Quiz E Flashcards
Several employees return to work the day after attending an industry trade show. That same day, the security manager notices several malware alerts coming from each of the employees’ workstations. The security manager investigates but finds no evidence of attack by reviewing network based sources like the perimeter firewall or the NIDS. Which of the following is most likely causing the malware alerts?
A USB flash drive that is trying to run malicious code but is being blocked by the host firewall
Which of the following would cause a CISO the most concern regarding newly installed Internet-accessible 4k surveillance cameras?
The cameras could be compromised if not patched in a timely manner
The spread of misinformation surrounding the outbreak of a novel virus on election day led to eligible voters choosing not to take the risk of going to the polls. This is an example of:
Influence campaign
A company wants to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the best backup strategy to implement?
Full backups followed by differential backups
A security engineer needs to create a network segment that can be used for servers that require connections from untrusted networks. Which of the following should the engineer implement?
Screened subnet
Which of the following technical controls is best suited for the detection and prevention of buffer overflows on hosts?
EDR
Which of the following environments utilizes dummy data and is most likely to be installed on a system that allows code to be assessed directly and modified easily with each build?
Test
A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credentials twice to log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs, the analyst decides to run some commands on the gateway and obtains the following output:
Internet address Physical address Type 192.168.1.1 ff-ec-ab-00-aa-78 dynamic 192.168.1.5 ff-00-5e-48-00-fb dynamic 192.168.1.8 00-0c-29-1a-e7-fa dynamic 192.168.1.10 fc-41-5e-48-00-ff dynamic 224.215.54.47 fc-00-5e-48-00-fb static
Which of the following best describes the attack the company is experiencing?
ARP poisoning
A company has decided to move its operations to the cloud. It wants to utilize technology that will prevent users from downloading company applications for personal use, restrict data that is uploaded, and have visibility into which applications are being used across the company. Which of the following solutions will best meet these requirements?
CASB
A recent security assessment revealed that an actor exploited a vulnerable workstation within an organization and has persisted on the network for several months. The organization realizes the need to reassess its security strategy for mitigating risks within the perimeter. Which of the following solutions would best support the organization’s strategy?
EDR
Which of the following terms should be included in a contract to help a company monitor the ongoing security maturity of a new vendor?
A right to audit clause allowing for annual security audits
Which of the following would be most effective to contain a rapidly spreading attack that is affecting a large number of organizations?
DNS sinkhole
Which of the following is an example of risk avoidance?
Not installing new software to prevent compatibility errors
A website developer who is concerned about theft of the company’s user database wants to protect weak passwords from offline brute force attacks. Which of the following would be the best solution?
Use a key stretching technique
A security analyst needs to find real time data on the latest malware and IoCs. which of the following best describes the solution the analyst should pursue?
Threat feeds
