ExamT 5

Question 1

An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for analysis. Which of the following tools should the analyst use to further review the pcap?
A. Nmap
B. cURL
C. Netcat
D. Wireshark

Answer 1

D. Wireshark

Question 2

A company uses wireless for all laptops and keeps a very detailed record of its assets, along with a comprehensive list of devices that are authorized to be on the wireless network. The Chief Information Officer (CIO) is concerned about a script kiddie potentially using an unauthorized device to brute force the wireless PSK and obtain access to the internal network. Which of the following should the company implement to BEST prevent this from occurring?
A. A BPDU guard
B. WPA-EAP
C. IP filtering
D. A WIDS

Answer 2

B. WPA-EAP

Question 3

A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better:
A. validate the vulnerability exists in the organizationג€™s network through penetration testing.
B. research the appropriate mitigation techniques in a vulnerability database.
C. find the software patches that are required to mitigate a vulnerability.
D. prioritize remediation of vulnerabilities based on the possible impact.

Answer 3

D. prioritize remediation of vulnerabilities based on the possible impact.

Question 4

A security engineer is reviewing log files after a third party discovered usernames and passwords for the organizationג€™s accounts. The engineer sees there was a change in the IP address for a vendor website one week earlier. This change lasted eight hours. Which of the following attacks was MOST likely used?
A. Man-in-the-middle
B. Spear phishing
C. Evil twin
D. DNS poisoning

Answer 4

D. DNS poisoning

Question 5

A company recently moved sensitive videos between on-premises, company-owned websites. The company then learned the videos had been uploaded and shared to the Internet. Which of the following would MOST likely allow the company to find the cause?
A. Checksums
B. Watermarks
C. Order of volatility
D. A log analysis
E. A right-to-audit clause

Answer 5

D. A log analysis

Question 6

A large industrial systemג€™s smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the companyג€™s security manager notices the generatorג€™s IP is sending packets to an internal file serverג€™s IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?
A. Segmentation
B. Firewall whitelisting
C. Containment
D. Isolation

Answer 6

A. Segmentation

Question 7

Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the real data?
A. Data encryption
B. Data masking
C. Data deduplication
D. Data minimization

Answer 7

B. Data masking

Question 8

A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to the account and pivot throughout the global network. Which of the following would be BEST to help mitigate this concern?
A. Create different accounts for each region, each configured with push MFA notifications.
B. Create one global administrator account and enforce Kerberos authentication.
C. Create different accounts for each region, limit their logon times, and alert on risky logins.
D. Create a guest account for each region, remember the last ten passwords, and block password reuse.

Answer 8

A. Create different accounts for each region, each configured with push MFA notifications.

Question 9

A software developer needs to perform code-execution testing, black-box testing, and non-functional testing on a new product before its general release. Which of the following BEST describes the tasks the developer is conducting?
A. Verification
B. Validation
C. Normalization
D. Staging

Answer 9

B. Validation

Question 10

A security analyst is configuring a large number of new company-issued laptops. The analyst received the following requirements:
✑ The devices will be used internationally by staff who travel extensively.
✑ Occasional personal use is acceptable due to the travel requirements.
✑ Users must be able to install and configure sanctioned programs and productivity suites.
✑ The devices must be encrypted.
✑ The devices must be capable of operating in low-bandwidth environments.
Which of the following would provide the GREATEST benefit to the security posture of the devices?
A. Configuring an always-on VPN
B. Implementing application whitelisting
C. Requiring web traffic to pass through the on-premises content filter
D. Setting the antivirus DAT update schedule to weekly

Answer 10

D. Setting the antivirus DAT update schedule to weekly

Question 11

An organization has decided to host its web application and database in the cloud. Which of the following BEST describes the security concerns for this decision?
A. Access to the organizationג€™s servers could be exposed to other cloud-provider clients.
B. The cloud vendor is a new attack vector within the supply chain.
C. Outsourcing the code development adds risk to the cloud provider.
D. Vendor support will cease when the hosting platforms reach EOL.

Answer 11

B. The cloud vendor is a new attack vector within the supply chain.

Question 12

An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operations in a:
A. business continuity plan.
B. communications plan.
C. disaster recovery plan.
D. continuity of operations plan.

Answer 12

C. disaster recovery plan.

Question 13

A user received an SMS on a mobile phone that asked for bank details. Which of the following social-engineering techniques was used in this case?
A. SPIM
B. Vishing
C. Spear phishing
D. Smishing

Answer 13

D. Smishing

Question 14

Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker
MOST likely use in this scenario?
A. Watering-hole attack
B. Credential harvesting
C. Hybrid warfare
D. Pharming

Answer 14

A. Watering-hole attack

Question 15

Which of the following will provide the BEST physical security countermeasures to stop intruders? (Choose two.)
A. Alarms
B. Signage
C. Lighting
D. Mantraps
E. Fencing
F. Sensors

Answer 15

D. Mantraps

E. Fencing

Question 16

A security analyst is looking for a solution to help communicate to the leadership team the severity levels of the organizationג€™s vulnerabilities. Which of the following would BEST meet this need?
A. CVE
B. SIEM
C. SOAR
D. CVSS

Answer 16

D. CVSS

Common Vulnerability Scoring System (CVSS)

Question 17

A security incident may have occurred on the desktop PC of an organization’s Chief Executive Officer (CEO). A duplicate copy of the CEO’s hard drive must be stored securely to ensure appropriate forensic processes and the chain of custody are followed. Which of the following should be performed to accomplish this task?
A. Install a new hard drive in the CEO’s PC, and then remove the old hard drive and place it in a tamper-evident bag.
B. Connect a write blocker to the hard drive. Then, leveraging a forensic workstation, utilize the dd command in a live Linux environment to create a duplicate copy.
C. Remove the CEO’s hard drive from the PC, connect to the forensic workstation, and copy all the contents onto a remote fileshare while the CEO watches.
D. Refrain from completing a forensic analysis of the CEO’s hard drive until after the incident is confirmed; duplicating the hard drive at this stage could destroy evidence.

Answer 17

D. Refrain from completing a forensic analysis of the CEOג€™s hard drive until after the incident is confirmed; duplicating the hard drive at this stage could destroy evidence.

Question 18

The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer (CIO) believes the company can implement some basic controls to mitigate the majority of the risk. Which of the following would be BEST to mitigate the CEOג€™s concerns? (Choose two.)
A. Geolocation
B. Time-of-day restrictions
C. Certificates
D. Tokens
E. Geotagging
F. Role-based access controls

Answer 18

A. Geolocation

B. Time-of-day restrictions

Question 19

In the middle of a cyberattack, a security engineer removes the infected devices from the network and locks down all compromised accounts. In which of the following incident response phases is the security engineer currently operating?
A. Identification
B. Preparation
C. Lessons learned
D. Eradication
E. Recovery
F. Containment

Answer 19

F. Containment

Question 20

The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process?
A. Updating the playbooks with better decision points
B. Dividing the network into trusted and untrusted zones
C. Providing additional end-user training on acceptable use
D. Implementing manual quarantining of infected hosts

Answer 20

A. Updating the playbooks with better decision points

Question 21

A security analyst is reviewing the following attack log output:

Which of the following types of attacks does this MOST likely represent?
A. Rainbow table
B. Brute-force
C. Password-spraying
D. Dictionary

Answer 21

C. Password-spraying

Question 22

A network administrator is setting up wireless access points in all the conference rooms and wants to authenticate devices using PKI. Which of the following should the administrator configure?
A. A captive portal
B. PSK
C. 802.1X
D. WPS

Answer 22

C. 802.1X

Question 23

Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company's final software releases? (Choose two.)
A. Unsecure protocols
B. Use of penetration-testing utilities
C. Weak passwords
D. Included third-party libraries
E. Vendors/supply chain
F. Outdated anti-malware software

Answer 23

A. Unsecure protocols

D. Included third-party libraries

Question 24

A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers, the company is unable to upgrade the encryption standard. Which of the following types of controls should be used to reduce the risk created by this scenario?
A. Physical
B. Detective
C. Preventive
D. Compensating

Answer 24

D. Compensating

Question 25

An organization just experienced a major cyberattack incident. The attack was well coordinated, sophisticated, and highly skilled. Which of the following targeted the organization?
A. Shadow IT
B. An insider threat
C. A hacktivist
D. An advanced persistent threat

Answer 25

D. An advanced persistent threat