Sec+

Question 1

A security analyst needs to find real time data on the latest malware and IoCs. Which of the following best describes the solution the analyst should pursue?

Answer 1

Threat feeds

Question 2

The security analyst is investigating a phishing email that contains a malicious document directed to the company’s CEO. Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?

Answer 2

Install a sandbox to run the malicious payload in a safe envrionment

Question 3

A cybersecurity administrator needs to harden a server after installing Windows. Which of the following best practices should the administrator do to achieve his goal? (Select TWO)

Answer 3

Disabling NetBIOS over TCP/IP

Disabling guest accounts

Question 4

Which of the following corporate policies is used to help prevent employee fraud and to detect system log modifications or other malicious activity based on tenure?

Answer 4

Mandatory vacation

Question 5

After scamming a user’s credentials, the red team was able to craft a payload to deploy on a server. The attack allowed the installation of malicious software that initiates a new remote session. Which type of attack has occurred?

Answer 5

Privilege escalation

Question 6

A company just implemented a new telework policy that allows employees to use personal devices for official email and file sharing while working from home. Some of the requirements are:

Employees must provide an alternate work location
Employees must install software on the device that will prevent the loss of proprietary data but willnot restrict any other software from being installed.

Which of the following BEST describes the MDM options the company is using?

Answer 6

Remote wipe, geolocation, screen locks, storage segmentation, and full-device encryption

Question 7

A new PnP storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST defend the PC from malicious files on the storage device?

Answer 7

Change the default setting on the PC

Question 8

A user has concerns that a web app will not handle unexpected or random inputs without crashing. Which of the following types of testing should the user perform?

Answer 8

Fuzzing

Question 9

A security admin is analyzing the corporate wireless network. The network only has two access points running on channels 1 and 11. While using airdump-ng, the admin notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate APs. What attack is being performed on the corporate network?

Answer 9

Evil Twin

Question 10

A network administrator is concerned about users being exposed to malicious content when accessing the company cloud applications. The administrator wants to be able to block access to sites based on the AUP. The users must also be protected because many of them work from home or at remote locations, providing on-site customer support. Which of the following should the administrator employ to meet these criteria?

Answer 10

SWG

Question 11

Following a prolonged datacenter outage that affected web based sales, a company has decided to move its operations to a private cloud solution. The security team has received the following requirements:

Must be visibility into how teams are using CBS
The company must be able to identify when data related to payment cards is being sent to the cloud.
Data must be available regardless of the end user’s geographical location
Admin need a single pane of glass view into traffic and trends

Which of the following should the security analyst recommend?

Answer 11

Implement a CASB solution

Question 12

An anlyst notices several attacks are being blocked by the NIPS but does not see anything on the boundary FW logs. The attack seems to have stopped. Which of the following resiliency techniques was applied to the network to prevent this attack?

Answer 12

Defense in depth

Question 13

A government agency just acquired a new web application. The app must be assessed and authorized before being deployed. Which of the following is required to assess the vulnerabilities resident in the application?

Answer 13

Common vulnerability and exposures

Question 14

An organization with a large number of mobile devices is exploring enhanced security controls to manage unauthorized access if a device is lost or stolen. Specifically, if mobile devices from more than 3 miles from the building, the management team would like to have the security team alerted and server resources restricted on those devices. Which of the following controls should the organization implement?

Answer 14

Geofencing

Question 15

A small business office is setting up a wireless infrastructure with primary requirements centered on protecting customer information and preventing unauthorized access to the business network. Which of the following would BEST support the office’s business needs? (Select TWO)

Answer 15

Configuring access using WPA3-Enterprise

Enabling 802.1X

Question 16

A security administrator needs to inspect in-transit files to the enterprise network to search for PII, cc data, and classification words. Which of the following would be the BEST to use?

Answer 16

Network DLP

Question 17

A security analyst has been reading about a new cyberattack from a know threat actor. Which of the following would BEST support the analyst’s review of the tactics, techniques, and protocols the threat actor was observed using in previous campaigns?

Answer 17

MITRE ATT&CK framework

Question 18

Which of the following is the most secure but LEAST expensive data destruction method for data that is stored on hard drives?

Answer 18

Degaussing

Question 19

Which of the following is the correct order of volatility from most to least likely volatile?

Answer 19

Cache, memory, temp filesystems, disk, archival media

Question 20

The security engineer installs a WAF to protect the company’s website from malicious web requests over SSL. Which of the following is needed to meet the objective?

Answer 20

Reverse proxy

Question 21

A public relations team will be taking a group of guests on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all disks are cleared. The company is most likely trying to protect against:

Answer 21

Social Engineering

Question 22

An incident affecting dozens of systems, involves malware that reaches out to an internet service for rules and updates. The IP address for the internet host appear to be different in each case. The organization would like to determine an common IoC to support response and recover actions. Which of the following sources of information would best support this solution?

Answer 22

DNS query logs

Question 23

Which of the following best describes a social engineering attack that relies on an executive at a small business visiting a fake banking website where cc and account details are harvested?

Answer 23

whaling

Question 24

Which of the folloiwng would be best for a tech to review to determine the total risk an organization can bear when assessing a “cloud first” adoption strategy?

Answer 24

appetite

Question 25

access to a secure area requires passing through two doors, both of which require someone who is already inside the initiate access. Which of the following types of physical security controls does this describe?

Answer 25

access control vestibule

Question 26

which of the following function as preventative, detective, and deterrent controls to reduce risk of physical theft? (Select TWO)

Answer 26

security guards

video surveillance

Question 27

an analyst needs to verify that a client server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?

Answer 27

tcpdump

Question 28

a multinational organization that offers web based services has datacenters that are located only in the US; however, a large number of tis customers are in Australia, Europe, and China. Payments for services are managed by a third party in the UK that specializes in payment gateways. The management team is concerned the organization is not compliant with privacy laws that cover some of tis customers. Which of the following frameworks should the management team follow?

Answer 28

Payment Card Industry Data Security Standard

Question 29

a security analyst is performing a packet capture on a series of SOAP HTTP requests for a security assessment. the analyst redirects the output to a text file. after the capture is complete, the analyst needs to review the first transactions quickly and then search the entire series of requests for a particular string. which of the following would be BEST to use to accomplish this task? (Select TWO)

Answer 29

head

grep

Question 30

Users must provide a password and a USB key to authenticate against a secure computer, and authentication is limited to the state in which the company resides. Which authentication concepts are in use?

Answer 30

Something you know, something you have, somewhere you are

Question 31

the CISO is evaluating the dangers involved in deploying a new ERP system for the company. the CISO categorizes the system, selects the controls that apply to the system, implements the controls and then assesses the success of controls before authorizing the system. which of the following is the CISO using to evaluate the environment for this new ERP system?

Answer 31

NIST Risk Management Framework

Question 32

. Log file of a successful attack:

[DATA] attacking service ftp on port 21
[ATTEMPT] 09:00:01UTC target 192.168.50.1 - login “admin” -pass “p@55w0rd”
[ATTEMPT] 09:00:01UTC target 192.168.50.1 - login “admin” -pass “AcCe55”
[ATTEMPT] 09:00:01UTC target 192.168.50.1 - login “admin” -pass “A11ow!”
[ATTEMPT] 09:00:01UTC target 192.168.50.1 - login “admin” -pass “PL34s3#”
[ATTEMPT] 09:00:01UTC target 192.168.50.1 - login “admin” -pass “FTPL0gin!”
[ATTEMPT] 09:00:01UTC target 192.168.50.1 - login “admin” -pass “L3tM31N!”
[21] [ftp] host 192.168.50.1 = login: admin password: L3tM31N! of 1 target successfully completed, 1 valid password found in <1 second

which of the following controls would be BEST to use to prevent such a breach in the future?

Answer 32

account lockout

Question 33

of the following, which should a data owner require all personnel to sign to legally protect intellectual property?

Answer 33

NDA

Question 34

the concept of connecting a user account across the systems of multiple enterprises is BEST known as:

Answer 34

federation

Question 35

the CEO is unhappy with the level of service form the company’s new SP. The SP is preventing the CEO from sending email from a work account to a personal account. Which of the following types of SPs is being used

Answer 35

managed security service provider

Question 36

an organization needs to remediate the risk associated with its CSP not meeting its advertised 99.999@ availability metrics. which of the following should the organization consult for the exact requirements for the CP?

Answer 36

SLA

Question 37

an organization’s CSO wants to validate the business’s involvement in the incident response plan to ensure its validity and thoroughness. which of the following will the CSO most likely use?

Answer 37

tabletop exercise

Question 38

which of the following cryptographic concepts would a security engineer utilize while implementing non-repudiation?

Answer 38

private key

hashing

Question 39

an organization’s RPO for a critical system is two hours. the system is used Monday through Friday, from 9-5. currently, the org performs a full backup every Saturday that takes four hours to complete. which of the following additional backup implementations would be the MOST efficient way for the analyst to meet the business requirements?

Answer 39

full backups mon-fri at 6pm and differential backups hourly

Question 40

when implementing automation with IoT devices, what should be considered FIRST to keep the network secure?

Answer 40

communication protocols

Question 41

a web server administrator has redundant servers and needs to ensure failover to the secondary server when the primary server goes down. Which of the following should the admin implement to avoid disruption?

Answer 41

high availability

Question 42

a security engineer obtained the following output from a threat intelligence source that recently performed an attack on the company’s server:

GET index.php?
page=..2f..2f..2f..2f..2f..2f..2f..2fectc22fpasswdGET index.php?
page=..2f..2f..2f..2f..2f..2f..2f..2..2fetc2fpasswd Get index.php?
page=..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd

Which of the following BEST describes this kind of attack?

Answer 42

directory traversal

Question 43

which of the following types of controls is a CCTV camera not being monitored?

Answer 43

deterrent

Question 44

after segmenting the network, the network manager wants to control the traffic between the segments. which of the following should the manager use to control the network traffic?

Answer 44

ACL

Question 45

which of the following BEST helps to demonstrate integrity during a forensic investigation?

Answer 45

hashing

Question 46

a security analyst is reviewing a penetration-testing report from a third-party contractor. the penetration testers used the organizations new API to bypass a driver to perform privilege’s escalation on the organization’s web servers. after looking at the API, the analyst realizes the particular API call was to a legacy system running an outdated OS. which of the following is most likely attack type?

Answer 46

shimming

Question 47

a security analyst must determine if either SSH or Telnet is being used to log in to servers. which of the following should the analyst use?

Answer 47

tcpdump

Question 48

the company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. which of the following is the primary use case for this scenario?

Answer 48

implementation of detective controls

Question 49

the human resources department of a large online retailer has received multiple customer complaints about the rudeness of the automated chatbots it uses to interface and assist online shoppers. the system which continuously learns and adapts, was working fine when it was installed a few months ago. which of the following BEST describes the method being used to exploit the system?

Answer 49

tainted training data

Question 50

the systems admin needs to install the same X.509 certificate on multiple severs. which of the following should the admin use?

Answer 50

self-signed certificate