Pg 21 Flashcards
The private key for a website was stolen, and a new certificate has been issued. Which of the following needs to be updated next?
A. SCEP
B. CRL
C. OCSP
D. CSR
CRL
Which of the following organizational documents is most often used to establish and communicate expectations associated with integrity and ethical behavior within an organization?
A. AUP
B. SLA
C. EULA
D. MOA
AUP
Which of the following explains how to determine the global regulations that data is subject to regardless of the country where the data is stored?
A. Geographic dispersion
B. Data sovereignty
C. Geographic restrictions
D. Data segmentation
Data sovereignty
An organization’s web servers host an online ordering system. The organization discovers that the servers are vulnerable to a malicious JavaScript injection, which could allow attackers to access customer payment information. Which of the following mitigation strategies would be most effective for preventing an attack on the organization’s web servers? (Choose two.)
A. Regularly updating server software and patches
B. Implementing strong password policies
C. Encrypting sensitive data at rest and in transit
D. Utilizing a web-application firewall
E. Performing regular vulnerability scans
F. Removing payment information from the servers
Regularly updating server software and patches
Utilizing a web-application firewall
Which of the following tools is best for logging and monitoring in a cloud environment?
A. IPS
B. FIM
C. NAC
D. SIEM
SIEM
During a SQL update of a database, a temporary field that was created was replaced by an attacker in order to allow access to the system. Which of the following best describes this type of vulnerability?
A. Race condition
B. Memory injection
C. Malicious update
D. Side loading
Malicious update
A group of developers has a shared backup account to access the source code repository. Which of the following is best way to secure the backup account if there is an SSO failure?
A. RAS
B. EAP
C. SAML
D. PAM
PAM
Which of the following elements of digital forensics should a company use if it needs to ensure the integrity of evidence?
A. Preservation
B. E-discovery
C. Acquisition
D. Containment
Preservation
A company suffered a critical incident where 30GB of data was exfiltrated from the corporate network. Which of the following actions is the most efficient way to identify where the system data was exfiltrated from and what location the attacker sent the data to?
A. Analyze firewall and network logs for large amounts of outbound traffic to external IP addresses or domains.
B. Analyze IPS and IDS logs to find the IP addresses used by the attacker for reconnaissance scans.
C. Analyze endpoint and application logs to see whether file-sharing programs were running on the company systems.
D. Analyze external vulnerability scans and automated reports to identify the systems the attacker could have exploited a remote code vulnerability.
Analyze firewall and network logs for large amounts of outbound traffic to external IP addresses or domains.
Which of the following describes the procedures a penetration tester must follow while conducting a test?
A. Rules of engagement
B. Rules of acceptance
C. Rules of understanding
D. Rules of execution
Rules of understanding
A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline. Which of the following should the analyst use?
A. Intrusion prevention system
B. Sandbox
C. Endpoint detection and response
D. Antivirus
Endpoint detection and response
A legal department must maintain a backup from all devices that have been shredded and recycled by a third party. Which of the following best describes this requirement?
A. Data retention
B. Certification
C. Sanitization
D. Destruction
Data retention
Which of the following can be used to compromise a system that is running an RTOS?
A. Cross-site scripting
B. Memory injection
C. Replay attack
D. Ransomware
Memory injection
Which of the following threat actors would most likely deface the website of a high-profile music group?
A. Unskilled attacker
B. Organized crime
C. Nation-state
D. Insider threat
. Unskilled attacker
A security architect wants to prevent employees from receiving malicious attachments by email. Which of the following functions should the chosen solution do?
A. Apply IP address reputation data.
B. Tap and monitor the email feed.
C. Scan email traffic inline.
D. Check SPF records.
Scan email traffic inline.
Which of the following activities is the first stage in the incident response process?
A. Detection
B. Declaration
C. Containment
D. Verification
Detection
Which of the following is the main consideration when a legacy system that is a critical part of a company’s infrastructure cannot be replaced?
A. Resource provisioning
B. Cost
C. Single point of failure
D. Complexity
Single point of failure
Which of the following is a compensating control for providing user access to a high-risk website?
A. Enabling threat prevention features on the firewall
B. Configuring a SIEM tool to capture all web traffic
C. Setting firewall rules to allow traffic from any port to that destination
D. Blocking that website on the endpoint protection software
Enabling threat prevention features on the firewall
An organization is implementing a COPE mobile device management policy. Which of the following should the organization include in the COPE policy? (Choose two.)
A. Remote wiping of the device
B. Data encryption
C. Requiring passwords with eight characters
D. Data usage caps
E. Employee data ownership
F. Personal application store access
A. Remote wiping of the device
B. Data encryption
A security administrator observed the following in a web server log while investigating an incident:
“GET ../../../../etc/passwd”
Which of the following attacks did the security administrator most likely see?
A. Privilege escalation
B. Credential replay
C. Brute force
D. Directory traversal
Directory traversal
