Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Must Pass or Else > ExamT 4 > Flashcards

ExamT 4 Flashcards

1
Q

A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicate a directory-traversal attack has occurred. Which of the following is the analyst MOST likely seeing?
A. http://sample.url.com/Please-Visit-Our-Phishing-Site
B. http://sample.url.com/someotherpageonsite/../../../etc/shadow
C. http://sample.url.com/select-from-database-where-password-null
D. http://redirect.sameple.url.sampleurl.com/malicious-dns-redirect

A

B. http://sample.url.com/someotherpageonsite/../../../etc/shadow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A company has limited storage space available and an online presence that cannot be down for more than four hours. Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time in the event of a failure, while being mindful of the limited available storage space?
A. Implement full tape backups every Sunday at 8:00 p.m. and perform nightly tape rotations.
B. Implement differential backups every Sunday at 8:00 p.m. and nightly incremental backups at 8:00 p.m.
C. Implement nightly full backups every Sunday at 8:00 p.m.
D. Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m.

A

D. Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An organization has a growing workforce that is mostly driven by additions to the sales department. Each newly hired salesperson relies on a mobile device to conduct business. The Chief Information Officer (CIO) is wondering if the organization may need to scale down just as quickly as it scaled up. The CIO is also concerned about the organizationג€™s security and customer privacy. Which of the following would be BEST to address the CIOג€™s concerns?
A. Disallow new hires from using mobile devices for six months.
B. Select four devices for the sales department to use in a CYOD model.
C. Implement BYOD for the sales department while leveraging the MDM.
D. Deploy mobile devices using the COPE methodology.

A

C. Implement BYOD for the sales department while leveraging the MDM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
A malicious actor recently penetrated a companyג€™s network and moved laterally to the datacenter. Upon investigation, a forensics firm wants to know what was in the memory on the compromised server. Which of the following files should be given to the forensics firm?
A. Security
B. Application
C. Dump
D. Syslog
A

C. Dump

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q 
A public relations team will be taking a group of guests on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against:
A. loss of proprietary information.
B. damage to the companyג€™s reputation.
C. social engineering.
D. credential exposure.
A

A. loss of proprietary information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q 
The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of a:
A. data controller.
B. data owner.
C. data custodian.
D. data processor.
A

C. data custodian.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A network engineer is troubleshooting wireless network connectivity issues that were reported by users. The issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return to their desks after using their devices in other areas of the building. There have also been reports of users being required to enter their credentials on web pages in order to gain access to them. Which of the following is the MOST likely cause of this issue?
A. An external access point is engaging in an evil-twin attack.
B. The signal on the WAP needs to be increased in that section of the building.
C. The certificates have expired on the devices and need to be reinstalled.
D. The users in that section of the building are on a VLAN that is being blocked by the firewall.

A

A. An external access point is engaging in an evil-twin attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q 
A security administrator needs to create a RAID configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drives will fail simultaneously. Which of the following RAID configurations should the administrator use?
A. RAID 0
B. RAID 1
C. RAID 5
D. RAID 10
A

D. RAID 10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
A companyג€™s Chief Information Officer (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the companyג€™s developers. Which of the following would be MOST suitable for training the developers?
A. A capture-the-flag competition
B. A phishing simulation
C. Physical security training
D. Basic awareness training
A

D. Basic awareness training

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q 
A security analyst needs to generate a server certificate to be used for 802.1X and secure RDP connections. The analyst is unsure what is required to perform the task and solicits help from a senior colleague. Which of the following is the FIRST step the senior colleague will most likely tell the analyst to perform to accomplish this task?
A. Create an OCSP
B. Generate a CSR.
C. Create a CRL.
D. Generate a .pfx file.
A

B. Generate a CSR.

Certificate signing request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q 
Under GDPR, which of the following is MOST responsible for the protection of privacy and website user rights?
A. The data protection officer
B. The data processor
C. The data owner
D. The data controller
A

D. The data controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?
A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.
B. Restrict administrative privileges and patch all systems and applications.
C. Rebuild all workstations and install new antivirus software.
D. Implement application whitelisting and perform user application hardening.

A

A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q 
A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be BEST to help the organizationג€™s executives determine their next course of action?
A. An incident response plan
B. A communications plan
C. A disaster recovery plan
D. A business continuity plan
A

D. A business continuity plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q 
Which of the following describes the ability of code to target a hypervisor from inside a guest OS?
A. Fog computing
B. VM escape
C. Software-defined networking
D. Image forgery
E. Container breakout
A

B. VM escape

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q 
After a ransomware attack, a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the company MOST likely review to trace this transaction?
A. The public ledger
B. The NetFlow data
C. A checksum
D. The event log
A

A. The public ledger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

During an incident response, a security analyst observes the following log entry on the web server:

Which of the following BEST describes the type of attack the analyst is experiencing?
A. SQL injection
B. Cross-site scripting
C. Pass-the-hash
D. Directory traversal
A

D. Directory traversal

17
Q 
Which of the following ISO standards is certified for privacy?
A. ISO 9001
B. ISO 27002
C. ISO 27701
D. ISO 31000
A

C. ISO 27701
ISO 27701, also abbreviated as PIMS (Privacy Information Management System) outlines a framework for Personally Identifiable Information (PII)

18
Q

A document that appears to be malicious has been discovered in an email that was sent to a companyג€™s Chief Financial Officer (CFO). Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?
A. Open the document on an air-gapped network.
B. View the documentג€™s metadata for origin clues.
C. Search for matching file hashes on malware websites.
D. Detonate the document in an analysis sandbox.

A

C. Search for matching file hashes on malware websites.

19
Q 
A security analyst is running a vulnerability scan to check for missing patches during a suspected security incident. During which of the following phases of the response process is this activity MOST likely occurring?
A. Containment
B. Identification
C. Recovery
D. Preparation
A

B. Identification

20
Q 
Which of the following is a team of people dedicated to testing the effectiveness of organizational security programs by emulating the techniques of potential attackers?
A. Red team
B. White team
C. Blue team
D. Purple team
A

A. Red team

21
Q

A security analyst discovers that a companyג€™s username and password database was posted on an Internet forum. The usernames and passwords are stored in plain text. Which of the following would mitigate the damage done by this type of data exfiltration in the future?
A. Create DLP controls that prevent documents from leaving the network.
B. Implement salting and hashing.
C. Configure the web content filter to block access to the forum.
D. Increase password complexity requirements.

A

B. Implement salting and hashing.

22
Q

Which of the following are requirements that must be configured for PCI DSS compliance? (Choose two.)
A. Testing security systems and processes regularly
B. Installing and maintaining a web proxy to protect cardholder data
C. Assigning a unique ID to each person with computer access
D. Encrypting transmission of cardholder data across private networks
E. Benchmarking security awareness training for contractors
F. Using vendor-supplied default passwords for system passwords

A

A. Testing security systems and processes regularly

C. Assigning a unique ID to each person with computer access

23
Q

A security analyst needs to be proactive in understanding the types of attacks that could potentially target the companyג€™s executives. Which of the following intelligence sources should the security analyst review?
A. Vulnerability feeds
B. Trusted automated exchange of indicator information
C. Structured threat information expression
D. Industry information-sharing and collaboration groups

A

D. Industry information-sharing and collaboration groups

24
Q 
A security audit has revealed that a process control terminal is vulnerable to malicious users installing and executing software on the system. The terminal is beyond end-of-life support and cannot be upgraded, so it is placed on a protected network segment. Which of the following would be MOST effective to implement to further mitigate the reported vulnerability?
A. DNS sinkholing
B. DLP rules on the terminal
C. An IP blacklist
D. Application whitelisting
A

D. Application whitelisting

25
Q

A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site. Upon investigation, a security analyst identifies the following:
✑ The legitimate websiteג€™s IP address is 10.1.1.20 and eRecruit.local resolves to this IP.
✑ The forged websiteג€™s IP address appears to be 10.2.12.99, based on NetFlow records.
✑ All three of the organizationג€™s DNS servers show the website correctly resolves to the legitimate IP.
✑ DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise.
Which of the following MOST likely occurred?
A. A reverse proxy was used to redirect network traffic.
B. An SSL strip MITM attack was performed.
C. An attacker temporarily poisoned a name server.
D. An ARP poisoning attack was successfully executed.

A

C. An attacker temporarily poisoned a name server.

Must Pass or Else (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions