Random

Question 1

A web architect would like to move a company’s website presence to the cloud. One of the management team’s key concerns is resiliency in case a cloud provider’s data center or network connection goes down. Which of the following should the web architect consider to address this concern?

A. Containers
B. Virtual Private Cloud
C. Segmentation
D. Availability Zone

Answer 1

Availability Zone

Availability zones are the most appropriate cloud feature to address the concern of resiliency in case a cloud provider’s data center or network connection goes down.

Question 2

Which of the following describes where an attacker can purchase DDoS or ransomware services?

A. Threat Intelligence
B. Open Source Intelligence
C. Vulnerability Database
D. Dark Web

Answer 2

Dark Web

Question 3

A security administrator is managing administrative access to sensitive systems with the following requirements:

• Common login accounts must not be used for administrative duties.
• Administrative accounts must be temporal in nature.
• Each administrative account must be assigned to one specific user.
• Accounts must have complex passwords.

” Audit trails and logging must be enabled on all systems.

A. ABAC
B. SAML
C. PAM
D. CASB

Answer 3

PAM

PAM is a solution that enables organizations to securely manage users’ accounts and access to sensitive systems. It allows administrators to create unique and complex passwords for each user, as well as assign each account to a single user for administrative duties.

Question 4

Company XYZ has been implementing Microsoft Office Communications Server 2007 R2 servers, unified communications clients, and unified communications applications.

They are now conducting the transition from solution to support. This project phase is referred to as?

A. Release
B. Operation
C. Retirement
D. Deployment

Answer 4

Operation

Question 5

Technology Solutions Center is a reputable high achieving software development company. The company attributes her success in following strict SDLC.

After successfully carrying out requirement gathering and analysis and design, what other phases should follow in order?

A. Coding and Implementation, Testing, Deployment, Maintenance
B. Staging, Development, Test and Production environments
C. Test, Development, Staging and Production environments
D. Deployment, Coding and Implementation, Testing, Production environments

Answer 5

Coding and Implementation, Testing, Deployment, Maintenance

Question 6

Disaster recovery testing involves simulating an IT failure or any other type of business disruption to assess a DR plan. The following are methods of testing a DRP except?

A. Checklist Testing
B. Parallel Testing
C. Simulation Testing
D. Emulation Testing

Answer 6

Emulation Testing

Question 7

An MX record in DNS can help mitigate what type of Malware?

A. Rootkit
B. Bot
C. Phishing and Spear Phishing
D. Adware

Answer 7

Phishing and Spear Phishing

Question 8

Organizations has robust incidence response strategy. The following are steps one would normally take after a cybersecurity incident has occurred.

In what order would you apply them?

A. Identification, Triage and analysis, Containment, Post-incident activity
B. Identification, Containment, Triage and analysis, Post-incident activity
C. Triage and analysis, Identification, Containment, Post-incident activity
D. Identification, Containment, Post-incident activity, Triage and analysis

Answer 8

Identification, Triage and analysis, Containment, Post-incident activity

Question 9

Diffrence between Hypervisor I and Hypervisor II

A)Hypervisor I(Bare Metal) easy to manage and is flexible/ Hypervisor II(Application) offers more security.

B)Hypervisor II(Applications)easy to manage and is flexible/ Hypervisor I(Bare Metal) offers more security

Answer 9

B)Hypervisor II(Applications)easy to manage and is flexible/ Hypervisor I(Bare Metal) offers more security

Question 10

Which of the following attacks would be rendered ineffective by the use of Salting?

A. Hash
B. Brute Force
C. Dictionary Attack
D.Rainbow Table

Answer 10

Rainbow Tables

Question 11

What type of malware is adware typically classified as?

A. DOG
B. Backdoor
C. PUP
D. Rootkit

Answer 11

B. Backdoor

Question 12

Nancy is concerned that there is a software keylogger on the system she is investigating. What data may have been stolen?

A. All files on the system
B. All keyboard input
C. All files the user access while the
keylogger was active
D, Keyboard and other input from the user

Answer 12

keyboard and other input from the user

Question 13

Which of the following would a security specialist be able to determine upon examination of a server’s certificate?

A. CA public key
B. Server private key
C. CSR
D. OID

Answer 13

D. OID

Question 14

A security engineer is configuring a system that requires the X.509 certificate information to be pasted into a form field in Base64 encoded format to import it into the system. Which of the following certificate formats should the engineer use to obtain the information in the required format?

A. PFX
B. PEM
C. DER
D. CER

Answer 14

PEM

Question 15

Answer 15

Question 16

Answer 16

Question 17

Answer 17

Question 18

Answer which port is which?

FTP
Telnat
SMTP
SNMP
SCP
TFTP

Answer 18

21
23
25
161
22
69

Question 19

Put theses is order
SWAP, RAM, Cache Hard Drive

Answer 19

Cache, RAM, SWAP, Hard Drive

Question 20

Which of the following characteristics differentiate a rainbow table attack from a brute force attack? (Choose two.)

A. Rainbow table attacks greatly reduce compute cycles at attack time.
B. Rainbow tables must include precomputed hashes.
C. Rainbow table attacks do not require access to hashed passwords.
D. Rainbow table attacks must be performed on the network.
E. Rainbow table attacks bypass maximum failed login restrictions.

Answer 20

B. Rainbow tables must include precomputed hashes.

E. Rainbow table attacks bypass maximum failed login restrictions.

Question 21

A security analyst wishes to increase the security of an FTP server. Currently, all traffic to the FTP server is unencrypted. Users connecting to the FTP server use a variety of modern FTP client software.
The security analyst wants to keep the same port and protocol, while also still allowing unencrypted connections. Which of the following would BEST accomplish these goals?

A. Require the SFTP protocol to connect to the file server.
B. Use implicit TLS on the FTP server.
C. Use explicit FTPS for connections.
D. Use SSH tunneling to encrypt the FTP traffic.

Answer 21

C. Use explicit FTPS for connections.

Question 22

An organization has determined it can tolerate a maximum of three hours of downtime. Which of the following has been specified?

A. RTO
B. RPO
C. MTBF
D. MTTR

Answer 22

A. RTO

Question 23

Users report the following message appears when browsing to the company’s secure site: This website cannot be trusted. Which of the following actions should a security analyst take to resolve these messages? (Choose two.)

A. Verify the certificate has not expired on the server.
B. Ensure the certificate has a .pfx extension on the server.
C. Update the root certificate into the client computer certificate store.
D. Install the updated private key on the web server.
E. Have users clear their browsing history and relaunch the session.

Answer 23

A. Verify the certificate has not expired on the server.

C. Update the root certificate into the client computer certificate store.

Question 24

Which of the following can be provided to an AAA system for the identification phase?

A. Username
B. Permissions
C. One-time token
D. Private certificate

Answer 24

A. Username

Question 25

Malicious traffic from an internal network has been detected on an unauthorized port on an application server.
Which of the following network-based security controls should the engineer consider implementing?

A. NAT
B. HIPS
C. ACLs
D. MAC filtering

Answer 25

C. ACLs

HIPS would normally sit on the edge of the network, between internal and external. The questions clearly states internal, which would justify ACLS.

Question 26

Which of the following encryption methods does PKI typically use to securely protect keys?

A. Elliptic curve
B. Digital signatures
C. Asymmetric
D. Obfuscation

Answer 26

C. Asymmetric

Question 27

As part of a new industry regulation, companies are required to utilize secure, standardized OS settings. A technical must ensure the OS settings are hardened.
Which of the following is the BEST way to do this?

A. Use a vulnerability scanner.
B. Use a configuration compliance scanner.
C. Use a passive, in-line scanner.
D. Use a protocol analyzer.

Answer 27

B. Use a configuration compliance scanner.

Question 28

A user has attempted to access data at a higher classification level than the user’s account is currently authorized to access. Which of the following access control models has been applied to this user’s account?

A. ABAC
B. DAC
C. RBAC
D. MAC

Answer 28

D. MAC

Question 29

An attacker compromises a public CA and issues unauthorized X.509 certificates for Company.com. In the future, Company.com wants to mitigate the impact of similar incidents. Which of the following would assist Company.com with its goal?

A. Certificate pinning
B. Certificate stapling
C. Certificate chaining
D. Certificate with extended validation

Answer 29

A. Certificate pinning

Question 30

A network administrator at a small office wants to simplify the configuration of mobile clients connecting to an encrypted wireless network. Which of the following should be implemented in the administrator does not want to provide the wireless password or he certificate to the employees?( Also is not a secure way to connect to a system.)

A. WPS
B. 802.1x
C. WPA2-PSK
D. TKIP

Answer 30

A. WPS

Question 31

A company’s user lockout policy is enabled after five unsuccessful login attempts. The help desk notices a user is repeatedly locked out over the course of a workweek. Upon contacting the user, the help desk discovers the user is on vacation and does not have network access. Which of the following types of attacks are MOST likely occurring? (Select two.)

A. Replay
B. Rainbow tables
C. Brute force
D. Pass the hash
E. Dictionary

Answer 31

C. Brute force
E. Dictionary

Question 32

An organization wishes to provide better security for its name resolution services. Which of the following technologies BEST supports the deployment of DNSSEC at the organization?

A. LDAP
B. TPM
C. TLS
D. SSL
E. PKI

Answer 32

C. TLS

My trick, every time I see esc or s at the end, it is TLS –as in FTPS which is FTP over TLS. in this case DNS over TLS.

Question 32

A security analyst is hardening an authentication server. One of the primary requirements is to ensure there is mutual authentication and delegation. Given these requirements, which of the following technologies should the analyst recommend and configure?

A. LDAP services
B. Kerberos services
C. NTLM services
D. CHAP services

Answer 32

B. Kerberos services

Only Kerberos that can do Mutual Auth and Delegation.

Question 32

After a user reports stow computer performance, a systems administrator detects a suspicious file, which was installed as part of a freeware software package.
The systems administrator reviews the output below:

Based on the above information, which of the following types of malware was installed on the user’s computer?

A. RAT
B. Keylogger
C. Spyware
D. Worm
E. Bot

Answer 32

A. RAT

Question 33

Which of the following network vulnerability scan indicators BEST validates a successful, active scan?

A. The scan job is scheduled to run during off-peak hours.
B. The scan output lists SQL injection attack vectors.
C. The scan data identifies the use of privileged-user credentials.
D. The scan results identify the hostname and IP address.

Answer 33

B. The scan output lists SQL injection attack vectors.

B is the correct answer because it recognizes an attack vectors. As we know that transmissions are dispatched by active scanners to network’s nodes, and via investigating the responses in order to indicate that whether a exclusive node holds a weak point in the network or not.

Question 34

An analyst wants to implement a more secure wireless authentication for office access points. Which of the following technologies allows for encrypted authentication of wireless clients over TLS?

A. PEAP
B. EAP
C. WPA2
D. RADIUS

Answer 34

A. PEAP

Question 35

WPA2 is among?

A. Wireless Cryptographic Protocols
B. Wireless Authentication Protocols
C. Remote Access Connection and Authentication Service
D. authentication framework

Answer 35

A. Wireless Cryptographic Protocols

Question 35

EAP is among?

A. Wireless Cryptographic Protocols
B. Wireless Authentication Protocols
C. Remote Access Connection and Authentication Service
D. Authentication framework

Answer 35

D. Authentication framework

Question 36

PEAP is among?

A. Wireless Cryptographic Protocols
B. Wireless Authentication Protocols
C. Remote Access Connection and Authentication Service
D. Authentication framework

Answer 36

B. Wireless Authentication Protocols

Question 36

RADIUS is among?

A. Wireless Cryptographic Protocols
B. Wireless Authentication Protocols
C. Remote Access Connection and Authentication Service
D. authentication framework

Answer 36

C. Remote Access Connection and Authentication Service

Question 37

A company has three divisions, each with its own networks and services. The company decides to make its secure web portal accessible to all employees utilizing their existing usernames and passwords. The security administrator has elected to use SAML to support authentication. In this scenario, which of the following will occur when users try to authenticate to the portal? (Choose two.)
A. The portal will function as a service provider and request an authentication assertion.
B. The portal will function as an identity provider and issue an authentication assertion.
C. The portal will request an authentication ticket from each network that is transitively trusted.
D. The back-end networks will function as an identity provider and issue an authentication assertion.
E. The back-end networks will request authentication tickets from the portal, which will act as the third-party service provider authentication store.
F. The back-end networks will verify the assertion token issued by the portal functioning as the identity provider.

Answer 37

C. The portal will request an authentication ticket from each network that is transitively trusted.
D. The back-end networks will function as an identity provider and issue an authentication assertion.

Question 38

A system administrator wants to provide balance between the security of a wireless network and usability. The administrator is concerned with wireless encryption compatibility of older devices used by some employees. Which of the following would provide strong security and backward compatibility when accessing the wireless network?

A. Open wireless network and SSL VPN
B. WPA using a preshared key
C. WPA2 using a RADIUS back-end for 802.1x authentication
D. WEP with a 40-bit key

Answer 38

B. WPA using a preshared key

Question 39

An information security specialist is reviewing the following output from a Linux server.

Based on the above information, which of the following types of malware was installed on the server?

A. Logic Bomb
B. RAT
C. Trojan
D. XSS Scripting

Answer 39

A. Logic Bomb

if you see “if” , it is logic bomb

Question 40

Which of the following would MOST likely appear in an uncredentialed vulnerability scan?

A. Self-signed certificates
B. Missing patches
C. Auditing parameters
D. Inactive local accounts

Answer 40

D. Inactive local accounts

Question 41

When considering a third-party cloud service provider, which of the following criteria would be the BEST to include in the security assessment process? (Choose two.)

A. Use of performance analytics
B. Adherence to regulatory compliance
C. Data retention policies
D. Size of the corporation
E. Breadth of applications support

Answer 41

B. Adherence to regulatory compliance
C. Data retention policies

Question 42

Which of the following occurs when the security of a web application relies on JavaScript for input validation?

A. The integrity of the data is at risk.
B. The security of the application relies on antivirus.
C. A host-based firewall is required.
D. The application is vulnerable to race conditions.

Answer 42

A. The integrity of the data is at risk.

Question 43

An analyst is reviewing a simple program for potential security vulnerabilities before being deployed to a Windows server. Given the following code:

Which of the following vulnerabilities is present?

A. Bad memory pointer
B. Buffer overflow
C. Integer overflow
D. Backdoor

Answer 43

B. Buffer overflow

B Because (strcpy) is an indicator of Buffer overflow

Question 44

A wireless network uses a RADIUS server that is connected to an authenticator, which in turn connects to a supplicant. Which of the following represents the authentication architecture in use?

A. Open systems authentication
B. Captive portal
C. RADIUS federation
D. 802.1x

Answer 44

D. 802.1x

Question 45

A manager wants to distribute a report to several other managers within the company. Some of them reside in remote locations that are not connected to the domain but have a local server. Because there is sensitive data within the report and the size of the report is beyond the limit of the email attachment size, emailing the report is not an option. Which of the following protocols should be implemented to distribute the report securely? (Choose three.)

A. S/MIME
B. SSH
C. SNMPv3
D. FTPS
E. SRTP
F. HTTPS
G. LDAPS

Answer 45

B. SSH
D. FTPS
F. HTTPS