Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SA > question 147 to 207 > Flashcards

question 147 to 207 Flashcards

1
Q

A security admin suspects an employee has been emailing proprietary information to a competitor. Company policy requires the admin to capture an exact copy of the employee’s hard disk.

Which of the following should the admin use?

A

dd

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A network admin would like to configure a site-to-site VPN utilizing iPSec. The admin wants the tunnel to be established with data integrity encryption, authentication and anti-replay functions.

Which of the following should the admin use when configuring the VPN?

A

ESP

Encapsulating security Payload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following relets to applications and systems that are used within an organization without consent or approval?

A

Shadow IT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following algorithms has the SMALLEST key size?

A

Twofish

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A nuclear plant was the victim of a recent attack, and all the networks were air gapped. A subsequent investigation revealed a worm as the source of the issue.

Which of the following BEST explains what happened?

A

A malicious USB was introduced by an unsuspecting employee

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An organization routes all of its traffic through a VPN Most users are remote and connect into a corporate datacenter that houses confidential information. There is a firewall at the Internet border followed by a DIP appliance, the VPN server and the datacenter itself.

Which of the following is the WEAKEST design element?

A

Encrypted VPN traffic will not be inspected when entering or leaving he network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An end User reports a computer has been acting slower than normal for a few weeks. During an investigation, an analyst determines the system is sending the user’s email address and a ten-digit number to an IP address once a day. The only recent log entry regarding the user’s computer is the following

Which of the following is the MOST likely cause of the issue?

A

The end user purchased and installed a PUP from a web browser

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A company recently experienced an attack in which a malicious actor was able to exfilitrate data by cracking stolen passwords, using a reainbow table the sensitive data.

Which of the following should a security engineer do to prevent such an attack in the future?

A

Disable password reuse

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following are requirements that must be configured for PCI DSS compliance?
(Select TWO)

A

Testing security systems and processes regularly

Assigning a unique ID to each person with computer access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchablility of data within the could-based servcies?

A

Data encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following disaster recovery tests is the LEAST time consuming for the disaster recovery team?

A

Simulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An attacked is attempting to exploit users by creating a fake website with the URL www.validwebsite.com. The attackers intent is to imitate the look and feel of a legitimate website to obtain personal information from unsuspecting users.

Which of the following social engineering attacks does this describe?

A

Watering-hole attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A security manager for a retailer needs to reduce the scope of a project to comply with PCI DSS. The PCI data is located in different offices than where credit cards are accepted. All the offices are connected via MPLS back to the primary datacenter.

Which of the following should the security manager implement to achieve the objective?

A

Segmentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When used at the design stage, which of the following improves the efficiency, accuracy, and speed of a database?

A

Normalization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A network engineer needs to create a plan for upgrading the wireless infastructure in a large office Priority must be given to areas that are currently experiencing latency and connection issues.

Which of the following would be the BEST resource for determining the order of priority?

A

Heat Maps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An Organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sales systems. The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load

Whgich of the following are BEST options to accomplish this objective? (Select TWO)

A

Load Balancing

RAID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A security analyst is reviewing logs on a server and observes the following output:

Which of the following is the security analyst observing?

A

A dictionary attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following scenarios BEST describes a risk reduction technique?

A

A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop. The analyst review the following SIEM log:

Which of the following describes the method that was used to compromised the laptop?

A

An attacker was able to move laterally from PC1 to PC2 using a pass-the-hash attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A company’s CISO recently warned the security manager that the company CEO is planning to publish a controversial option artical in a national newspaper, which may resulut in new cyberattacks.

Which of the following would be BEST for the security manager to use in a threat mode?

A

Hacktivists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

An organization is concerned that its hosted webservers are not running the most updated version of the software.

Which of the following would work BEST to help identifiy potential vulnerabilities?

A

nmap comptia.org -p 80 –sV

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following types of controls is a CCTV camera that is not being monitored?

A

Deterrent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A security analyst is logged into a Windows file server and needs to see who is accessing files and from which computers.

Which of the following tools should the analyst use?

A

Netstat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

The Facilities supervisor for a government agenc is concerned about unauthorized access to environmental systems in the event the staff WiFi network is breached.

Which of the blowing would BEST address this security concern?

A

Segment the staff WiFi network from the environmental systems network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A company is launching a new internet platform for its clients. The company does not want to implement its own authorization solution but instead wants to rely on the authorization provided by another platform.

Which of the following is the BEST approach to implement the desired solution?

A

RADIUS

26
Q

A university is opening a facility in a location where there is an elevated risk of theft. The university wants to protect the desktops in its classrooms and labs.

Which of the following should the university use to BEST protect these assets deployed in the facility?

A

Cable locks

27
Q

The following is an administrative control that would be MOST effective to reduce the occurence of malware execution?

A

Security awareness training

28
Q

A security analyst needs to generate a server certificate to be used for 802.1X and secure RDP connections. The analyst is unsure what is required to perform the task and solicits help from a senior colleague.

Which of the following is the FIRST sstep the senior colleague will most likely tell the analyst to perform to accomplish this task?

A

Generate a CSR

29
Q

The CEO personal info was stolen in a social engineering attack.

Which of the following sources would reveal if the CEO’s personal information is for sale?

A

The dark web

30
Q

An information security incident recently occurred at an organization, and the organization was required to report the incident to autorities and notify the affected parties. When the organization’s customers became of aware of the incident, some reduced their orders or stopped placing orders entirely.

Which of the following is the organization experiencing?

A

Reputation damage

31
Q

An organization’s RPO for a critical system is two hours. The system is used Monday through Friday, from 9:00 am to 5:00 PM. Currently, the organization performs a full backup every Saturday that takes four hours to complete.

Which of the following additional backup implementations would be the Best way for the analyst to meet the business

A

Incremental backups Monday through Friday at 6:00 p.m. and differential backups hourly

32
Q

An organization has decided to host its web application and database in the cloud which of the following BEST describes the security concerns for this decision?

A

The cloud vendor is a new attack vector within the supply chain.

33
Q

During a routine scan of a wireless segment at a retail company, a security admin discovers several devices are connected to the network that do not match the company’s naming convention and are not in the asset inventory. WiFi access is protected with 255 - wt encryption via WPA2. Physical access to the company’s facility requires two-factor authentication using a badge and a passcode.

Which of the following should the admi implement to find a n remediate the issue?

A

Enable MAC filtering on the switches that support the wireless network.

Scan the wireless network for rogue access points.

34
Q

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has only been given the documentation available to the customers of the applications.

Which of the following BEST represents the type of testing that will occur?

A

White-Box

35
Q

After consulting with the Chief Risk Officer. A manager decides to acquire cybersecurity insurance for the company.

Which of the following risk management strategies is the manager adopting

A

Risk Transference

36
Q

A forensics investigator is examining a number of unauthroized payments the were reported on the company’s website. SOme unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:

Which of the following will the forensics investigator MOST likely determine has occurred?

A

XSRF

37
Q

A security analyst neds to implement an MDM solution for BYOD users that will allow the company to retain control over company emails residing on the devices and limit data exfilitration that might occur if the devices are lost or stolen.

Which of the following would BEST meet these requirements? (Select TWO)

A

Full-device encryption

Network usage rules

38
Q

A security analyst needs to make a recommendation for restricting access to certain segments of the network using only data-link layer security.

Which of the following controls will the analyst MOST likely recommend?

A

MAC

39
Q

A security engineer needs to enhance MFA access to sensitive areas ina building. A key card and fingerprint scan are already in use.

Which of the following would add another factor of authentication

A

Retina Scan

40
Q

A large enterprise has moved all his data to the cloud behind strong authentication and encryption. A sales director recently had a laptop stolen and later enterprise data was found to have been compromised database.

Which of the following was the MOST likely cause?

A

Shadow IT

41
Q

An organization has hired a security analyst to perform a penetration test. The analyst captures 1GB worth of inbound network traffic to the server and transfer the pcap back to the machine for analysis.

Which of the following tools should the analyst use to further review the pcap?

A

Wireshark

42
Q

A security analyst needs to complete an assessment. The analyst is logged into a server and must use native tools to map services running on it to the server’s listening ports.

Which of the following tools can BEST accomplish this talk?

A

Netstat

43
Q

A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective.

Which of the following would BEST detect the presence of a rootkit in the future?

A

EDR

44
Q

An engineer wants to access sensitive data from a corporate owned mobile device. Personal data is not allowed on the device

Which of the following MDM configurations must be considered when the engineer travels for business

A

Geofencing

45
Q

A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet.

Which of the following should the analyst implement to authenticate the entire packet?

A

ESP

46
Q

A security engineer needs to implement an MDM solution that compiles with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their devices the following requirements must be met:

  • mobile devices OSs must be patched up to the latest release
  • A screen lock must be enabled
  • Corporate data must be removed if the device is reported lost or stolen

Which of the following controls should the security engineer configure?

(Select TWO )

A

Posture Checking

Remote Wipe

47
Q

A financial analyst is expecting an email containing sensitive information from a client. When the email arrives, the analyst receives an error and is unable to open the encrypted message.

Which of the following is the MOST likely cause of the issue?

A

The S/MIME plug-in is not enabled.

48
Q

A security analyst is reviewing the output of a web server log and notices a particular account is attmepting to transfer large amounts of money:

Which of the following types of attack is MOST likely being conducted?

A

Session replay

49
Q

A security analyst is running a vulnerability scan to check for missing patches during a suspected security rodent.

During which of the following phases of the response process is this activity MOST likely occuring ?

A

Identification

50
Q

A security engineer has enabled two-factor authentication on all workstations.

Which of the following approaches are the MOST secure? (Select TWO)

A

Password and Smart Card

Password and fingerprint

51
Q

A company was recently breached. Part of the company’s new cybersecurity strategy is to centralize the logs from all security devices.

Which of the following components forwards the logs to a central source?

A

Log collector

52
Q

A security analyst is performing a packet capture on a series of SOAP HTTP requests for a secuirty assessment. The analyst redirects the output to a file. After the capture is complete, the analyst needs to review the first transactions quickly and then search the entire series of requests for a particular string.

Which of the following would be BEST to use to accomplish the task? (Select TWO)

A

Head

grep

53
Q

A smart retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing. The busines owner now needs to ensure two things:

  • Protection from power outages
  • Always available connectivity in case of an outage

The owner has decided to implement battery backups for the computer equipment. Which of the following would BEST fulfill the owner’s second need?

A

Purchase services from a cloud provider for high availability.

54
Q

An organization blocks user acces to comand-line interpreters but hackers still managed to invoke the interpreters using native admin tools

Which of the following should the security team do to prevent this from happening in the future?

A

Disable the built-in OS utilities as long as they are not needed for functionality.

55
Q

Employees are having issues accessing the company’s website. Some employees report very slow performance, while others cannot the webiste at all. The web and security administrators search the logs and find millions of half-open connections to port 443 on the web server. Further analysis reveals thousands of different source IPs initiating this traffic.

Which of the following attacks is MOST likely occuring?

A

DDoS

56
Q

A network admin has been asked to design a solution to improve a company’s security posture. The admin is given the following, requirements?

The solution must be inline in the network

the solution must be able to block known malicious traffic

The solution must be a ble to stop network-based attakcs

Which of the following should the network admin implement to BEST meet these requirements?

A

NIPS

57
Q

A symmetric encryption algorithm is BEST suited for:

A

Implementing non-repudiation.

58
Q

Which of the following is MOST likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business proceses and systems, while also highlighting the residual risks taht need to be managed after mitigating controls have been implemented?

A

A risk register

59
Q

To reduce costs and overhead, an organization wants to move from an on-premises email solution to a cloud-based email solution. At this time, no other services will be moving.

Which of the following cloud models would BEST meet the needs of the organization?

A

PaaS

60
Q

Some Laptops recently went missing from a locked storage area that is protected by keyles RFID-enabled locks. There is no obvious damage to the physical space. The security manager identifies who unlocked the door, however , human resources confirms the empoyee was on vacation at the time of the incident.

Which of the following describes what MOST likely occurred?

A

The employee’s physical access card was cloned.

61
Q

Following a prolonged datacenter outage that affected web-based sales, a company has decided to move its operations to a privat cloud solution. The security team has received the following requirements:

  • There must be visibility into how teams are using cloud-based services.
  • The company must be able to identify when data related to payment cards is being sent to the cloud.

Data must be available regardless of the end user’s geographic location

Adminneeds to single pane-glass view into traffic and trends.

Which of the following should the security analyst recommend?

A

Install a DLP Solution to monitor data in transit.

SA (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions