Pg 9 Flashcards
An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Choose two.)
A. Application
B. Authentication
C. DHCP
D. Network
E. Firewall
F. Database
D. Network
E. Firewall
During a penetration test, a vendor attempts to enter an unauthorized area using an access badge. Which of the following types of tests does this represent?
A. Defensive
B. Passive
C. Offensive
D. Physical
Physical
A systems administrator uses a key to encrypt a message being sent to a peer in a different branch office. The peer then uses the same key to decrypt the message. Which of the following describes this example?
A. Symmetric
B. Asymmetric
C. Hashing
D. Salting
Symmetric
A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company’s network. Which of the following should be configured on the existing network infrastructure to best prevent this activity?
A. Port security
B. Web application firewall
C. Transport layer security
D. Virtual private network
Port security
A security administrator is reissuing a former employee’s laptop. Which of the following is the best combination of data handling activities for the administrator to perform? (Choose two.)
A. Data retention
B. Certification
C. Destruction
D. Classification
E. Sanitization
F. Enumeration
Certification
Sanitization
A systems administrator would like to deploy a change to a production system. Which of the following must the administrator submit to demonstrate that the system can be restored to a working state in the event of a performance issue?
A. Backout plan
B. Impact analysis
C. Test procedure
D. Approval procedure
Backout plan
A company is redesigning its infrastructure and wants to reduce the number of physical servers in use. Which of the following architectures is best suited for this goal?
A. Serverless
B. Segmentation
C. Virtualization
D. Microservices
Virtualization
A bank set up a new server that contains customers’ PII. Which of the following should the bank use to make sure the sensitive data is not modified?
A. Full disk encryption
B. Network access control
C. File integrity monitoring
D. User behavior analytics
File integrity monitoring
Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked. Which of the following changes would allow users to access the site?
A. Creating a firewall rule to allow HTTPS traffic
B. Configuring the IPS to allow shopping
C. Tuning the DLP rule that detects credit card data
D. Updating the categorization in the content filter
Updating the categorization in the content filter
Which of the following most impacts an administrator’s ability to address CVEs discovered on a server?
A. Rescanning requirements
B. Patch availability
C. Organizational impact
D. Risk tolerance
Patch availability
Which of the following describes effective change management procedures?
A. Approving the change after a successful deployment
B. Having a backout plan when a patch fails
C. Using a spreadsheet for tracking changes
D. Using an automatic change control bypass for security updates
Having a backout plan when a patch fails
The CIRT is reviewing an incident that involved a human resources recruiter exfiltrating sensitive company data. The CIRT found that the recruiter was able to use HTTP over port 53 to upload documents to a web server. Which of the following security infrastructure devices could have identified and blocked this activity?
A. WAF utilizing SSL decryption
B. NGFW utilizing application inspection
C. UTM utilizing a threat feed
D. SD-WAN utilizing IPSec
NGFW utilizing application
An enterprise is working with a third party and needs to allow access between the internal networks of both parties for a secure file migration. The solution needs to ensure encryption is applied to all traffic that is traversing the networks. Which of the following solutions should most likely be implemented?
A. EAP
B. IPSec
C. SD-WAN
D. TLS
IPSec
An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. Which of the following best describes the tool the administrator is using?
A. DLP
B. SNMP traps
C. SCAP
D. IPS
DLP
A software developer released a new application and is distributing application files via the developer’s website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?
A. Hashes
B. Certificates
C. Algorithms
D. Salting
Hashes
An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?
A. Tokenization
B. Hashing
C. Obfuscation
D. Segmentation
Hashing
An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?
A. Virus
B. Trojan
C. Spyware
D. Ransomware
Ransomware
An organization would like to calculate the time needed to resolve a hardware issue with a server. Which of the following risk management processes describes this example?
A. Recovery point objective
B. Mean time between failures
C. Recovery time objective
D. Mean time to repair
MTTR
A security engineer is installing an IPS to block signature-based attacks in the environment.
Which of the following modes will best accomplish this task?
A. Monitor
B. Sensor
C. Audit
D. Active
Active
