Sec+ 601 study guide Part 6 Flashcards
An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operations in a:
A. business continuity plan.
B. communications plan.
C. disaster recovery plan.
D. continuity of operations plan.
A. business continuity plan.
A user received an SMS on a mobile phone that asked for bank details.
Which of the following social-engineering techniques was used in this case?
A. SPIM
B. Vishing
C. Spear phishing
D. Smishing
D. Smishing
Company engineers regularly participate in a public Internet forum with other engineers throughout the industry.
Which of the following tactics would an attacker MOST likely use in this scenario?
A. Watering-hole attack
B. Credential harvesting
C. Hybrid warfare
D. Pharming
A. Watering-hole attack
Which of the following will provide the BEST physical security countermeasures to stop intruders? (Choose two.)
A. Alarms B. Signage C. Lighting D. Mantraps E. Fencing F. Sensors
E. Fencing
F. Sensors
A security analyst is looking for a solution to help communicate to the leadership team the severity levels of the organization’s vulnerabilities.
Which of the following would BEST meet this need?
A. CVE
B. SIEM
C. SOAR
D. CVSS
D. CVSS
A security incident may have occurred on the desktop PC of an organization’s Chief Executive Officer (CEO). A duplicate copy of the CEO’s hard drive must be stored securely to ensure appropriate forensic processes and the chain of custody are followed.
Which of the following should be performed to accomplish this task?
A. Install a new hard drive in the CEO’s PC, and then remove the old hard drive and place it in a tamper-evident bag.
B. Connect a write blocker to the hard drive. Then, leveraging a forensic workstation, utilize the dd command in a live Linux environment to create a duplicate copy.
C. Remove the CEO’s hard drive from the PC, connect to the forensic workstation, and copy all the contents onto a remote file share while the CEO watches.
D. Refrain from completing a forensic analysis of the CEO’s hard drive until after the incident is confirmed; duplicating the hard drive at this stage could destroy evidence.
B. Connect a write blocker to the hard drive. Then, leveraging a forensic workstation, utilize the dd command in a live Linux environment to create a duplicate copy.
The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third- party organization in another country. The Chief Information Officer (CIO) believes the company can implement some basic controls to mitigate the majority of the risk.
Which of the following would be BEST to mitigate the CEO’s concerns?
(Choose two.)
A. Geolocation B. Time-of-day restrictions C. Certificates D. Tokens E. Geotagging F. Role-based access controls
A. Geolocation
F. Role-based access controls
In the middle of a cyberattack, a security engineer removes the infected devices from the network and locks down all compromised accounts. In which of the following incident response phases is the security engineer currently operating?
A. Identification B. Preparation C. Lessons learned D. Eradication E. Recovery F. Containment
F. Containment
The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained.
Which of the following would be BEST to improve the incident response process?
A. Updating the playbooks with better decision points
B. Dividing the network into trusted and untrusted zones
C. Providing additional end-user training on acceptable use
D. Implementing manual quarantining of infected hosts
A. Updating the playbooks with better decision points
A security analyst is reviewing the following attack log output:
user comptia\john.smith attempted login with the password password123
user comptia\jane.doe attempted login with the password password123
user comptia\user.one attempted login with the password password123
user comptia\user.two attempted login with the password password123
user comptia\user.three attempted login with the password password123
user comptia\john.smith attempted login with the password password234
user comptia\jane.doe attempted login with the password password234
user comptia\user.one attempted login with the password password234
user comptia\user.two attempted login with the password password234
user comptia\user.three attempted login with the password password234
Which of the following types of attacks does this MOST likely represent? A. Rainbow table B. Brute-force C. Password-spraying D. Dictionary
C. Password-spraying
A network administrator is setting up wireless access points in all the conference rooms and wants to authenticate devices using PKI.
Which of the following should the administrator configure?
A. A captive portal
B. PSK
C. 802.1X
D. WPS
C. 802.1X
Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company’s final software releases? (Choose two.)
A. Unsecure protocols B. Use of penetration-testing utilities C. Weak passwords D. Included third-party libraries E. Vendors/supply chain F. Outdated anti-malware software
** Top 25 coding errors leading to software vulnerabilities
– Security and Access Control Weaknesses
improper access control
weak credential management (for instance, the use of hard-coded passwords)
cryptographic and privilege issues
security misconfiguration
A. Unsecure protocols
C. Weak passwords
A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers, the company is unable to upgrade the encryption standard.
Which of the following types of controls should be used to reduce the risk created by this scenario?
A. Physical
B. Detective
C. Preventive
D. Compensating
D. Compensating
An organization just experienced a major cyberattack incident. The attack was well coordinated, sophisticated, and highly skilled. Which of the following targeted the organization?
A. Shadow IT
B. An insider threat
C. A hacktivist
D. An advanced persistent threat
D. An advanced persistent threat
A security analyst has received an alert about PII being sent via email. The analyst’s Chief Information Security Officer (CISO) has made it clear that PII must be handled with extreme care. From which of the following did the alert MOST likely originate?
A. S/MIME
B. DLP
C. IMAP
D. HIDS
B. DLP