Quiz B

Question 1

A security manager needs to access the security posture of one of the org vendors. The contract with this vendor does not allow for auditing of their security controls which of the following should the manager request to complete the assessment?

Answer 1

A SOC 2 Type 2 report

Question 2

A back door was detected in the containerized application environment. The investigation detected a zero – day vulnerability was introduced when the last container image version was downloaded from a public registry. Which of the following is the best solution to prevent this type of incident from reoccurring?

Answer 2

Enforce the use of controlled trusted source of container images

Question 3

A security analyst was deploying a new website and found a connection attempting to authenticate on the site’s portal. While investigating the incident, the analyst identified the following input in the username field:

Admin’ or 1=1- -

Answer 3

SQLi on the field to bypass authentication

Question 4

A security manager runs Nessus scans of the network after every maintenance window. Which of the following is the security manager most likely trying to accomplish?

Answer 4

Verify that system patching has effectively removed known vulnerabilities

Question 5

As part of a company’s ongoing SOC maturation process, the company wants to implement a method to share cyberthreat intelligence data with outside security partners. Which of the following will the company most likely implement?

Answer 5

TAXll

Question 6

During an investigation, the security manager received a notification from local authorities that company proprietary data was found on a former employee’s home computer. The former employee’s corporate workstation has since been repurposed, and the data on the hard drive has been overwritten. Which of the following would BEST provide the security manager with enough details to determine when the data was removed from the company network?

Answer 6

Properly configured SIEM with retention policies

Question 7

A security analyst must enforce policies to harden an MDM infrastructure. The requirements are as follows:

Ensure mobile devices can be tracked Confirm mobile devices are encrypted

Which of the following should the analyst enable to ensure all devices meet these requirements?

Answer 7

Geolocation

Question 8

An organization is building backup server rooms in geographically diverse locations. The CISO implemented a requirement on the project that states the new hardware cannot be susceptible to the same vulnerabilities in the existing server room. Which of the following should the systems engineer consider?

Answer 8

Purchasing hardware from different vendors

Question 9

Of the following, which should a tech choose when selecting an encryption method for data that needs to remain confidential for a specific length of time?

Answer 9

The encryption algorithm’s longevity

Question 10

The Chief Compliance Officer from a bank has approved a background check policy for all new hires. What is this new policy protecting against?

Answer 10

Hiring an employee who has been convicted of theft to adhere to industry compliance

Question 11

Which of the following would produce the closest experience of responding to an actual incident response scenario?

Answer 11

Simulation

Question 12

A user reports trouble using their corporate laptop. The report states the laptop is freezing and responding slowly when writing documents, and the mouse pointer occasionally disappears.
The task list shows the following:
NAME CPU% MEM\RAM NETWORK% Calculator 0.0 4.1 MB 0.0 Mbps
Chrome 0.2 207.1 MB 0.1 Mbps
Explorer 99.7 2.15 GB 0.1 Mbps
Notepad 0.0 3.9 MB 0.0 Mbps
Which of the following is most likely the issue?

Answer 12

PUP

Question 13

Which of the following must be in place before implementing BCP?

Answer 13

BIA

Question 14

What social engineering attack relies on an executive at a small business visiting a fake banking website where cerdit card and account details are harvested?

Answer 14

Whaling

Question 15

Which of the following is most effective at containing a rapidly spreading attack, affecting a large number of organizations?

Answer 15

DNS Sinkhole

Question 16

After a recent security breach, a security analyst reports that several admin usernames and passwords are being sent via cleartext across the network to access network devices over port 23. What should be implemented so all credentials sent over the network are encrypted when remotely accessing and configuring network devices?

Answer 16

SSH

Question 17

A SOC is currently being outsourced. Which of the following is being used?

Answer 17

MSSP

Question 18

A store receives reports that shoppers’ cc info is being stolen. Upon further analysis, those same shoppers also withdrew money from an ATM in that store. The attackers are using the targeted shoppers’ cc info to make online purchases. Which of the following attacks is the most probable cause?

Answer 18

Card skimming

Question 19

A pentester gains access to a network by exploiting a vulnerability on a public-facing webserver. Which of the following is the tester most likely to perform NEXT?

Answer 19

Create a user account to maintain persistence

Question 20

After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

Answer 20

ACL

Question 21

A security analyst is investigating a phishing email that contains a malicious document directed to the company’s CEO. Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?

Answer 21

Install a sandbox to run the malicious payload in a safe environment

Question 22

A company implemented a new telework policy that allows employees to use BYOD devices for official email and file sharing while working from home. Some of the requirements are:

Employees must provide an alternate work location ( i.e., a home address).
Employees must install software on the device that will prevent the loss of proprietary data but will not restrict any other software from being installed?

Which of the following BEST describes the MDM options the company is using?

Answer 22

Application management, remote wipe, geofencing, context aware authentication, and containerization

Question 23

Review the following log:

TCP 192.168.10.10:80 192.168.1.2:60100 TIME_WAIT
TCP 192.168.10.10:80 192.168.1.2:60101 TIME_WAIT
TCP 192.168.10.10:80 192.168.1.2:60102 TIME_WAIT
TCP 192.168.10.10:80 192.168.1.2:60103 TIME_WAIT
TCP 192.168.10.10:80 192.168.1.2:60104 TIME_WAIT TCP 192.168.10.10:80 192.168.1.2:60105 TIME_WAIT TCP 192.168.10.10:80 192.168.1.2:60106 TIME_WAIT TCP 192.168.10.10:80 192.168.1.2:60107 TIME_WAIT TCP 192.168.10.10:80 192.168.1.2:60108 TIME_WAIT TCP 192.168.10.10:80 192.168.1.2:60109 TIME_WAIT TCP 192.168.10.10:80 192.168.1.2:60110 TIME_WAIT
Which of the following is most likely being observed here?

Answer 23

DoS

Question 24

An organization regularly scans its infrastructure for missing security patches but is concerned about hackers gaining access to the scanner’s account. Which of the following would be best to minimize this risk while ensuring the scans are useful?

Answer 24

Require complex, eight-character password every 90 days

Question 25

Which of the following would be used to find the most common web-application vulnerabilities?

Answer 25

OWASP

Question 26

A security researcher has alerted an org that its sensitive user data was found for sale on a website. Which of the following should the org use to inform the affected parties?

Answer 26

Communications plan