives a ticket regarding a badging system crash after a recent after-hours vulnerability scan. The helpdesk team discovers that a specific service on the system was incompatible with the software that ran the scan. What special considerations should the team take into account when choosing the specific software to avoid this situation?
a. segmentation
b. operations
c. scheduling
d. sensitivity levels
b. operations
Vulnerability scanning can, unfortunately, cause operational problems, such as negatively impacting a system’s performance or causing services to crash.
Segmentation has performance and security benefits. Segmentation would be useful as a remediation technique.
Scheduling vulnerability scans is essential to maintaining a secure environment and is often required to maintain regulatory compliance. Scheduling scans will need to take into account negative impacts on operations.
An implementation consultant is completing a project for a client implementing Microsoft Intune. Part of that mobile device management platform project is the requirement to implement baseline benchmarks for device policy. Which organization defines the best practice approaches to patching and hardening?
a. OWASP
b. ISO
c. CIS
d. PCI DSS
c. CIS
A Chief Investment Officer (CIO) wants to compare their policies and practices to industry best practices. Which kind of scan can help the CIO understand what gaps they have?
a. map scan
b. fuzzing
c. baseline scan
d. internal scan
c. baseline scan
During a morning standup meeting, the network operations manager reported a large spike in traffic that spawned dozens of end-user tickets. These tickets stated that the company shared drives were inaccessible. The security operations manager confirmed that the security team was running a vulnerability scan during that time. What should the security team consider when running a vulnerability scan?
a. sensitivity levels
b. scheduling
c. segmentation
d. host performance
b. scheduling
A large multinational bank completed an upgrade of its device management, security practices, and user training. The next step in their project is to hire a third-party penetration testing company to attempt to breach their systems. The bank wants the vendor to approach it from the outside. What kind of penetration testing should the vendor conduct?
a. external scan
b. internal scan
c. map scan
d. baseline scan
a. external scan
A small vendor is working to sell their point-of-sale register product to a large pharmacy chain. Before the vendor can complete the sale, they must attest to their controls designed to prevent fraud and protect consumer financial data. Which industry framework should the vendor adopt in product planning and implementation?
a. ISO
b. PCI DSS
c. CIS
d. OWASP
b. PCI DSS
Payment Card Industry Data Security Standard (PCI DSS) is a global data protection standard established and maintained by a consortium of payment card companies. PCI DSS identifies controls designed to prevent fraud, protect credit, and debit card data.
A financial firm recently introduced a new email service for its employees. One of the main reasons for the new service was that the cloud provider has integrated tools to better control security and are tailored specifically for their industry. Why would this feature reduce the overall risk for the financial firm?
a. it allows the firm to meet regulatory requirements
b. it allows the firm to cut costs
c. it allows the firm to get building insurance
d. it allows the firm to increase costs to cut taxable income
a. it allows the firm to meet regulatory requirements
A security engineer is looking to improve the security posture of their organization. One of the issues the security engineer finds is that they need to know what devices are on the network. What kind of scan can help the engineer get visibility into what is on the network?
a. baseline scan
b. external scan
c. fuzzing
d. map scan
d. map scan
A company has set up various virtual local area networks (VLANs) to protect access to sensitive data. The Security Operations (SecOps) team finished a recent vulnerability scan and found no issues. The Chief Information Security Officer (CISO) followed up with the SecOps team to see if they considered all VLANs during the scan. The CISO is thinking about what special consideration?
a. segmentation
b. sensitivity levels
c. scheduling
d. host performance
a. segmentation
A security engineer is improving their company’s security posture. During that process, they are looking to implement an industry-grade framework. The engineer is looking for one known for its practical information about web application security. Which organization best fits this need and description?
a. OWASP
b. CIS
c. PCI DSS
d. ISO
a. OWASP
The Open Web Application Security Project (OWASP) is a nonprofit foundation. OWASP is an international organization that provides unbiased, practical information about application security.
A systems administrator in charge of the company’s vulnerability scanning software signs in and reviews alerts. The administrator notices an alert showing that vulnerable software is present on an endpoint. However, closer inspection reveals that the software is not actually installed. What type of scan result would the alert be classified as?
a. false negative
b. false positive
c. true positive
d. true negative
b. false positive
A company hired a forensics team to determine how their systems got infected with a crypto locker virus. The team concluded that an employee opened a malicious attachment that installed a trojan virus, leading to the crypto locker virus taking over the network. Which Common Vulnerability Scoring System (CVSS) base metric would this affect?
a. scope
b. user interaction
c. attack vector
d. integrity
b. user interaction
User interaction revolves around whether an exploit of the vulnerability depends on some local user action, such as executing a file attachment.
A defense contractor has taken all their machines offline due to an ‘unpatchable’ vulnerability in the embedded Unified Extensible Firmware Interface (UEFI) boot subsystem. Due to the extremely sensitive data on their systems, the contractor cannot their machines breached. What describes this kind of vulnerability?
a. high asset value
b. low asset value
c. false positive
d. true negative
a. high asset value
A security operations center is responding to an alert that a team member found a USB thumb drive connected to a computer. The company has a policy that prohibits the use of USB thumb drives on the company’s computers. What is this policy referencing in regard to the Common Vulnerability Scoring System (CVSS)?
a. user interaction
b. attack vectors
c. scope
d. availability
b. attack vectors
A security engineer reviews a company’s attack surface and because of a vulnerability discovered, the entire company is vulnerable to exploitation. However, the exploit must use administrator credentials. What is a potential reason the engineer wouldn’t have to patch immediately?
a. employee user accounts have limited to change things on their devices
b. employee user accounts have full access to change things on their devices
c. non-IT employees know not to use the IT administrator credentials
d. the computers are not available
a. employee user accounts have limited to change things on their devices
A video production company has a server farm with graphics cards that allows the company to generate computer-generated imagery. Although the servers do not currently store any data and are not expensive, the company wants to ensure the security of its equipment. What is a compelling reason why the company should be proactive in preventing server vulnerabilities?
a. exploitability
b. low asset value
c. high asset value
d. save power consumption
a. exploitability
The use of USBs for malicious purposes would affect which metric on the Common Vulnerability Scoring System (CVSS)?
a. user interaction
b. availability
c. scope
d. attack vectors
d. attack vectors
A security engineer is demoing new antivirus software. The engineer installed a standardized imitation virus to see if the new software would catch it. The engineer found that the old antivirus software did not detect it, but the new one did. What is happening with the old antivirus software?
a. false positive
b. true positive
c. false negative
d. true negative
c. false negative
The software did not detect the virus, resulting in a false negative. A false negative occurs when a vulnerability scan incorrectly identifies that a vulnerability does not exist.
When associating CVSS with the Risk Rating Framework, which scenario is considered a true statement?
a. if an attack is unlikely to occur but would cause critical impact, the overall risk rating would be considered moderate
b. If an attack is imminent but will have a somewhat effective impact on the organization’s operation, the overall risk rating would be considered low.
c. If an attack is likely to occur and would cause a critical impact to the company, the overall risk rating would be considered high or critical/severe.
d. If an attack is likely and could cause mediocre impacts to the company, the overall risk rating would be considered low.
c. If an attack is likely to occur and would cause a critical impact to the company, the overall risk rating would be considered high or critical/severe.
When both the likelihood and impact are high (likely to occur and critical impact), this typically results in a high or critical/severe risk rating. This reflects the gravity and potential consequences of the risk in question.
A company is forced to disable the pre-boot management engine on all of its computers due to a flaw with no available patch, making the vulnerability exploitable. Which type of vulnerability does this describe?
a. false positive
b. false negative
c. low value
d. zero-day
d. zero-day
A zero-day vulnerability represents an exploitable vulnerability with no available patch. This vulnerability often goes undetected. Infecting the pre-boot management engine can cause a potentially unpatchable attack vector for a malicious actor.
Despite recovering from a crypto locker virus a year ago, a small investment firm finds itself the target of a new attack. In this instance, the attacker gains access using a computer desktop scoped to be removed due to end-of-support over a year ago. What type of exposure does the firm see in this instance?
a. risk score
b. mitigation
c. prioritization
d. vulnerabilities
D. vulnerabilities
A company recently hired a new Chief Information Security Officer (CISO) to help improve the company’s security posture. This decision occurred after the company ran into the issue of siloed teams not working together to protect the security of their systems. What is the CISO’s most important responsibility in this situation?
a. awareness training
b. configuration mgmt
c. patching
d. changing business requirements
d. changing business requirements
A security engineer is looking to improve the security of their email system and identify vulnerabilities that require immediate attention. The system has a built-in reporting mechanism that shows what things they can do to improve overall security and suggested fixes with different percentages to show importance. What component of vulnerability reporting does this relate to?
a. risk score
b. prioritization
c. vulnerabilities
d. mitigation
a. risk score
A small information technology department is trying to reorganize and prioritize future projects. Senior management in the company now requires metrics to determine whether a project is worth implementing. What can the department use to benchmark its operations?
a. risk scores
b. configuration mgmt
c. mitigation
d. service-level objectives
d. service-level objectives
To maintain a consistent, compliant, and secure state across systems in line with a new policy, which control should a systems administrator primarily focus on?
a. patching
b. compensating controls
c. awareness training
d. configuration mgmt
d. configuration mgmt
A large information technology department is preparing for an audit by their cyber security insurance company. While reviewing some vulnerability reports in their security information and event management (SIEM) tool, the department found critical vulnerabilities and steps to resolve them. In this type of report, what does this finding represent?
a. risk score
b. prioritization
c. mitigation
d. vulnerabilities
c. mitigation
Detailed vulnerability reports include recommended mitigations, such as identifying a patch or describing a workaround. These mitigations from the security information and event management tool can help better secure a company’s equipment.
A security engineer is looking to improve the security of their email system. The system has a built-in reporting mechanism that rates the current setup. What component of vulnerability reporting does this feature relate to?
a. prioritization
b. mitigation
c. vulnerabilities
d. risk score
d. risk score
A project manager oversees a new device management system deployment with the added benefit of keeping devices current. What type of action would this system allow the company to accomplish?
a. patching
b. compensating controls
c. awareness training
d. changing business requirements
a. Patching
Given the recent adoption of new National Institute of Standards and Technology (NIST) guidelines, a company plans to adjust its policies to provide protection when circumstances prevent the use of primary security measures. Which provides this type of protection to the company?
a. patching
b. compensating controls
c. configuration mgmt
d. awareness training
b. compensating controls
Many organizations use complicated and highly integrated systems that are extremely difficult to change, upgrade, and maintain. Compensating controls provide protection when circumstances prevent the use of primary security measures.
An employee received an email impersonating the owner of the company. The employee followed the email’s request and bought gift cards without verifying the legitimacy of the email. Due to this issue, the company decides to implement a new policy to mitigate this risk. What policy should the company implement?
a. compensating controls
b. patching
c. awareness training
d. configuration mgmt
c. awareness training
Legacy system constraints prevent the modification of a financial organization’s critical application. However, the application does not meet a specific security requirement outlined in the organization’s security policy. Which of the following should the organization implement to address the security requirement without modifying the application?
a. preventative
b. detective
c. compensating
d. corrective
c. compensating
For a criminal case, a company places the hard drives in an antistatic bag to ensure the safety of the data during transfer to the authorities. What is the purpose of the antistatic bag?
A.Data preservation
B.Data validation
C.Chain of custody
D.Data analysis
a. data preservation
An employee believes someone breached their computer and leaked their sensitive financial information. What should a responding security team do to verify the claim’s veracity?
A.Collect evidence
B.Determine the scope
C.Setup a timeline
D.Respond to recommendations
a. collect evidence
A password management software company had a data breach. The company released a statement detailing how and when the attack happened chronologically. What describes the process they completed prior to releasing the statement?
A.Set up a timeline
B.Incident declaration
C.Respond to recommendations
D.Determine the scope
a. set up a timeline
A rapidly growing tech startup faces potential cybersecurity threats due to its expanding user base. The CTO, alarmed by this, recognizes the importance of an incident response plan to safeguard the company’s reputation and assets. Considering the heightened risks, which action should the tech startup prioritize to address potential security incidents?
A. Focus only on post-incident analysis.
B. Document potential breaches without containment.
C. Directly proceed with detection without prior preparation.
D. Harden systems and set up confidential communication lines.
d. harden systems and set up confidential communication lines
After doing a forensics audit of malicious activity by a former employee, a company is looking to protect against potential liability. What process should the company follow to protect any evidence?
A.Data validation
B.Chain of custody
C.Legal hold
D.Data analysis
b. chain of custody
A company suspects a former employee of damaging company information. The company hires a forensics company to investigate. Which of the following steps should be the forensics vendor’s first priority to ensure the integrity of the information during the investigation?
A.Data validation
B.Legal hold
C.Data analysis
D.Data preservation
b. legal hold
The first priority should be to enact a legal hold, which involves the preservation of all relevant data and information related to the case. A legal hold is a communication issued as a result of current or anticipated litigation, audit, government investigation, or other such matter that suspends the normal disposal or processing of records.
An employee is leaving a company. Due to their position within the business, the company needs to retain emails for seven years to maintain regulatory compliance. What should the company enable on the email?
A.Data validation
B.Data preservation
C.Legal hold
D.Data analysis
c. legal hold
A legal hold, or litigation hold, describes the notification received by an organization’s legal team instructing them to preserve electronically stored information (ESI).
A security incident response contractor is investigating a data breach for a client. After analyzing the breach, the contractor reports that only basic information such as usernames and emails were leaked. What does this investigation help the client do?
A.Set up a timeline
B.Incident declaration
C.Respond to recommendations
D.Determine the scope
D.Determine the scope
Organizations use risk analysis and impact assessments to measure the scope of identified incidents in the organization.
A small retailer had its customers’ credit card information breached. The retailer contracted a third party to help determine the scope of the breach. The contractor came back with a list of changes to make. What describes what the contractor gave them?
A.Recommendations
B.Incident declaration
C.Timeline
D.Scope
a. recommendations
A security engineer is trying to manage all the security logs the company collects from its various tools and services. The security engineer implements a security information and event management (SIEM) tool to accomplish this. What feature of the SIEM tool is the engineer trying to take advantage of?
A.Data analysis
B.Data validation
C.Legal hold
D.Data preservation
a. data analysis
A medical facility is responding to a recent breach of patient data. An employee was transporting an encrypted data backup to an offsite storage facility when someone broke into their car. Even though the thief did not steal the data, the company feared compliance repercussions. Who should the company contact to avoid these repercussions?
A.Customers
B.Public Relations Department
C.Law enforcement
D.Regulators
d. regulators
The requirements for different types of breaches are found in the regulatory requirements and often include relevant regulatory bodies. Specifically, in this scenario, Health Insurance Portability and Accountability Act (HIPAA).
A company is trying to determine how to handle the fallout of an executive that was arrested for embezzlement. Even though their customer’s money is secure, they want to ensure there is not a run on the bank for withdrawals. Who should they work with to release details to the public?
A.Law enforcement
B.Media
C.Regulators
D.Legal
b. Media
The media can make or break a company’s reputation during an incident response. Staying ahead of salacious rumors can help mitigate the risk of damaging a reputation.
An executive from a large multinational bank had their work laptop stolen from their luggage while flying back from a business trip. Due to the sensitive nature of their work, who should they work with to try to get the stolen laptop back?
A.Regulators
B.Law enforcement
C.Customers
D.Legal
b. law enforcement
Upon identifying that HIPAA data was shared with the wrong patients, a medical facility elects to work with regulators to mitigate future risks. Who should the facility work with when preparing or speaking with the regulators?
A.Law enforcement
B.Regulators
C.Customers
D.Legal
d. Legal
A small construction company had an inaccessible server for several days. Upon resolution of the access issue, the owner requested an investigation into how it was possible and the problem’s underlying cause. Which kind of report is the owner requesting?
A.Root cause analysis
B.Law enforcement report
C.Lessons learned
D.Regulatory reporting
a. root cause analysis
After a large retailer resolved an incident regarding its credit card processing service being down, management wanted a report describing what happened and identifying what changes will help mitigate future incidents. What kind of report can a company prepare that fulfills this need?
A.Lessons learned
B.Regulatory reporting
C.Forensic analysis
D.Law enforcement report
a. lessons learned
A small construction company investigated its server outage and found that an employee purposely disabled it. The company wants to investigate the server further to determine if the outage caused any losses. What kind of analysis can the company conduct?
A.Root cause analysis
B.Forensic
C.Lessons learned
D.Regulatory
b. forensic
An employee was transporting an encrypted data backup to an offsite storage facility when a thief broke into the employee’s car and stole the data. To whom should the employee report the incident first?
A.Customers
B.Regulators
C.Law enforcement
D.Legal
c. law enforcement
After a company resolved an incident, the management wanted a report describing what happened to identify what changes would help mitigate future incidents. What kind of report can a company prepare that fulfills this need?
A.Regulatory reporting
B.Lessons learned
C.Law enforcement report
D.Forensic analysis
b. lessons learned
A small business had inaccessible internet for several hours. Upon resolution of the situation, the owner requested an investigation into how the situation was possible and what the underlying cause of the problem was. Which kind of report is the owner requesting from the investigators?
A.Root cause analysis
B.Regulatory reporting
C.Law enforcement
D.Lessons learned
a. root cause analysis
A security analyst at a large organization is investigating a recent cyber attack. The analyst wants to use a model for analyzing the attack and understanding the different stages of the attack. A co-worker suggests the model developed by Lockheed Martin. Which of the following models was developed by that organization?
A.Cyber kill chain
B.Diamond model
C.National Institute of Standards and Technology (NIST)
D.MITRE ATT&CK
a. cyber kill chain
The cyber kill chain is a model developed by Lockheed Martin that describes the stages by which a threat actor progresses to a network intrusion.
A network administrator at a small business is concerned about the increasing number of phishing attacks that are targeting the organization’s employees. The administrator wants to implement a solution to help protect the organization from these types of attacks. Which of the following solutions would be the most appropriate for the network administrator to use in this scenario?
A.Sender Policy Framework (SPF)
B.Domain-based Message Authentication, Reporting, and Conformance (DMARC)
C.DomainKeys Identified Mail (DKIM)
D.Transport Layer Security (TLS)
B. DMARC
Domain-based Message Authentication, Reporting & Conformance (DMARC) is a robust solution for protecting against phishing attacks. It builds on Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to provide a complete solution for preventing email spoofing.
A security analyst is responsible for detecting and responding to security incidents in the organization. The security analyst has decided to implement a security orchestration, automation, and response (SOAR) platform. What is the primary purpose of using a SOAR platform in this scenario?
A.To automate incident responses
B.To provide real-time threat intelligence to security teams
C.To store and manage security-related data
D.To monitor and control access to sensitive information
a. to automate incident response
27.3% complete
Question
A network administrator at a large business is performing a security assessment of the company’s network infrastructure. The administrator must determine the most appropriate framework for conducting a comprehensive security assessment. Which of the following frameworks would be the most appropriate for the network administrator?
A.National Institute of Standards and Technology (NIST) Cybersecurity Framework
B.Federal Information Security Management Act (FISMA)
C.Open Source Security Testing Methodology Manual (OSSTMM)
D.International Organization for Standardization (ISO) 27001/27002
Open Source Security Testing Methodology Manual (OSSTMM)
Open Source Security Testing Methodology Manual (OSSTMM) is a comprehensive methodology for conducting a security assessment of a network infrastructure.
A network administrator has received reports of intermittent connectivity issues. To diagnose the problem, the network administrator has decided to use tcpdump. Which of the following are the primary functionalities of using tcpdump in this scenario? (Select the two best options.)
A.To monitor network performance
B.To capture and analyze network packets for troubleshooting purposes
C.To detect and prevent malicious activity on the network
D.To implement network-based firewall rules
a. to monitor network performance
b. to capture and analyze network packets for troubleshooting purposes
An e-commerce company has recently experienced a series of phishing attacks targeting its employees. The company tasks the security team with implementing a solution to prevent email spoofing and protect against future phishing attempts. Which of the following technologies would be the most effective at achieving this goal?
A.Two-factor authentication
B.DNS-based Authentication of Named Entities (DANE)
C.Sender Policy Framework (SPF)
D.Public key infrastructure (PKI)
c. sender policy framework (SPF)
A security analyst has received a suspicious email that appears to be from a recognized address. The analyst needs to determine if the email is legitimate or not. Which of the following email analysis methods would be the most appropriate for the security analyst to use in this scenario?
A.Email Header Analysis
B.Link and Attachment Analysis
C.Sender Reputation Verification
D.Analysis of Domain-based Message Authentication (DMARC)
d. analysis of domain-based message authentication (DMARC)
A security analyst at a large organization is investigating a recent cyber attack. The analyst needs to determine the most appropriate framework for analyzing the attacker’s tactics, techniques, and procedures (TTPs). Which of the following frameworks would be the most appropriate for the security analyst to use?
A.Cyber kill chain
B.MITRE ATT&CK
C.SANS
D.National Institute of Standards and Technology (NIST)
b. MITRE ATT&K
MITRE ATT&CK is a comprehensive framework for analyzing and understanding the tactics, techniques, and procedures (TTPs) used by attackers in cyber attacks.
A security analyst in a large organization is concerned about potential security incidents. To enhance the endpoint security strategy, an endpoint detection and response (EDR) solution is implemented. Which of the following best describes the key feature of EDR and how it helps the security analyst detect and respond to malicious activity in the organization’s network?
A.Automates security-related tasks
B.Provides real-time visibility into endpoint activity
C.Integrates with other security solutions
D.Performs forensic analysis on endpoints
b. provides real-time visibility into endpoint security
An organization plans to conduct a security assessment and wants to utilize a comprehensive and open approach to guide the assessment process. Which of the following covers various security aspects, such as physical, information, and wireless security, making it the most appropriate choice for the organization’s security assessment?
A.Open Worldwide Application Security Project (OWASP) Top Ten
B.MITRE ATT&CK
C.National Institute of Standards and Technology (NIST) Cybersecurity Framework
D.Open Source Security Testing Methodology Manual (OSSTMM)
Open Source Security Testing Methodology Manual (OSSTMM)
The Open Source Security Testing Methodology Manual (OSSTMM) covers various security aspects, such as physical, information, and wireless security, making it the most appropriate choice for the organization’s security assessment.
A financial organization is dealing with a sudden rise in security incidents. The security analyst has discovered a malware strain behind the incidents. To study its behavior and find a solution, the analyst decides to use a specific tool to isolate and analyze malware behavior. What tool is the analyst using?
A.ScoutSuite
B.Prowler
C.Cuckoo
D.Pacu
c. Cuckoo
The analyst uses Cuckoo, a malware analysis tool, to isolate and execute the malware in a controlled environment, which allows the analyst to study its behavior and determine the best way to mitigate the threat.
A security analyst monitors the performance of a large organization’s server infrastructure. The analyst has noticed that one of the servers has an unusual amount of CPU consumption. How can the analyst determine the cause of the high CPU consumption? (Select the three best options.)
A.Review firewall configuration
B.Scan for malicious applications
C.Monitor network traffic volume
D.Monitor running processes
b. scan for malicious applications
c. monitor network traffic volume
d. monitor running processes
A security analyst is conducting a vulnerability assessment for a client. The client’s network has multiple operating systems and devices, and the analyst needs to determine if there are any security weaknesses that an attacker could exploit. What can the analyst use to identify vulnerabilities in the client’s network and devices?
A.Angry IP scanner
B.Wireshark
C.OpenVAS
D.Nmap
c. openVAS
The OpenVAS tool is an open-source vulnerability scanner that can identify vulnerabilities in multiple operating systems and devices, making it a suitable option for the security analyst.
A security analyst is monitoring the network traffic of a large organization. The analyst has noticed an unusual spike in network traffic and needs to determine the cause. What is the most likely explanation for the unusual spike in network traffic?
A.Background traffic
B.Distributed denial-of-service (DDoS) attack
C.Network configuration issue
D.Heightened user activity
b. Distributed denial-of-service (DDoS) attack
A network security analyst is performing a penetration testing engagement for a client. The analyst needs to exploit vulnerabilities in the client’s network. Which of the following tools is most commonly used by security professionals for this purpose?
A.Metasploit
B.Nessus
C.OpenVAS
D.Angry IP scanner
a. Metasploit
Metasploit is a widely used framework for penetration testing and exploiting vulnerabilities. It allows security professionals to test the security of a network by finding and exploiting vulnerabilities.
A security analyst is investigating a server issue where the memory utilization is consistently high. What is most likely the cause of the high memory consumption?
A.Memory leaks
B.Insufficient hard disk space
C.Disk defragmentation
D.Insufficient cache
a. memory leaks
Memory leaks occur when an application allocates memory but does not release it when it is no longer needed, causing high memory consumption over time. It is the most likely cause of high memory consumption.
A security analyst monitors the network traffic of an enterprise environment. The analyst has noticed activity on an unexpected port and needs to determine the cause. What is the most likely explanation for the activity on the unexpected port?
A.Distributed denial-of-service (DDoS) attack
B.Phishing campaign
C.Malware infection
D.Unpatched software
c. malware infection
A security analyst is investigating a network intrusion incident. The analyst has noticed that the attacker is sending small, periodic signals to a remote server. What technique is the attacker using to communicate with the remote server?
A.Man-in-the-middle Attack (MitM)
B.SQL injection
C.Cross-Site Request Forgery (CSRF)
D.Beaconing
d. beaconing
A network administrator is performing a quick network scan to identify all devices and services on the organization’s network. The administrator does not require extra features but is required to use an open-source solution. Which of the following tools would be the most appropriate for the network administrator to use in this scenario?
A.Angry IP
B.Wireshark
C.Nessus
D.Traceroute
a. Angry IP
Angry IP Scanner is a popular open-source network scanning and mapping tool. It can scan an entire network or a range of IP addresses to identify all connected devices and services.
A security analyst is conducting a review of a server in a large organization. The analyst has noticed that the server’s disk capacity is almost full. What is the most likely cause of high disk capacity consumption in this scenario?
A.Insufficient cache
B.Large data sets
C.Disk fragmentation
D.Disk corruption
b. large data sets
Storing large data sets can consume a significant amount of disk capacity, particularly if the data is in multiple locations or if a user improperly manages and archives the data.
A threat intelligence analyst is conducting a network reconnaissance and needs to gather information about the relationships between various entities on the target network. Which tool could the analyst use to accomplish this task?
A.Wireshark
B.Maltego
C.OpenVAS
D.Tcpdump
b. Maltego
Maltego is a tool specifically designed for information gathering and visualizing the relationships between various entities. It can gather information about domains, IP addresses, and other network entities to help identify potential targets for a cyber attack.
a security analyst is investigating a network intrusion incident. The analyst has noticed that the attacker is sending small, periodic signals to a remote server. What technique is the attacker using to communicate with the remote server?
a. man-in-the-middle attack
b. SQL injection
c. cross-site request forgery (CSFR)
d. beaconing
d. beaconing
a network administrator is performing a quick network scan to identify all devices and services on the organization’s network. The administrator does not require extra features but is required to use an open-source solution. Which of the following tools would be the most appropriate for the network administrator to use in this scenario?
a. Angry IP
b. Wireshark
c. Nessus
d. Traceroute
a. Angry IP
Angry IP Scanner is a popular open-source network scanning and mapping tool.
A company has hired a security analyst to preform a comprehensive information gathering and reconnaissance phase of a penetration testing engagement. The analyst needs to use a tool that can automate gathering information about a target and performing reconnaissance on the target network. Which of the following tools is best suited for this task?
a. Aircrack-ng
b. Recon-ng
c. Snort
d. Metasploit
b. Recon-ng
Recon-ng automates the reconnaissance and information-gathering process.
A network security analyst conducts a network security assessment for a large organization. The analyst needs to choose the most effective tool for identifying open ports and services on the network and determining the operating systems and applications running on the network devices. Which of the following tools is the best choice of the analyst?
a. Nessus
b. Angry IP scanner
c. OpenVAS
d, Nmap
d. Nmap
A security analyst at a financial institution has discovered that sensitive customer data was transferred outside of the organization’s network. Which of the following is the most likely explanation for the data transfer?
a. Data backup
b. data archiving
c. data replication
d. data exfiltration
d. data exfiltration
A company’s IT security team must perform a comprehensive vulnerability assessment on its network infrastructure to identify potential security weaknesses and misconfigurations. The team requires a tool to scan various systems, devices, and applications and provide detailed reports with actionable recommendations. What tool can accomplish this task?
a. Burp suite
b. Splunk
c. Nessus
d. Snort
c. Nessus
Nessus is a vulnerability scanning tool that supports scanning various types of systems, devices, and applications.
A security analyst monitors the performance of a large organization’s server infrastructure. The analyst has noticed that one of the servers has an unusual amount of CPU consumption. How can the analyst determine the cause of the high CPU consumption? (Select the three best options.)
a. Review firewall configuration
b. Scan for malicious applications
c. monitor network traffic volume
d. monitor running processes
B,C, & D
A threat intelligence analyst is conducting a network reconnaissance and needs to gather information about the relationships between various entities on the target network. Which tool could the analyst use to accomplish this task?
a. Wireshark
b. maltego
c. OpenVAS
d. Tcpdump
b. Maltego
A tool specifically designed for information gathering and visualizing the relationships between various entities.
A security analyst is conducting a vulnerability assessment for a client. The client’s network has multiple operating systems and devices, and the analyst needs to determine if there are any security weaknesses that an attacker could exploit. What can the analyst use to identify vulnerabilities in the client’s network and devices?
a. Angry IP Scanner
b. Wireshark
c. OpenVAS
d. Nmap
c. OpenVAS
The OpenVAS tool is an open-source vulnerability scanner that can identify vulnerabilities in multiple operating systems and devices, making it a suitable option for the security analyst.
A system administrator at a financial institution is investigating a report of suspicious, unauthorized changes to one of the organization’s systems conducted by accessing the company’s intranet. The system administrator has reviewed the system logs and needs to determine the most likely cause of the changes. Which of the following is the most probable cause?
a. physical security breaches
b. misconfigured systems
c. malicious insiders
d. unsecured remote access
c. malicious insiders
Malicious insiders, such as employees or contractors with access to the network, may intentionally make unauthorized changes to the systems.
A security analyst is monitoring the network traffic of a large organization. The analyst has noticed an unusual spike in network traffic and needs to determine the cause. What is the most likely explanation for the unusual spike in network traffic?
a. background traffic
b. disturbed denial-of-service (DDoS) attack
c. network configuration issue
d. heightened user activity
b. distributed denial-of-service (DDoS)
A security analyst is conducting an assessment of the network security of a small office. The analyst must determine if any unauthorized devices and services are on the network. What type of scan/sweep would indicate to the security analyst that unauthorized devices and services are running on the network?
A.Port scan
B.Ping sweep
C.TCP sweep
D.UDP sweep
a. port scan
by determining which ports are open using a port scan, the security analyst can determine what services or applications are running on the target device, and identify any unauthorized devices or services that may be present on the network.
A security analyst is investigating a server issue where the memory utilization is consistently high. What is most likely the cause of the high memory consumption?
a. memory leaks
b. insufficient hard disk space
c. disk defragmentation
d. insufficient cache
a. memory leaks
A security analyst is conducting a review of a server in a large organization. The analyst has noticed that the server’s disk capacity is almost full. What is the most likely cause of high disk capacity consumption in this scenario?
A.Insufficient cache
B.Large data sets
C.Disk fragmentation
D.Disk corruption
b. large data sets
Storing large data sets can consume a significant amount of disk capacity, particularly if the data is in multiple locations or if a user improperly manages and archives the data.
A security analyst monitors the network traffic of an enterprise environment. The analyst has noticed activity on an unexpected port and needs to determine the cause. What is the most likely explanation for the activity on the unexpected port?
A.Distributed denial-of-service (DDoS) attack
B.Phishing campaign
C.Malware infection
D.Unpatched software
c. malware infection
A malware infection can cause activity on unexpected ports as the malware communicates with its command-and-control server, exfiltrates data, or carries out other malicious activities.
A network security analyst is performing a penetration testing engagement for a client. The analyst needs to exploit vulnerabilities in the client’s network. Which of the following tools is most commonly used by security professionals for this purpose?
A.Metasploit
B.Nessus
C.OpenVAS
D.Angry IP scanner
a. Metasploit
An organization is experiencing issues related to high bandwidth consumption, which has led to network congestion and slower application performance. The organization needs to implement a combination of tools and techniques to help identify the causes of high bandwidth usage, monitor network traffic, and optimize bandwidth utilization. Which of the following options would be effective for addressing these issues? (Select the three best options.)
A.Network traffic analyzer
B.Network access control (NAC)
C.Quality of service
D.Compression
A, C, & D
A cloud security team is looking for a multi-cloud security auditing tool that can assess the security posture of their Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP) environments. The cloud security team needs a tool that can provide a clear and concise view of potential security risks and misconfigurations. Which of the following tools is best suited for this task?
A.Wazuh
B.Aircrack-ng
C.ScoutSuite
D.Nikto
c. ScoutSuite
A security analyst has to perform a thorough security assessment of a client’s web infrastructure. The client has a large number of web servers, and the analyst needs to identify any vulnerabilities that may exist within them. To accomplish this task, the analyst needs a tool that can quickly scan multiple web servers and provide comprehensive information on any detected vulnerabilities. Given the following options, which tool best suits the security analyst’s needs in this scenario?
A.Nikto
B.Metasploit
C.Arachni
D.Burp Suite
a. Nikto
Nikto is a web server scanner that the security analyst can use to specifically identify vulnerabilities in web servers. It can quickly scan multiple web servers and provide comprehensive information on any detected vulnerabilities.
A software developer is working on a Linux-based application and encounters an unexpected issue in the code execution. The software developer needs a tool that can help them examine and debug the application, allowing them to inspect the runtime state and modify the program’s execution flow. Which of the following tools is best suited for this task?
A.Tcpdump
B.GNU Debugger
C.Wireshark
D.Cuckoo
b. GNU Debugger
The GNU Debugger is a widely used debugging tool for Linux-based applications. It allows developers to examine and debug applications, inspect the runtime state, and modify the program’s execution flow.
A software development company is building a custom web application for a client that will process sensitive financial information. The client has specified that a software developer must thoroughly test the application for security vulnerabilities before it goes into production. The company has several security testing options but wants to use the tool that will provide the most comprehensive results. What tool should the company use in this instance?
A.Nessus
B.Burp Suite
C.Metasploit
D.Nmap
b. burp suite
Burp Suite is a web application security testing tool that provides comprehensive features for identifying and mitigating security vulnerabilities. It would be the most appropriate tool for the software development company to use in this scenario.
A company’s security team needs to assess the security posture of its Amazon Web Services (AWS) environment, focusing on both the reconnaissance and exploitation phases of a penetration testing engagement. The team requires a tool that can automate various attack scenarios and validate the effectiveness of its cloud security controls. Which of the following tools is best suited for this task?
A.Pacu
B.Zed Attack Proxy (ZAP)
C.Tenable.io
D.Suricata
a. Pacu
Pacu is an open-source Amazon Web Services (AWS) exploitation framework for penetration testing engagements in AWS environments. It automates various attack scenarios and helps validate the effectiveness of cloud security controls.
A company wants to evaluate the security posture of its Amazon Web Services (AWS) infrastructure to ensure it adheres to industry best practices and compliance standards. What tool can the company use to automate the auditing process and generate reports for their cloud environment?
A.Burp Suite
B.Nessus
C.Nmap
D.Prowler
d. Prowler
Prowler is an open-source security tool that helps organizations evaluate their Amazon Web Services (AWS) infrastructure and ensure it adheres to industry best practices and compliance standards.
A software development company has launched a new e-commerce website for their client. The client has expressed concerns about the website’s security and has asked the development team to ensure that the website is secure from any potential threats. The development team has decided to conduct a web application security assessment to address these concerns. Which of the following tool best suits this task, considering its ability to identify security vulnerabilities, support automated testing and extend functionality by installing add-ons?
A.Nikto
B.Maltego
C.Aircrack-ng
D.Zed Attack Proxy (ZAP)
d. Zed Attack Proxy (ZAP)
A software developer at a technology company needs a format to serialize and transmit data between a web application and a server. The format must be lightweight, easily parsed by web browsers, and efficient for frequent network requests. Which data interchange format should the developer use?
A.eXtensible Markup Language (XML)
B.Yet Another Markup Language (YAML)
C.Comma-Separated Values (CSV)
D.JavaScript Object Notation (JSON)
D.JavaScript Object Notation (JSON)
JavaScript Object Notation (JSON) is an ideal choice for web applications due to its lightweight nature, ease of parsing in JavaScript environments, and efficient client-server communication over networks. It is especially well-suited for AJAX (Asynchronous JavaScript and XML) web applications, which often require quick and asynchronous data exchanges between clients and servers.
A security analyst monitors a company’s network for potential security threats. They notice some abnormal behavior in a business-critical application. Which type of activity is the analyst most likely observing?
A.Anomalous activity
B.Authorized activity
C.Routine maintenance
D.False positive
a. Anomalous activity
A cybersecurity analyst is investigating a security incident and suspects that an attacker is using a specific language to execute commands on the target system. The target system is running on a Windows environment. Which language is most commonly associated with scripting and automating tasks in this context?
A.Python
B.Bash
C.JavaScript
D.PowerShell
d. Powershell
A security analyst examines suspicious activity on a Linux-based server within the organization’s network. The analyst uncovers a file containing an obfuscated script that utilizes system-level commands. Which technique should the analyst use to efficiently investigate potential malicious activities related to this incident on the affected system?
A.Inspect the execution history of PowerShell scripts
B.Examine Python script execution history
C.Review JavaScript scripts output
D.Analyze shell script logs
D.Analyze shell script logs
A software development company is building a custom application for a client that will collect and analyze moderate amounts of data to identify patterns and make predictions. The client has specified that the application must use a scripting language with many libraries and tools for machine learning. Which scripting language should the software developer use?
A.C++
B.Python
C.Java
D.JavaScript
b. Python
An organization is recently experiencing a series of security incidents, and a security analyst is investigating these incidents. The analyst needs to efficiently identify indicators of potentially malicious activity within the affected applications. What should the analyst focus on to effectively analyze and identify malicious activity within the application environment?
A.Review application logs for unusual patterns or anomalies
B.Conduct a full network vulnerability scan
C.Perform a comprehensive penetration test
D.Implement strict network access control policies
a. Review application logs for unusual patterns or anomalies
A security analyst discovers that a new scheduled task is executing an unknown script regularly. Upon further investigation, it shows that the script includes cmdlets that are specific to a certain scripting language. What is the most efficient way for the analyst to identify potentially malicious activity related to this incident on the affected system?
A.Review the output of JavaScript scripts
B.Examine Python script execution history
C.Analyze PowerShell logs
D.Investigate Ruby script dependencies
C. Analyze PowerShell logs
A security analyst at an organization receives an alert from their security information and event management (SIEM) system. Upon reviewing the log data, the analyst notices an increase in high-privilege actions within the network. What should the analyst prioritize when investigating this issue to identify the potential underlying cause?
A.Investigate unusual network traffic patterns
B.Analyze new user accounts
C.Review application logs for unexpected behavior
D.Examine recent file changes and modifications
b. Analyze new user accounts
The analyst should prioritize analyzing newly created user accounts, as the increase in high-privilege actions may be in relation to the unauthorized introduction of new accounts with elevated permissions.
A cybersecurity analyst is investigating a security incident and needs to search for specific patterns within large amounts of log data. Which programming tool or technique is most commonly used to identify patterns in text data and would be helpful for the analyst in this scenario?
A.Python
B.Regular expressions
C.Shell script
D.JavaScript
b. Regular expressions
Regular expressions are a powerful tool for defining and searching for specific patterns in text data, making them the most appropriate choice for this scenario.
A team of software developers at a large corporation needs to exchange data between multiple systems. The data interchange format cannot be object-oriented and must support a system for structuring documents that are human and machine readable. Which of the following data interchange formats would be the most appropriate for the software developers to use in this scenario?
A.eXtensible Markup Language (XML)
B.JavaScript Object Notation (JSON)
C.Comma-Separated Values (CSV)
D.Yet Another Markup Language (YAML)
a. eXtensible Markup Language (XML)
eXtensible Markup Language (XML) provides a system for structuring documents so that they are human and machine readable. Information within the document is placed within tags, which describe how information within the document is structured. This makes it the ideal choice for software developers in this scenario.
A security analyst observes a service interruption affecting a critical application within the organization. The analyst suspects that this could be due to malicious activity. What should the analyst prioritize when investigating this issue to determine the cause of the service interruption?
A.Perform a penetration test on the application
B.Review recent firewall rule changes
C.Analyze user account creation logs
D.Examine server logs for unusual activity
D.Examine server logs for unusual activity
A security analyst is conducting a penetration test using Nmap to assess the security posture of an organization’s network. The analyst must automate this task on a Linux server to discover open ports on multiple hosts and collect more information about the discovered services before saving the results to a file. They would also like to avoid the need for installing additional software. Which scripting technique should the analyst use to accomplish this task efficiently?
A.Bash
B.JavaScript
C.Python
D.PowerShell
a. Bash
A security analyst receives an alert from the organization’s intrusion detection system (IDS) regarding unexpected output from a critical application. The analyst suspects that the application may be compromised. What should the analyst prioritize when investigating this issue to determine the cause of the unexpected output?
A.Analyze network traffic for unusual patterns
B.Check for unauthorized user account creation
C.Review application logs for anomalies
D.Investigate recent firewall rule changes
C.Review application logs for anomalies
A software development team at a financial institution is working on a new online banking platform. They want to follow secure coding best practices and implement parameterized queries to prevent structured query language (SQL) injection attacks. Which of the following scenarios best demonstrates the correct use of parameterized queries for the company?
A.Concatenating user input directly into the SQL query
B.Validating user input using client-side JavaScript
C.Replacing single quotes in user input with double quotes
D.Using an SQL query with placeholders and binding user input to the placeholders
D.Using an SQL query with placeholders and binding user input to the placeholders
Using an SQL query with placeholders and binding user input to them is the correct approach for implementing parameterized queries. Parameterized queries separate user input from the query, preventing SQL injection attacks.
A web development company is working on an e-commerce website and wants to ensure that user-generated content, such as product reviews, does not introduce security vulnerabilities. Therefore, they follow secure coding best practices and implement output encoding to mitigate potential risks. What outcome can the company expect from correctly implementing output encoding?
A.Encoding special characters in user-generated content
B.Automatically validating user input before storing it in the database
C.Protecting the application against SQL injection attacks
D.Ensuring that user input is stored in a parameterized query
A.Encoding special characters in user-generated content
The correct approach is to prevent cross-site scripting (XSS) attacks by encoding special characters in user-generated content. Output encoding ensures that special characters in user-generated content are safely encoded, preventing malicious scripts from executing by the browser.
A financial services company has discovered that its web application suffers from broken access control issues. Which of the following controls should a security expert recommend to mitigate the risks associated with these issues?
A.Implementing a Web Application Firewall (WAF)
B.Employing Role-Based Access Control (RBAC)
C.Enforcing password complexity requirements
D.Adopting a Security Development Lifecycle (SDLC) approach
B.Employing Role-Based Access Control (RBAC)
A security auditor discovered a vulnerability in a web application that allows an attacker to trick an authenticated user into performing unintended actions on the application without their knowledge. Which of the following web vulnerabilities best describes this scenario?
A.Cross-Site Scripting (XSS)
B.Server-Side Request Forgery (SSRF)
C.Directory Traversal
D.Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) is a web vulnerability that allows an attacker to trick authenticated users into performing unintended actions on a web application without their knowledge.
26.7% complete
Question
A security analyst is examining an incident where an attacker exploited a web application to gain unauthorized access to files and resources on the server. The attacker manipulated user input to include external files or traverse the server’s directory structure. Which of the following web vulnerabilities are most likely to be responsible for this scenario? (Select the two best options.)
A.Server-Side Request Forgery (SSRF)
B.Cross-Site Request Forgery (CSRF)
C.Local File Inclusion (LFI)
D.Remote File Inclusion (RFI)
C.Local File Inclusion (LFI)
D.Remote File Inclusion (RFI)
Local File Inclusion (LFI) is a type of web vulnerability that allows an attacker to include local files on the server, often resulting in unauthorized access to sensitive files and resources.
Remote File Inclusion (RFI) is a type of web vulnerability that allows an attacker to include external files in a web application.
A security researcher has discovered a vulnerability in a web application that allows an attacker to make requests to internal or external resources on behalf of the web server. Which of the following web vulnerabilities best describes this scenario?
A.Server-Side Request Forgery (SSRF)
B.Cross-Site Request Forgery (CSRF)
C.Cross-Site Scripting (XSS)
D.Structured Query Language (SQL) injection
a. Server-Side Request Forgery (SSRF)
Server-Side Request Forgery (SSRF) is a type of web vulnerability that allows an attacker to request internal or external resources on behalf of the web server.
A web developer at a startup company is building a new web application. The developer wants to ensure that the application is secure from various types of attacks. Which of the following frameworks would be the most appropriate for the web developer to use?
A.OWASP Web Security Testing Guide
B.International Organization for Standardization (ISO) 27001/27002
C.Open Source Security Testing Methodology Manual (OSSTMM)
D.Control Objectives for Information and related Technology (COBIT)
a. OWASP Web Security Testing Guide
OWASP Web Security Testing Guide is a comprehensive guide for web application security testing. It provides guidelines, best practices, and resources for web developers to ensure that their applications are secure from various types of attacks.
An e-commerce website has been identified as being susceptible to reflected cross-site scripting (XSS) attacks within its search functionality. The security team is tasked with recommending controls to mitigate this specific vulnerability. Which of the following recommendations is MOST appropriate to address the vulnerability?
A.Encrypt sensitive data stored in the database
B.Increase the session timeout duration
C.Implement input validation and output encoding
D.Restrict access to application source code
c. Implement input validation and output encoding
Reflected XSS vulnerabilities occur when user input is incorporated directly into a web page without proper validation or encoding. Implementing input validation helps ensure that user input meets expected criteria, while output encoding prevents special characters in user input from being interpreted as code by a user’s web browser.
A software development company has concerns about the potential risks associated with insecure design for an upcoming development project. Which of the following controls should a security expert recommend to mitigate these risks?
A.Adopting a Secure Software Development Lifecycle (SSDLC) approach
B.Implementing regular security audits
C.Applying Content Security Policy (CSP)
D.Employing Address Space Layout Randomization (ASLR)
A.Adopting a Secure Software Development Lifecycle (SSDLC) approach
An SSDLC approach ensures that the expert considers and integrates security throughout the entire software development process. It helps identify and mitigate potential risks associated with insecure design early in development.
An e-commerce platform has identified a stack overflow vulnerability in one of its critical applications. The organization has tasked a security analyst with suggesting effective controls to mitigate the risk associated with this vulnerability. Considering the nature of the vulnerability, which control should the analyst recommend?
A.Implementing input validation and sanitization
B.Enabling secure cookie flags
C.Applying Content Security Policy (CSP)
D.Employing Address Space Layout Randomization (ASLR)
D. Employing Address Space Layout Randomization (ASLR)
ASLR is a security technique that randomizes the memory address locations where the system loads application code and data. This randomization makes it more challenging for attackers to exploit stack overflow vulnerabilities.
A software development company has already included planning, implementation, testing, and maintenance stages in its software development lifecycle (SDLC). Which of the following stages did the company NOT include? (Select the two best options.)
A.Testing
B.Design
C.Deployment
D.Post-implementation review
B. Design
C.Deployment
A security consultant identified a vulnerability in a web application that allows an attacker to execute arbitrary commands on the target system, potentially gaining full control over it. Which of the following web vulnerabilities best describes this scenario?
A.Directory traversal
B.Remote Code Execution (RCE)
C.Structured Query Language (SQL) injection
D.Server-Side Request Forgery (SSRF)
B Remote Code Execution (RCE)
Remote Code Execution (RCE) is a type of web vulnerability that allows an attacker to execute arbitrary commands on the target system, potentially gaining full control over it.
A healthcare organization is developing a web-based patient records system. During the testing phase, security analysts identified several injection flaws that could potentially compromise sensitive patient data. Which controls should the organization implement to mitigate the risks associated with injection flaws?
A.Employ least privilege principles for database access
B.Implement parameterized queries and input validation
C.Use cookies to store user session data
D.Disable security headers in the application
B. Implement parameterized queries and input validation
An e-commerce company recently suffered a data breach, and a security audit revealed several vulnerabilities in their web application. The company wants to improve its web application security by following secure coding best practices and enhancing session management. Which of the following actions should the company take to achieve this?
A.Employ HTTPS for all data transmissions
B.Utilize hard-coded credentials
C.Use short session timeouts
D.Disable input validation
C.Use short session timeouts
Using short session timeouts is a secure coding best practice for session management. Short timeouts help prevent unauthorized access to a user’s session by reducing the window of opportunity for an attacker to hijack the session.
Preparing for a new testing project on attack reduction, a penetration tester reviews the company’s checklist for application attack mitigation. Which checklist control focuses on ensuring users have only the needed level of access required for their role.
A.Remote code execution
B.End-of-life
C.Privilege escalation
D.Identification failure
c. Privilege escalation
