Practice Qs

Question 1

What is the most appropriate physical control to mitigate risk?

Answer 1

Install locks on Servers & Rack Doors.

*Physical Control

Question 2

To prevent data exfiltration, what Technical Control should be implemented to address issue?

Answer 2

Install a Firewall to monitor and control incoming/ outgoing network traffic.

*Technical Control

Question 3

What is the most effective deterrent control to prevent Tailgating?

Answer 3

Install more surveillance cameras at all entry points.

*Physical Control (deterrent)

Question 4

A smartphone user wants to gain access to admin functions, what would enable this?

Answer 4

Jailbreaking (iPhone) allows the User to have Admin Privileges

Rooting = Android

Question 5

Best way to ensure adherence to the C and I (CIA) in terms of securing data storage?

Answer 5

Encrypting stored data.

*Confidentiality and Integrity

Question 6

Which process allows security professionals to identify discrepancies between “current state posture to desired state posture?”

Answer 6

Gap Analysis. “How to go from Point A to Point B?”

Question 7

How to mitigate Vehicular attacks?

Answer 7

Erecting bollards along the building’s street-facing side

*Physical Control

Question 8

Significant changes to the current Network Infrastructure will always require which step prior to implementing ANY changes?

Answer 8

Obtain formal approval for the project from senior management.

Question 9

Which team is both Offense (red) and Defense (blue) of testing Networks?

Answer 9

Purple team consists of members responsible for both Testing and Securing networks.

Question 10

How does a Security Analyst ensure evidence is handled correctly?

Answer 10

Chain of Custody

Question 11

A secured way to establish a shared secret key for symmetric Encryption - which method should be used to securely exchange the symmetric key?

Answer 11

Using an Asymmetric Algorithm such as Diffie-Hellman.

*Asymmetric encryption was invented to pass Symmetric Keys

Question 12

A method to protect the Passwords from being exposed in case of a breach. Which Technique is best used to Safeguard passwords in the Database?

Answer 12

Hashing. “One way encryption”

Question 13

A network with multiple SSL/ TLS secured devices. Need a mechanism to promptly revoke the trust of a compromised certificate across all devices. What technology is used to maintain a list of REVOKED certificates that can be checked by clients?

Answer 13

Certificate Revocation List (CRL). A list of all compromised certificates.

Question 14

Unusual behavior from an Employee who has access to sensitive data. What type of threat actor is the employee mostly categorized as?

Answer 14

Insider Threat.

Question 15

When employees of a company is tricked by a Fake Website that looks legitimate?

Answer 15

Watering-Hole.

Question 16

How to quickly address vulnerabilities found in the Firmware of IoT devices?

Answer 16

Patching

Question 17

Phone calls with intentions of requesting sensitive information - which technique is most likely used to deceive employees through Phone calls?

Answer 17

Vishing (Voice Phishing). A form of Phishing but through Phone Calls.

*Social Engineering

Question 18

To identify the creator and creation date of a suspicious file found on a Server, what should a Security Analyst check?

Answer 18

File’s Metadata.

1 - Right Click File
2 - Select Properties
3 - Select appropriate Tabs

Question 19

What is “Virtual Machine Escape?”

Answer 19

A Security breach where a malicious actor gains control of the Host system from within a VM

Question 20

How does a Company prevent employees from inadvertently installing harmful applications?

Answer 20

Implementing an Application Allow list

Question 21

A malware creating copies of itself and consuming Network resources. What type of attack is this?

Answer 21

A Worm attack is known for its ability to self-replicate.

Question 22

Missing Logs from critical devices (firewalls/ IDS) have been missing for several hours - how do you address this?

Answer 22

Missing logs can be a sign of a security incident or potential breach of the logging system. The security engineer should investigate the cause of the missing logs and take corrective actions.

*An attacker is removing evidence of his attack by deleting all Log files that would otherwise show proof of the attack/ breach

Question 23

A security measure to control incoming/ outgoing network traffic on EACH server unauthorized access and network based attacks.

Answer 23

Host-based Firewall

Question 24

What is On-Premises architecture model for hosting servers and data?

Answer 24

Hosting servers and data within physical facilities (onsite).

Question 25

Implementing threat detection mechanism in an ICS (Industrial Controls Systems) used for managing a city’s water treatment plant. What threat detection mechanism is essential for MONITORING / ALERTING suspicious activities in an ICS environment?

Answer 25

Intrusion Detection System (IDS).

Question 26

Organization requires a way to MONITOR CHANGES in its network environment. Which systems should be implemented?

Answer 26

File Integrity Monitoring (What has changed)

Question 27

How to enhance network security on a Remote Desktop Service accessible from the Internet?

Answer 27

Setting up a VPN and Firewall restriction

Question 28

What approach should Amazon implement to achieve high availability DURING PEAK SEASON?

Answer 28

Load Balancing. Peak Season = busiest time of the Year.

Question 29

How do you ensure that only authorized devices can connect to the switch ports?

Answer 29

Network Access Control (NAC).

Question 30

In order to identify and mitigate potential vulnerabilities in the application’s source code, what technique should be used?

Answer 30

Perform static code analysis. Reviewing the actual source code itself for vulnerabilities.

Question 31

In order to maintain an accurate inventory of software licenses within an organization, what actions should be taken to address the issue of expired software licenses being used?

Answer 31

Initiate the acquisition/ procurement process for new software licenses.

Question 32

During a Pen Testing engagement, what document outlines the estimated time required for the test?

Answer 32

Statement of Work (SOW).

*Scope of Work
*Duration of work

Question 33

What tool/ technology should the security technician rely on to receive real-time security alerts from systems and applications?

Answer 33

Security Information and Event Management (SIEM).

*SPLUNK

Question 34

What are the best ways to ensure only authorized personnel can access a secure research facility?

Answer 34

Badge Access & Controlled Access vestibule (man-traps).

Question 35

Tech needs to ensure that privileged users have temporary and limited access to sensitive systems when necessary. What privileged access management tool or concept should the security technician implement to grant privileged users temporary and limited access to sensitive systems?

Answer 35

Just in time permissions. Something that is Temporary & Limited.

Question 36

What are benefits of automation and orchestration?

Answer 36

Cost Reduction. Main focus of automation is to reduce cost.

Question 37

A Tech is investigating a suspected security breach in the organization’s web application. What type of log data source is most likely to contain information about user actions, errors, and events related to the web application?

Answer 37

Application Logs.

Question 38

What is most likely to be used in a company to document risks, assign responsible parties, and define thresholds?

Answer 38

Maintenance of a Risk Register

Question 39

A Tech notices that an unauthorized device has been used to copy the signals from legitimate RFID tags, allowing unauthorized access to a secure area. What type of physical attack is described in the scenario, and how does it work?

Answer 39

Cloning Attack.

Question 40

A Tech has discovered that an attacker has gained access to a network and positioned themselves in a way that allows them to intercept and manipulate network traffic. What type of attack is described in the scenario, and how is the attacker positioned?

Answer 40

On Path Attack. (Man in the Middle)

Question 41

In the context of mobile device security, what is the organization primarily achieving when enforcing MDM policies for employee-owned smartphone and Tablets?

Answer 41

Endpoint Security. MDM is considered “end-point security”

Question 42

Reconnaissance on gathering information about potential vulnerabilities on the company’s external network by reviewing job posting or message boards about the company?

Answer 42

Passive Reconnaissance. Gathering information (intel)

Question 43

What security measure is the organization primarily implementing when implementing MFA (Multi-factor Authentication).

Answer 43

User Authentication.

Question 44

In the context of threat detection and analysis, what action is the security tech primarily taking when analyzing network traffic logs to identify patterns indicative of a potential DDOS attack?

Answer 44

Threat Hunting

Question 45

A company enforces mobile device encryption policies to ensure that data stored on employees smartphones and tablets is protected from unauthorized access in case of device loss or theft. What security measure is the company primarily implementing by enforcing mobile device encryption policies/

Answer 45

Data Confidentiality.

Question 46

A Tech needs to ensure that certain sensitive systems are physically isolated from the rest of the network to prevent unauthorized access. Which network design technique should the security technician implement to achieve physical isolation of sensitive systems?

Answer 46

Air-gapped. An isolated network separated from the Main Network.

Question 47

A Bank requires all of its vendors to implement measures to prevent data loss on stolen laptops. Which strategy is the bank demanding?

Answer 47

Disk Encryption.

Question 48

To ensure software code authenticity in a development environment, which method should a software development manager implement?

Answer 48

Code Signing. Uses digital signatures in order to confirm Sender is legitimate.

Question 49

The IT department wants to implement a solution that DIVIDES the network based on security requirements. What mitigation technique is the IT dept planning to implement to enhance network security in this scenario?

Answer 49

Segmentation. VLANs

Question 50

Security protocols in a cloud data center are under review to guarantee the protection of the safety of the data center staff. Which of the following best illustrates the appropriate setup for these security controls?

Answer 50

Fire Safety mechanisms should Fail Open