Q 46-60

Question 1

A Chief Information Officer receives an email stating a database will be encrypted within 24 hours unless a payment of $20,000 is credited to the account mentioned in the email. This best describes a scenario related to:

Answer 1

Spear phishing

Question 2

A company would like to provide flexibility to employees on device preference. However, the company is concerned about supporting too many different types of hardware. Which of the following deployment models will provide the needed flexibility with the GREATEST amount of control and security over company data and infrastructure?

Answer 2

BYOD (Bring Your Own Device)

Question 3

A security researcher is tracking an adversary by noting its attacks and techniques based on its capabilities, infrastructure, and victims. What is the researcher most likely using?

Answer 3

The Diamond Model of Intrusion Analysis

Question 4

A company is required to continue using legacy software to support a critical service. What best explains a risk of this practice?

Answer 4

Lack of Vendor Support

Question 5

A security researcher has alerted an organization that its sensitive user data was found for sale on a website. What should the organization use to inform the affected parties?

Answer 5

An incident response plan

Question 6

A business is looking for a cloud service provider that offers a la crate services, including cloud backups, VM elasticity, and secure networking. What cloud service provider types should the business engage?

Answer 6

IaaS (Infrastructure as a Service)

Question 7

Developers are writing code and merging it into shared repositories several times a day, where it is tested automatically. What concept does this best represent?

Answer 7

Continuous integration

Question 8

Ann, a customer, received a notification from her mortgage company stating her PII may be shared with partners, affiliates, and associates to maintain day-to-day business operations. Which of the following documents did Ann receive?

Answer 8

An annual privacy notice

Question 9

A security analyst is running a vulnerability scan to check for missing patches during a suspected security incident. During which phase of the response process is this activity MOST likely occurring?

Answer 9

Identification

Question 10

An enterprise has hired an outside security firm to facilitate penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that is discovered. What best represents the type of testing that is being used?

Answer 10

Bug Bounty

Question 11

A security analyst must enforce policies to harden an MDM infrastructure. The requirements are as follows:
1). Ensure mobile devices can be tracked and wiped.
2). Confirm mobile devices are encrypted.

What should the analyst enable on all the devices to meet these requirements?

Answer 11

Geofencing

Question 12

Which disaster recovery test is the LEAST time consuming for the disaster recovery team?

Answer 12

Tabletop

Question 13

A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00am - 4:00am. The malware has evaded detection by traditional antivirus software. What type of malware is MOST likely infecting the hosts?

Answer 13

Polymorphic

Question 14

A company uses a drone for precise perimeter and boundary monitoring. What should be the most concerning to the company?

Answer 14

GPS Spoofing

Question 15

If a current private key is compromised, what would ensure it cannot be used to decrypt all historical data?

Answer 15

Perfect forward secrecy