Sec+ 601 study guide Part 2 Flashcards
A company is implementing MFA for all applications that store sensitive data. The IT manager
wants MFA to be non-disruptive and user friendly. Which of the following technologies should
the IT manager use when implementing MFA?
A. One-time passwords
B. Email tokens
C. Push notifications
D. Hardware authentication
C. Push notifications
The CSIRT is reviewing the lessons learned from a recent incident. A worm was able to spread unhindered throughout thenetwork and infect a large number of computers and servers. Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future?
A. Install a NIDS device at the boundary.
B. Segment the network with firewalls.
C. Update all antivirus signatures daily.
D. Implement application blacklisting.
B. Segment the network with firewalls.
A company is adopting a BYOD policy and is looking for a comprehensive solution to protect
company information on user devices. Which of the following solutions would BEST support the
policy?
A. Mobile device management
B. Full-device encryption
C. Remote wipe
D. Biometrics
A. Mobile device management
A development team employs a practice of bringing all the code changes from multiple team members into the same development project through automation. A tool is utilized to validate the code and track source code through version control. Which of the following BEST describes this process?
A. Continuous delivery
B. Continuous integration
C. Continuous validation
D. Continuous monitoring
B. Continuous integration
A cybersecurity administrator needs to add disk redundancy for a critical server. The solution must have a two-drive failure for better fault tolerance. Which of the following RAID levels should the administrator select?
A. 0
B. 1
C. 5
D. 6
D. 6
Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?
A. The document is a honeyfile and is meant to attract the attention of a cyberintruder.
B. The document is a backup file if the system needs to be recovered.
C. The document is a standard file that the OS needs to verify the login credentials.
D. The document is a keylogger that stores all keystrokes should the account be compromised.
A. The document is a honeyfile and is meant to attract the attention of a cyberintruder.
A small company that does not have security staff wants to improve its security posture. Which
of the following would BEST assist the company?
A. MSSP
B. SOAR
C. IaaS
D. PaaS
B. SOAR
An organization’s help desk is flooded with phone calls from users stating they can no longer access certain websites. The help desk escalates the issue to the security team, as these websites were accessible the previous day. The security analysts run the following command: ipconfig/flushdns, but the issue persists. Finally, an analyst changes the DNS server for an impacted machine, and the issue goes away. Which of the following attacks MOST likely occurred on the original DNS server?
A. DNS cache poisoning
B. Domain hijacking
C. Distributed denial-of-service
D. DNS tunneling
B. Domain hijacking
A cybersecurity manager has scheduled biannual meetings with the IT team and department
leaders to discuss how they would respond to hypothetical cyberattacks. During these meetings,
the manager presents a scenario and injects additional information throughout the session to
replicate what might occur in a dynamic cybersecurity event involving the company, its facilities,
its data, and its staff. Which of the following describes what the manager is doing?
A. Developing an incident response plan
B. Building a disaster recovery plan
C. Conducting a tabletop exercise
D. Running a simulation exercise
C. Conducting a tabletop exercise
A RAT that was used to compromise an organization’s banking credentials was found on a user’s computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set. Which of the following recommendations would BEST prevent this from reoccurring?
A. Create a new acceptable use policy.
B. Segment the network into trusted and untrusted zones.
C. Enforce application whitelisting.
D. Implement DLP at the network boundary.
C. Enforce application whitelisting.
A security analyst is reviewing a new website that will soon be made publicly available. The analyst sees the following in the URL:
http://dev-site.comptia.org/home/show.php?sessionID=77276554&loc=us
The analyst then sends an internal user a link to the new website for testing purposes, and when the user clicks the link, the analyst is able to browse the website with the following URL:
http://dev-site.comptia.org/home/show.php?sessionID=98988475&loc=us
Which of the following application attacks is being tested?
A. Pass-the-hash
B. Session replay
C. Object deference
D. Cross-site request forgery
CSRF token is tied to a non-session cookie:
This situation is harder to exploit but is still vulnerable. If the web site contains any behavior that allows an attacker to set a
cookie in a victim’s browser, then an attack is possible. The attacker can log in to the application using their own account, obtain
a valid token and associated cookie, leverage the cookie-setting behavior to place their cookie into the victim’s browser, and feed
their token to the victim in their CSRF attack.
D. Cross-site request forgery
A network administrator has been asked to install an IDS to improve the security posture of an organization. Which of the following control types is an IDS?
A. Corrective
B. Physical
C. Detective
D. Administrative
C. Detective
Which of the following should be put in place when negotiating with a new vendor about the timeliness of the response to a significant outage or incident?
A. MOU
B. MTTR
C. SLA
D. NDA
A. MOU
A startup company is using multiple SaaS and IaaS platforms to stand up a corporate infrastructure and build out a customerfacing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?
A. SIEM
B. DLP
C. CASB
D. SWG
C. CASB
A root cause analysis reveals that a web application outage was caused by one of the company’s developers uploading a newer version of the third-party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent the issue from reoccurring?
A. CASB
B. SWG
C. Containerization
D. Automated failover
C. Containerization