Quiz D

Question 1

A systems analyst determines the source of a high number of connections to a web server that were initiated by ten different IP addresses that belong to a network block in a specific country. Which of the following techniques will the systems analyst MOST likely implement to address this issue?

Answer 1

Firewall rules

Question 2

Which of the following BEST describes the method a security analyst would use to confirm a file that is downloaded from a trusted security website is not altered in transit or corrupted using a verified checksum?

Answer 2

Hashing

Question 3

Which of the following would produce the closest experience of responding to an actual incident response scenario?

Answer 3

Simulation

Question 4

A security analyst is running a vulnerability scan to check for missing patches during a suspected security incident. During which of the following phases of the response process is this activity MOST likely occurring?

Answer 4

Identification

Question 5

A security engineer needs to build a solution to satisfy regulatory requirements that state certain critical servers must be accessed using MFA. However, the critical servers are older and are unable to support the addition of MFA. Which of the following will the engineer MOST likely use to achieve this objective?

Answer 5

Jump server

Question 6

An enterprise has hired an outside security firm to conduct a penetration test on its network and applications. The enterprise provided the firm with access to a guest account. Which of the following BEST represents the type of testing that is being used?

Answer 6

Gray box

Question 7

To mitigate the impact of a single VM being compromised by another VM on the same hypervisor, an administrator would like to utilize a technical control to further segregate the traffic. Which of the following solutions would BEST accomplish this objective?

Answer 7

Install a hypervisor firewall to filter east-west traffic

Question 8

An external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the DMZ and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will BEST assist with this investigation?

Answer 8

Check the SIEM to review the correlated logs

Question 9

Which of the following is a reason why an organization would define an AUP?

Answer 9

To define the set of rules and behaviors for users of the organization’s IT systems

Question 10

A company recently recovered from a data breach. During the root cause of analysis, the organization determined the source of the breach to be a personal cell phone that had been reported lost. Which of the following solutions should the organization implement to reduce the likelihood of future data breaches?

Answer 10

MDM

Question 11

During an investigation, a security manager receives notification from local authorities that company proprietary data was found on a former employee’s home computer. The former employee’s corporate workstation has since been repurposed, and the data on the hard drive has been overwritten. Which of the following would BEST provide the security manager with enough details to determine when the data was removed from the company network?

Answer 11

Properly configured SIEM with retention policies

Question 12

A recent security audit revealed that a popular website with IP address 172.16.1.5 also has an FTP service that employees were using to store sensitive corporate data. The organization’s outbound firewall processes rules top-down. Which of the following would permit HTTP and HTTPS, while denying all other services for this host?

Answer 12

access-rule permit tcp destination 172.16.1.5 port 80
access-rule permit tcp destination 172.16.1.5 port 443
access-rule deny ip destination 172.16.1.5

Question 13

A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirements?

Answer 13

Homomorphic

Question 14

A remote user recently took a two week vacation abroad and brought along a corporate owned laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN. Which of the following is the MOST likely reason for the user’s inability to connect the laptop to the VPN? (Select TWO)

Answer 14

The user’s laptop was quarantined because it missed the latest patch update

The laptop is still configured to connect to an international mobile network operator

Question 15

A security analyst is concerned about traffic initiated to the dark web from the corporate LAN. Which of the following networks should the analyst monitor?

Answer 15

Tor

Question 16

A forensics investigator is examining a number of unauthorized payments that were reported on the company’s website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:

Click here to unsubscribe

Which of the following will the forensics investigator MOST likely determine has occurred?

Answer 16

XSRF

Question 17

A security analyst reviews the datacenter access logs for a fingerprint scanner and notices an abundance of errors that correlate with users’ reports of issues accessing the facility. Which of the following MOST likely indicates the cause of the access issues?

Answer 17

False rejection

Question 18

During a security assessment, a security analyst finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permissions for existing users and groups and remove the set user ID bit from the file?

Answer 18

setuid

Question 19

An attack relies on an end user visiting a website the end user would typically visit; however, the site is compromised and uses vulnerabilities in the end user’s browser to deploy malicious software. Which of the following types of attacks does this describe?

Answer 19

Watering hole

Question 20

Which of the following represents a biometric FRR?

Answer 20

Authorized user being denied access

Question 21

A security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their devices, the following requirements must be met:

Mobile device OSs must be patched up to the latest release
A screen lock must be enabled (passcode or biometric)
Corporate data must be removed if the device is lost or stolen

Which of the following controls should the security engineer configure? (select two)

Answer 21

Posture checking

Remote wipe

Question 22

An organization has expanded its operations by opening a remote office. The new office is fully furnished with office resources to support up to 50 employees working on any given day. Which of the following VPN solutions would BEST support the new office?

Answer 22

Site-to-site

Question 23

A developer is concerned about people downloading fake malware-infected replicas of a popular game. Which of the following should the developer do to help verify legitimate versions of the game for users?

Answer 23

Digitally sign the relevant game files