Latest Questions Flashcards
Which of the following security controls is used to isolate a section of the network and its externally available resources from the internal corporate network in order to reduce the number of possible attacks?
Air gap
A security analyst is reviewing an IDS alert and sees the following:
C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe -noP -exe byPass -nonI - wind hidden -no1 -c dir;findstr /s maldinuv %USERPROFILE%\*.lnk > %USERPROFILE%\Documents\iijlqe.ps1;%USERPROFILE%\Documents\iijlqe.ps1;exit
Fileless malware execution
A security analyst is responding to a malware incident at a company. The malware connects to a command-and-control server on the internet in order to function. Which of the following should the security analyst implement first?
IP-based firewall rules
An employee in the accounting department receives an email containing a demand for payment for services performed by a vendor. However, the vendor is not in the vendor management database. Which of the following is this scenario an example of
Invoice scam
A company wants to begin taking online orders for products but has decided to outsource payment processing to limit risk. Which of the following best describes what the company should request from the payment processor?
Proof of PCI DSS compliance
A security team received the following requirements for a new BYOD program that will allow employees to use personal smartphones to access business email:
-Sensitive customer data must be safeguarded.
-Documents from managed sources should not be opened in unmanaged destinations.
-Sharing of managed documents must be disabled.
-Employees should not be able to download emailed images to their devices.
-Personal photos and contact lists must be kept private.
-IT must be able to remove data from lost/stolen devices or when an employee no longer works for the company.
Which of the following are the best features to enable to meet these requirements? (Choose two.)
Remote wipe
Containerization
A systems administrator is auditing all company servers to ensure they meet the minimum security baseline. While auditing a Linux server, the systems administrator observes the /etc/shadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?
chmod
A company has had several malware incidents that have been traced back to users accessing personal SaaS applications on the internet from the company network. The company has a policy that states users can only access business-related cloud applications from within the company network. Which of the following technical solutions should be used to enforce the policy?
Leverage a cloud access security broker
In which of the following scenarios is tokenization the best privacy technique to use?
Enabling established customers to safely store credit card information
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system. Which of the following would detect this behavior?
Monitoring outbound traffic
Which of the following is a reason why a forensic specialist would create a plan to preserve data after an incident and prioritize the sequence for performing forensic analysis?
Order of volatility
A server administrator is reporting performance issues when accessing all internal resources. Upon further investigation, the security team notices the following:
-A user’s endpoint has been compromised and is broadcasting its MAC as the default gateway’s MAC throughout the LAN.
-Traffic to and from that endpoint is significantly greater than all other similar endpoints on the LAN.
-Network ports on the LAN are not properly configured.
-Wired traffic is not being encrypted properly.
Which of the following attacks is most likely occurring?
ARP poisoning
A company wants to implement MFA. Which of the following enables the additional factor while using a smart card?
PIN
A security analyst is reviewing the following system command history on a computer that was recently utilized in a larger attack on the corporate infrastructure:
Which of the following best describes what the analyst has discovered?
A successful privilege escalation attack by a local user
C:\sysadmin>psexec.exe -s cmd
The command you provided involves the use of PsExec, a command-line utility developed by Sysinternals (now part of Microsoft) that allows you to execute processes on remote systems. Here’s a breakdown of the command:
bashCopy code
C:\sysadmin>psexec.exe -s cmd
C:\sysadmin>: This part indicates the current working directory in the command prompt. It’s not part of the PsExec command; rather, it shows the context in which the command is being executed.
psexec.exe: This is the executable file for PsExec. It is a tool used for executing processes on other systems.
-s: This is a command-line switch for PsExec, and it stands for “Run as SYSTEM.” When you use the -s option, the specified command (in this case, cmd, which is the Command Prompt) is executed with the privileges of the SYSTEM account, which is a high-privileged account in Windows.
cmd: This is the command that PsExec will execute with elevated privileges. In this case, it’s the Command Prompt (cmd). Running cmd with -s means that it will run with SYSTEM-level privileges.
So, when you run this command, it launches a Command Prompt with elevated privileges (SYSTEM account) on the local system (the system where the command is executed). Using PsExec requires administrative privileges on the system where it’s executed.
It is NOT Living off the Land (LotL) attack
A Living off the Land (LotL) attackdescribes a cyberattack in which intruders use legitimate software and functions available in the system to perform malicious actions on it.
Living off the land means surviving on what you can forage, hunt, or grow in nature. LotL cyberattack operators forage on target systems for tools, such as operating system components or installed software, they can use to achieve their goals. LotL attacks are often classified as fileless because they do not leave any artifacts behind.
During a forensic investigation, an analyst uses software to create a checksum of the affected subject’s email file. Which of the following is the analyst practicing?
Integrity
A software company has a shared codebase for multiple projects using the following strategy:
-Unused features are deactivated but still present on the code.
-New customer requirements trigger additional development work.
Which of the following will most likely occur when the company uses this strategy?
Dead code
A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security team propose to resolve the findings in the most complete way?
Securing domain administrator credentials in a PAM vault and controlling access with role-based access control
Which of the following best describes a threat actor who is attempting to use commands found on a public code repository?
Script kiddie
While assessing the security of a web application, a security analyst was able to introduce unsecure strings through the application input fields by bypassing client-side controls. Which of the following solutions should the analyst recommend?
Server-side validation
A vulnerability scan returned the following results:
-2 Critical
-5 High
-15 Medium
-98 Low
Which of the following would the information security team most likely use to decide if all discovered vulnerabilities must be addressed and the order in which they should be addressed?
Risk matrix
A company wants to ensure that all employees in a given department are trained on each job role to help with employee burnout and continuity of business operations in the event an employee leaves the company. Which of the following should the company implement?
Job rotation
Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster. Which of the following best describes this meeting?
Tabletop exercise
Which of the following threat actors is most likely to use a high level of sophistication and potentially zero-day exploits to target organizations and systems?
APT groups
A company is implementing a vendor’s security tool in the cloud. The security director does not want to manage users and passwords specific to this tool but would rather utilize the company’s standard user directory. Which of the following should the company implement?
SAML
An organization wants to ensure it can track changes between software deployments. Which of the following concepts should the organization implement?
Version control
A company has implemented a policy that requires two people to agree in order to push any changes from the test codebase repository into production. Which of the following best describes this control type?
Operational
A security analyst is looking for a way to categorize and share a threat actor’s TTPs with colleagues at a partner organization. Which of the following would be the best method to achieve this goal?
Using the MITRE ATT&CK framework
A security administrator is reviewing reports about suspicious network activity occurring on a subnet. Users on the network report that connectivity to various websites is intermittent. The administrator logs in to a workstation and reviews the following command output:
Which of the following best describes what is occurring on the network?
ARP poisoning
A systems administrator wants to add a second factor to the single sign-on portal that the organization uses. Currently, only a username and password are required. Which of the following should the administrator implement to best meet this requirement?
Software-based TOTP
A company needs to keep the fewest records possible, meet compliance needs, and ensure destruction of records that are no longer needed. Which of the following best describes the policy that meets these requirements?
Retention policy
A systems administrator is considering switching from tape backup to an alternative backup solution that would allow data to be readily available in the event of a disaster. Which of the following backup types should the administrator implement?
Cloud
A web application for a bank displays the following output when showing details about a customer’s bank account:
Which of the following techniques is most likely implemented in this web application?
Data masking
The security team installed video cameras in a prominent location in the building lobby. Which of the following best describe this type of control? (Choose two.)
Detective
Deterrent
Which of the following is best to use when determining the severity of a vulnerability?
CVSS
Which of the following best describes an environment where a business owns the application and operating system but requires the resources to host them in the cloud?
IaaS
An organization wants to minimize the recovery time from backups in case of a disaster. Backups must be retained for one month, while minimizing the storage space used for backups. Which of the following is the best approach for a backup strategy?
Full weekly and incremental daily
An incident analyst finds several image files on a hard disk. The image files may contain geolocation coordinates. Which of the following best describes the type of information the analyst is trying to extract from the image files?
Metadata
A company uses a SaaS vendor to host its customer database. The company would like to reduce the risk of customer data exposure if the systems are breached. Which of the following risks should the company focus on to achieve this objective?
Access auditing
An employee finds a USB flash drive labeled “Salary Info” in an office parking lot. The employee picks up the USB flash drive, goes into the office, and plugs it into a laptop. Later, a technician inspects the laptop and realizes it has been compromised by malware. Which of the following types of social engineering attacks has occurred?
Baiting
The primary goal of the threat-hunting team at a large company is to identify cyberthreats that the SOC has not detected. Which of the following types of data would the threat-hunting team primarily use to identify systems that are exploitable?
Vulnerability scan
Which of the following best describes the process of adding a secret value to extend the length of stored passwords?
Salting
Adding a value to the end of a password to create a different password hash is called:
salting
An organization is concerned about hackers bypassing MFA through social engineering of phone carriers. Which of the following would most likely protect against such an attack?
Receiving a push notification to a mobile application
A security analyst is working with a vendor to get a new SaaS application deployed to an enterprise. The analyst wants to ensure role-based security policies are correctly applied as users access the application. Which of the following is most likely to solve the issue?
CASB
The security operations center is researching an event concerning a suspicious IP address. A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced failed log-in attempts when authenticating from the same IP address:
Which of the following most likely describes the attack that took place?
Spraying
A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 802.1x for access control. To be allowed on the network, a device must have a known hardware address, and a valid username and password must be entered in a captive portal. The following is the audit report:
Which of the following is the most likely way a rogue device was allowed to connect?
A user performed a MAC cloning attack with a personal device
A security administrator recently reset local passwords and the following values were recorded in the system:
Which of the following is the security administrator most likely protecting against?
Password compromise
