QA

Question 1

A chief information security officer requested a report on potential areas of improvement following a security incident. Which of the following incident response processes is the ciso requesting?

Answer 1

Lessons Learned

Question 2

A web server has been compromised due to a ransomware attack. Further investigation reveals the ransomware has been in the server for the past 72 hours. The system administrator needs to get the services back up as soon as possible. Which of the following should the administrator use to restore services to a secure state?

Answer 2

The last incremental backup that was conducted 72 hours ago

Question 3

Which of the following is the most effective control against zero-day vulnerabilities?

Answer 3

Intrusion Prevention System

Question 4

A chief information security officer has defined resiliency requirements for a new data center architecture. The requirements are as follows:
- Critical file shares will remain accessible during and after a natural disaster
- Five percent of hard disks can fail at any given time without impacting the data
- Systems will be forced to shut down gracefully when battery levels are below 20%
Which of the following are required to best meet these requirements?

Answer 4

IaC, NAS and RAID

Question 5

A user wanted to catch up on some work over the weekend but has issues logging into the corporate network using a VPN. On Monday, the user opened a ticket for this issue but was able to log in successfully. Which of the following best describes the policy that is being implemented?

Answer 5

Geofencing

Question 6

A routine audit of medical billing claims revealed that several claims were submitted without the subscriber’s knowledge. A review of the audit logs for the medical billing company’s system indicated a company employee downloaded customer records and adjusted the direct deposit information to a personal bank account. Which of the following does this action describe?

Answer 6

Insider threat

Question 7

A security manager has tasked the security operations center with locating all web servers that respond to an unsecure protocol. Which of the following commands could an analyst run to find the requested servers?

Answer 7

nmap -p 80 10.10.10.0/24

Question 8

Which of the following tools is effective in preventing a user from accessing unauthorized removable media?

Answer 8

USB data blocker

Question 9

A security proposal was set up to track requests for remote access by creating a baseline of the user’s common sign-in properties. When a baseline deviation is detected, an MFA challenge will be triggered. Which of the following should be configured in order to deploy the proposal?

Answer 9

Context-aware authentication

Question 10

Which of the following best reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?

Answer 10

Implement proper network access restrictions

Question 11

A user reports falling for a phishing email to an analyst. Which of the following system logs would the analyst check first?

Answer 11

DNS

Question 12

A company wants to improve end users experiences when they log in to a trusted partner website. The company does not want the users to be issued separate credentials for the partner website. Which of the following should be implemented to allow users to authenticate using their own credentials to log in to the trusted partner’s website?

Answer 12

AAA server

Question 13

An organization wants to participate in threat intelligence information sharing with peer groups. Which of the following would most likely meet the organization’s requirements?

Answer 13

Implement a TAXII server

Question 14

Security analysts are conducting an investigation of an attack that occurred inside the organizations network. An attacker was able to collect network traffic between workstations throughout the network. The analysts review the following logs:
VLAN. Address
1. 0007.1e5d.3213
1. 002a.7d.44.8801
1. 0011.aab4.344d
The layer 2 address table has hundreds of entries similar to the ones above. Which of the following attacks has most likely occurred?

Answer 14

MAC flooding

Question 15

A security analyst is evaluating the risks of authorizing multiple security solutions to collect data from the company’s cloud environment. Which of the following is an immediate consequence of these integrations?

Answer 15

Non-Compliance with data sovereignty rules

Question 16

A company wants to restrict emailing of PHI documents. The company is implementing a DLP solution. In order to restrict PHI documents, which of the following should be performed first?

Answer 16

Classification

Question 17

Which of the following is used to ensure that evidence is admissible in legal proceedings when it is collected and provided to the authorities?

Answer 17

Chain of custody

Question 18

Certain users are reporting their accounts are being used to send unauthorized emails and conduct suspicious activities. After further investigation, a security analyst notices the following:
- All users share workstations throughout the day
- Endpoint protection was disabled on several workstations throughout the network
- Travel times on logins from the affected users are impossible
- Sensitive data is being uploaded to external sites
- All user account passowrds were forced to be reset and the issue continued
Which of the following attacks is being used to compromise the user accounts?

Answer 18

Keylogger

Question 19

Which of the following is the most relevant security check to be performed before embedding third-party libraries in developed code?

Answer 19

Assess existing vulnerabilities affecting the third-party code and the remediation efficiency of the libraries developers

Question 20

A forensic analyst needs to prove that data has not been tampered with since it was collected. Which of the following methods will the analyst most likely use?

Answer 20

Calculate the checksum using a hashing algorithm

Question 21

Several attempts have been masde to pick the door lock of a secure facility. As a result, the security engineer has been assigned to implement a stronger preventative access control. Which of the following would best complete the engineers assignment?

Answer 21

Replacing the traditional key with an RFID key

Question 22

Which of the following can work as an authentication method and as an alerting mechanism for unauthorized access attempts?

Answer 22

Push notifications

Question 23

Several Universities are participating in a collaborative research project and need to share compute and storage resources. Which of the following cloud deployment strategies would best meet this need?

Answer 23

Community

Question 24

The board of directors at a company contracted with an insurance firm to limit the organizations liability. Which of the following risk management practices does this best describe?

Answer 24

Transference

Question 25

As a part of a security compliance assessment, an auditor performs automated vulnerability scans. In additon, which of the following should the auditor do to complete the assessment?

Answer 25

User behavior analysis

Question 26

Which of the following terms describes a broad range of information that is sensitive to a specific organization?

Answer 26

Proprietary

Question 27

A company is moving its retail website to a public cloud provider. The company wants to tokenize credit card data but not allow the cloud provider to see the stored credit card information. Which of the following would best meet these objectives?

Answer 27

TLS

Question 28

During a trial, a judge determined evidence gathered from a hard drive was not admissible. Which of the following best explains this reasoning?

Answer 28

The chain of custody form did not note time zone offsets between transportation regions

Question 29

Which of the following best describes the process of documenting who has access to evidence?

Answer 29

Chain of custody

Question 30

An organization has decided to purchase an insurance policy because a risk assessment determined that the cost to remediate the risk is greater than the five-year cost of the insurance policy. The organization is enabling risk:

Answer 30

Transference

Question 31

A company needs to validate its updated incident response plan using a real-world scenario that will test decision points and relevant incident response actions without interrupting daily operations. Which of the following would best meet the company’s requirements?

Answer 31

Tabletop exercise

Question 32

A report delivered to the chief information security officer shows that some user credentials could be exfiltrated. The report also indicates that users tend to choose the same credentials on different systems and applications. Which of the following policies should the ciso use to prevent someone from using the exfiltrated credentials?

Answer 32

MFA

Question 33

A chief security officer is looking for a solution that can provide increased scalability and flexibilty for back-end infrastructure, allowing it to be updated and modified without disruption to services. The security architect would like the solution selected to reduce the back-end server resources and has highlighted that session persistence is not important for the applications running on the back-end servers. Which of the following would best meet the requirements?

Answer 33

Snapshots