Pg 14 Flashcards
A company needs to keep the fewest records possible, meet compliance needs, and ensure destruction of records that are no longer needed. Which of the following best describes the policy that meets these requirements?
A. Security policy
B. Classification policy
C. Retention policy
D. Access control policy
Retention policy
Which of the following is a common source of unintentional corporate credential leakage in cloud environments?
A. Code repositories
B. Dark web
C. Threat feeds
D. State actors
E. Vulnerability databases
Code repositories
Which of the following is the best reason an organization should enforce a data classification policy to help protect its most sensitive information?
A. End users will be required to consider the classification of data that can be used in documents.
B. The policy will result in the creation of access levels for each level of classification.
C. The organization will have the ability to create security requirements based on classification levels.
D. Security analysts will be able to see the classification of data within a document before opening it.
The organization will have the ability to create security requirements based on classification levels.
An analyst is performing a vulnerability scan against the web servers exposed to the internet without a system account. Which of the following is most likely being performed?
A. Non-credentialed scan
B. Packet capture
C. Privilege escalation
D. System enumeration
E. Passive scan
Non-credentialed scan
A security administrator is hardening corporate systems and applying appropriate mitigations by consulting a real-world knowledge base for adversary behavior. Which of the following would be best for the administrator to reference?
A. MITRE ATT&CK
B. CSIRT
C. CVSS
D. SOAR
MITRE ATT&CK
An architect has a request to increase the speed of data transfer using JSON requests externally. Currently, the organization uses SFTP to transfer data files. Which of the following will most likely meet the requirements?
A. A website-hosted solution
B. Cloud shared storage
C. A secure email solution
D. Microservices using API
Microservices using API
Which of the following addresses individual rights such as the right to be informed, the right of access, and the right to be forgotten?
A. GDPR
B. PCI DSS
C. NIST
D. ISO
GDPR
An administrator is installing an LDAP browser tool in order to view objects in the corporate LDAP directory. Secure connections to the LDAP server are required. When the browser connects to the server, certificate errors are being displayed, and then the connection is terminated. Which of the following is the most likely solution?
A. The administrator should allow SAN certificates in the browser configuration.
B. The administrator needs to install the server certificate into the local truststore.
C. The administrator should request that the secure LDAP port be opened to the server.
D. The administrator needs to increase the TLS version on the organization’s RA.
The administrator needs to install the server certificate into the local truststore.
Which of the following is the most important security concern when using legacy systems to provide production service?
A. Instability
B. Lack of vendor support
C. Loss of availability
D. Use of insecure protocols
Lack of vendor support
A security investigation revealed that malicious software was installed on a server using a server administrator’s credentials. During the investigation, the server administrator explained that Telnet was regularly used to log in. Which of the following most likely occurred?
A. A spraying attack was used to determine which credentials to use.
B. A packet capture tool was used to steal the password.
C. A remote-access Trojan was used to install the malware.
D. A dictionary attack was used to log in as the server administrator.
A packet capture tool was used to steal the password.
A user is requesting Telnet access to manage a remote development web server. Insecure protocols are not allowed for use within any environment. Which of the following should be configured to allow remote access to this server?
A. HTTPS
B. SNMPv3
C. SSH
D. RDP
E. SMTP
SSH
A security administrator is working to find a cost-effective solution to implement certificates for a large number of domains and subdomains owned by the company. Which of the following types of certificates should the administrator implement?
A. Wildcard
B. Client certificate
C. Self-signed
D. Code signing
Wildcard
An auditor discovered multiple insecure ports on some servers. Other servers were found to have legacy protocols enabled. Which of the following tools did the auditor use to discover these issues?
A. Nessus
B. curl
C. Wireshark
D. netcat
Nessus
A security analyst received a tip that sensitive proprietary information was leaked to the public. The analyst is reviewing the PCAP and notices traffic between an internal server and an external host that includes the following:
…
12:47:22.327233 PPPoE [ses 0x8122] IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto IPv6 (41), length 331) 10.5.1.1 > 52.165.16.154: IP6 (hlim E3, next-header TCP (6) paylcad length: 271) 2001:67c:2158:a019::ace.53104 > 2001:0:5ef5:79fd:380c:dddd:a601:24fa.13788: Flags [P.], cksum 0xd7ee (correct), seq 97:348, ack 102, win 16444, length 251
…
Which of the following was most likely used to exfiltrate the data?
A. Encapsulation
B. MAC address spoofing
C. Steganography
D. Broken encryption
E. Sniffing via on-path position
Encapsulation
A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?
A. Serverless architecture
B. Thin clients
C. Private cloud
D. Virtual machines
Serverless architecture
A security administrator is performing an audit on a stand-alone UNIX server, and the following message is immediately displayed:
(Error 13): /etc/shadow: Permission denied.
Which of the following best describes the type of tool that is being used?
A. Pass-the-hash monitor
B. File integrity monitor
C. Forensic analysis
D. Password cracker
Password cracker
A security administrator needs to create firewall rules for the following protocols: RTP, SIP, H.323. and SRTP. Which of the following does this rule set support?
A. RTOS
B. VoIP
C. SoC
D. HVAC
VoIP
Which of the following best describes a social engineering attack that uses a targeted electronic messaging campaign aimed at a Chief Executive Officer?
A. Whaling
B. Spear phishing
C. Impersonation
D. Identity fraud
Whaling
During a penetration test, a flaw in the internal PKI was exploited to gain domain administrator rights using specially crafted certificates. Which of the following remediation tasks should be completed as part of the cleanup phase?
A. Updating the CRL
B. Patching the CA
C. Changing passwords
D. Implementing SOAR
Patching the CA
A company wants to implement MFA. Which of the following enables the additional factor while using a smart card?
A. PIN
B. Hardware token
C. User ID
D. SMS
PIN
