sec + Flashcards
Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?
A. SCAP
B. NetFlow
C. Antivirus
D. DLP
D. DLP
An organization recently updated its security policy to include the following statement:
Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application.
Which of the following best explains the security technique the organization adopted by making this addition to the policy?
A. Identify embedded keys
B. Code debugging
C. Input validation
D. Static code analysis
C. Input validation
Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?
A. Compensating control
B. Network segmentation
C. Transfer of risk
D. SNMP traps
A. Compensating control
The management team notices that new accounts that are set up manually do not always have correct access or permissions.
Which of the following automation techniques should a systems administrator use to streamline account creation?
A. Guard rail script
B. Ticketing workflow
C. Escalation script
D. User provisioning script
D. User provisioning script
Which of the following is a primary security concern for a company setting up a BYOD program?
A. End of life
B. Buffer overflow
C. VM escape
D. Jailbreaking
D. Jailbreaking
A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks.
Which of the following analysis elements did the company most likely use in making this decision?
A. MTTR
B. RTO
C. ARO
D. MTBF
C. ARO
Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?
A. Preparation
B. Recovery
C. Lessons learned
D. Analysis
A. Preparation
A security administrator needs a method to secure data in an environment that includes some form of checks so track any changes. Which of the following should the administrator set up to achieve this goal?
A. SPF
B. GPO
C. NAC
D. FIM
D. FIM
FILE INTERGRITY MONITOR
A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Choose two.)
A. Key escrow
B. TPM presence
C. Digital signatures
D. Data tokenization
E. Public key management
F. Certificate authority linking
A. Key escrow
B. TPM presence
Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?
A. Remote access points should fail closed.
B. Logging controls should fail open.
C. Safety controls should fail open.
D. Logical security controls should fail closed.
C. Safety controls should fail open.
Which of the following would be best suited for constantly changing environments?
A. RTOS
B. Containers
C. Embedded systems
D. SCADA
Containers
An accounting clerk sent money to an attacker’s bank account after receiving fraudulent instructions to use a new account. Which of the following would most likely prevent this activity in the future?
A. Standardizing security incident reporting
B. Executing regular phishing campaigns
C. Implementing insider threat detection measures
D. Updating processes for sending wire transfers
Updating processes for sending wire transfers
A company’s marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?
A. Processor
B. Custodian
C. Subject
D. Owner
Subject
A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?
A. Default credentials
B. Non-segmented network
C. Supply chain vendor
D. Vulnerable software
Vulnerable software
Which of the following is used to validate a certificate when it is presented to a user?
A. OCSP
B. CSR
C. CA
D. CRC
OCSP
Which of the following is used to quantitatively measure the criticality of a vulnerability?
A. CVE
B. CVSS
C. CIA
D. CERT
CVSS
Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?
A. Software as a service
B. Infrastructure as code
C. Internet of Things
D. Software-defined networking
Infrastructure as code
A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer data. Which of the following should the administrator do first?
A. Block access to cloud storage websites.
B. Create a rule to block outgoing email attachments.
C. Apply classifications to the data.
D. Remove all user permissions from shares on the file server.
Apply classifications to the data.
A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO’s report?
A. Insider threat
B. Hacktivist
C. Nation-state
D. Organized crime
Organized crime
Which of the following practices would be best to prevent an insider from introducing malicious code into a company’s development process?
A. Code scanning for vulnerabilities
B. Open-source component usage
C. Quality assurance testing
D. Peer review and approval
Peer review and approval
Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Choose two.)
A. Fencing
B. Video surveillance
C. Badge access
D. Access control vestibule
E. Sign-in sheet
F. Sensor
C. Badge access
D. Access control vestibule
Which of the following is the most common data loss path for an air-gapped network?
A. Bastion host
B. Unsecured Bluetooth
C. Unpatched OS
D. Removable devices
Removable devices
An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?
A. Deploying a SASE solution to remote employees
B. Building a load-balanced VPN solution with redundant internet
C. Purchasing a low-cost SD-WAN solution for VPN traffic
D. Using a cloud provider to create additional VPN concentrators
Deploying a SASE solution to remote employees
Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Choose two.)
A. The device has been moved from a production environment to a test environment.
B. The device is configured to use cleartext passwords.
C. The device is moved to an isolated segment on the enterprise network.
D. The device is moved to a different location in the enterprise.
E. The device’s encryption level cannot meet organizational standards.
F. The device is unable to receive authorized updates.
E. The device’s encryption level cannot meet organizational standards.
F. The device is unable to receive authorized updates.
A newly identified network access vulnerability has been found in the OS of legacy IoT devices. Which of the following would best mitigate this vulnerability quickly?
A. Insurance
B. Patching
C. Segmentation
D. Replacement
Segmentation
After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?
A. Group Policy
B. Content filtering
C. Data loss prevention
D. Access control lists
Access control lists
A company is discarding a classified storage array and hires an outside vendor to complete the disposal. Which of the following should the company request from the vendor?
A. Certification
B. Inventory list
C. Classification
D. Proof of ownership
Certification
A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?
A. Geographic dispersion
B. Platform diversity
C. Hot site
D. Load balancing
Geographic dispersion
Which of the following teams combines both offensive and defensive testing techniques to protect an organization’s critical systems?
A. Red
B. Blue
C. Purple
D. Yellow
Purple
A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?
A. Patch availability
B. Product software compatibility
C. Ease of recovery
D. Cost of replacement
Patch availability
Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?
A. A full inventory of all hardware and software
B. Documentation of system classifications
C. A list of system owners and their departments
D. Third-party risk assessment documentation
A full inventory of all hardware and software
A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group?
A. RBAC
B. ACL
C. SAML
D. GPO
RBAC
ROLE BASED ACCESSED CONTROL
During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user’s intranet account? (Choose two.)
A. Federation
B. Identity proofing
C. Password complexity
D. Default password changes
E. Password manager
F. Open authentication
Federation
Password complexity
Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?
A. SIEM
B. DLP
C. IDS
D. SNMP
SIEM
After a company was compromised, customers initiated a lawsuit. The company’s attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?
A. Retain the emails between the security team and affected customers for 30 days.
B. Retain any communications related to the security breach until further notice.
C. Retain any communications between security members during the breach response.
D. Retain all emails from the company to affected customers for an indefinite period of time.
Retain any communications related to the security breach until further notice.
Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?
A. Mitigate
B. Accept
C. Transfer
D. Avoid
Mitigate
The local administrator account for a company’s VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have most likely prevented this from happening?
A. Using least privilege
B. Changing the default password
C. Assigning individual user IDs
D. Reviewing logs more frequently
Changing the default password
Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Choose two.)
A. Channels by which the organization communicates with customers
B. The reporting mechanisms for ethics violations
C. Threat vectors based on the industry in which the organization operates
D. Secure software development training for all personnel
E. Cadence and duration of training events
F. Retraining requirements for individuals who fail phishing simulations
Threat vectors based on the industry in which the organization operates
Cadence and duration of training events
A network administrator is working on a project to deploy a load balancer in the company’s cloud environment. Which of the following fundamental security requirements does this project fulfil?
A. Privacy
B. Integrity
C. Confidentiality
D. Availability
Availability
A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following operating system security measures will the administrator most likely use?
A. Deploying PowerShell scripts
B. Pushing GPO update
C. Enabling PAP
D. Updating EDR profiles
Pushing GPO update
Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?
A. ARO
B. RTO
C. RPO
D. ALE
E. SLE
ALE (Annual Lose expectancy )
An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Choose two.)
A. Application
B. Authentication
C. DHCP
D. Network
E. Firewall
F. Database
Network
Firewall
Which of the following threat actors is the most likely to be motivated by profit?
A. Hacktivist
B. Insider threat
C. Organized crime
D. Shadow IT
Organized crime
A systems administrator uses a key to encrypt a message being sent to a peer in a different branch office. The peer then uses the same key to decrypt the message. Which of the following describes this example?
A. Symmetric
B. Asymmetric
C. Hashing
D. Salting
Symmetric
Which of the following most impacts an administrator’s ability to address CVEs discovered on a server?
A. Rescanning requirements
B. Patch availability
C. Organizational impact
D. Risk tolerance
Patch availability
The CIRT is reviewing an incident that involved a human resources recruiter exfiltrating sensitive company data. The CIRT found that the recruiter was able to use HTTP over port 53 to upload documents to a web server. Which of the following security infrastructure devices could have identified and blocked this activity?
A. WAF utilizing SSL decryption
B. NGFW utilizing application inspection
C. UTM utilizing a threat feed
D. SD-WAN utilizing IPSec
NGFW utilizing application inspection
Which of the following describes effective change management procedures?
A. Approving the change after a successful deployment
B. Having a backout plan when a patch fails
C. Using a spreadsheet for tracking changes
D. Using an automatic change control bypass for security updates
Having a backout plan when a patch fails
An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. Which of the following best describes the tool the administrator is using?
A. DLP
B. SNMP traps
C. SCAP
D. IPS
DLP
A security administrator is reissuing a former employee’s laptop. Which of the following is the best combination of data handling activities for the administrator to perform? (Choose two.)
A. Data retention
B. Certification
C. Destruction
D. Classification
E. Sanitization
F. Enumeration
Sanitization
Certification
An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?
A. Tokenization
B. Hashing
C. Obfuscation
D. Segmentation
Hashing
An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk. Which of the following types of infections is present on the systems?
A. Virus
B. Trojan
C. Spyware
D. Ransomware
Ransomware
A security engineer is installing an IPS to block signature-based attacks in the environment.
Which of the following modes will best accomplish this task?
A. Monitor
B. Sensor
C. Audit
D. Active
Active
Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?
A. IDS
B. ACL
C. EDR
D. NAC
EDR Endpoint Detection and Response
Client files can only be accessed by employees who need to know the information and have specified roles in the company. Which of the following best describes this security concept?
A. Availability
B. Confidentiality
C. Integrity
D. Non-repudiation
Confidentiality
Which of the following describes the understanding between a company and a client about what will be provided and the accepted time needed to provide the company with the resources?
A. SLA
B. MOU
C. MOA
D. BPA
SLA
A company that is located in an area prone to hurricanes is developing a disaster recovery plan and looking at site considerations that allow the company to immediately continue operations. Which of the following is the best type of site for this company?
A. Cold
B. Tertiary
C. Warm
D. Hot
Hot
Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?
A. Reporting structure for the data privacy officer
B. Request process for data subject access
C. Role as controller or processor
D. Physical location of the company
Role as controller or processor
A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next?
A. IPS
B. Firewall
C. AСL
D. Windows security
Firewall
A manager receives an email that contains a link to receive a refund. After hovering over the link, the manager notices that the domain’s URL points to a suspicious link. Which of the following security practices helped the manager to identify the attack?
A. End user training
B. Policy review
C. URL scanning
D. Plain text email
End user training
A systems administrator notices that the research and development department is not using the company VPN when accessing various company-related services and systems. Which of the following scenarios describes this activity?
A. Espionage
B. Data exfiltration
C. Nation-state attack
D. Shadow IT
Shadow IT
The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?
A. Shadow IT
B. Insider threat
C. Data exfiltration
D. Service disruption
Shadow IT
Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?
A. To track the status of patching installations
B. To find shadow IT cloud deployments
C. To continuously the monitor hardware inventory
D. To hunt for active attackers in the network
To track the status of patching installations
Which of the following is classified as high availability in a cloud environment?
A. Access broker
B. Cloud HSM
C. WAF
D. Load balancer
Load balancer
Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?
A. Encryption
B. Hashing
C. Masking
D. Tokenization
Masking
The Chief Information Security Officer (CISO) has determined the company is non-compliant with local data privacy regulations. The CISO needs to justify the budget request for more resources. Which of the following should the CISO present to the board as the direct consequence of non-compliance?
A. Fines
B. Reputational damage
C. Sanctions
D. Contractual implications
Fines
A security analyst is investigating an application server and discovers that software on the server is behaving abnormally. The software normally runs batch jobs locally and does not generate traffic, but the process is now generating outbound traffic over random high ports. Which of the following vulnerabilities has likely been exploited in this software?
A. Memory injection
B. Race condition
C. Side loading
D. SQL injection
Memory injection
Which of the following should a security operations center use to improve its incident response procedure?
A. Playbooks
B. Frameworks
C. Baselines
D. Benchmarks
Playbooks
A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies. Which of the following is the most important consideration during development?
A. Scalability
B. Availability
C. Cost
D. Ease of deployment
Availability
Which of the following is a feature of a next-generation SIEM system?
A. Virus signatures
B. Automated response actions
C. Security agent deployment
D. Vulnerability scanning
Automated response actions
To improve the security at a data center, a security administrator implements a CCTV system and posts several signs about the possibility of being filmed. Which of the following best describe these types of controls? (Choose two.)
A. Preventive
B. Deterrent
C. Corrective
D. Directive
E. Compensating
F. Detective
Detective
Deterrent
Which of the following examples would be best mitigated by input sanitization?
A.Script ,Warning, Script
B. nmap - 10.11.1.130
C. Email message: “Click this link to get your free gift card.”
D. Browser message: “Your connection is not private.”
<script>
alert("Warning!");
</script>After conducting a vulnerability scan, a systems administrator notices that one of the identified vulnerabilities is not present on the systems that were scanned. Which of the following describes this example?
A. False positive
B. False negative
C. True positive
D. True negative
False positive
A company allows customers to upload PDF documents to its public e-commerce website. Which of the following would a security analyst most likely recommend?
A. Utilizing attack signatures in an IDS
B. Enabling malware detection through a UTM
C. Limiting the affected servers with a load balancer
D. Blocking command injections via a WAF
Enabling malware detection through a UTM
A company is decommissioning its physical servers and replacing them with an architecture that will reduce the number of individual operating systems. Which of the following strategies should the company use to achieve this security requirement?
A. Microservices
B. Containerization
C. Virtualization
D. Infrastructure as code
Containerization
Which of the following methods can be used to detect attackers who have successfully infiltrated a network? (Choose two.)
A. Tokenization
B. CI/CD
C. Honeypots
D. Threat modeling
E. DNS sinkhole
F. Data obfuscation
Honeypots
DNS sinkhole
A company wants to ensure that the software it develops will not be tampered with after the final version is completed. Which of the following should the company most likely use?
A. Hashing
B. Encryption
C. Baselines
D. Tokenization
Hashing
An organization completed a project to deploy SSO across all business applications last year. Recently, the finance department selected a new cloud-based accounting software vendor. Which of the following should most likely be configured during the new software deployment?
A. RADIUS
B. SAML
C. EAP
D. OpenID
SAML
A user, who is waiting for a flight at an airport, logs in to the airline website using the public Wi-Fi, ignores a security warning and purchases an upgraded seat. When the flight lands, the user finds unauthorized credit card charges. Which of the following attacks most likely occurred?
A. Replay attack
B. Memory leak
C. Buffer overflow attack
D. On-path attack
On-path attack
A network team segmented a critical, end-of-life server to a VLAN that can only be reached by specific devices but cannot be reached by the perimeter network. Which of the following best describe the controls the team implemented? (Choose two.)
A. Managerial
B. Physical
C. Corrective
D. Detective
E. Compensating
F. Technical
G. Deterrent
E. Compensating
F. Technical
A threat actor was able to use a username and password to log in to a stolen company mobile device. Which of the following provides the best solution to increase mobile data security on all employees’ company mobile devices?
A. Application management
B. Full disk encryption
C. Remote wipe
D. Containerization
Full disk encryption
Which of the following best describes the risk present after controls and mitigating factors have been applied?
A. Residual
B. Avoided
C. Inherent
D. Operational
Residual
A software development team asked a security administrator to recommend techniques that should be used to reduce the chances of the software being reverse engineered. Which of the following should the security administrator recommend?
A. Digitally signing the software
B. Performing code obfuscation
C. Limiting the use of third-party libraries
D. Using compile flags
Performing code obfuscation
Easy-to-guess passwords led to an account compromise. The current password policy requires at least 12 alphanumeric characters, one uppercase character, one lowercase character, a password history of two passwords, a minimum password age of one day, and a maximum password age of 90 days. Which of the following would reduce the risk of this incident from happening again? (Choose two.)
A. Increasing the minimum password length to 14 characters.
B. Upgrading the password hashing algorithm from MD5 to SHA-512.
C. Increasing the maximum password age to 120 days.
D. Reducing the minimum password length to ten characters.
E. Reducing the minimum password age to zero days.
F. Including a requirement for at least one special character.
Increasing the minimum password length to 14 characters.
Including a requirement for at least one special character
A user downloaded software from an online forum. After the user installed the software, the security team observed external network traffic connecting to the user’s computer on an uncommon port. Which of the following is the most likely explanation of this unauthorized connection?
A. The software had a hidden keylogger.
B. The software was ransomware.
C. The user’s computer had a fileless virus.
D. The software contained a backdoor.
The software contained a backdoor.
Which of the following considerations is the most important regarding cryptography used in an IoT device?
A. Resource constraints
B. Available bandwidth
C. The use of block ciphers
D. The compatibility of the TLS version
Resource constraints
While performing digital forensics, which of the following is considered the most volatile and should have the contents collected first?
A. Hard drive
B. RAM
C. SSD
D. Temporary files
RAM
A city municipality lost its primary data center when a tornado hit the facility. Which of the following should the city staff use immediately after the disaster to handle essential public services?
A. BCP
B. Communication plan
C. DRP
D. IRP
DRP
A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link that is redirecting to a dead domain. Which of the following is the best step for the security team to take?
A. Create a blocklist for all subject lines.
B. Send the dead domain to a DNS sinkhole.
C. Quarantine all emails received and notify all employees.
D. Block the URL shortener domain in the web proxy.
Block the URL shortener domain in the web proxy.
A company needs to keep the fewest records possible, meet compliance needs, and ensure destruction of records that are no longer needed. Which of the following best describes the policy that meets these requirements?
A. Security policy
B. Classification policy
C. Retention policy
D. Access control policy
Retention policy
Which of the following is the best reason an organization should enforce a data classification policy to help protect its most sensitive information?
A. End users will be required to consider the classification of data that can be used in documents.
B. The policy will result in the creation of access levels for each level of classification.
C. The organization will have the ability to create security requirements based on classification levels.
D. Security analysts will be able to see the classification of data within a document before opening it.
The organization will have the ability to create security requirements based on classification levels.
An analyst is performing a vulnerability scan against the web servers exposed to the internet without a system account. Which of the following is most likely being performed?
A. Non-credentialed scan
B. Packet capture
C. Privilege escalation
D. System enumeration
E. Passive scan
Non-credentialed scan
A security administrator is hardening corporate systems and applying appropriate mitigations by consulting a real-world knowledge base for adversary behavior. Which of the following would be best for the administrator to reference?
A. MITRE ATT&CK
B. CSIRT
C. CVSS
D. SOAR
MITRE ATT&CK
An architect has a request to increase the speed of data transfer using JSON requests externally. Currently, the organization uses SFTP to transfer data files. Which of the following will most likely meet the requirements?
A. A website-hosted solution
B. Cloud shared storage
C. A secure email solution
D. Microservices using API
Microservices using API
Which of the following addresses individual rights such as the right to be informed, the right of access, and the right to be forgotten?
A. GDPR
B. PCI DSS
C. NIST
D. ISO
GDPR
A security administrator is working to find a cost-effective solution to implement certificates for a large number of domains and subdomains owned by the company. Which of the following types of certificates should the administrator implement?
A. Wildcard
B. Client certificate
C. Self-signed
D. Code signing
Wildcard
An auditor discovered multiple insecure ports on some servers. Other servers were found to have legacy protocols enabled. Which of the following tools did the auditor use to discover these issues?
A. Nessus
B. curl
C. Wireshark
D. netcat
Nessus
A security analyst received a tip that sensitive proprietary information was leaked to the public. The analyst is reviewing the PCAP and notices traffic between an internal server and an external host that includes the following:
…
12:47:22.327233 PPPoE [ses 0x8122] IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto IPv6 (41), length 331) 10.5.1.1 > 52.165.16.154: IP6 (hlim E3, next-header TCP (6) paylcad length: 271) 2001:67c:2158:a019::ace.53104 > 2001:0:5ef5:79fd:380c:dddd:a601:24fa.13788: Flags [P.], cksum 0xd7ee (correct), seq 97:348, ack 102, win 16444, length 251
…
Which of the following was most likely used to exfiltrate the data?
A. Encapsulation
B. MAC address spoofing
C. Steganography
D. Broken encryption
E. Sniffing via on-path position
Encapsulation
A security administrator is performing an audit on a stand-alone UNIX server, and the following message is immediately displayed:
(Error 13): /etc/shadow: Permission denied.
Which of the following best describes the type of tool that is being used?
A. Pass-the-hash monitor
B. File integrity monitor
C. Forensic analysis
D. Password cracker
Password cracker
A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?
A. Serverless architecture
B. Thin clients
C. Private cloud
D. Virtual machines
Serverless architecture
A security administrator needs to create firewall rules for the following protocols: RTP, SIP, H.323. and SRTP. Which of the following does this rule set support?
A. RTOS
B. VoIP
C. SoC
D. HVAC
VoIP
A company wants to implement MFA. Which of the following enables the additional factor while using a smart card?
A. PIN
B. Hardware token
C. User ID
D. SMS
PIN
A company hired an external consultant to assist with required system upgrades to a critical business application. A systems administrator needs to secure the consultant’s access without sharing passwords to critical systems. Which of the following solutions should most likely be utilized?
A. TACACS+
B. SAML
C. An SSO platform
D. Role-based access control
E. PAM software
PAM software
Which of the following data roles is responsible for identifying risks and appropriate access to data?
A. Owner
B. Custodian
C. Steward
D. Controller
Owner
Which of the following physical controls can be used to both detect and deter? (Choose two.)
A. Lighting
B. Fencing
C. Signage
D. Sensor
E. Bollard
F. Lock
Lighting
Sensor
A development team is launching a new public-facing web product. The Chief Information Security Officer has asked that the product be protected from attackers who use malformed or invalid inputs to destabilize the system. Which of the following practices should the development team implement?
A. Fuzzing
B. Continuous deployment
C. Static code analysis
D. Manual peer review
A. Fuzzing
During an annual review of the system design, an engineer identified a few issues with the currently released design. Which of the following should be performed next according to best practices?
A. Risk management process
B. Product design process
C. Design review process
D. Change control process
Change control process
Which of the following is best to use when determining the severity of a vulnerability?
A. CVE
B. OSINT
C. SOAR
D. CVSS
CVSS
An organization experienced a security breach that allowed an attacker to send fraudulent wire transfers from a hardened PC exclusively to the attacker’s bank through remote connections. A security analyst is creating a timeline of events and has found a different PC on the network containing malware. Upon reviewing the command history, the analyst finds the following:
PS>.\mimikatz.exe “sekurlsa::pth /user:localadmin /domain:corp-domain.com /ntlm:B4B9B02E1F29A3CF193EAB28C8D617D3F327
Which of the following best describes how the attacker gained access to the hardened PC?
A. The attacker created fileless malware that was hosted by the banking platform.
B. The attacker performed a pass-the-hash attack using a shared support account.
C. The attacker utilized living-off-the-land binaries to evade endpoint detection and response software.
D. The attacker socially engineered the accountant into performing bad transfers.
The attacker performed a pass-the-hash attack using a shared support account.
Which of the following is the best resource to consult for information on the most common application exploitation methods?
A. OWASP
B. STIX
C. OVAL
D. Threat intelligence feed
E. Common Vulnerabilities and Exposures
OWASP
A security analyst at an organization observed several user logins from outside the organization’s network. The analyst determined that these logins were not performed by individuals within the organization. Which of the following recommendations would reduce the likelihood of future attacks? (Choose two.)
A. Disciplinary actions for users
B. Conditional access policies
C. More regular account audits
D.Implementation of additional authentication factors
E. Enforcement of content filtering policies
F. A review of user account permissions
Conditional access policies
Implementation of additional authentication factors
A security team is addressing a risk associated with the attack surface of the organization’s web application over port 443. Currently, no advanced network security capabilities are in place. Which of the following would be best to set up? (Choose two.)
A. NIDS
B. Honeypot
C. Certificate revocation list
D. HIPS
E. WAF
F. SIEM
NIDS
WAF
An organization wants to improve the company’s security authentication method for remote employees. Given the following requirements:
- Must work across SaaS and internal network applications
- Must be device manufacturer agnostic
- Must have offline capabilities
Which of the following would be the most appropriate authentication method?
A. Username and password
B. Biometrics
C. SMS verification
D. Time-based tokens
Time-based tokens
A company web server is initiating outbound traffic to a low-reputation, public IP on non-standard pat. The web server is used to present an unauthenticated page to clients who upload images the company. An analyst notices a suspicious process running on the server that was not created by the company development team. Which of the following is the most likely explanation for his security incident?
A. A web shell has been deployed to the server through the page.
B. A vulnerability has been exploited to deploy a worm to the server.
C. Malicious insiders are using the server to mine cryptocurrency.
D. Attackers have deployed a rootkit Trojan to the server over an exposed RDP port.
A web shell has been deployed to the server through the page.
An organization requests a third-party full-spectrum analysis of its supply chain. Which of the following would the analysis team use to meet this requirement?
A. Vulnerability scanner
B. Penetration test
C. SCAP
D. Illumination tool
Illumination tool
A security analyst is reviewing the source code of an application in order to identify misconfigurations and vulnerabilities. Which of the following kinds of analysis best describes this review?
A. Dynamic
B. Static
C. Gap
D. Impact
Static
A systems administrator deployed a monitoring solution that does not require installation on the endpoints that the solution is monitoring. Which of the following is described in this scenario?
A. Agentless solution
B. Client-based soon
C. Open port
D. File-based solution
Agentless solution
A security analyst is evaluating a SaaS application that the human resources department would like to implement. The analyst requests a SOC 2 report from the SaaS vendor. Which of the following processes is the analyst most likely conducting?
A. Internal audit
B. Penetration testing
C. Attestation
D. Due diligence
Due diligence
Which of the following is used to conceal credit card information in a database log file?
A. Tokenization
B. Masking
C. Hashing
D. Obfuscation
Masking
An organization recently started hosting a new service that customers access through a web portal. A security engineer needs to add to the existing security devices a new solution to protect this new service. Which of the following is the engineer most likely to deploy?
A. Layer 4 firewall
B. NGFW
C. WAF
D. UTM
WAF web application firewall
Which of the following topics would most likely be included within an organization’s SDLC?
A. Service-level agreements
B. Information security policy
C. Penetration testing methodology
D. Branch protection requirements
Branch protection requirements
Which of the following control types is AUP an example of?
A. Physical
B. Managerial
C. Technical
D. Operational
Operational
An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in, so the security team wants to reduce the number of credentials each employee must maintain. Which of the following is the first step the security team should take?
A. Enable SAML.
B. Create OAuth tokens.
C. Use password vaulting.
D. Select an IdP.
Select an IdP.
Which of the following would be the best way to test resiliency in the event of a primary power failure?
A. Parallel processing
B. Tabletop exercise
C. Simulation testing
D. Production failover
Production failover
Which of the following is a common, passive reconnaissance technique employed by penetration testers in the early phases of an engagement?
A. Open-source intelligence
B. Port scanning
C. Pivoting
D. Exploit validation
Open-source intelligence
Which of the following would be the most appropriate way to protect data in transit?
A. SHA-256
B. SSL3.0
C. TLS 1.3
D. AES-256
TLS 1.3
