Sec+ 601 study guide Part 6 Flashcards

1
Q

An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operations in a:

A. business continuity plan.
B. communications plan.
C. disaster recovery plan.
D. continuity of operations plan.

A

A. business continuity plan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A user received an SMS on a mobile phone that asked for bank details.

Which of the following social-engineering techniques was used in this case?

A. SPIM
B. Vishing
C. Spear phishing
D. Smishing

A

D. Smishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Company engineers regularly participate in a public Internet forum with other engineers throughout the industry.

Which of the following tactics would an attacker MOST likely use in this scenario?

A. Watering-hole attack
B. Credential harvesting
C. Hybrid warfare
D. Pharming

A

A. Watering-hole attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following will provide the BEST physical security countermeasures to stop intruders? (Choose two.)

A. Alarms
B. Signage
C. Lighting
D. Mantraps
E. Fencing
F. Sensors
A

E. Fencing

F. Sensors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A security analyst is looking for a solution to help communicate to the leadership team the severity levels of the organization’s vulnerabilities.

Which of the following would BEST meet this need?

A. CVE
B. SIEM
C. SOAR
D. CVSS

A

D. CVSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A security incident may have occurred on the desktop PC of an organization’s Chief Executive Officer (CEO). A duplicate copy of the CEO’s hard drive must be stored securely to ensure appropriate forensic processes and the chain of custody are followed.

Which of the following should be performed to accomplish this task?

A. Install a new hard drive in the CEO’s PC, and then remove the old hard drive and place it in a tamper-evident bag.
B. Connect a write blocker to the hard drive. Then, leveraging a forensic workstation, utilize the dd command in a live Linux environment to create a duplicate copy.
C. Remove the CEO’s hard drive from the PC, connect to the forensic workstation, and copy all the contents onto a remote file share while the CEO watches.
D. Refrain from completing a forensic analysis of the CEO’s hard drive until after the incident is confirmed; duplicating the hard drive at this stage could destroy evidence.

A

B. Connect a write blocker to the hard drive. Then, leveraging a forensic workstation, utilize the dd command in a live Linux environment to create a duplicate copy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third- party organization in another country. The Chief Information Officer (CIO) believes the company can implement some basic controls to mitigate the majority of the risk.

Which of the following would be BEST to mitigate the CEO’s concerns?
(Choose two.)

A. Geolocation
B. Time-of-day restrictions
C. Certificates
D. Tokens
E. Geotagging
F. Role-based access controls
A

A. Geolocation

F. Role-based access controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In the middle of a cyberattack, a security engineer removes the infected devices from the network and locks down all compromised accounts. In which of the following incident response phases is the security engineer currently operating?

A. Identification
B. Preparation
C. Lessons learned
D. Eradication
E. Recovery
F. Containment
A

F. Containment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained.

Which of the following would be BEST to improve the incident response process?

A. Updating the playbooks with better decision points
B. Dividing the network into trusted and untrusted zones
C. Providing additional end-user training on acceptable use
D. Implementing manual quarantining of infected hosts

A

A. Updating the playbooks with better decision points

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A security analyst is reviewing the following attack log output:

user comptia\john.smith attempted login with the password password123
user comptia\jane.doe attempted login with the password password123
user comptia\user.one attempted login with the password password123
user comptia\user.two attempted login with the password password123
user comptia\user.three attempted login with the password password123
user comptia\john.smith attempted login with the password password234
user comptia\jane.doe attempted login with the password password234
user comptia\user.one attempted login with the password password234
user comptia\user.two attempted login with the password password234
user comptia\user.three attempted login with the password password234

Which of the following types of attacks does this MOST likely represent?
A. Rainbow table
B. Brute-force
C. Password-spraying
D. Dictionary
A

C. Password-spraying

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A network administrator is setting up wireless access points in all the conference rooms and wants to authenticate devices using PKI.

Which of the following should the administrator configure?

A. A captive portal
B. PSK
C. 802.1X
D. WPS

A

C. 802.1X

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company’s final software releases? (Choose two.)

A. Unsecure protocols
B. Use of penetration-testing utilities
C. Weak passwords
D. Included third-party libraries
E. Vendors/supply chain
F. Outdated anti-malware software

** Top 25 coding errors leading to software vulnerabilities
– Security and Access Control Weaknesses
 improper access control
 weak credential management (for instance, the use of hard-coded passwords)
 cryptographic and privilege issues
 security misconfiguration

A

A. Unsecure protocols

C. Weak passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers, the company is unable to upgrade the encryption standard.

Which of the following types of controls should be used to reduce the risk created by this scenario?

A. Physical
B. Detective
C. Preventive
D. Compensating

A

D. Compensating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An organization just experienced a major cyberattack incident. The attack was well coordinated, sophisticated, and highly skilled. Which of the following targeted the organization?

A. Shadow IT
B. An insider threat
C. A hacktivist
D. An advanced persistent threat

A

D. An advanced persistent threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A security analyst has received an alert about PII being sent via email. The analyst’s Chief Information Security Officer (CISO) has made it clear that PII must be handled with extreme care. From which of the following did the alert MOST likely originate?

A. S/MIME
B. DLP
C. IMAP
D. HIDS

A

B. DLP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer’s documentation about the internal architecture.

Which of the following BEST represents the type of testing that will occur?

A. Bug bounty
B. White-box
C. Black-box
D. Gray-box

A

B. White-box

17
Q

A security engineer has enabled two-factor authentication on all workstations.

Which of the following approaches are the MOST secure? (Choose two.)

A. Password and security question
B. Password and CAPTCHA
C. Password and smart card
D. Password and fingerprint
E. Password and one-time token
F. Password and voice
A

C. Password and smart card

D. Password and fingerprint

18
Q

A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company’s network. The company’s lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts. While reviewing the log files, the analyst discovers the following:

3/16/20 3:31:10 AM Audit Failure CompanyNetwork\User1 Unknown username or bad password
- 3/16/20 3:31:11 AM Audit Failure CompanyNetwork\User1 Unknown username or bad password
- 3/16/20 3:31:12 AM Audit Failure CompanyNetwork\User1 Unknown username or bad password
3/16/20 3:31:13 AM Audit Failure CompanyNetwork\User1 Account locked out
- 3/16/20 3:31:14 AM Audit Failure CompanyNetwork\User2 Unknown username or bad password
- 3/16/20 3:31:15 AM Audit Failure CompanyNetwork\User2 Unknown username or bad password
- 3/16/20 3:31:16 AM Audit Failure CompanyNetwork\User2 Unknown username or bad password
- 3/16/20 3:31:18 AM Audit Failure CompanyNetwork\User2 Account locked out
- 3/16/20 3:31:19 AM Audit Failure CompanyNetwork\User3 Unknown username or bad password
- 3/16/20 3:31:20 AM Audit Failure CompanyNetwork\User3 Unknown username or bad password
- 3/16/20 3:31:22 AM Audit Success CompanyNetwork\User3 Successful logon
- 3/16/20 3:31:22 AM Audit Failure CompanyNetwork\User4 Unknown username or bad password
- 3/16/20 3:32:40 AM Audit Failure CompanyNetwork\User4 Unknown username or bad password
- 3/16/20 3:33:25 AM Audit Success CompanyNetwork\User4 Successful logon

Which of the following attacks MOST likely occurred?
A. Dictionary
B. Credential-stuffing
C. Password-spraying
D. Brute-force
A

B. Credential-stuffing

19
Q

Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?

A. DLP
B. HIDS
C. EDR
D. NIPS

A

C. EDR

20
Q

A Chief Information Security Officer (CISO) is concerned about the organization’s ability to continue business operations in the event of a prolonged DDoS attack on its local datacenter that consumes database resources.

Which of the following will the CISO MOST likely recommend to mitigate this risk?

A. Upgrade the bandwidth available into the datacenter.
B. Implement a hot-site failover location.
C. Switch to a complete SaaS offering to customers.
D. Implement a challenge response test on all end-user queries.

A

B. Implement a hot-site failover location.

21
Q

A local coffee shop runs a small WiFi hotspot for its customers that utilizes WPA2-PSK. The coffee shop would like to stay current with security trends and wants to implement WPA3 to make its WiFi even more secure.

Which of the following technologies will the coffee shop MOST likely use in place of PSK?

A. WEP
B. MSCHAP
C. WPS
D. SAE

A

D. SAE

22
Q

A company is designing the layout of a new datacenter so it will have an optimal environmental temperature.

Which of the following must be included? (Choose two.)

A. An air gap
B. A cold aisle
C. Removable doors
D. A hot aisle
E. An IoT thermostat
F. A humidity monitor
A

B. A cold aisle

D. A hot aisle

23
Q

Which of the following will MOST likely cause machine learning and AI-enabled systems to operate with unintended consequences?

A. Stored procedures
B. Buffer overflows
C. Data bias
D. Code reuse

A

C. Data bias

24
Q

The process of passively gathering information prior to launching a cyberattack is called:

A. tailgating.
B. reconnaissance.
C. pharming.
D. prepending.

A

B. reconnaissance.

25
Q

During a routine scan of a wireless segment at a retail company, a security administrator discovers several devices are connected to the network that do not match the company’s naming convention and are not in the asset inventory. WiFi access is protected with 256-bit encryption via WPA2. Physical access to the company’s facility requires two-factor authentication using a badge and a passcode.

Which of the following should the administrator implement to find and
remediate the issue? (Choose two.)

A. Check the SIEM for failed logins to the LDAP directory.
B. Enable MAC filtering on the switches that support the wireless network.
C. Run a vulnerability scan on all the devices in the wireless network.
D. Deploy multifactor authentication for access to the wireless network.
E. Scan the wireless network for rogue access points.
F. Deploy a honeypot on the network.

A

B. Enable MAC filtering on the switches that support the wireless network.
E. Scan the wireless network for rogue access points.

26
Q

An organization has various applications that contain sensitive data hosted in the cloud. The company’s leaders are concerned about lateral movement across applications of different trust levels.

Which of the following solutions should the organization implement to address the concern?

A. ISFW
B. UTM
C. SWG
D. CASB

A

D. CASB

27
Q

A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked.

Which of the following would BEST meet these requirements?

A. RA
B. OCSP
C. CRL
D. CSR

A

C. CRL

28
Q

A small retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing. The business owner now needs to ensure two things:
– Protection from power outages
– Always-available connectivity in case of an outage
The owner has decided to implement battery backups for the computer equipment.

Which of the following would BEST fulfill the owner’s second need?

A. Lease a point-to-point circuit to provide dedicated access.
B. Connect the business router to its own dedicated UPS.
C. Purchase services from a cloud provider for high availability.
D. Replace the business’s wired network with a wireless network.

A

C. Purchase services from a cloud provider for high availability.