Sec+ 601 study guide Part 5 Flashcards
A company’s Chief Information Officer (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company’s developers.
Which of the following would be MOST suitable for training the developers? A. A capture-the-flag competition B. A phishing simulation C. Physical security training D. Basic awareness training
D. Basic awareness training
A security analyst needs to generate a server certificate to be used for 802.1X and secure RDP connections. The analyst is unsure what is required to perform the task and solicits help from a senior colleague. Which of the following is the FIRST step the senior colleague will most likely tell the analyst to perform to accomplish this task?
A. Create an OCSP
B. Generate a CSR.
C. Create a CRL.
D. Generate a .pfx file.
B. Generate a CSR.
Under GDPR, which of the following is MOST responsible for the protection of privacy and website user rights?
A. The data protection officer
B. The data processor
C. The data owner
D. The data controller
** In GDPR and other privacy laws, the data controller is most responsible for protecting the privacy of and rights to the data. According to Article 5 from the EU GDPR, the controller is responsible for the lawfulness, fairness and transparency of information.
D. The data controller
A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?
A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.
B. Restrict administrative privileges and patch all systems and applications.
C. Rebuild all workstations and install new antivirus software.
D. Implement application whitelisting and perform user application hardening.
A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.
A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be BEST to help the organization’s executives determine their next course of action?
A. An incident response plan
B. A communications plan
C. A disaster recovery plan
D. A business continuity plan
D. A business continuity plan
Which of the following describes the ability of code to target a hypervisor from inside a guest OS?
A. Fog computing B. VM escape C. Software-defined networking D. Image forgery E. Container breakout
B. VM escape
After a ransomware attack, a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the company MOST likely review to trace this transaction?
A. The public ledger
B. The NetFlow data
C. A checksum
D. The event log
D. The event log
During an incident response, a security analyst observes the following log entry on the web server:
GET http://www.companysite.com/product_info.php?show=../../../../ect/password
HTTP/1.1 Host: www.companysite.com
Which of the following BEST describes the type of attack the analyst is experiencing? A. SQL injection B. Cross-site scripting C. Pass-the-hash D. Directory traversal
D. Directory traversal
Which of the following ISO standards is certified for privacy?
A. ISO 9001
B. ISO 27002
C. ISO 27701
D. ISO 31000
C. ISO 27701
A document that appears to be malicious has been discovered in an email that was sent to a company’s Chief Financial Officer (CFO). Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?
A. Open the document on an air-gapped network.
B. View the document’s metadata for origin clues.
C. Search for matching file hashes on malware websites.
D. Detonate the document in an analysis sandbox.
C. Search for matching file hashes on malware websites.
A security analyst is running a vulnerability scan to check for missing patches during a suspected security incident. During which of the following phases of the response process is this activity MOST likely occurring?
A. Containment
B. Identification
C. Recovery
D. Preparation
B. Identification
Which of the following is a team of people dedicated to testing the effectiveness of
organizational security programs by emulating the techniques of potential attackers?
A. Red team
B. White team
C. Blue team
D. Purple team
A. Red team
A security analyst discovers that a company’s username and password database was posted on an Internet forum. The usernames and passwords are stored in plain text. Which of the following would mitigate the damage done by this type of data exfiltration in the future?
A. Create DLP controls that prevent documents from leaving the network.
B. Implement salting and hashing.
C. Configure the web content filter to block access to the forum.
D. Increase password complexity requirements.
B. Implement salting and hashing.
Which of the following are requirements that must be configured for PCI DSS compliance? (Choose two.)
A. Testing security systems and processes regularly
B. Installing and maintaining a web proxy to protect cardholder data
C. Assigning a unique ID to each person with computer access
D. Encrypting transmission of cardholder data across private networks
E. Benchmarking security awareness training for contractors
F. Using vendor-supplied default passwords for system passwords
The 12 requirements of PCI DSS are:
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software or programs
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need to know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security for all personnel
A. Testing security systems and processes regularly
C. Assigning a unique ID to each person with computer access
A security analyst needs to be proactive in understanding the types of attacks that could potentially target the company’s executives. Which of the following intelligence sources should the security analyst review?
A. Vulnerability feeds
B. Trusted automated exchange of indicator information
C. Structured threat information expression
D. Industry information-sharing and collaboration groups
D. Industry information-sharing and collaboration groups
A security audit has revealed that a process control terminal is vulnerable to malicious users installing and executing software on the system. The terminal is beyond end-of-life support and cannot be upgraded, so it is placed on a protected network segment. Which of the following would be MOST effective to implement to further mitigate the reported vulnerability?
A. DNS sinkholing
B. DLP rules on the terminal
C. An IP blacklist
D. Application whitelisting
D. Application whitelisting
A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site. Upon investigation, a security analyst identifies the following:
– The legitimate website’s IP address is 10.1.1.20 and eRecruit.local resolves to this IP.
– The forged website’s IP address appears to be 10.2.12.99, based on NetFlow records.
– All three of the organization’s DNS servers show the website correctly resolves to the legitimate IP.
– DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise.
Which of the following MOST likely occurred?
A. A reverse proxy was used to redirect network traffic.
B. An SSL strip MITM attack was performed.
C. An attacker temporarily poisoned a name server.
D. An ARP poisoning attack was successfully executed.
C. An attacker temporarily poisoned a name server.
An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for analysis.
Which of the following tools should the analyst use to further review the pcap?
A. Nmap
B. cURL
C. Netcat
D. Wireshark
D. Wireshark
A company uses wireless for all laptops and keeps a very detailed record of its assets, along with a comprehensive list of devices that are authorized to be on the wireless network. The Chief Information Officer (CIO) is concerned about a script kiddie potentially using an unauthorized device to brute force the wireless PSK and obtain access to the internal network.
Which of the following should the company implement to BEST prevent this from occuring? A. A BPDU guard B. WPA-EAP C. IP filtering D. A WIDS
D. A WIDS
A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better:
A. validate the vulnerability exists in the organization’s network through penetration testing.
B. research the appropriate mitigation techniques in a vulnerability database.
C. find the software patches that are required to mitigate a vulnerability.
D. prioritize remediation of vulnerabilities based on the possible impact.
D. prioritize remediation of vulnerabilities based on the possible impact.
A security engineer is reviewing log files after a third party discovered usernames and passwords for the organization’s accounts. The engineer sees there was a change in the IP address for a vendor website one week earlier. This change lasted eight hours. Which of the following attacks was MOST likely used?
A. Man-in-the-middle
B. Spear phishing
C. Evil twin
D. DNS poisoning
D. DNS poisoning
A company recently moved sensitive videos between on-premises, company-owned websites. The company then learned the videos had been uploaded and shared to the Internet.
Which of the following would MOST likely allow the company to find the cause? A. Checksums B. Watermarks C. Order of volatility D. A log analysis E. A right-to-audit clause
E. A right-to-audit clause
A large industrial system’s smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company’s security manager notices the generator’s IP is sending packets to an internal file server’s IP.
Which of the following mitigations would be BEST for the security manager to
implement while maintaining alerting capabilities?
A. Segmentation
B. Firewall whitelisting
C. Containment
D. Isolation
B. Firewall whitelisting
Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the real data?
A. Data encryption
B. Data masking
C. Data deduplication
D. Data minimization
B. Data masking
