Sec+

Question 1

The security analyst is investigating a phishing email that contains a malicious document directed to the company’s Chief Executive Officer (CEO). Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?

Answer 1

Install a sandbox to run the malicious payload in a safe environment.

Question 2

A cybersecurity administrator needs to harden a server after installing Windows. Which of the following best practices should the administrator do to achieve his goal? (Select TWO)

Answer 2

Disabling NetBIOS over TCP/IP

Disabling guest accounts

Question 3

Which of the following corporate policies is used to help prevent employee fraud and to detect system log modifications or other malicious activity based on tenure?

Answer 3

Mandatory vacation

Question 4

After scamming a user’s credentials, the red team was able to craft a payload to deploy on a server. The attack allowed the installation of malicious software that initiates a new remote session. Which type of attack has occurred?

Answer 4

Privilege escalation

Question 5

A company just implemented a new telework policy that allows employees to use personal devices for official email and file sharing while working from home. Some of the requirements are:

Employees must provide an alternate work location.
Employees must install software on the device that will prevent the loss of proprietary data but will not restrict any other software from being installed.

Which of the following BEST describes the MDM options the company is using?

Answer 5

Remote wipe, geolocation, screen locks, storage segmentation, and full-device encryption.

Question 6

A new PnP storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST defend the PC from malicious files on the storage device?

Answer 6

Change the default setting on the PC

Question 7

A user has concerns that a web app will not handle unexpected or random inputs without crashing. Which of the following types of testing should the user perform?

Answer 7

Fuzzing

Question 8

A security admin is analyzing the corporate wireless network. The network only has two access points running on channels 1 and 11. While using airdump-ng, the admin notices other access points are running with the same corporate ESSID on all available channels and with the same BSSID of one of the legitimate APs. What attack is being performed on the corporate network?

Answer 8

Evil Twin

Question 9

A network administrator is concerned about users being exposed to malicious content when accessing the company cloud applications. The administrator wants to be able to block access to sites based on the AUP. The users must also be protected because many of them work from home or at remote locations, providing on-site customer support. Which of the following should the administrator employ to meet these criteria?

Answer 9

SWG

Question 10

Following a prolonged datacenter outage that affected web based sales, a company has decided to move its operations to a private cloud solution. The security team has received the following requirements:

Must be visibility into how teams are using CBS
The company must be able to identify when data related to payment cards is being sent to the cloud
Data must be available regardless of the end user’s geographical location
Admin need a single pane of glass view into traffic and trends

Which of the following should the security analyst recommend?

Answer 10

Implement a CASB solution

Question 11

An analyst notices several attacks are being blocked by the NIPS but does not see anything on the boundary FW logs. The attack seems to have been stopped. Which of the following resiliency techniques was applied to the network to prevent this attack?

Answer 11

Defense in depth

Question 12

A government agency just acquired a new web application. The app must be assessed and authorized before being deployed. Which of the following is required to assess the vulnerabilities resident in the application?

Answer 12

Common vulnerability and exposures

Question 13

An organization with a large number of mobile devices is exploring enhanced security controls to manage unauthorized access if a device is lost or stolen. Specifically, if mobile devices are more than 3mi from the building, the management team would like to have the security team alerted and server resources restricted on those devices. Which of the following controls should the organization implement?

Answer 13

Geofencing

Question 14

A small business office is setting up a wireless infrastructure with primary requirements centered on protecting customer information and preventing unauthorized access to the business network. Which of the following would BEST support the office’s business needs? (Select TWO)

Answer 14

Configuring access using WPA3-Enterprise

Enabling 802.1X

Question 15

A security administrator needs to inspect in-transit files on the enterprise network to search for PII, cc data, and classification words. Which of the following would be the BEST to use?

Answer 15

Network DLP

Question 16

A security analyst has been reading about a new cyberattack from a known threat actor. Which of the following would BEST support the analyst’s review of the tactics, techniques, and protocols the threat actor was observed using in previous campaigns?

Answer 16

MITRE ATT&CK framework

Question 17

Which of the following is the most secure but LEAST expensive data destruction method for data that is stored on hard drives?

Answer 17

Degaussing

Question 18

Which of the following is the correct order of volatility from most to least likely volatile?

Answer 18

Cache, memory, temp filesystems, disk, archival media

Question 19

The security engineer installs a WAF to protect the company’s website from malicious web requests over SSL. Which of the following is needed to meet the objective?

Answer 19

Reverse proxy

Question 20

A public relations team will be taking a group of guests on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all disks are cleared. The company is most likely trying to protect against:

Answer 20

Social engineering

Question 21

An incident affecting dozens of systems, involves malware that reaches out to an Internet service for rules and updates. The IP addresses for the Internet host appear to be different in each case. The organization would like to determine a common IoC to support response and recovery actions. Which of the following sources of information would best support this solution?

Answer 21

DNS query logs

Question 22

Which of the following best describes a social engineering attack that relies on an executive at a small business visiting a fake banking website where cc and account details are harvested?

Answer 22

Whaling

Question 23

Which of the following would be best for a tech to review to determine the total risk an organization can bear when assessing a “cloud first” adoption strategy?

Answer 23

Appetite

Question 24

Access to a secure area requires passing through two doors, both of which require someone who is already inside to initiate access. Which of the following types of physical security controls does this describe?

Answer 24

Access control vestibule

Question 25

Which of the following function as preventative, detective, and deterrent controls to reduce risk of physical theft? (Select TWO)

Answer 25

Security guards

Video surveillance

Question 26

An analyst needs to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?

Answer 26

tcpdump

Question 27

A multinational organization that offers web based services has datacenters that are located only in the United States; however, a large number of its customers are in Australia, Europe, and China. Payments for services are managed by a third party in the United Kingdom that specializes in payment gateways. The management team is concerned the organization is not compliant with privacy laws that cover some of its customers. Which of the following frameworks should the management team follow?

Answer 27

Payment Card Industry Data Security Standard (PCI DSS)

Question 28

A security analyst is performing a packet capture on a series of SOAP HTTP requests for a security assessment. The analyst redirects the output to a text file. After the capture is complete, the analyst needs to review the first transactions quickly and then search the entire series of requests for a particular string. Which of the following would be BEST to use to accomplish this task? (Select TWO)

Answer 28

head

grep

Question 29

Users must provide a password and a USB key to authenticate against a secure computer, and authentication is limited to the state in which the company resides. Which authentication concepts are in use?

Answer 29

Something you know, something you have, somewhere you are.

Question 30

The CISO is evaluating the dangers involved in deploying a new ERP system for the company. The CISO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system. Which of the following is the CISO using to evaluate the environment for this new ERP system?

Answer 30

NIST Risk Management Framework

Question 31

Log file of a successful attack:

[DATA] attacking service ftp on port 21
[ATTEMPT] 09:00:01UTC target 192.168.50.1 - login “admin” -pass “p@55w0rd”
[ATTEMPT] 09:00:01UTC target 192.168.50.1 - login “admin” -pass “AcCe55”
[ATTEMPT] 09:00:01UTC target 192.168.50.1 - login “admin” -pass “A11ow!”[ATTEMPT] 09:00:01UTC target 192.168.50.1 - login “admin” -pass “PL34s3#”
[ATTEMPT] 09:00:01UTC target 192.168.50.1 - login “admin” -pass “FTPL0gin!”
[ATTEMPT] 09:00:01UTC target 192.168.50.1 - login “admin” -pass “L3tM31N!”
[21] [ftp] host 192.168.50.1 login: admin password: L3tM31N!1 of 1 target successfully completed, 1 valid password found in <1 second

Which of the following controls would be BEST to use to prevent such a breach in the future?

Answer 31

Account lockout

Question 32

Of the following, which should a data owner require all personnel to sign to legally protect intellectual property?

Answer 32

NDA

Question 33

The concept of connecting a user account across the systems of multiple enterprises is BEST known as:

Answer 33

Federation

Question 34

The CEO is unhappy with the level of service from the company’s new SP. The SP is preventing the CEO from sending email from a work account to a personal account. Which of the following types of SPs is being used?

Answer 34

Managed security service provider

Question 35

An organization needs to remediate the risk associated with its CSP not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the CP?

Answer 35

SLA

Question 36

An organization’s CSO wants to validate the business’s involvement in the incident response plan to ensure its validity and thoroughness. Which of the following will the CSO most likely use?

Answer 36

Tabletop exercise

Question 37

Which of the following cryptographic concepts would a security engineer utilize while implementing non-repudiation? (Select TWO)

Answer 37

Private key

Hashing

Question 38

An organization’s RPO for a critical system is two hours. The system is used Monday through Friday, from 9am to 5pm. Currently, the org performs a full backup every Saturday that takes four hours to complete. Which of the following additional backup implementations would be the MOST efficient way for the analyst to meet the business requirements?

Answer 38

Full backups Mon-Fri at 6pm and differential backups hourly

Question 39

When implementing automation with IoT devices, what should be considered FIRST to keep the network secure?

Answer 39

Communication protocols

Question 40

A web server administrator has redundant servers and needs to ensure failover to the secondary server when the primary server goes down. Which of the following should the admin implement to avoid disruption?

Answer 40

High availability

Question 41

A security engineer obtained the following output from a threat intelligence source that recently performed an attack on the company’s server:

GET index.php?page=..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswdGET index.php?page=..2f..2f..2f..2f..2f..2f..2f..2..2fetc2fpasswd
GET index.php?page=..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd

Which of the following BEST describes this kind of attack?

Answer 41

Directory traversal

Question 42

Which of the following types of controls is a CCTV camera not being monitored?

Answer 42

Deterrent

Question 43

After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

Answer 43

ACL

Question 44

Which of the following BEST helps to demonstrate integrity during a forensic investigation?

Answer 44

Hashing

Question 45

A security analyst is reviewing a penetration-testing report from a third-party contractor. The penetration testers used the organization’s new API to bypass a driver to perform privilege escalation on the organization’s web servers. After looking at the API, the analyst realizes the particular API call was to a legacy system running an outdated OS. Which of the following is the most likely attack type?

Answer 45

Shimming

Question 46

A security analyst must determine if either SSH or Telnet is being used to log in to servers. Which of the following should the analyst use?

Answer 46

tcpdump

Question 47

The company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. Which of the following is the primary use case for this scenario?

Answer 47

Implementation of detective controls

Question 48

The human resources department of a large online retailer has received multiple customer complaints about the rudeness of the automated chatbots it uses to interface and assist online shoppers. The system, which continuously learns and adapts, was working fine when it was installed a few months ago. Which of the following BEST describes the method being used to exploit the system?

Answer 48

Tainted training data

Question 49

The systems admin needs to install the same X.509 certificate on multiple servers. Which of the following should the admin use?

Answer 49

Self-signed certificate

Question 50

A CSO is concerned about the volume and integrity of sensitive information that is exchanged between the organization and a third party through email. The CSO is particularly concerned about an unauthorized party who is intercepting information that is in transit between the two organizations. Which of the following would address the CSO’s concerns?

Answer 50

DKIM

Question 51

An enterprise needs to keep cryptographic keys in a safe manner. Which of the following network appliances can achieve this goal?

Answer 51

HSM

Question 52

While reviewing the wireless router, an admin of a small business determines someone is spoofing the MAC address of an authorized device. Given the table below:

Hostname IP Address MAC MAC Filter
PC1 192.168.1.20 00:1E:1B:43:21:B2 On
PC2 192.168.1.23 31:1C:3C:13:25:C4 Off
PC3 192.168.1.25 20:A2:22:45:11:D2 On
UNKNOWN 192.168.1.21 12:44:B2:FF:A1:22 Off

Which of the following should be the administrator’s next step to detect if there is a rogue system without impacting availability?

Answer 52

Physically check each system

Question 53

Which of the following scenarios best describes a risk reduction technique?

Answer 53

A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.

Question 54

A security analyst is reviewing the following output:

IP Address Physical Address Type

192. 168.1.1 aa-bb-cc-00-11-22 dynamic
193. 168.1.2 aa-bb-cc-00-11-22 dynamic
194. 168.1.3 aa-bb-cc-00-11-22 dynamic
195. 168.1.4 aa-bb-cc-00-11-22 dynamic
196. 168.1.5 aa-bb-cc-00-11-22 dynamic—output omitted—192.168.1.251 aa-bb-cc-00-11-22 dynamic
197. 168.1.252 aa-bb-cc-00-11-22 dynamic
198. 168.1.253 aa-bb-cc-00-11-22 dynamic
199. 168.1.254 aa-bb-cc-00-11-22 dynamic
200. 168.1.255 ff-ff-ff-ff-ff-ff static

Which of the following is the analyst observing?

Answer 54

MAC address cloning

Question 55

An organization recently acquired an ISO 27001 certification. Which of the following would most likely be considered a benefit of this certification?

Answer 55

It assures customers that the organization meets security standards

Question 56

Which of the following is a risk that is specifically associated with hosting applications in the public cloud?

Answer 56

Shared tenancy

Question 57

A forensic analyst needs to prove that the data she originally acquired has remained unchanged while in her custody. Which of the following should the analyst use?

Answer 57

Checksum

Question 58

An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan, the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them? (Select THREE)

Answer 58

SNMPv2,SNMPv3

HTTP,HTTPS

Telnet,SSH

Question 59

A global company is experiencing unauthorized logins due to credential theft and account lockouts caused by brute-force attacks. The company is considering implementing a third party identity provider to help mitigate these attacks. Which of the following would be the BEST control for the global company to require from prospective vendors?

Answer 59

MFA

Question 60

An enterprise has hired an outside security firm to facilitate penetration testing on its networks and applications. The firm has agreed to pay for each vulnerability that is discovered. Which of the following BEST represents the type of testing being used?

Answer 60

Bug bounty

Question 61

Which of the following distributes data among nodes, making it more difficult to manipulate the data while also minimizing downtime?

Answer 61

Fog computing

Question 62

The lessons learned analysis from a recent incident reveals that an administrative office worker received a call from someone claiming to be from tech support. The caller convinced the office worker to visit a website, and then download and install a program masquerading as an antivirus package. The program was actually a backdoor that an attacker could later use to remote control the worker’s PC. Which of the following would be BEST to prevent this type of attack?

Answer 62

Segmentation

Question 63

A bank detects fraudulent activity on a user’s account. The user confirms transactions completed yesterday on the bank website at https://www.company.com. A security analyst then examines the user’s Internet usage logs and observes the following output:

date;username;url;destinationport;responsecode
2020-03-01;userann;http://www.company.org/ ;80;302
2020-03-01;userann;http://www.company.org/ secure_login/;80;200
2020-03-01;userann;http://www.company.org/dashboard/;80;200

Which of the following has MOST likely occurred?

Answer 63

SSL stripping

Question 64

A security analyst needs to perform periodic vulnerability scans on production systems. Which of the following scan types would produce the BEST vulnerability scan report?

Answer 64

Credentialed

Question 65

After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue. Multiple alerts were generated on the SIEM during this period of time. Which of the following BEST explains what happened?

Answer 65

The SIEM was unable to correlate the rules, triggering the alerts

Question 66

Users reported several suspicious activities within the last two weeks that resulted in several unauthorized transactions. Upon investigation, the security analyst found the following:

Multiple reports of breached credentials within that time period
Traffic being redirected in certain parts of the network
Fraudulent emails being sent by various internal users without their consent

Which of the following types of attacks was MOST likely used?

Answer 66

Request forgeries

Question 67

An organization plans to transition the intrusion detection and prevention techniques on a critical subnet to an anomaly based system. Which of the following does the organization need to determine for this to be successful?

Answer 67

Baseline

Question 68

If a current private key is compromised, which of the following would ensure it cannot be used to decrypt all historical data?

Answer 68

Perfect forward secrecy

Question 69

Which of the following environments would MOST likely be used to assess the execution of component parts of a system at both the hardware and software levels and to measure performance characteristics?

Answer 69

Test

Question 70

Individual endpoint protection is causing inconsistent protection because the protection policy has not been uniformly deployed. Which of the following solutions should be implemented to address this issue?

Answer 70

Network firewall

Question 71

A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned that servers in the company’s DMZ will be vulnerable to external attack; however, the administrator cannot disable the services on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Select TWO) -

Answer 71

135

445

Question 72

A security researcher is attempting to gather data on the widespread use of a zero day exploit. Which of the following will researchers MOST likely use to capture this data?

Answer 72

Honeypot

Question 73

Which of the following BEST explains the difference between a data owner and a data custodian?

Answer 73

The data owner is responsible for determining how data may be used, while the data custodian is responsible for implementing the protections to the data.

Question 74

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

Answer 74

Unsecure protocols

Question 75

A security analyst is running a vulnerability scan to check for missing patches during a suspected security incident. During which of the following phases of the response process is this activity MOST likely occurring?

Answer 75

Identification

Question 76

During an incident, a company’s CIRT determines it is necessary to observe the continued network based transactions between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

Answer 76

Create and apply micro segmentation rules

Question 77

Which of the following types of attacks is specific to the individual it targets?

Answer 77

Whaling

Question 78

A major political party experienced a server breach. The hacker publicly posted stolen internal communications concerning campaign strategies to give the opposition part an advantage. Which of the following BEST describes these threat actors?

Answer 78

Advanced persistent threats

Question 79

A systems analyst determines the source of a high number of connections to a web server that were initiated by ten different IP addresses that belong to a network block in a specific country. Which of the following techniques will the systems analyst MOST likely implement to address this issue?

Answer 79

Firewall rules

Question 80

A network administrator is concerned about users being exposed to malicious content when accessing company cloud applications. The administrator wants to be able to block access to sites based on the AUP. The users must also be protected because many of them work from home or at a remote location, providing on site customer support. Which of the following should the administrator employ to meet these criteria?

Answer 80

SWG

Question 81

Which of the following BEST describes the method a security analyst would use to confirm a file that is downloaded from a trusted security website is not altered in transit or corrupted using a verified checksum?

Answer 81

Digital Signature

Question 82

Which of the following would produce the closest experience of responding to an actual incident response scenario?

Answer 82

Simulation

Question 83

A security analyst is running a vulnerability scan to check for missing patches during a suspected security incident. During which of the following phases of the response process is this activity MOST likely occurring?

Answer 83

Identification

Question 84

A security engineer needs to build a solution to satisfy regulatory requirements that state certain critical servers must be accessed using MFA. However, the critical servers are older and are unable to support the addition of MFA. Which of the following will the engineer MOST likely use to achieve this objective?

Answer 84

Jump server

Question 85

An enterprise has hired an outside security firm to conduct a penetration test on its network and applications. The enterprise provided the firm with access to a guest account. Which of the following BEST represents the type of testing that is being used?

Answer 85

Gray box

Question 86

To mitigate the impact of a single VM being compromised by another VM on the same hypervisor, an administrator would like to utilize a technical control to further segregate the traffic. Which of the following solutions would BEST accomplish this objective?

Answer 86

Install a hypervisor firewall to filter east-west traffic

Question 87

An external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the DMZ and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will BEST assist with this investigation?

Answer 87

Check the SIEM to review the correlated logs

Question 88

Which of the following is a reason why an organization would define an AUP?

Answer 88

To define the set of rules and behaviors for users of the organization’s IT systems

Question 89

A company recently recovered from a data breach. During the root cause of analysis, the organization determined the source of the breach to be a personal cell phone that had been reported lost. Which of the following solutions should the organization implement to reduce the likelihood of future data breaches?

Answer 89

MDM

Question 90

Ann, a customer, received a notification from her mortgage company stating her PII may be shared with partners, affiliates, and associates to maintain day-to-day business operations. Which of the following documents did Ann receive?

Answer 90

APN

Question 91

During an investigation, a security manager receives notification from local authorities that company proprietary data was found on a former employee’s home computer. The former employee’s corporate workstation has since been repurposed, and the data on the hard drive has been overwritten. Which of the following would BEST provide the security manager with enough details to determine when the data was removed from the company network?

Answer 91

Properly configured hosts with security logging

Question 92

A recent security audit revealed that a popular website with IP address 172.16.1.5 also has an FTP service that employees were using to store sensitive corporate data. The organization’s outbound firewall processes rules top-down. Which of the following would permit HTTP and HTTPS, while denying all other services for this host?

Answer 92

access-rule permit tcp destination 172.16.1.5 port 80
access-rule permit tcp destination 172.16.1.5 port 443
access-rule deny ip destination 172.16.1.5

Question 93

A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirements?

Answer 93

Homomorphic

Question 94

A remote user recently took a two week vacation abroad and brought along a corporate owned laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN. Which of the following is the MOST likely reason for the user’s inability to connect the laptop to the VPN? (Select TWO)

Answer 94

The user’s laptop was quarantined because it missed the latest patch update

The laptop is still configured to connect to an international mobile network operator

Question 95

A security analyst is concerned about traffic initiated to the dark web from the corporate LAN. Which of the following networks should the analyst monitor?

Answer 95

Tor

Question 96

A forensics investigator is examining a number of unauthorized payments that were reported on the company’s website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:

Click here to unsubscribe

Which of the following will the forensics investigator MOST likely determine has occurred?

Answer 96

XSRF

Question 97

A security analyst reviews the datacenter access logs for a fingerprint scanner and notices an abundance of errors that correlate with users’ reports of issues accessing the facility. Which of the following MOST likely indicates the cause of the access issues?

Answer 97

False rejection

Question 98

During a security assessment, a security analyst finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permissions for existing users and groups and remove the set user ID bit from the file?

Answer 98

setuid

Question 99

An attack relies on an end user visiting a website the end user would typically visit; however, the site is compromised and uses vulnerabilities in the end user’s browser to deploy malicious software. Which of the following types of attacks does this describe?

Answer 99

Watering hole

Question 100

Which of the following represents a biometric FRR?

Answer 100

Authorized user being denied access

Question 101

A security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their devices, the following requirements must be met:

Mobile device OSs must be patched up to the latest release a screen lock must be enabled (passcode or biometric)Corporate data must be removed if the device is lost or stolen

Which of the following controls should the security engineer configure? (select two)

Answer 101

Posture checking

Application whitelisting

Question 102

An organization has expanded its operations by opening a remote office. The new office is fully furnished with office resources to support up to 50 employees working on any given day. Which of the following VPN solutions would BEST support the new office?

Answer 102

Site-to-site

Question 103

A developer is concerned about people downloading fake malware-infected replicas of a popular game. Which of the following should the developer do to help verify legitimate versions of the game for users?

Answer 103

Digitally sign the relevant game files

Question 104

When used at the design stage, which of the following improves the efficiency, accuracy, and speed of a database?

Answer 104

Normalization

Question 105

The SIEM at an organization has detected suspicious traffic coming from a workstation on its internal network. An analyst in the SOC investigates the workstation and discovers malware that is associated with a botnet is installed on the device. A review of the logs on the workstation revealed that the privileges of the local account were escalated to local admin. Which of the following groups should the analyst report this event?

Answer 105

NOC Team

Question 106

The SIEM at an organization has detected suspicious traffic coming from a workstation on its internal network. An analyst in the SOC investigates the workstation and discovers malware that is associated with a botnet is installed on the device. A review of the logs on the workstation revealed that the privileges of the local account were escalated to local admin. Which of the following groups should the analyst report this event?

Answer 106

NOC team

Question 107

An engineer is setting up a VDI environment for a factory location, and the business wants to deploy a low-cost solution to enable users on the shop floor to log in to the VDI environment directly. Which of the following should the engineer select to meet these requirements?

Answer 107

Thin Client

Question 108

A security analyst needs to implement security features across smartphones, laptops, and tablets. Which of the following would be the MOST effective across heterogeneous platforms?

Answer 108

Applying MDM software

Question 109

A CSO has asked a tech to devise a solution that can detect unauthorized execution privileges from the OS in both executable and data files and can work in conjunction with proxies or UTM. Which of the following would BEST meet the CSOs requirements?

Answer 109

Sandboxing

Question 110

While receiving pcap data, an analyst is able to locate plaintext usernames and passwords being sent from workstations to network switches. Which of the following is the analyst MOST likely observing?

Answer 110

Telnet session

Question 111

A cybersecurity admin needs to implement a layer 7 security control on a network and block potential attacks. Which of the following can block an attack at layer 7?

Answer 111

WAF

NIPS

Question 112

Which of the following threat actors is most likely to be motivated by ideology?

Answer 112

Hacktivist

Question 113

A network manager is concerned that business may be negatively impacted if the firewall in its datacenter goes offline. The manager would like to implement a high availability pair to:

Answer 113

remove the single point of failure.

Question 114

A security admin needs to create a RAID configuration that is focused on high read/write speeds and fault tolerance. It is unlikely that multiple drives will fail simultaneously. Which of the following RAID configurations should the administrator use?

Answer 114

RAID 5

Question 115

A security analyst is hardening a network infrastructure. The analyst is given the following requirements:

Preserve the use of public IP addresses assigned to the equipment on the core router
Enable “in transport” encryption protection to the web server with the strongest ciphers

Which of the following should the analyst implement to meet these requirements? (select two)

Answer 115

Configure NAT on the core router

Enable TLSv2 encryption on the web server

Question 116

A security analyst is reviewing the following output from a system:

TCP 192.168.10.10:80 192.168.1.2:60101 TIME_WAIT
TCP 192.168.10.10:80 192.168.1.2:60102 TIME_WAIT
TCP 192.168.10.10:80 192.168.1.2:60103 TIME_WAIT
TCP 192.168.10.10:80 192.168.1.2:60104 TIME_WAIT
TCP 192.168.10.10:80 192.168.1.2:60105 TIME_WAIT
TCP 192.168.10.10:80 192.168.1.2:60106 TIME_WAIT
TCP 192.168.10.10:80 192.168.1.2:60107 TIME_WAIT
TCP 192.168.10.10:80 192.168.1.2:60108 TIME_WAIT
TCP 192.168.10.10:80 192.168.1.2:60109 TIME_WAIT
TCP 192.168.10.10:80 192.168.1.2:60110 TIME_WAIT

Which of the following is MOST likely being observed?

Answer 116

DoS

Question 117

A company has been experiencing very brief power outages from its utility company over the last few months. These outages only last for one second each time. The utility company is aware of the issue and is working to replace a faulty transformer. Which of the following best describes what the company should purchase to ensure its critical servers and network devices stay online?

Answer 117

UPS

Question 118

An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. Which of the following frameworks should the security officer use to map the existing controls? (select two)

Answer 118

GDPR

ISO

Question 119

A large financial services firm recently released information regarding a security breach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained admin access to the network through a file downloaded from a social media site and subsequently installed it without the user’s knowledge. Since the compromise, the attacker was able to take command and control of the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker most likely use to gain access?

Answer 119

A RAT

Question 120

Which of the following is most likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?

Answer 120

A risk register

Question 121

When planning to build a virtual environment, an admin needs to achieve the following:

Establish policies to limit who can create new VMs
Allocate resources according to actual utilization
Require justification for requests outside of the standard requirements
Create standardized categories based on size and resource requirements

Which of the following is the admin most likely trying to do?

Answer 121

Avoid VM sprawl

Question 122

A security analyst is investigating a vulnerability in which a default file permission was set incorrectly. The company uses non-credentialed scanning for vulnerability management. Which of the following tools can the analyst use to verify the permissions?

Answer 122

chmod

Question 123

A security admin is setting up a SIEM to help monitor for notable events across the enterprise. Which of the following control types does this best represent?

Answer 123

Detective

Question 124

A company wants to deploy decoy systems alongside production systems in order to entice threat actors and to learn more about attackers. Which of the following best describes these systems?

Answer 124

Honeypots

Question 125

A financial analyst has been accused of violating the company’s AUP and there is forensic evidence to substantiate the allegation. Which of the following would dispute the analyst’s claim of innocence?

Answer 125

Non-repudiation

Question 126

A security analyst is investigating a phishing email that contains a malicious document directed to the company’s CEO. Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?

Answer 126

Install a sandbox to run the malicious payload in a safe environment

Question 127

Which of the following would best identify and remediate a data-loss event in an enterprise using third-party, web based services and file sharing platforms?

Answer 127

CASB

Question 128

A company recently experienced an attack during which its main website was directed to the attacker’s web server, allowing the attacker to harvest credentials from unsuspecting customers. Which of the following should the company implement to prevent this type of attack from occurring in the future?

Answer 128

DNSSEC

Question 129

A network analyst is investigating compromised corporate information. The analyst leads to a theory that network traffic was intercepted before being transmitted to the internet. The following output was captured on an internal host:

IPv4 Address ………… 10.0.0.87
Subnet Mask …………. 255.255.255.0
Default Gateway ……… 10.0.0.1

Internet Address Physical Address

10. 10.255.255 ff-ff-ff-ff-ff-ff
11. 0.0.1 aa-aa-aa-aa-aa-aa
12. 0.0.254 aa-aa-aa-aa-aa-aa
13. 0.0.2 01-00-5e-00-00-02

Based on the IoCs, which of the following was the most likely attack used to compromise the network communication?

Answer 129

ARP poisoning

Question 130

Several employees return to work the day after attending an industry trade show. That same day, the security manager notices several malware alerts coming from each of the employees’ workstations. The security manager investigates but finds no evidence of attack by reviewing network based sources like the perimeter firewall or the NIDS. Which of the following is most likely causing the malware alerts?

Answer 130

A USB flash drive that is trying to run malicious code but is being blocked by the host firewall

Question 131

An organization relies on third-party videoconferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources. Which of the following would BEST maintain high-quality video conferencing while minimizing latency when connected to the VPN?

Answer 131

Utilizing split tunneling so only traffic for corporate resources is encrypted

Question 132

Which of the following would cause a CISO the most concern regarding newly installed Internet-accessible 4k surveillance cameras?

Answer 132

The cameras could be compromised if not patched in a timely manner

Question 133

The spread of misinformation surrounding the outbreak of a novel virus on election day led to eligible voters choosing not to take the risk of going to the polls. This is an example of:

Answer 133

Influence campaign

Question 134

A company wants to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the best backup strategy to implement?

Answer 134

Full backups followed by differential backups

Question 135

A security engineer needs to create a network segment that can be used for servers that require connections from untrusted networks. Which of the following should the engineer implement?

Answer 135

VLAN

Question 136

Which of the following technical controls is best suited for the detection and prevention of buffer overflows on hosts?

Answer 136

EDR

Question 137

Which of the following environments utilizes dummy data and is most likely to be installed on a system that allows code to be assessed directly and modified easily with each build?

Answer 137

Test

Question 138

A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credentials twice to log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs, the analyst decides to run some commands on the gateway and obtains the following output:

Internet address Physical address Type

192. 168.1.1 ff-ec-ab-00-aa-78 dynamic
193. 168.1.5 ff-00-5e-48-00-fb dynamic
194. 168.1.8 00-0c-29-1a-e7-fa dynamic
195. 168.1.10 fc-41-5e-48-00-ff dynamic
196. 215.54.47 fc-00-5e-48-00-fb static

Which of the following best describes the attack the company is experiencing?

Answer 138

ARP poisoning

Question 139

A company has decided to move its operations to the cloud. It wants to utilize technology that will prevent users from downloading company applications for personal use, restrict data that is uploaded, and have visibility into which applications are being used across the company. Which of the following solutions will best meet these requirements?

Answer 139

CASB

Question 140

A recent security assessment revealed that an actor exploited a vulnerable workstation within an organization and has persisted on the network for several months. The organization realizes the need to reassess its security strategy for mitigating risks within the perimeter. Which of the following solutions would best support the organization’s strategy?

Answer 140

EDR

Question 141

Which of the following terms should be included in a contract to help a company monitor the ongoing security maturity of a new vendor?

Answer 141

A right to audit clause allowing for annual security audits

Question 142

Which of the following would be most effective to contain a rapidly spreading attack that is affecting a large number of organizations?

Answer 142

DNS sinkhole

Question 143

Which of the following is an example of risk avoidance?

Answer 143

Not installing new software to prevent compatibility errors

Question 144

A website developer who is concerned about theft of the company’s user database wants to protect weak passwords from offline brute force attacks. Which of the following would be the best solution?

Answer 144

Use a key stretching technique

Question 145

A security analyst needs to find real time data on the latest malware and IoCs. which of the following best describes the solution the analyst should pursue?

Answer 145

Threat feeds

Question 146

Which of the following would an organization use to assign a value to risks based on probability of occurrence and impact?

Answer 146

Risk matrix

Question 147

A retail company that is launching a new website to showcase the company’s product line and other information for online shoppers registered the following URLs:

www.companysite.com
shop.companysite.com
about-us.companysite.com
contact-us.companysite.com
secure-logon.companysite.com

Which of the following should the company use to secure its website if the company is concerned with convenience and cost?

Answer 147

Wildcard certificate

Question 148

Which of the following should a tech consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?

Answer 148

The computational overhead of calculating the encryption key

Question 149

A company has discovered unauthorized devices are using its WiFi network, and it wants to harden the access point to improve security. Which of the following configurations should an analyst enable to improve security? (select two)

Answer 149

RADIUS

EAP-PEAP

Question 150

A backdoor was detected in the containerized application environment. The investigation detected that a zero day vulnerability was introduced when the latest container image version was downloaded from a public registry. Which of the following is the best solution to prevent this type of incident from occurring again?

Answer 150

Create a dedicated VPC for the containerized environment

Question 151

Port 20/21

Answer 151

FTP ( File Transfer Protocol )

Question 152

Port 53

Answer 152

DNS

Question 153

Port 67/68

Answer 153

DHCP ( Dynamic Host Configuration Protocol )

Question 154

Port 110

Answer 154

POP3 ( Post Office Protocol 3 )

Question 155

Port 25

Answer 155

SMTP ( Simple Mail Transport Protocol )

Question 156

Port 23

Answer 156

Telnet

Question 157

Port 69

Answer 157

TFTP ( Trivial File Transport Protocol )

Question 158

Port 22

Answer 158

SSH

Question 159

Port 123

Answer 159

NTP ( Network Time Protocol )

Question 160

Port 80

Answer 160

HTTP

Question 161

Port 443

Answer 161

HTTPS / SSL VPN

Question 162

Port 3389

Answer 162

RDP ( Remote Desktop Protocol )

Question 163

Port 143

Answer 163

IMAP4 ( Internet message access protocol v4 )

Question 164

Port 500

Answer 164

IPsec

Question 165

Port 161

Answer 165

SNMP ( Simple Network Management Protocol )