Exam A Flashcards

1
Q

A company has hired a third-party to gather information about the company’s servers and data. This third-party will not have direct access to the company’s internal network, but they can gather information from any other source. Which of the following would BEST describe this approach?

A

Passive reconnaissance Passive reconnaissance focuses on gathering as much information from open sources such as social media, corporate websites, and business organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of these threat actors would be MOST likely to attack systems for direct financial gain?

A

Organized crime
An organized crime actor is motivated by money, and their hacking objectives are usually based around objectives that can be easily exchanged for financial capital.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A security administrator has examined a server recently compromised by an attacker, and has determined the system was exploited due to a known operating system vulnerability. Which of the following would BEST describe this finding?

A

Root cause analysis
The goal of a root cause analysis is to explain the ultimate cause of an incident. Once the cause is known, it becomes easier to protect against similar attacks in the future.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A city is building an ambulance service network for emergency medical dispatching. Which of the following should have the highest priority?

A

System availability Requests to emergency services are often critical in nature, and it’s important for a dispatching system to always be available when a call is made.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A system administrator receives a text alert when access rights are changed on a database containing private customer information. Which of the following would describe this alert?

A

Automation
Automation ensures that compliance checks can be performed on a regular basis without the need for human intervention. This can be especially useful to provide alerts when a configuration change causes an organization to be out of compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A security administrator is concerned about the potential for data exfiltration using external storage drives. Which of the following would be the BEST way to prevent this method of data exfiltration?

A

Create an operating system security policy to prevent the use of removable media Removable media uses hot-pluggable interfaces such as USB to connect storage drives. A security policy in the operating system can prevent any files from being written to a removable drive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A company creates a standard set of government reports each calendar quarter. Which of the following would describe this type of data?

A

Regulated Reports and information created for governmental use are regulated by laws regarding the disclosure of certain types of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An insurance company has created a set of policies to handle data breaches. The security team has been given this set of requirements based on these policies:
* Access records from all devices must be saved and archived
* Any data access outside of normal working hours must be immediately reported
* Data access must only occur inside of the country
* Access logs and audit reports must be created from a single database Which of the following should be implemented by the security team to meet these requirements? (Select THREE)
❍ A. Restrict login access by IP address and GPS location ❍ B. Require government-issued identification during the onboarding process
❍ C. Add additional password complexity for accounts that access data
❍ D. Conduct monthly permission auditing
❍ E. Consolidate all logs on a SIEM
❍ F. Archive the encryption keys of all disabled accounts ❍ G. Enable time-of-day restrictions on the authentication server

A

A. Restrict login access by IP address and GPS location,
E. Consolidate all logs on a SIEM, and
G. Enable time-of-day restrictions on the authentication server Adding location-based policies will prevent direct data access from outside of the country. Saving log information from all devices and creating audit reports from a single database can be implemented through the use of a SIEM (Security Information and Event Manager). Adding a check for the time-of-day will report any access that occurs during non-working hours.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A security engineer, is viewing this record from the firewall logs: UTC 04/05/2023 03:09:15809 AV Gateway Alert 136.127.92.171 80 -> 10.16.10.14 60818 Gateway Anti-Virus Alert: XPACK.A_7854 (Trojan) blocked.
Which can be observed from this log information?

A

A download was blocked from a web server
A traffic flow from a web server port number (80) to a device port (60818) indicates that this traffic flow originated on port 80 of the web server. A file download is one of the most common ways to deliver a Trojan, and this log entry shows that the file containing the XPACK.A_7854 Trojan was blocked.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A user connects to a third-party website and receives this message:
Your connection is not private.
NET::ERR_CERT_INVALID
Which attack would be the MOST likely reason
for this message?

A

On-path
An on-path attack is often associated with a third-party who is actively
intercepting network traffic. This entity in the middle would not be able
to provide a valid SSL certificate for a third-party website, and this error
would appear in the browser as a warning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which would be the BEST way to provide a website
login using existing credentials from a third-party site?

A

Federation
Federation would allow members of one organization to authenticate
using the credentials of another organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A system administrator is working on a contract that will specify a
minimum required uptime for a set of Internet-facing firewalls. The
administrator needs to know how often the firewall hardware is expected
to fail between repairs. Which of the following would BEST describe this
information?

A

MTBF
The MTBF (Mean Time Between Failures) is a prediction of how often a
repairable system will fail.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An attacker calls into a company’s help desk and pretends to be the
director of the company’s manufacturing department. The attacker
states that they have forgotten their password and they need to have the
password reset quickly for an important meeting. What kind of attack
would BEST describe this phone call?

A

Social engineering
This social engineering attack uses impersonation to take advantage of
authority and urgency principles in an effort to convince someone else to
circumvent normal security controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Two companies have been working together for a number of months,
and they would now like to qualify their partnership with a broad formal
agreement between both organizations. Which would
describe this agreement?

A

MOA
An MOA (Memorandum of Agreement) is a formal document where
both sides agree to a broad set of goals and objectives associated with the
partnershi

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which would explain why a company would
automatically add a digital signature to each outgoing email message?

A

Integrity
Integrity refers to the trustworthiness of data. A digital signature allows
the recipient to confirm that none of the data has been changed since the
digital signature was created.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The embedded OS in a company’s time clock appliance is configured to
reset the file system and reboot when a file system error occurs. On one
of the time clocks, this file system error occurs during the startup process
and causes the system to constantly reboot. Which BEST describes this issue?

A

Race condition
A race condition occurs when two processes occur at similar times, and
usually with unexpected results. The file system problem can often be fixed
before a reboot, but the reboot is occurring before the fix can be applied.
This has created a race condition that results in constant reboots.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A recent audit has found that existing password policies do not include
any restrictions on password attempts, and users are not required to
periodically change their passwords. Which would
correct these policy issues? (Select TWO)
❍ A. Password complexity
❍ B. Password expiration
❍ C. Password reuse
❍ D. Account lockout
❍ E. Password managers

A

B. Password expiration and D. Account lockout
Password expiration would require a password change after the expiration
date. An account lockout would disable an account after a predefined
number of unsuccessful login attempts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What kind of security control is associated with a login banner?

A

Deterrent
A deterrent control does not directly stop an attack, but it may discourage
an action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

An internal audit has discovered four servers that have not been updated
in over a year, and it will take two weeks to test and deploy the latest
patches. Which of the following would be the best way to quickly
respond to this situation in the meantime?

A

Move the servers to a protected segment
Segmenting the servers to their own protected network would allow
for additional security controls while still maintaining the uptime and
availability of the systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A business manager is documenting a set of steps for processing orders
if the primary Internet connection fails. Which would BEST
describe these steps?

A

Continuity of operations
It’s always useful to have an alternative set of processes to handle any type
of outage or issue. Continuity of operations planning ensures that the
business will continue to operate when these issues occur.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A company would like to examine the credentials of each individual
entering the data center building. Which would BEST
facilitate this requirement?

A

Access control vestibule
An access control vestibule is a room designed to restrict the flow of
individuals through an area. These are commonly used in high security
areas where each person needs to be evaluated and approved before access
can be provided.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A company stores some employee information in encrypted form, but
other public details are stored as plaintext. Which of the following would
BEST describe this encryption strategy?

A

Record
Record-level encryption is commonly used with databases to encrypt
individual columns within the database. This would store some
information in the database as plaintext and other information as
encrypted dat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A company would like to minimize database corruption if power is lost to
a server. Which would be the BEST strategy to follow?

A

Journaling
Journaling writes data to a temporary journal before writing the
information to the database. If power is lost, the system can recover the
last transaction from the journal when power is restored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A company is creating a security policy for corporate mobile devices:
* All mobile devices must be automatically locked after a predefined
time period.
* The location of each device needs to be traceable.
* All of the user’s information should be completely separate from
company data.
Which would be the BEST way to establish these
security policy rules?

A

MDM
An MDM (Mobile Device Manager) provides a centralized management
system for all mobile devices. From this central console, security
administrators can set policies for many different types of mobile devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A security engineer runs a monthly vulnerability scan. The scan doesn’t
list any vulnerabilities for Windows servers, but a significant vulnerability
was announced last week and none of the servers are patched yet. Which
best describes this result?

A

False negative
A false negative is a result that fails to detect an issue when one
actually exists.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

An IT help desk is using automation to improve the response time for
security events. Which use case would apply to this
process?

A

Escalation
Automation can recognize security events and escalate a security-related
ticket to the incident response team without any additional human
interaction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A network administrator would like each user to authenticate with
their corporate username and password when connecting to the
company’s wireless network. Which should the network administrator configure on the wireless access points?

A

802.1X
802.1X uses a centralized authentication server, and this allows all users to
use their corporate credentials during the login process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A company’s VPN service performs a posture assessment during the
login process. Which of the following mitigation techniques would this
describe?

A

Configuration enforcement
A posture assessment evaluates the configuration of a system to ensure
all configurations and applications are up to date and secure as possible.
If a configuration does not meet these standards, the user is commonly
provided with options for resolving the issue before proceeding.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A user has assigned individual rights and permissions to a file on their
network drive. The user adds three additional individuals to have read-only access to the file. Which would describe this access control model?

A

Discretionary
Discretionary access control is used in many operating systems, and this
model allows the owner of the resource to control who has access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

A remote user has received a text message with a link to login and
confirm their upcoming work schedule. Which would
BEST describe this attack?

A

Smishing
Smishing, or SMS (Short Message Service) phishing, is a social
engineering attack that asks for sensitive information using SMS or
text messages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

A company is formalizing the design and deployment process used by
their application programmers. Which of the following policies would
apply?

A

Development lifecycle
A formal software development lifecycle defines the specific policies
associated with the design, development, testing, deployment, and
maintenance of the application development process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

A security administrator has copied a suspected malware executable from
a user’s computer and is running the program in a sandbox. Which would describe this part of the incident response process?

A

Containment
The isolation and containment process prevents malware from spreading
and allows the administrator to analyze the operation of the malware
without putting any other devices at risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

A server administrator at a bank has noticed a decrease in the number
of visitors to the bank’s website. Additional research shows that users are
being directed to a different IP address than the bank’s web server. Which
of the following would MOST likely describe this attack?

A

DNS poisoning
A DNS poisoning can modify a DNS server to modify the IP address
provided during the name resolution process. If an attacker modifies the
DNS information, they can direct client computers to any destination IP
address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which consideration is MOST commonly associated
with a hybrid cloud model?

A

Network protection mismatches
A hybrid cloud includes more than one private or public cloud. This adds
additional complexity to the overall infrastructure, and it’s common to
inadvertently apply different authentication options and user permissions
across multiple cloud providers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

A company hires a large number of seasonal employees, and their
system access should normally be disabled when the employee leaves
the company. The security administrator would like to verify that their
systems cannot be accessed by any of the former employees. Which would be the BEST way to provide this verification?

A

Validate the offboarding processes and procedures
The disabling of an employee account is commonly part of the offboarding
process. One way to validate an offboarding policy is to perform an audit
of all accounts and compare active accounts with active employees.

36
Q

Which of the following is used to describe how cautious an organization
might be to taking a specific risk?

A

Risk appetite
A risk appetite is a broad description of how much risk-taking is deemed
acceptable. An organization’s risk appetite posture might be conservative,
or they might be more expansionary and willing to take additional risks.

37
Q

A technician is applying a series of patches to fifty web servers during a
scheduled maintenance window. After patching and rebooting the first
server, the web service fails with a critical error. Which of the following
should the technician do NEXT?

A

Follow the steps listed in the backout plan
The backout plan associated with the change control process provides
information on reverting to the previous configuration if an unrecoverable
error is found during the change.

38
Q

An attacker has discovered a way to disable a server by sending specially
crafted packets from many remote devices to the operating system. When
the packet is received, the system crashes and must be rebooted to restore
normal operations. Which would BEST describe this
attack?

A

DDoS
A DDoS (Distributed Denial of Service) is an attack that overwhelms or
disables a service to prevent the service from operating normally. Packets
from multiple devices that disable a server would be an example of a
DDoS attack.

39
Q

A data breach has occurred in a large insurance company. A security
administrator is building new servers and security systems to get all of
the financial systems back online. Which part of the incident response
process would BEST describe these actions?

A

Recovery
The recovery after a breach can be a phased approach that may take
months to complete.

40
Q

A network team has installed new access points to support an application
launch. In less than 24 hours, the wireless network was attacked and
private company information was accessed. Which would be the MOST likely reason for this breach?

A

Misconfiguration
There are many different configuration options when installing an access
point, and it’s likely one of those options allowed an attacker to gain access
to the internal network.

41
Q

An organization has identified a significant vulnerability in an Internetfacing firewall. The firewall company has stated the firewall is no
longer available for sale and there are no plans to create a patch for this vulnerability. Which would BEST describe this issue?

A

End-of-life
Because the firewall is no longer available for sale, the firewall company
has decided to stop supporting and updating the device. A product no
longer supported by the manufacturer is consider to be end-of-life.

42
Q

A company has decided to perform a disaster recovery exercise during an
annual meeting with the IT directors and senior directors. A simulated
disaster will be presented, and the participants will discuss the logistics
and processes required to resolve the disaster. Which
would BEST describe this exercise?

A

Tabletop exercise
A tabletop exercise allows a disaster recovery team to evaluate and plan
disaster recovery processes without performing a full-scale drill.

43
Q

A security administrator needs to block users from visiting websites hosting malicious software. Which would be the BEST way to control this access?

A

DNS filtering
DNS filtering uses a database of known malicious websites to resolve an
incorrect or null IP address. If a user attempts to visit a known malicious
site, the DNS resolution will fail and the user will not be able to visit the
website.

44
Q

A system administrator has been called to a system with a malware
infection. As part of the incident response process, the administrator has
imaged the operating system to a known-good version. Which incident response step is the administrator following?

A

Recovery
The recovery phase describes the process of returning the system and data
to the state prior to the malware infection. With a malware infection, this
often requires deleting all data and reinstalling a known-good operating
system.

45
Q

A company has placed a SCADA system on a segmented network with
limited access from the rest of the corporate network. Which would describe this process?

A

Hardening
The hardening process for an industrial SCADA (Supervisory Control and
Data Acquisition) system might include network segmentation, additional
firewall controls, and the implementation of access control lists.

46
Q

An administrator is viewing the following security log:
Dec 30 08:40:03 web01 Failed password for root
from 10.101.88.230 port 26244 ssh2
Dec 30 08:40:05 web01 Failed password for root
from 10.101.88.230 port 26244 ssh2
Dec 30 08:40:09 web01 445 more authentication
failures; rhost=10.101.88.230 user=root
Which of the following would describe this attack?

A

Brute force
A brute force attack discovers password by attempting a large combination
of letters, numbers, and special characters until a match is found. In this
example, the notification of over four hundred attempts would qualify as a
brute force attack.

47
Q

During a morning login process, a user’s laptop was moved to a private
VLAN and a series of updates were automatically installed. Which of the
following would describe this process?

A

Configuration enforcement
Many organizations will perform a posture assessment during the login
process to verify the proper security controls are in place. If the device does
not pass the assessment, the system can be quarantined and any missing
security updates can then be installed.

48
Q

Which of the following describes two-factor authentication?

A

A Windows Domain requires a password and smart card
The multiple factors of authentication for this Windows Domain are a
password (something you know), and a smart card (something you have).

49
Q

A company is deploying a new application to all employees in the field.
Some of the problems associated with this roll out include:
* The company does not have a way to manage the devices in the field
* Team members have many different kinds of mobile devices
* The same device needs to be used for both corporate and private use
Which of the following deployment models would address these
concerns?

A

COPE
A COPE (Corporate-owned, Personally Enabled) device would solve the
issue of device standardization and would allow the device to be used for
both corporate access and personal use.

50
Q

An organization is installing a UPS for their new data center. Which would BEST describe this control type?

A

Compensating
A compensating security control doesn’t prevent an attack, but it does
restore from an attack using other means. In this example, the UPS
(Uninterruptible Power Supply) does not stop a power outage, but it does
provide alternative power if an outage occurs.

51
Q

A manufacturing company would like to track the progress of parts used
on an assembly line. Which technology would be the
BEST choice for this task?

A

Blockchain
The ledger functionality of a blockchain can be used to track or verify components, digital media, votes, and other physical or digital objects.

52
Q

A company’s website has been compromised and the website content has
been replaced with a political message. Which threat actor would be the MOST likely culprit?

A

Hacktivist
A hacktivist is motivated by a particular philosophy, and their goal is to spread their message by defacing web sites and releasing private
documents.

53
Q

A Linux administrator is downloading an updated version of her Linux
distribution. The download site shows a link to the ISO and a SHA256 hash value. Which describe the use of this hash value?

A

Verifies that the file was not corrupted during
the file transfer
Once the file is downloaded, the administrator can calculate the file’s
SHA256 hash and confirm that it matches the value on the website.

54
Q

A company’s security policy requires that login access should only
be available if a person is physically within the same building as the
server. Which would be the BEST way to provide this
requirement?

A

Biometric scanner
A biometric scanner would require a person to be physically present to
verify the authentication.

55
Q

A development team has installed a new application and database to a
cloud service. After running a vulnerability scanner on the application
instance, a security administrator finds the database is available for
anyone to query without providing any authentication. Which
vulnerability is MOST associated with this issue?

A

Open permissions
Just like local systems, proper permissions and security controls are
required when applications are installed to a cloud-based system. If
permissions are not properly configured, the application data may be
accessible by anyone on the Internet.

56
Q

Employees of an organization have received an email with a link offering
a cash bonus for completing an internal training course. Which would BEST describe this email?

A

Phishing campaign
A phishing campaign is an internal process used to test the security habits
of the user community. An email with a link from a server not under the
control of the company could be an email sent by the IT department as
part of a phishing campaign.

57
Q

Which of the following risk management strategies would include the
purchase and installation of an NGFW?

A

Mitigate
Mitigation is a strategy that decreases the threat level. This is commonly
done through the use of additional security systems and monitoring, such
as an NGFW (Next-Generation Firewall).

58
Q

An organization is implementing a security model where all application
requests must be validated at a policy enforcement point. Which would BEST describe this model?

A

Zero trust
Zero trust describes a model where nothing is inherently trusted and
everything must be verified to gain access. A central policy enforcement
point is commonly used to implement a zero trust architecture.

59
Q

A company is installing a new application in a public cloud. Which determines the assignment of data security in this cloud
infrastructure?

A

Responsibility matrix
A cloud responsibility matrix is usually published by the provider to document the responsibilities for all cloud-based services. For example,
the customer responsibilities for an IaaS (Infrastructure as a Service) implementation will be different than SaaS (Software as a Service).

60
Q

When decommissioning a device, a company documents the type and
size of storage drive, the amount of RAM, and any installed adapter cards.
Which describes this process?

A

Enumeration
Enumeration describes the detailed listing of all parts in a particular device. For a computer, this could include the CPU type, memory, storage drive details, keyboard model, and more.

61
Q

An attacker has sent more information than expected in a single API call, and this has allowed the execution of arbitrary code. Which would BEST describe this attack?

A

Buffer overflow
The results of a buffer overflow can cause random results, but sometimes
the actions can be repeatable and controlled. In the best possible case for
the hacker, a buffer overflow can be manipulated to execute code on the
remote device.

62
Q

A company encourages users to encrypt all of their confidential materials
on a central server. The organization would like to enable key escrow as
a backup option. Which key should the organization place into escrow?

A

Private
With asymmetric encryption, the private key is used to decrypt information that has been encrypted with the public key. To ensure
continued access to the encrypted data, the company must have a copy of
each private key.

63
Q

A company is in the process of configuring and enabling host-based firewalls on all user devices. Which threat is the company addressing?

A

Instant messaging
Instant messaging is commonly used as an attack vector, and one way to
help protect against malicious links delivered by instant messaging is a
host-based firewall.

64
Q

A manufacturing company would like to use an existing router to separate a corporate network from a manufacturing floor. Both networks use the same physical switch, and the company does not want to install any additional hardware. Which of the following would be the BEST choice for this segmentation?

A

Create separate VLANs for the corporate network and
the manufacturing floor
Creating VLANs (Virtual Local Area Networks) will segment a network without requiring additional switches.

65
Q

An organization needs to provide a remote access solution for a newly
deployed cloud-based application. This application is designed to be used
by mobile field service technicians. Which would be the best option for this requirement?

A

SASE
A SASE (Secure Access Service Edge) solution is a next-generation VPN
technology designed to optimize the process of secure communication to
cloud services.

66
Q

A company is implementing a quarterly security awareness campaign.
Which of the following would MOST likely be part of this campaign?

A

Suspicious message reports from users
A security awareness campaign often involves automated phishing
attempts, and most campaigns will include a process for users to report a
suspected phishing attempt to the IT security team.

67
Q

A recent report shows the return of a vulnerability that was previously patched four months ago. After researching this issue, the security team has found a recent patch has reintroduced this vulnerability on the servers.
Which should the security administrator implement to
prevent this issue from occurring in the future?

A

Change management
The change management process includes a testing phase that can help
identify potential issues relating to an application change or upgrade.

68
Q

A security manager would like to ensure that unique hashes are used with
an application login process. Which of the following would be the BEST
way to add random data when generating a set of stored password hashes?

A

Salting
Adding random data, or salt, to a password when performing the hashing
process will create a unique hash, even if other users have chosen the same
password.

69
Q

Which cryptographic method is used to add trust to a digital certificate?

A

Digital signature
A certificate authority will digitally sign a certificate to add trust. If you
trust the certificate authority, you can therefore trust the certificate.

70
Q

A company is using SCAP as part of their security monitoring processes.
Which would BEST describe this implementation?

A

Automate the validation and patching of security issues
SCAP (Security Content Automation Protocol) focuses on the
standardization of vulnerability management across multiple security tools.
This allows different tools to identify and act on the same security criteria.

71
Q

An organization maintains a large database of customer information for sales tracking and customer support. Which person in the organization would be responsible for managing the access rights to this data?

A

Data custodian
The data custodian manages access rights and sets security controls
to the data.

72
Q

An organization’s content management system currently labels files
and documents as “Public” and “Restricted.” On a recent update, a new
classification type of “Private” was added. Which would be the MOST likely reason for this addition?

A

Expanded privacy compliance
The labeling of data as private is often associated with compliance and
confidentiality concerns.

73
Q

A corporate security team would like to consolidate and protect the private keys across all of their web servers. Which would be the BEST way to securely store these keys?

A

Integrate an HSM
An HSM (Hardware Security Module) is a high-end cryptographic hardware appliance that can securely store keys and certificates for all devices.

74
Q

A security technician is reviewing this security log from an IPS:
-ALERT 2018-06-01 13:07:29 [163bcf65118-179b547b]
-Cross-Site Scripting in JSON Data
-222.43.112.74:3332 -> 64.235.145.35:80
-URL/index.html - Method POST - Query String “-“
-User Agent: curl/7.21.3 (i386-redhat-linux-gnu) libcurl/7.21.3
-NSS/3.13.1.0 zlib/1.2.5 libidn/1.19 libssh2/1.2.7
-Detail: token=”

" key="key7" value="
alert(2)
"
Which can be determined from this log information?
(Select TWO)
A

The Answer: B. The alert was generated from an embedded script and
C. The attacker’s IP address is 222.43.112.74

The details of the IPS (Intrusion Prevention System) alert show a script
value embedded into JSON ( JavaScript Object Notation) data. The IPS
log also shows the flow of the attack with an arrow in the middle. The
attacker was IP address 222.43.112.74 with port 3332, and the victim was
64.235.145.35 over port 80.

75
Q

Which describes a monetary loss if one event occurs?

A

SLE
SLE (Single Loss Expectancy) describes the financial impact of a single event.

76
Q

A user with restricted access has typed this text in a search field of an
internal web-based application:

-USER77’ OR ‘1’=’1

After submitting this search request, all database records are displayed on
the screen. Which would BEST describe this search?

A

SQL injection
SQL (Structured Query Language) injection takes advantage of poor
input validation to circumvent the application and allows the attacker to
query the database directly.

77
Q

A user has opened a helpdesk ticket complaining of poor system performance, excessive pop up messages, and the cursor moving without anyone touching the mouse. This issue began after they opened a spreadsheet from a vendor containing part numbers and pricing
information. Which is MOST likely the cause of this
user’s issues?

A

Trojan horse
Since a Trojan horse is usually disguised as legitimate software, the
victim often doesn’t realize they’re installing malware. Once the Trojan is
installed, the attacker can install additional software to control the infected
system.

78
Q

A web-based manufacturing company processes monthly charges to credit
card information saved in the customer’s profile. All of the customer information is encrypted and protected with additional authentication factors. Which would be the justification for these security controls?

A

Compliance reporting
The storage of sensitive information such as customer details and payment information may require additional reporting to ensure compliance with
the proper security controls.

79
Q

A security manager has created a report showing intermittent network
communication from certain workstations on the internal network to one external IP address. These traffic patterns occur at random times during the day. Which would be the MOST likely reason for these traffic patterns?

A

Keylogger
A keylogger captures keystrokes and occasionally transmits this information to the attacker for analysis. The traffic patterns identified
by the security manager could potentially be categorized as malicious
keylogger transfers.

80
Q

The security policies in a manufacturing company prohibit the transmission of customer information. However, a security administrator has received an alert that credit card numbers were transmitted as an email attachment. Which is the MOST likely source of this alert message?

A

DLP
DLP (Data Loss Prevention) technologies can identify and block the transmission of sensitive data across the network.

81
Q

A security administrator has configured a virtual machine in a screened subnet with a guest login account and no password. Which would be the MOST likely reason for this configuration?

A

The server is a honeypot for attracting potential attackers

A screened subnet is a good location to configure services that can be accessed from the Internet, and building a system that can be easily
compromised is a common tactic for honeypot systems.

82
Q

A security administrator is configuring a DNS server with a SPF record.
Which would be the reason for this configuration?

A

List all servers authorized to send emails

SPF (Sender Policy Framework) is used to publish a list of all authorized
email servers for a specific domain.

83
Q

A company would like to securely deploy applications without the overhead of installing a virtual machine for each system. Which would be the BEST way to deploy these applications?

A

Containerization
Application containerization uses a single virtual machine to use as a foundation for separate application “containers.” These containers are implemented as isolated instances, and an application in one container is not inherently accessible from other containers on the system.

84
Q

A company has just purchased a new application server, and the security director wants to determine if the system is secure. The system is currently installed in a test environment and will not be available to users until the
roll out to production next week. Which would be the BEST way to determine if any part of the system can be exploited?

A

Penetration test
A penetration test can be used to actively exploit potential vulnerabilities
in a system or application. This could cause a denial of service or loss of data, so the best practice is to perform the penetration test during non-production hours or in a test environment.

85
Q

A company’s email server has received an email from a third-party, but the origination server does not match the list of authorized devices. Which would determine the disposition of this message?

A

DMARC
DMARC (Domain-based Message Authentication Reporting and Conformance) specifies the disposition of spam emails. The legitimate owner of the originating email domain can choose to have these messages
accepted, sent to a spam folder, or rejected.