Qs probably on da test

Question 1

Lisa periodically runs a vulnerability scans on the organization’s network. Lately, she has been receiving many false positives. Which of the following actions can reduce false positives?

Run the scans as credentialed scans
Run the scans as non credentialed scans
Run the scans using passive recon
Run the scans using active recon

Answer 1

Run the scans as credentialed scans

Obj: 1.7 Technique used in sec assements

Question 2

Security professionals are preforming a pen test on your network. After compromising a server, they use the compromised server to launch additional attacks within the network. Which of the following best describes this activity

Privilege Escalation
Black Box Testing
Pivoting
Persistence

Answer 2

Pivoting

Pivoting refers to the technique used by attackers to move deeper into a network after gaining initial access. It typically involves the use of a compromised system as a launchpad to access other parts of the network that are not directly reachable from the attacker’s position

Question 3

the access control system needs to protect data based on the document type

Students | Private | Students
Faculty Compensation | Private | Compensation
Internal Phone Lists | Private | Employee

Which of the following models will they implement?

DAC
MAC
Role-BAC
ABAC

Answer 3

MAC

It uses security levels. MAC is the only one thatu utlizies secuirty levels

3.8 Implement authentiction and authorization solutions

Question 4

Security Experts want to reduce risks associated with updating critical Operating systems. Which of the following will best meet this goal?

Implement a change management policy
Implement patches when they are released
Use only trusted operating systems
Implement operating systems with secure configurations

Answer 4

Implement a change management policy

Change management policy helps reduce risks assoc with making changes to system, including updating

5.3 Explain the importance of policy’s to org security

Question 5

Lisa is a database administrator. She received a phone call from someone identifying himself as a representative from a known hardware vendor. He said he’s calling customers to inform them of a problem with database servers they’ve sold, but he said the problem only affects servers running a specific operating system version. He asks Lisa what operating system versions the company is running on their database servers. Which of the following best describes the tactic used by the caller in this scenario?

Prepending
Tailgating
Pharming
Smishing

Answer 5

Prepending

social engineering tactic of prepending by setting up a scenario that has a better chance of victim giving out information

1.1 Compare and Contrast different types of social engineering techniques

Question 6

Your organization’s security policy states that administrators should follow the principle of least priveldge. Which of the following administrators are following the policy?

Account Audits
Risk Assessment
Vulnerability Assessment
Threat Assessment

Answer 6

Account Audits

Account audits verify users have the permissions they need for the job, but no more

3.7 implement identity and account

Question 7

Bart recently hooked up a switch incorrectly causing a switching loop problem, which took down part of the organizations network. Management wants to implement a solution that will prevent this from occurring in the future. Which of the following is the best choice to meet this need?

Flood Guard
SNMPv3
SRTP
RSTP

Answer 7

RSTP

Rapid Spanning Tree Protocol prevents switching loop problems and provides loop protection

3.3 implement secure network designs

Question 8

Management within your org has defined a use case to support confidentiality of data stored in a database. Which of the following solutions will best meet this need?

hashing
Digital Signature
Encryption
Smart Card

Answer 8

Encryption

hashing is integrity

2.8 Summarize the basics of cryptographic concepts

Question 9

While reviewing logs for a web app, a secuirty analyst notices that it has crashed several time’s reporting a memory error. Shortly after it crashes, the logs show malicious code that isn’t part for a known app. Which of the following is most likely occurring?

Buffer Overflow
ARP Poisoning
Privilege Escalation
Replay

Answer 9

Privledge Escalation

1.3, analyze potential indicators associated with application tasks

Question 10

Lisa has been hired as a pen tester by your org to test the security of a web server. She decides to start by Foot printing the server. Which of the following tools will best help her in this phase?

SIEM
Netcat
Tcpdump
Gray Box Testing

Answer 10

Netcat

Netcat can be used for outspringing a system during recon stage of pen testing

Question 11

If you see ` OR 1=1; on the exam, it’s an SQL injection

Answer 11

If you see ` OR 1=1; on the exam, it’s an SQL injection

Question 12

RC4 is the only stream cipher covered

Answer 12

RC4 is the only stream cipher covered

Question 13

Asymmetric encryption is also known as public key cryptography

Answer 13

Two keys are used in public key cryptography

Question 14

Instantly match integrity and hashing on the exam

Answer 14

MD5 and SHA are the most common hash functions used

Question 15

▪ Policies are generic

Answer 15

▪ Procedures are specific

Question 16

Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?

Jailbreaking
Memory injection
Resource reuse
Side loading

Answer 16

Side loading

Question 17

A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors.

Which of the following should the systems administrator use?

Packet captures
Vulnerability scans
Metadata
Dashboard

Answer 17

Dashboard

A dashboard is a graphical user interface that provides a visual representation of key performance indicators, metrics, and trends related to security events and incidents.

Question 18

A technician needs to apply a high-priority patch to a production system.

Which of the following steps should be taken first?

Air gap the system.
Move the system to a different network segment.
Create a change control request.
Apply the patch to the system.

Answer 18

Create a change control request.

Question 19

Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?

SCAP
Net Flow
Antivirus
DLP

Answer 19

DLP

Question 20

A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work.

Which of the following is the best option?

Send out periodic security reminders

Update the content of new hire documentation.

Modify the content of recurring training.

Implement a phishing campaign

Answer 20

Implement a phishing campaign

Question 21

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure.

Which of the following data classifications should be used to secure patient data?
Private
Critical
Sensitive
Public

Answer 21

Sensitive

Question 22

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation.

Which of the following logs should the analyst use as a data source?

Application
IPS/IDS
Network
Endpoint

Answer 22

Endpoint

An endpoint log is a file that contains information about the activities and events that occur on an end-user device, such as a laptop, desktop, tablet, or smartphone

Question 23

Which of the following would be the best way to block unknown programs from executing?

Access control list
Application allow list
Host-based firewall
DLP solution

Answer 23

Application allow list

Question 24

Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

Automation
Compliance checklist
Attestation
Manual audit

Answer 24

Automation

Question 25

An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days.

Which of the following types of sites is the best for this scenario?

Real-time recovery
Hot
Cold
Warm

Answer 25

Cold

A cold site is a type of backup data center that has the necessary infrastructure to support IT operations, but does not have any pre-configured hardware or software. A cold site is the cheapest option among the backup data center types, but it also has the longest recovery time objective (RTO) and recovery point objective (RPO) value

Question 26

A security practitioner completes a vulnerability assessment on a company’s network and finds several vulnerabilities, which the operations team remediates.

Which of the following should be done next?

Conduct an audit
Initiate a penetration test.
Rescan the network
Submit a report

Answer 26

Rescan the network

Question 27

Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

Disaster recovery plan
Incident response procedure
Business continuity plan
Change management procedure

Answer 27

Change management procedure

A change management procedure is a set of steps and guidelines that a security administrator should adhere to when setting up a new set of firewall rules