SEC=

Question 1

Ann. a user, reported to the service desk that many files on her computer will not open or the contents are
not readable. The service desk technician asked Ann if she encountered any strange messages on boot-up
or login, and Ann indicated she did not. Which of the following has MOST likely occurred on Ann’s
computer?

Answer 1

The computer has been infected with crypto-malware

Question 2

A security administrator is investigating a report that a user is receiving suspicious emails. The user’s
machine has an old functioning modem installed. Which of the following security concerns need to be
identified and mitigated? (Choose two.)

Answer 2

War dialing

F. Hoaxing

Question 3

An administrator needs to protect rive websites with SSL certificates Three of the websites have different
domain names, and two of the websites share the domain name but have different subdomain prefixes. Which of the following SSL certificates should the administrator purchase to protect all the websites and be
able to administer them easily at a later time?

Answer 3

One Unified Communications Certificate and one wildcard certificate

Question 4

Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of
vulnerable code in a software company’s final software releases? (Select TWO)

Answer 4

Unsecure protocols

Weak passwords

Question 5

An organization has hired a security analyst to perform a penetration test. The analyst captures 1GB worth
of inbound network traffic to the server and transfers the pcap back to the machine for analysis. Which of
the following tools should the analyst use to future review the pcap?

Answer 5

Wireshark

Question 6

An administrator is beginning an authorized penetration test of a corporate network. Which of the following
tools would BEST assist in identifying potential attacks?

Answer 6

Nmap

Question 7

A company is examining possible locations for a hot site. Which of the following considerations is of MOST
concern if the replication technology being used is highly sensitive to network latency?

Answer 7

Location proximity to the production site

Question 8

Which of the following is an example of the second A in the AAA model?

Answer 8

The one-time password is keyed in, and the login system grants access.

Question 9

Which of the following BEST explains the reason why a server administrator would place a document
named password.txt on the desktop of an administrator account on a server?

Answer 9

The document is a honeyfile and is meant to attract the attention of a cyberintruder

Question 10

A systems engineer is configuring a wireless network. The network must not require installation of
third-party software. Mutual authentication of the client and the server must be used. The company has an
internal PKI. Which of the following configuration should the engineer choose?

Answer 10

EAP-TLS

Question 11

A first responder needs to collect digital evidence from a compromised headless virtual host. Which of the
following should the first responder collect FIRST?

Answer 11

Snapshot

Question 12

An organization’s policy requires users to create passwords with an uppercase letter, lowercase letter, number, and symbol. This policy is enforced with technical controls, which also prevents users from using
any of their previous 12 passwords. The quantization does not use single sign-on, nor does it centralize
storage of passwords. The incident response team recently discovered that passwords for one system were compromised. Passwords for a completely separate system have NOT been compromised, but unusual login activity has
been detected for that separate system. Account login has been detected for users who are on vacation. Which of the following BEST describes what is happening?

Answer 12

The compromised password file has been brute-force hacked, and the complexity requirements are not
adequate to mitigate this risk

Question 13

A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external
networks. Which of the following methods would BEST prevent the exfiltration of data? (Select TWO)

Answer 13

Drive encryption

Network firewall

Question 14

A company has had a BYOD policy in place for many years and now wants to roll out an MDM solution. The
company has decided that end users who wish to utilize their personal devices for corporate use must opt
in to the MDM solution. End users are voicing concerns about the company having access to their personal
devices via the MDM solution. Which of the following should the company implement to ease these
concerns?

Answer 14

Application management

Question 15

A company has a backup site with equipment on site without any data. This is an example of:

Answer 15

a cold site.

Question 16

Fuzzing is used to reveal which of the following vulnerabilities in web applications?

Answer 16

Improper input handling

Question 17

A company occupies the third floor of a leased building that has other tenants. The path from the
demarcation point to the company’s controlled space runs through unsecured areas managed by other
companies. Which of the following could be used to protect the company’s cabling as it passes through
uncontrolled spaces?

Answer 17

Cable locks

Question 18

Which of the following is a security consideration for IoT devices?

Answer 18

. IoT devices have built-in accounts that users rarely access.

Question 19

A network administrator was concerned during an audit that users were able to use the same passwords
the day after a password change policy took effect. The following settings are in place: * Users must change their passwords every 30 days. * Users cannot reuse the last 10 passwords. Which of the following settings would prevent users from being able to immediately reuse the same
passwords?

Answer 19

Minimum password age of five days

Question 20

A security administrator is choosing an algorithm to generate password hashes. Which of the following
would offer the BEST protection against offline brute force attacks?

Answer 20

SHA-1

Question 21

A network technician discovered the usernames and passwords used for network device configuration have
been compromised by a user with a packet sniffer. Which of the following would secure the credentials from
sniffing?

Answer 21

Use SSH for remote access.

Question 22

A systems administrator needs to integrate multiple loT and small embedded devices into the company’s
wireless network securely Witch of the following should the administrator implement to ensure low-power
and legacy devices can connect to the wireless network?

Answer 22

WPS

Question 23

After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

Answer 23

A VLAN

Question 24

An Organization requires secure configuration baselines for all platforms and technologies that are used. If
any system cannot conform to the secure baseline, the organization must process a risk acceptance and
receive approval before the system is placed into production. It may have non-conforming systems in its
lower environments (development and staging) without risk acceptance, but must receive risk approval
before the system is placed in production. Weekly scan reports identify systems that do not conform to any
secure baseline. The application team receive a report with the following results:
There are currently no risk acceptances for baseline deviations. This is a mission-critical application, and
the organization cannot operate If the application is not running. The application fully functions in the
development and staging environments. Which of the following actions should the application team take?

Answer 24

Process a risk acceptance for 2633 and remediate 3124.

Question 25

Which of the following is the MOST likely motivation for a script kiddie threat actor?

Answer 25

Notoriety

Question 26

An organization needs to integrate with a third-party cloud application. The organization has 15000 users
and does not want to allow the cloud provider to query its LDAP authentication server directly. Which of the
following is the BEST way for the organization to integrate with the cloud application?

Answer 26

Configure a RADIUS federation between the organization and the cloud provider

Question 27

A company hired a firm to test the security posture of its database servers and determine if any
vulnerabilities can be exploited. The company provided limited information pertaining to the infrastructure
and database server. Which of the following forms of testing does this BEST describe?

Answer 27

Gray box

Question 28

A security administrator is implementing a SIEM and needs to ensure events can be compared against
each other based on when the events occurred and were collected. Which of the following does the
administrator need to implement to ensure this can be accomplished?

Answer 28

TOTP

Question 29

Which of the following BEST explains why a development environment should have the same database
server secure baseline that exists in production even if there is no PII in the database?

Answer 29

Attackers can extract sensitive, personal information from lower development environment databases
just as easily as they can from production databases.

Question 30

A salesperson often uses a USB drive to save and move files from a corporate laptop. The corporate laptop
was recently updated, and now the files on the USB are read-only. Which of the following was recently
added to the laptop?

Answer 30

DLP

Question 31

Some call center representatives ‘workstations were recently updated by a contractor, who was able to
collect customer information from the call center workstations. Which of the following types of malware was
installed on the call center users’ systems?

Answer 31

Spyware

Question 32

A security engineer wants to add SSL to the public web server. Which of the following would be the FIRST
step to implement the SSL certificate?

Answer 32

Generate a CSR.

Question 33

Company engineers regularly participate in a public Internet forum with other engineers throughout the
industry. Which of the following tactics would an attacker MOST likely use in this scenario?

Answer 33

Watering-hole attack

Question 34

An attacker is able to capture the payload for the following packet:
IP 192.168.1.22:2020 10.10.10.5:443
IP 192.166.1.10:1030 10.10.10.1:21
IP 192.168.1.57:5217 10.10.10.1:3389
During an investigation, an analyst discovers that the attacker was able to capture the information above
and use it to log on to other servers across the company. Which of the following is the MOST likely reason?

Answer 34

. The attacker is picking off unencrypted credentials and using those to log in to the secure server.

Question 35

A company uses WPA2-PSK. and it appears there are multiple unauthorized devices connected to the
wireless network A technician suspects this is because the wireless password has been shared with
unauthorized individuals. Which of the following should the technician implement to BEST reduce the risk of
this happening in the future?

Answer 35

WPS

Question 36

A systems administrator is receiving multiple alerts from the company NIPS. A review of the NIPS logs
shows the following:
reset both: 70.32.200.2:3194 –> 10.4.100.4:80 buffer overflow attempt reset both: 70.32.200.2:3230 –>
10.4.100.4:80 directory traversal attack reset client: 70.32.200.2:4019 –> 10.4.100.4:80 Blind SQL injection
attack
Which of the following should the systems administrator report back to management?

Answer 36

. The company web server was attacked by an external source, and the NIPS blocked the attack

Question 37

A user attempts to send an email to an external domain and quickly receives a bounce-back message. The
user then contacts the help desk stating the message is important and needs to be delivered immediately. While digging through the email logs, a systems administrator finds the email and bounce-back details:
Your email has been rejected because It appears to contain SSN Information. Sending SSN information via
email external recipients violates company policy. Which of the following technologies successfully stopped the email from being sent?

Answer 37

DEP

Question 38

Which of the following documents would provide specific guidance regarding ports and protocols that
should be disabled on an operating system?

Answer 38

Secure configuration guide

Question 39

The Chief Executive Officer (CEO) received an email from the Chief Financial Ofcer (CFO), asking the CEO
to send nancial details. The CEO thought it was strange that the CFO would ask for the nancial details via
email. The email address was correct in the “From “section of the email. The CEO clicked the form and sent
the financial information as requested. Which of the following caused the incident?

Answer 39

. SPF not enabled

Question 40

A Chief Executive Officer (CEO) is staying at a hotel during a business trip. The hotel’s wireless network
does not show a lock symbol. Which of the following precautions should the CEO take? (Select TWO).

Answer 40

Use a VPN.

Create a tunnel connection with EAP-TTLS

Question 41

The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more
than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed
the malware to spread to additional hosts before it was contained. Which of the following would be BEST to
improve the incident response process?

Answer 41

. Providing additional end-user training on acceptable use

Question 42

After running an online password cracking tool, an attacker recovers the following password:
gh;jSKSTOi;618&
Based on the above information, which of the following technical controls have been implemented (Select
TWO).

Answer 42

Complexity

Length

Question 43

A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the
score allows the organization to better:

Answer 43

prioritize remediation of vulnerabilities based on

Question 44

A startup company is using multiple SaaS and laaS platforms to stand up a corporate infrastructure and
build out a customer-facing web application. Which of the following solutions would be BEST to provide
security, manageability, and visibility into the platforms?

Answer 44

CASB

Question 45

A Security analyst has received an alert about PII being sent via email. The analyst’s Chief Information
Security Officer (CISO) has made it clear that PII must be handled with extreme care. From which of the
following did the alert MOST likely originate?

Answer 45

DLP

Question 46

Given the information below:
MD5HASH document.doc 049eab40fd36caadlfab10b3cdf4a883 MD5HASH image.jpg
049eab40fd36caadlfab10b3cdf4a883
Which of the following concepts are described above? (Choose two.)

Answer 46

Collision

HASHING

Question 47

Which of the following would MOST likely support the integrity of a voting machine?

Answer 47

Perfect forward secrecy

Question 48

After successfully breaking into several networks and infecting multiple machines with malware. hackers
contact the network owners, demanding payment to remove the infection and decrypt files. The hackers
threaten to publicly release information about the breach if they are not paid. Which of the following BEST
describes these attackers?

Answer 48

. Organized crime

Question 49

An email systems administrator is configuring the mail server to prevent spear phishing attacks through
email messages. Which of the following refers to what the administrator is doing?

Answer 49

Risk mitigation

Question 50

Which of the following attacks is used to capture the WPA2 handshake?

Answer 50

Replay

Question 51

An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be
considered a benefit of this certification?

Answer 51

It assures customers that the organization meets security standards.

Question 52

Which of the following is the MOST likely motivation for a script kiddie threat actor?

Answer 52

Notoriety

Question 53

A security administrator needs to create a RAID configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drives will fail simultaneously. Which of the following RAID
configurations should the administrator use?

Answer 53

RAID 10

Question 54

Given the following:
> md5.exe filel.txt
> ADIFAB103773DC6A1E6021B7E503A210
> md5.exe file2.txt
> ADIFAB103773DC6A1E602lB7E503A210
Which of the following concepts of cryptography is shown?

Answer 54

Salting

Question 55

An employee opens a web browser and types a URL into the address bar. Instead of reaching the
requested site, the browser opens a completely different site. Which of the following types of attacks have
MOST likely occurred? (Choose two.)

Answer 55

DNS hijacking

Session hijacking

Question 56

A technician is auditing network security by connecting a laptop to open hardwired jacks within the facility to
verify they cannot connect. Which of the following is being tested?

Answer 56

Port security

Question 57

The security office has had reports of increased tailgating in the datacenter. Which of the following controls
should security put in place?

Answer 57

Mantrap

Question 58

A healthcare company is revamping its IT strategy in light of recent regulations. The company is concerned
about compliance and wants to use a pay-per-use model. Which of the following is the BEST solution?

Answer 58

Public SaaS

Question 59

A security professional wants to test a piece of malware that was isolated on a user’s computer to
document its effect on a system. Which of the following is the FIRST step the security professional should
take?

Answer 59

Create a secure baseline of the system state.

Question 60

Which of the following describes the BEST approach for deploying application patches?

Answer 60

Apply the patches to the production systems, apply them in a staging environment, and then test all of
them in a testing environment.

Question 61

After discovering a security incident and removing the affected files, an administrator disabled an unneeded
service that led to the breach. Which of the following steps in the incident response process has the
administrator just completed?

Answer 61

Eradication

Question 62

A member of the IR team has identified an infected computer Which of the following IR phases should the
team member conduct NEXT?

Answer 62

Containment

Question 63

Which of the following represents a multifactor authentication system?

Answer 63

A one-time password token combined with a proximity badge.

Question 64

A company recently installed fingerprint scanners at all entrances to increase the facility’s security. The
scanners were installed on Monday morning, and by the end of the week it was determined that 1.5% of
valid users were denied entry. Which of the following measurements do these users fall under?

Answer 64

FRR

Question 65

A systems engineer wants to leverage a cloud-based architecture with low latency between
network-connected devices that also reduces the bandwidth that is required by performing analytics directly
on the endpoints. Which of the following would BEST meet the requirements? (Select TWO).

Answer 65

Hybrid cloud

Fog computing

Question 66

A systems engineer is setting up a RADIUS server to support a wireless network that uses certificate
authentication. Which of the following protocols must be supported by both the RADIUS server and the
WAPs?

Answer 66

EAP

Question 67

Which of the following encryption algorithms require one encryption key? (Choose two.)

Answer 67

3DES

DSA

Question 68

An organization handling highly condential information needs to update its systems. Which of the following
is the BEST method to prevent data compromise?

Answer 68

Shredding

Question 69

A Chief Information Security Officer (CISO) is concerned about the organization’s ability to continue
business operations in the event of a prolonged DDoS attack on its local datacenter that consumes server
resources. Which of the following will the CISO MOST likely recommend to mitigate this risk?

Answer 69

Implement a hot-site failover location.

Question 70

A company uses WPA2-PSK, and it appears there are multiple unauthorized connected to the wireless
network. A technician suspects this is because the wireless passwords has been shared with unauthorized
individuals. Which of the following should the technician implement to BEST reduce the risk of this
happening in the future?

Answer 70

802.1X

Question 71

A manufacturing company updates a policy that instructs employees not to enter a secure area in groups
and requires each employee to swipe their badge to enter the area When employees continue to ignore the
policy, a mantrap is installed. Which of the following BEST describe the controls that were implemented to
address this issue? (Select TWO).

Answer 71

Deterrent

Corrective

Question 72

A company has migrated to two-factor authentication for accessing the corporate network, VPN, and SSO. Several legacy applications cannot support multifactor authentication and must continue to use usernames
and passwords. Which of the following should be implemented to ensure the legacy applications are as
secure as possible while ensuring functionality? (Select TWO).

Answer 72

Password complexity requirements

Account disablement

Question 73

A systems administrator is installing and configuring an application service that requires access to read and write to log and configuration files on a local hard disk partition. The service must run as an account with
authorization to interact with the file system. Which of the following would reduce the attack surface added
by the service and account? (Select TWO)

Answer 73

Use a unique managed service account

Enforce least possible privileges for the account

Question 74

A systems administrator is increasing the security settings on a virtual host to ensure users on one VM
cannot access information from another VM. Which of the following is the administrator protecting against?

Answer 74

VM escape

Question 75

A mobile application developer wants to secure an application that transmits sensitive information Which of
the following should the developer implement to prevent SSL MITM attacks?

Answer 75

Pinning

Question 76

Which of the following BEST explains how the use of configuration templates reduces organization risk?

Answer 76

It facilitates fault tolerance since applications can be migrated across templates.

Question 77

A technician is required to configure updates on a guest operating system while maintaining the ability to
quickly revert the changes that were made while testing the updates. Which of the following should the
technician implement?

Answer 77

Snapshots

Question 78

A credentialed vulnerability scan is often preferred over a non-credentialed scan because credentialed
scans:

Answer 78

are always non-intrusive

Question 79

A security administrator suspects an employee has been emailing proprietary information to a competitor. Company policy requires the administrator to capture an exact copy of the employee’s hard disk. Which of
the following should the administrator use?

Answer 79

dd

Question 80

A Chief Information Security Officer (CISO) for a school district wants to enable SSL to protect all of the
public-facing servers in the domain. Which of the following is a secure solution that is the MOST cost
effective?

Answer 80

Purchase a load balancer and install a single certificate on the load balancer

Question 81

A Chief Information Officer (CIO) is concerned that encryption keys might be exfiltrated by a contractor. The
CIO wants to keep control over key visibility and management. Which of the following would be the BEST
solution for the CIO to implement?”

Answer 81

HSM

Question 82

Several systems and network administrators are determining how to manage access to a facility and enable
managers to allow after-hours access. Which of the following access control methods should managers use
to assign after-hours access to the employees?

Answer 82

Rule-based access control

Question 83

A dumpster diver was able 10 retrieve hard drives from a competitor’s trash bin. After installing the and hard
drives and running common date recovery software. Sensitive information was recovered. In which of the
following ways did the competitor apply media sanitation?

Answer 83

Formatting

Question 84

A system uses an application server and database server Employing the principle of least privilege, only
database administrators are given administrative privileges on the database server, and only application
team members are given administrative privileges on the application server. Audit and log file reviews are
performed by the business unit (a separate group from the database and application teams). The organization wants to optimize operational efficiency when application or database changes are
needed, but it also wants to enforce least privilege, prevent modification of log files, and facilitate the audit
and log review performed by the business unit. Which of the following approaches would BEST meet the
organization’s goals?

Answer 84

Restrict privileges on the log file directory to “read only” and use a service account to send a copy of
these files to the business unit.

Question 85

Which of the following is an algorithm family that was developed for use cases in which power consumption
and lower computing power are constraints?

Answer 85

Elliptic curve

Question 86

A developer is building a new web portal for internal use. The web portal will only the accessed by internal
users and will store operational documents. Which of the following certicate types should the developer
install if the company is MOST interested in minimizing costs?

Answer 86

Self-signed

Question 87

The Chief Financial Officer (CFO) of an insurance company received an email from Ann, the company’s
Chief Executive Officer (CEO), requesting a transfer of $10,000 to an account. The email states Ann is on
vacation and has lost her purse, containing cash and credit cards. Which of the following social-engineering
techniques is the attacker using?

Answer 87

Whaling

Question 88

Exploitation of a system using widely known credentials and network addresses that results in DoS is an
example of:

Answer 88

default configurations.

Question 89

A security engineer needs to build a solution to satisfy regulatory requirements that state certain critical
server must be accessed using MFA. However, the critical servers are older and are unable to support the
addition of MFA. Which of the following will the engineer MOST likely use to achieve this objective?

Answer 89

A stateful firewall

Question 90

A transitive trust:

Answer 90

is automatically established between a parent and a child

Question 91

Which of the following is a passive method to test whether transport encryption is implemented?

Answer 91

Port scan

Question 92

A technician, who is managing a secure B2B connection, noticed the connection broke last night. All
networking equipment and media are functioning as expected, which leads the technician to QUESTION
NO: certain PKI components. Which of the following should the technician use to validate this assumption?
(Choose two.)

Answer 92

CRL

OCSP

Question 93

Which of the following should a technician use to protect a cellular phone that is needed for an investigation,
to ensure the data will not be removed remotely?

Answer 93

Faraday cage

Question 94

A state-sponsored threat actor has launched several successful attacks against a corporate network. Although the target has a robust patch management program in place, the attacks continue in depth and
scope, and the security department has no idea how the attacks are able to gain access. Given that patch
management and vulnerability scanners are being used, which of the following would be used to analyze
the attack methodology?

Answer 94

Honeypots

Question 95

A security administrator found the following piece of code referenced on a domain controller’s task
scheduler:
$var = GetDomainAdmins If $var != ‘fabio’ SetDomainAdmins = NULL
With which of the following types of malware is the code associated?

Answer 95

Logic bomb

Question 96

Which of the following impacts MOST likely result from poor exception handling?

Answer 96

Local disruption of services

Question 97

A user loses a COPE device. Which of the following should the user do NEXT to protect the data on the
device?

Answer 97

Call the company help desk to remotely wipe the device.

Question 98

An organization wants to set up a wireless network in the most secure way. Budget is not a major
consideration, and the organization is willing to accept some complexity when clients are connecting. It is
also willing to deny wireless connectivity for clients who cannot be connected in the most secure manner. Which of the following would be the MOST secure setup that conforms to the organization’s requirements?

Answer 98

Use WPA2-PSK with a 24-character complex password and change the password monthly.

Question 99

A company is performing an analysis of the corporate enterprise network with the intent of identifying any
one system, person, function, or service that, when neutralized, will cause or cascade disproportionate
damage to the company’s revenue, referrals, and reputation. Which of the following is an element of the
BIA that this action is addressing?

Answer 99

Identication of critical systems

Question 100

A technician is designing a solution that will be required to process sensitive information, including
classified government data. The system needs to be common criteria certified. Which of the following
should the technician select?

Answer 100

Trusted operating system

Question 101

Which of the following BEST describes a security exploit for which a vendor patch is not readily available?

Answer 101

Zero-day

Question 102

After a ransomware attack. a forensics company needs to review a cryptocurrency transaction between the
victim and the attacker. Which of the following will the company MOST likely review to trace this
transaction?

Answer 102

The event log

Question 103

Moving laterally within a network once an initial exploit is used to gain persistent access for the purpose of
establishing further control of a system is known as:

Answer 103

active reconnaissance.

Question 104

When accessing a popular website, a user receives a warning that the certificate for the website is not valid. Upon investigation, it was noted that the certificate is not revoked and the website is working fine for other
users. Which of the following is the MOST likely cause for this?

Answer 104

The system date on the user’s device is out of sync.

Question 105

A security team has downloaded a public database of the largest collection of password dumps on the
Internet. This collection contains the cleartext credentials of every major breach for the last four years. The
security team pulls and compares users’ credentials to the database and discovers that more than 30% of
the users were still using passwords discovered in this list. Which of the following would be the BEST
combination to reduce the risks discovered?

Answer 105

Password length, password encryption, password complexity

Question 106

Which of the following needs to be performed during a forensics investigation to ensure the data contained
in a drive image has not been compromised?

Answer 106

Compare the image hash to the original hash.

Question 107

Which of the following models is considered an iterative approach with frequent testing?

Answer 107

Agile

Question 108

A security analyst is performing a BIA. The analyst notes that in a disaster, failover systems must be up and
running within 30 minutes. The failover systems must use backup data that is no older than one hour. Which of the following should the analyst include in the business continuity plan?

Answer 108

A maximum RPO of 60 minutes

Question 109

An organization’s Chief Executive Officer (CEO) directs a newly hired computer technician to install an OS
on the CEO‘s: personal laptop. The technician performs the installation, and a software audit later in the
month indicates a violallon of the EULA occurred as a result. Which of the following would address this violation going forward?

Answer 109

AUP

Question 110

A company is deploying MFDs in its office to improve employee productivity when dealing with paperwork. Which of the following concerns is MOST likely to be raised as a possible security issue in relation Io these
devices?

Answer 110

Sensitive scanned materials being saved on the local hard drive

Question 111

A network administrator has been asked to install an IDS to improve the security posture of an organization. Which of the following control types Is an IDS?

Answer 111

Detective

Question 112

An organization has decided to host its web application and database in the cloud. Which of the following
BEST describes the security concerns for this decision?

Answer 112

The cloud vendor is a new attack vector within the supply chain.

Question 113

A security administrator suspects there may be unnecessary services running on a server. Which of the
following tools will the administrator MOST likely use to confirm the suspicions?

Answer 113

Nmap

Question 114

A Chief Information Security Officer (CISO) is performing a BIA for the organization in case of a natural
disaster. Which of the following should be at the top of the CISO’s list?

Answer 114

Identity mission-critical applications and systems.

Question 115

To further secure a company’s email system, an administrator is adding public keys to DNS records in the
company’s domain. Which of the following is being used?

Answer 115

DNSSEC

Question 116

A customer calls a technician and needs to remotely connect to a web server to change some code
manually. The technician needs to configure the user’s machine with protocols to connect to the Unix web
server, which is behind a firewall. Which of the following protocols does the technician MOST likely need to
configure?

Answer 116

SSH

Question 117

Which of the following is the BEST use of a WAF?

Answer 117

To protect sites on web servers that are publicly accessible

Question 118

An organization is concerned about video emissions from users’ desktops. Which of the following is the
BEST solution to implement?

Answer 118

Screen filters

Question 119

A security engineer is installing a WAF to protect the company’s website from malicious web requests over
SSL. Which of the following is needed to meet the objective?

Answer 119

A decryption certificate

Question 120

A company recently experienced data exfiltration via the corporate network. In response to the breach, a
security analyst recommends deploying an out-of-band IDS solution. The analyst says the solution can be
implemented without purchasing any additional network hardware. Which of the following solutions will be
used to deploy the IDS?

Answer 120

Network tap

Question 121

A government organization recently contacted three different vendors to obtain cost quotes for a desktop
PC refresh. The quote from one of the vendors was significantly lower than the other two and was selected
for the purchase. When the PCs arrived, a technician determined some NICs had been tampered with. Which of the following MOST accurately describes the security risk presented in this situation?

Answer 121

. Supply chain

Question 122

A systems administrator needs to install the same X.509 certificate on multiple servers. Which of the
following should the administrator use?
D18912E1457D5D1DDCBD40AB3BF70D5D

Answer 122

An extended validation certificate

Question 123

A small business just recovered from a ransomware attack against its file servers by purchasing the
decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator
wants lo ensure il does not happen again. Which of the following should the IT administrator do FIRST after
recovery?

Answer 123

. Scan the NAS for residual or dormant malware and take new dally backups that are tested on a frequent
basis.

Question 124

A systems administrator needs to configure an SSL remote access VPN according to the following
organizational guidelines: * The VPN must support encryption of header and payload. * The VPN must route all traffic through the company’s gateway. Which of the following should be configured on the VPN concentrator?

Answer 124

. Full tunnel

Question 125

Joe, an employee, asks a coworker how long ago Ann started working at the help desk. The coworker
expresses surprise since nobody named Ann works at the help desk. Joe mentions that Ann called several
people in the customer service department 10 help reset their passwords over the phone due to unspecied
“server issues.‘ Which of the following has occurred?

Answer 125

Social engineering

Question 126

Which of the following control types would a backup of server data provide in case of a system issue?

Answer 126

. Corrector

Question 127

The help desk received a call from a user who was trying to access a set of files from the day before but
received the following error message: File format not recognized. Which of the following types of malware MOST likely caused this to occur?

Answer 127

Ransomware

Question 128

A network administrator is trying to provide the most resilient hard drive configuration in a server. With five
hard drives, which of the following is the MOST fault-tolerant configuration?

Answer 128

RAID 5

Question 129

Which of the following types of security testing is the MOST cost-effective approach used to analyze
existing code and identity areas that require patching?

Answer 129

White box

Question 130

Which of the following involves the use of targeted and highly crafted custom attacks against a population
of users who may have access to a particular service or program?

Answer 130

Hoaxing

Question 131

Which of the following is an example of federated access management?

Answer 131

Using a popular website login to provide access to another website

Question 132

An organization is drafting an IRP and needs to determine which employees have the authority to take
systems offline during an emergency situation. Which of the following is being outlined?

Answer 132

Roles and responsibilities

Question 133

If a current private key is compromised, which of the following would ensure it cannot be used to decrypt all
historical data?

Answer 133

Homomorphic encryption

Question 134

An organization wants to implement a solution that allows for automated logical controls for network
defense. An engineer plans to select an appropriate network security component, which automates
response actions based on security threats to the network. Which of the following would be MOST
appropriate based on the engineer’s requirements?

Answer 134

NIPS

Question 135

An organization was recently compromised by an attacker who used a server certificate with the company’s
domain issued by an irrefutable CA. Which of the following should be used to mitigate this risk in the future?

Answer 135

DNSSEC

Question 136

The CSIRT is reviewing the lessons learned from a recent incident A worm was able to spread unhindered
throughout the network and infect a large number of computers and servers. Which of the following
recommendations would be BEST to mitigate the impacts of a similar incident in the future?

Answer 136

Update all antivirus signatures daily

Question 137

When building a hosted datacenter. Which of the following is the MOST important consideration for physical
security within the datacenter?

Answer 137

Security guards

Question 138

A user recently entered a username and password into a recruiting application website that had been
forged to look like the legitimate site. Upon Investigation, a security analyst identifies the following: * The legitimate website’s IP address is 10.1.1.20 and eRecruit.local resolves to this IP. * The forged website’s IP address appears to be 10.2.12.99. based on NetFlow records. * All three of the organization’s DNS servers show the website correctly resolves to the legitimate IP. * DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the
approximate time of the suspected compromise. Which of the following MOST likely occurred?

Answer 138

An SSL strip MITM attack was performed.

Question 139

An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the
number of devices that were replaced due to loss, damage, or theft steadily increased by 10%. Which of the
following would BEST describe the estimated number of devices to be replaced next year?

Answer 139

SLE

Question 140

Which of the following is MOST likely caused by improper input handling?

Answer 140

Loss of database tables

Question 141

A computer forensics analyst collected a flash drive that contained a single file with 500 pages of text. Which of the following algorithms should the analyst use to validate the integrity of the file?

Answer 141

MD5

Question 142

A user is unable to obtain an IP address from the corporate DHCP server. Which of the following is MOST likely the cause?

Answer 142

Resource exhaustion

Question 143

As part of a corporate merger. two companies are combining resources. As a result, they must transfer files
through the internet in a secure manner. Which of the following protocols would BEST meet this
objec1ive?(Select TWO)

Answer 143

SFTP

HTTPS

Question 144

Which of the following is a risk that is specifically associated with hosting applications in the public cloud?

Answer 144

Insider threat

Question 145

A company employee recently retired, and there was a schedule delay because no one was capable of
filling the employee’s position. Which of the following practices would BEST help to prevent this situation in
the future?

Answer 145

Job rotation

Question 146

A security analyst investigate a report from an employee in the human resources (HR) department who is
issues with Internal access. When the security analyst pull the UTM logs for the IP addresses in the HR
group, the following activity is shown:
Which of the following actions should the security analyst take?

Answer 146

Ensure the HR employee is in the appropriate user group

Question 147

While testing a new vulnerability scanner, a technician becomes concerned about reports that list security
concerns that are not present on the systems being tested. Which of the following BEST describes this
flaw?

Answer 147

False positives

Question 148

An attacker has obtained the user ID and password of a datacenter’s backup operator and has gained
access to a production system. Which of the following would be the attacker’s NEXT action?

Answer 148

Initiate a confidential data exfiltration process.

Question 149

A systems administrator has been assigned to create accounts for summer interns. The interns are only
authorized to be in the facility and operate computers under close supervision. They must also leave the
facility at designated times each day. However, the interns can access intern file folders without supervision. Which of the following represents the BEST way to configure the accounts? (Select TWO).

Answer 149

Implement time-of-day restrictions.

Create privileged accounts.

Question 150

A security administrator plans to conduct a vulnerability scan on the network to determine if system
applications are up to date. The administrator wants to limit disruptions to operations but not consume too
many resources. Which of the following types of vulnerability scans should be conducted?

Answer 150

Credentialed

Question 151

A company wants to provide centralized authentication for its wireless system. The wireless authentication
system must integrate with the directory back end. Which of the following is an AAA solution that will
provide the required wireless authentication?

Answer 151

RADIUS

Question 152

A security analyst is investigating a call from a user regarding one of the websites receiving a 503: Service
Unavailable error. The analyst runs a netstat -an command to discover if the web server is up and listening. The analyst receives the following output:
TCP 10.1.5.2:80 192.168.2.112:60973 TIME_WAIT
TCP 10.1.5.2:80 192.168.2.112:60974 TIME_WAIT
TCP 10.1.5.2:80 192.168.2.112:60975 TIME_WAIT
TCP 10.1.5.2:80 192.168.2.112:60976 TIME_WAIT
TCP 10.1.5.2:80 192.168.2.112:60977 TIME_WAIT
TCP 10.1.5.2:80 192.168.2.112:60978 TIME_WAIT
Which of the following types of attack is the analyst seeing?

Answer 152

Denial of service

Question 153

An application developer is working on a new calendar and scheduling application. The developer wants to
test new functionality that is time/date dependent and set the local system time to one year in the future. The application also has a feature that uses SHA-256 hashing and AES encryption for data exchange. The
application attempts to connect to a separate remote server using SSL, but the connection fails. Which of
the following is the MOST likely cause and next step?

Answer 153

. The date is past the certificate expiration; reset the system to the current time and see if the connection
still fails.

Question 154

To reduce costs and overhead, an organization wants to move from an on-premises email solution to a
cloud-based email solution. At this time, no other services will be moving. Which of the following cloud
models would BEST meet the needs of the organization?

Answer 154

SaaS

Question 155

A security engineer needs to obtain a recurring log of changes to system les. The engineer is most
concerned with detecting unauthorized changes to system data. Which of the following tools can be used to
fulll the requirements that were established by the engineer?

Answer 155

File integrity monitor

Question 156

A computer forensics team is performing an integrity check on key systems files. The team is comparing the
signatures of original baseline les with the latest signatures. The original baseline was taken on March 2, 2016. and was established to be clean of malware and uncorrupted. The latest tile signatures were
generated yesterday. One file is known to be corrupted, but when the team compares the signatures of the
original and latest ies, the team sees the
Following:
Original: 2d da b1 4a fc f1 98 06 b1 e5 26 b2 df e5 5b 3e cb 83 e1 Latest: 2d da b1 4a 98 fc f1 98 bl e5 26
b2 df e5 5b 3e cb 83 e1 Which of the following is MOST likely the situation?

Answer 156

The algorithm used to calculate the hash has a collision weakness, and an attacker has exploited it.

Question 157

Which of the following BEST explains ‘likelihood of occurrence’?

Answer 157

The probability that a threat actor will target and attempt to exploit an organization’s systems

Question 158

A security engineer is concerned about susceptibility to HTTP downgrade attacks because the current
customer portal redirects users from port 80 to the secure site on port 443. Which of the following would be
MOST appropriate to mitigate the attack?

Answer 158

HSTS

Question 159

During the penetration testing of an organization, the tester was provided with the names of a few key
servers, along with their IP address. Which of the following is the organization conducting?

Answer 159

Gray box testing

Question 160

An incident responder is preparing to acquire images and files from a workstation that has been
compromised. The workstation is still powered on and running. Which of the following should be acquired
LAST?

Answer 160

Application files on hard disk

Question 161

An analyst is currently looking at the following output:

Which of the following security issues has been discovered based on the output?

Answer 161

License compliance violation

Question 162

An attachment that was emailed to finance employees contained an embedded message. The security
administrator investigates and finds the intent was to conceal the embedded information from public view. Which of the following BEST describes this type of message?

Answer 162

Obfuscation

Question 163

A cryptographer has developed a new proprietary hash function for a company and solicited employees to
test the function before recommending its implementation. An employee takes the plaintext version of a
document and hashes it, then changes the original plaintext document slightly and hashes it, and continues
repeating this process until two identical hash values are produced from two different documents. Which of
the following BEST describes this cryptographic attack?

Answer 163

Collision

Question 164

Which of the following is a benefit of credentialed vulnerability scans?

Answer 164

The vulnerability scanner is able to inventory software on the target.

Question 165

Which of the following scenarios would make a DNS sinkhole effective in thwarting an attack?

Answer 165

DNS routing tables have been compromised, and an attacker is rerouting traffic to malicious websites

Question 166

A penetration tester is checking to see if an internal system is vulnerable to an attack using a remote
listener. Which of the following commands should the penetration tester use to verify if this vulnerability
exists? (Choose two.)

Answer 166

nc

nmap

Question 167

An organization discovers that unauthorized applications have been installed on company-provided mobile
phones. The organization issues these devices, but some users have managed to bypass the security
controls. Which of the following Is the MOST likely issue, and how can the organization BEST prevent this
from happening?

Answer 167

Some advanced users are jailbreaking the OS and bypassing the controls. Implement an MDM solution
to control access to company resources.

Question 168

A security consultant is analyzing data from a recent compromise. The following data points are
documented
Access to data on share drives and certain networked hosts was lost after an employee logged in to an
interactive session as a privileged user. The data was unreadable by any known commercial software. The issue spread through the enterprise via SMB only when certain users accessed data. Removal instructions were not available from any major antivirus vendor. Which of the following types of malware is this example of‘?

Answer 168

RAT

Question 169

A company needs to fix some audit findings related to its physical security. A key finding was that multiple
people could physically enter a location at the same time. Which of the following is the BEST control to
address this audit finding?

Answer 169

Mantrap

Question 170

A security administrator wants to determine if a company’s web servers have the latest operating system
and application patches installed. Which of the following types of vulnerability scans should be conducted?

Answer 170

Credentialed

Question 171

Which of the following BEST distinguishes Agile development from other methodologies in terms of
vulnerability management?

Answer 171

Daily standups

Question 172

Which of the following identity access methods creates a cookie on the rst logic to a central authority to
allow logins to subsequent applications without referring credentials?

Answer 172

Single sign-on

Question 173

A security specialist is notified about a certificate warning that users receive when using a new internal
website. After being given the URL from one of the users and seeing the warning, the security specialist
inspects the certificate and realizes it has been issued to the IP address, which is how the developers reach
the site. Which of the following would BEST resolve the issue?

Answer 173

OSCP

Question 174

A law ofce has been leasing dark ber from a local telecommunications company to connect a remote ofce
to company headquarters. The telecommunication company has decided to discontinue its dark ber product
and is offering an MPLS connection. Which the law office feels is too expensive. Which of the following is
the BEST solution for the law office?

Answer 174

Site-to-site VPN

Question 175

During a risk assessment, results show that a fire in one of the company’s datacenters could cost up to $20
million in equipment damages and lost revenue. As a result, the company insures the datacenter for up to
$20 million in damages for the cost of $30,000 a year. Which of the following risk response techniques has
the company chosen?

Answer 175

Transference

Question 176

A security engineer implements multiple technical measures to secure an enterprise network. The engineer
also works with the Chief information Ofcer (CID) to implement policies to govern user behavior. Which of
the following strategies is the security engineer executing?

Answer 176

Control diversity

Question 177

A systems administrator has created network file shares for each department with associated security
groups for each role within the organization. Which of the following security concepts is the systems
administrator implementing?

Answer 177

Least privilege

Question 178

A preventive control differs from a compensating control in that a preventive control is:

Answer 178

relied on to address gaps in the existing control structure.

Question 179

Which of the following has the potential to create a DoS attack on a system?

Answer 179

A disabled user account that has not been deleted

Question 180

Which of the following BEST describes the concept of perfect forward secrecy?

Answer 180

Preventing cryptographic reuse so a compromise of one operation does not affect other operations

Question 181

A chief information security officer (CISO) asks the security architect to design a method for contractors to
access the company’s internal wiki, corporate directory, and email services securely without allowing
access to systems beyond the scope of their project. Which of the following methods would BEST fit the
needs of the CISO?

Answer 181

vpn

Question 182

A technician is recommending preventive physical security controls for a server room. Which of the
technician MOST likely recommend? (Select Two).

Answer 182

Protected cabinets

Mantrap

Question 183

An email recipient is unable to open a message encrypted through PKI that was sent from another
organization. Which of the following does the recipient need to decrypt the message?

Answer 183

The sender’s public key

Question 184

In the event of a security incident, which of the following should be captured FIRST?

Answer 184

System memory

Question 185

A security analyst is interested in setting up an IDS to monitor the company network. The analyst has been
told there can be no network downtime to implement the solution, but the IDS must capture all of the
network traffic. Which of the following should be used for the IDS implementation?

Answer 185

Network tap

Question 186

A systems developer needs to provide machine-to-machine interface between an application and a
database server in the production environment. This interface will exchange data once per day. Which of
the following access control account practices would BEST be used in this situation?

Answer 186

Use a service account and prohibit users from accessing this account for development work.

Question 187

An organization has the following written policies: • Users must request approval for non-standard software installation • Administrators will perform all software installations
• Software must be installed from a trusted repository
A recent security audit identified crypto-currency software installed on one user’s machine There are no
indications of compromise on this machine Which of the following is the MOST likely cause of this policy
violation and the BEST remediation to prevent a reoccurrence’?

Answer 187

The user’s machine was infected with malware implement the organization’s incident response

Question 188

A systems administrator just issued the ssh-keygen -t rsa command on a Linux terminal Which of the
following BEST describes what the rsa portion of the command represents?

Answer 188

A key generation algorithm

Question 189

A company is deploying a wireless network. It is a requirement that client devices must use X.509
certifications to mutually authenticate before connecting to the wireless network. Which of the following
protocols would be required to accomplish this?

Answer 189

EAP-TLS

Question 190

Which of the following can be used to increase the time needed to brute force a hashed password?

Answer 190

BCRYPT

Question 191

Which of the following controls is implemented in lieu of the primary security controls?

Answer 191

Deterrent

Question 192

`A tester was able to leverage a pass-the-hash attack during a recent penetration test. The tester gained a
foothold and moved laterally through the network Which of the following would prevent this type of attack
from reoccurring?

Answer 192

Renaming all active service accounts and disabling all inactive service accounts

Question 193

A red team initiated a DoS attack on the management interface of a switch using a known vulnerability The
monitoring solution then raised an alert prompting a network engineer to log in to the switch to diagnose the
issue When the engineer logged in. the red team was able to capture the credentials and subsequently log
in to the switch Which of the following actions should the network team take to prevent this type of breach
from reoccurring?

Answer 193

Encrypt all communications with TLS 1 3

Question 194

Users are attempting to access a company’s website but are transparently redirected to another website. The users confirm the URL is correct. Which of the following would BEST prevent this issue in the future?

Answer 194

DNSSEC

Question 195

A technician is required to configure updates on a guest operating system while maintaining the ability to
quickly revert the changes that were made while testing the updates. Which of the following should the
technician implement?

Answer 195

Snapshots

Question 196

A network technician is setting up a new branch for a company. The users at the new branch will need to
access resources securely as if they were at ‘the main location. Which of the following networking concepts
would BEST accomplish this‘?

Answer 196

Sits-to-sits VPN

Question 197

Which of the following is the purpose of an industry-standard framework?

Answer 197

To provide guidance across common system implementations

Question 198

An organization requires that all workstations he issued client computer certicates from the organization‘s
PKI. Which of the following congurations should be implemented?

Answer 198

EAP-TLS

Question 199

A company’s IT staff is given the task of securely disposing of 100 server HDDs. The security team informs
the IT staff that the data must not be accessible by a third party after disposal. Which of the following is the
MOST time-efficient method to achieve this goal?

Answer 199

Use a degausser to sanitize the drives

Question 200

A public relations team will be taking a group of guests on a tour through the facility of a large e-commerce
company. The day before the tour, the company sends out an email to employees to ensure all whiteboards
are cleaned and all desks are cleared. The company is MOST likely trying to protect against.

Answer 200

social engineering

Question 201

During an incident, a company’s CIRT determines it is necessary to observe the continued network-based
transactions between a callback domain and the malware running on an enterprise PC. Which of the
following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the
risk that the adversary would notice any changes?

Answer 201

Create and apply micro segmentation rules.

Question 202

A network engineer has been asked to investigate why several wireless barcode scanners and wireless
computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and
computers are all on forklift trucks and move around the warehouse during their regular use. Which of the
following should the engineer do to determine the issue? (Select Two)

Answer 202

Perform a site survey.

Scan for rogue access points.

Question 203

Given the following output:

Which of the following BEST describes the scanned environment?

Answer 203

A host was scanned, and web-based vulnerabilities were found.

Question 204

A network administrator is implementing multifactor authentication for employees who travel and use
company devices remotely by using the company VPN. Which of the following would provide the required
level of authentication?

Answer 204

802.1X and OTP

Question 205

Which of the following command line tools would be BEST to identify the services running in a server?

Answer 205

Netstat

Question 206

A technician suspects that a desktop was compromised with a rootkit. After removing lhe hard drive from
the desktop and running an offline le integrity check, the technician reviews the following output: Based on
the above output, which of the following is the malicious file?

Answer 206

notepad.exe

Question 207

An organization is building a new customer services team, and the manager needs to keep the team focused on customer issues and minimize distractions. The users have a specific set of tools installed, which they must use to perform their duties. Other tools are not permitted for compliance and tracking
purposes. Team members have access to the Internet for product lookups and to research customer issues. Which of the following should a security engineer employ to fulfill the requirements for the manager?

Answer 207

Implement containerization on the workstations.

Question 208

An organization wishes to allow its users to select devices for business use but does not want to overwhelm
the service desk with requests for too many different device types and models. Which of the following
deployment models should the organization use to BEST meet these requirements?

Answer 208

CYOD model

Question 209

A network administrator is setting up wireless access points in all the conference rooms and wants to
authenticate devices using PKI. Which of the following should the administrator configure?

Answer 209

WPS

Question 210

Which of the following could an attacker use to overwrite instruction pointers in order to execute malicious
code?

Answer 210

Buffer over flow

Question 211

A security administrator is creating a risk assessment on BYOD. One of the requirements of the risk
assessment is to address the following
•Centrally managing mobile devices
•Data loss prevention
Which of the following recommendations should the administrator include in the assessment? (Select
TWO).

Answer 211

implement hashing.

implement an MDM with mobile device hardening.

Question 212

Condential corporate data was recently stolen by an attacker who exploited data transport protections. Which of the following vulnerabilities is the MOST likely cause of this data breach?

Answer 212

Improper input handling on the FTP site

Question 213

A user wants to send a condential message to a customer to ensure unauthorized users cannot access the
information. Which of the following can be used to ensure the security of the document while in transit and
at rest?

Answer 213

PGP

Question 214

A security administrator receives alerts from the perimeter UTM. Upon checking the logs, the administrator
finds the following output:
Time: 12/25 0300
From Zone: Untrust To Zone: DMZ
Attacker: externalip.com Victim: 172.16.0.20
To Port: 80 Action: Alert Severity: Critical
When examining the PCAP associated with the event, the security administrator finds the following
information:
alert (“Click
here for important information regarding your account! http://externalip.com/account.php “);
Which of the following actions should the security administrator take?

Answer 214

. Manually copy the data from the PCAP file and generate a blocking signature in the HIDS to block the traffic for future events.

Question 215

On which of the following is the live acquisition of data for forensic analysis MOST dependent? (Select
TWO)

Answer 215

Cryptographic or hash algorithm

Data retention legislation

Question 216

A technician needs lo document which application versions are listening on open ports. Which of the
following is MOST likely to return the information the technician needs?

Answer 216

Banner grabbing

Question 217

A network administrator is brute forcing accounts through a web interface. Which of the following would
provide the BEST defense from an account password being discovered?

Answer 217

Account lockout

Question 218

When a malicious user is able to retrieve sensitive information from RAM, the programmer has failed a
implement:

Answer 218

encryption of data in use.

Question 219

Joe recently assumed the role of data custodian for this organization. While cleaning out an unused storage
safe, he discovers several hard drives that are labeled “unclassified” and awaiting destruction. The hard
drives are obsolete and cannot be installed in any of his current computing equipment. Which of the
following is the BEST method for disposing of the hard drives?

Answer 219

Pulverizing

Question 220

Which of the following is the MOST significant difference between intrusive and non-intrusive vulnerability
scanning?

Answer 220

One has a higher potential for disrupting system operations.

Question 221

A systems administrator is implementing a remote access method for the system that will utilize GUI. Which
of the following protocols would be BEST suited for this?

Answer 221

SSH

Question 222

An analyst is concerned about data leaks and wants to restrict access to Internet services to authorized
users only. The analyst also wants to control the actions each user can perform on each service Which of
the following would be the BEST technology for me analyst to consider implementing?

Answer 222

DLP

Question 223

Which of the following control types are alerts sent from a SIEM fulfilling based on vulnerably signatures?

Answer 223

Detective

Question 224

Which of the following implements two-factor authentication on a VPN?

Answer 224

Username, password, and source IP

Question 225

Which of the following provides PFS?

Answer 225

DHE

Question 226

A manufacturer creates designs for very high security products that are required to be protected and
controlled by government regulations. These designs are not accessible by corporate networks or the
Internet. Which of the following is the BEST solution to protect these designs?

Answer 226

A Faraday cage

Question 227

After entering a username and password, an administrator must draw a gesture on a touch screen. Which
of the following demonstrates what the administrator is providing?

Answer 227

Something you can do

Question 228

Which of the following BEST explains why sandboxing is a best practice for testing software from an
untrusted vendor prior to an enterprise deployment?

Answer 228

It restricts the access of the software to a contained logical space and limits possible damage.

Question 229

A company utilizes 802.11 for all client connectivity within a facility. Users in one part of the building are
reporting they are unable to access company resources when connected to the company SSID. Which of
the following should the security administrator use to assess connectivity?

Answer 229

Routing tables

Question 230

An application developer has neglected to include input validation checks in the design of the company’s
new web application. An employee discovers that repeatedly submitting large amounts of data, including
custom code, to an application will allow the execution of the custom code at the administrator level. Which
of the following BEST identifies this application attack?

Answer 230

Buffer overflow

Question 231

A security analyst is performing a forensic investigation involving compromised account credentials. Using
the Event Viewer, the analyst was able to defect the following message: “Special privileges assigned to
new logon.’ Several of these messages did not have a valid logon associated with the user before these
privileges were assigned. Which of the following attacks is MOST likely being detected?

Answer 231

Buffer overflow

Question 232

A user received an SMS on a mobile phone that asked for bank details. Which of the following
social-engineering techniques was used in this case?

Answer 232

Vishing

Question 233

A threat actor motivated by political goals that is active for a short period of time but has virtually unlimited
resources is BEST categorized as a:

Answer 233

nation-state

Question 234

Using a one-time code that has been texted to a smartphone is an example of:

Answer 234

something you have.

Question 235

A company recently implemented a new security system. In the course of configuration, the security
administrator adds the following entry:
#Whitelist USB\VID_13FE&PID_4127&REV_0100
Which of the following security technologies is MOST likely being configured?

Answer 235

Removable media control

Question 236

A security technician has been given the task of preserving emails that are potentially involved in a dispute
between a company and a contractor.

Answer 236

Legal hold

Question 237

An organization is struggling to differentiate threats from normal traffic and access to systems A security
engineer has been asked to recommend a system that will aggregate data and provide metrics that will
assist in Identifying malicious actors or other anomalous activity throughout the environment. Which of the
following solutions should the engineer recommend?

Answer 237

SIEM

Question 238

An organization with a low tolerance tor user inconvenience wants to protect laptop hard drives against loss
of data theft Which of the following would be the MOST acceptable?

Answer 238

DLP

Question 239

A highly complex password policy has made it nearly impossible to crack account passwords. Which of the
following might a hacker still be able to perform?

Answer 239

Pass-the-hash attack

Question 240

When considering IoT systems, which of the following represents the GREATEST ongoing risk after a
vulnerability has been discovered?

Answer 240

Tight integration to existing systems

Question 241

Which of the following is the proper use of a Faraday cage?

Answer 241

To block electronic signals sent to erase a cell phone

Question 242

A company has just completed a vulnerability scan of its servers. A legacy application that monitors the
HVAC system in the datacenter presents several challenges, as the application vendor is no longer in
business Which of the following secure network architecture concepts would BEST protect the other company
servers if the legacy server were to be exploited?

Answer 242

Air gap

Question 243

A security technician is configuring a new firewall appliance for a production environment. The firewall must
support secure web services for client workstations on the 10.10.10.0/24 network. The same client
workstations are configured to contact a server at 192.168.1.15/24 for domain name resolution. Which of
the following rules should the technician add to the firewall to allow this connectivity for the client
workstations? (Select TWO).

Answer 243

Permit 10.10.10.0/24 0.0.0.0-p tcp –dport 443

Permit 10.10.10.0/24 192.168.1.15/24 -p tcp –dport 53

Question 244

In which of the following situations would it be BEST to use a detective control type for mitigation?

Answer 244

. A company implemented a network load balancer to ensure 99 999% availability of its web application

Question 245

A Chief Information Security Officer (CISO) asks the security architect to design a method for contractors to
access the company’s internal network securely without allowing access to systems beyond the scope of
their project. Which of the following methods would BEST fit the needs of the CISO?

Answer 245

VPN

Question 246

Which of the following disaster recovery sites would require the MOST time to get operations beck online?

Answer 246

Cold

Question 247

An attacker has gathered information about a company employee by obtaining publicly available
information from the Internet and social networks. Which of the following types of activity is the attacker
performing?

Answer 247

Social engineering

Question 248

A security administrator is analyzing a user report in which the computer exhibits odd network-related
outages. The administrator, however, does not see any suspicious process running. A prior technician’s
notes indicate the machine has been remediated twice, but the system still exhibits odd behavior. Files
were deleted from the system recently. Which of the following is the MOST likely cause of this behavior?

Answer 248

Rootkit

Question 249

Which of the following are the BEST selection criteria to use when assessing hard drive suitability for
time-sensitive applications that deal with large amounts of critical information? (Select TWO

Answer 249

MTBF

MTTR

Question 250

Which of the following is a technical preventive control?

Answer 250

Two-factor authentication

Question 251

Which of the following environments typically hosts the current version configurations and code, compares
user-story responses and workflow, and uses a modified version of actual data for testing?

Answer 251

Development

Question 252

A security engineer at a manufacturing company is implementing a third-party cloud application. Rather
than creating users manually in the application, the engineer decides to use the SAML protocol. Which of
the following is being used for this implementation?

Answer 252

The manufacturing company is the service provider, and the cloud company is the identity provider.

Question 253

A company has purchased a new SaaS application and is in the process of configuring it to meet the
company’s needs. The director of security has requested that the SaaS application be integrated into the
company’s IAM processes. Which of the following configurations should the security administrator set up in
order to complete this request?

Answer 253

RADIUS

Question 254

A system in the network is used to store proprietary secrets and needs the highest level of security possible. Which of the following should a security administrator implement to ensure the system cannot be reached
from the Internet?

Answer 254

Air gap

Question 255

A cybersecurity administrator needs to add disk redundancy for a critical server. The solution must have a
two-drive failure for better fault tolerance. Which of the following RAID levels should the administrator
select?

Answer 255

1

Question 256

Using an ROT13 cipher to protocol confidential information for unauthorized access is known as:

Answer 256

Obfuscation

Question 257

A security analyst is emailing PII in a spreadsheet file to an audit validator for after-actions related to a
security assessment. The analyst must make sure the PII data is protected with the following minimum
requirements: *Ensure confidentiality at rest. * Ensure the integrity of the original email message. Which of the following controls would ensure these data security requirements are carried out?

Answer 257

Encrypt and sign the email using S/MIME.

Question 258

Which of the following policies would help an organization identify and mitigate potential single points of
failure in the company’s IT/security operations?

Answer 258

. Awareness training

Question 259

Which of the following concepts ensure ACL rules on a directory are functioning as expected? (Select
TWO).

Answer 259

Accounting

Auditing

Question 260

A technician has been asked to document which services are running on each of a collection of 200 servers. Which of the following tools BEST meets this need while minimizing the work required?

Answer 260

Nmap

Question 261

An organization is concerned that Its hosted web servers are not running the most updated version of the
software. Which of the following would work BEST to help identify potential vulnerabilities?

Answer 261

. nc -1 -v compria.org -p 60

Question 262

During a penetration test, the tester performs a preliminary scan for any responsive hosts. Which of the
following BEST explains why the tester is doing this?

Answer 262

To identify servers for subsequent scans and further investigation

Question 263

A security analyst is assessing a small company’s internal servers against recommended security practices. Which of the following should the analyst do to conduct the assessment? (Select TWO).

Answer 263

Review the company’s current security baseline,

Run an exploitation framework to confirm vulnerabilities

Question 264

Which of the following often operates in a client-server architecture to act as a service repository, providing
enterprise consumers access to structured threat Intelligence data?

Answer 264

CIRT

Question 265

Joe, a contractor, is hired by a firm to perform a penetration test against the firm’s infrastructure. While
conducting the scan, he receives only the network diagram and the network list to scan against the network. Which of the following scan types is Joe performing?

Answer 265

. Gray box

Question 266

A company uses an enterprise desktop imaging solution to manage deployment of its desktop computers. Desktop computer users are only permitted to use software that is part of the baseline image. Which of the
following technical solutions was MOST likely deployed by the company to ensure only known-good
software can be installed on corporate desktops?

Answer 266

File integrity checks

Question 267

Which of the following types of attack is being used when an attacker responds by sending the MAC
address of the attacking machine to resolve the MAC to IP address of a valid server?

Answer 267

ARP poisoning

Question 268

A company is planning to utilize its legacy desktop systems by converting them into dummy terminals and
moving all heavy applications and storage to a centralized server that hosts all of the company’s required
desktop applications. Which of the following describes the BEST deployment method to meet these
requirements?

Answer 268

VDI

Question 269

A systems administrator has implemented multiple websites using host headers on the same server. The
server hosts two websites that require encryption and other websites where encryption is optional. Which of
the following should the administrator implement to encrypt web traffic for the required websites?

Answer 269

Wildcard certificate

Question 270

The IT department’s on-site developer has been with the team for many years. Each time an application is
released, the security team is able to identify multiple vulnerabilities. Which of the following would BEST
help the team ensure the application is ready to be released to production?

Answer 270

Obfuscate the source code.

Question 271

Which of the following are considered among the BEST indicators that a received message is a hoax?
(Choose two.)

Answer 271

No valid digital signature from a known security organization

Embedded URLs`

Question 272

If two employees are encrypting traffic between them using a single encryption key, which of the following
algorithms are they using?

Answer 272

SHA-2

Question 273

The president of a company that specializes in military contracts receives a request for an interview. During
the interview, the reporter seems more interested in discussing the president’s family life and personal
history than the details of a recent company success. Which of the following security concerns is this MOST
likely an example of?

Answer 273

Social engineering

Question 274

A coffee company has hired an IT consultant to set up a WiFi network that will provide Internet access to
customers who visit the company’s chain of cafés. The coffee company has provided no requirements other
Lead to pass your exam quickly and easily. First Test, First Pass! - visit - http://www.certleader.com
than that customers should be granted access after registering via a web form and accepting the terms of
service. Which of the following is the MINIMUM acceptable configuration to meet this single requirement?

Answer 274

Captive portal

Question 275

A hospital has received reports from multiple patients that their PHI was stolen after completing forms on
the hospital’s website. Upon investigation, the hospital finds a packet analyzer was used to steal data. Which of the following protocols would prevent this attack from reoccurring?

Answer 275

SFTP

Question 276

A systems administrator is auditing the company’s Active Directory environment. It is quickly noted that the
username “company\bsmith” is interactively logged into several desktops across the organization. Which of
the following has the systems administrator MOST likely come across?

Answer 276

. Shared credentials

Question 277

An Organization wants to separate permissions for individuals who perform system changes from
individuals who perform auditing of those system changes. Which of the following access control
approaches is BEST suited for this?

Answer 277

Assign administrators and auditors to different groups and restrict permissions on system log files to
read-only for the auditor group.

Question 278

In highly secure environments where the risk of malicious actors attempting to steal data is high, which of
the following is the BEST reason to deploy Faraday cages?

Answer 278

To minimize external RF interference with embedded processors

Question 279

Which of the following BEST explains the difference between a credentialed scan and a non-credentialed
scan?

Answer 279

. A credentialed scan sees the system the way an authorized user sees the system, while a
non-credentialed scan sees the system as a guest.

Question 280

Which of the following would provide a safe environment for an application to access only the resources
needed to function while not having access to run at the system level?

Answer 280

Sandbox

Question 281

Two companies are enabling TLS on their respective email gateways to secure communications over the
Internet. Which of the following cryptography concepts is being implemented?

Answer 281

Data in transit

Question 282

Which of the following explains why a vulnerability scan might return a false positive?

Answer 282

The signature matches the product but not the version information.

Question 283

A systems administrator is configuring a new network switch for TACACS+ management and
authentication. Which of the following must be configured to provide authentication between the switch and
the TACACS+ server?

Answer 283

Shared secret

Question 284

A company uses wireless for ail laptops and keeps a very detailed record of its assets, along with a
comprehensive list of devices that are authorized to be on the wireless network. The Chief Information
Officer (CIO) is concerned about a script kiddie potentially using an unauthorized device to brute force the
wireless PSK and obtain access to the internal network. Which of the following should the company
implement to BEST prevent this from occurring?

Answer 284

A WIDS

Question 285

Which of the following is the primary reason for implementing layered security measures in a cyber security
architecture?

Answer 285

It decreases the tone a CERT has to respond to a security incedent

Question 286

Which of the following methods is used by internal security teams to assess the security of internally
Lead to pass your exam quickly and easily. First Test, First Pass! - visit - http://www.certleader.com
developed applications?

Answer 286

White box testing

Question 287

Which of the following serves to warn users against downloading and installing pirated software on
company devices?

Answer 287

AUP

Question 288

A security analyst is looking for a solution to help communicate to the leadership team the severity levels of
the organization’s vulnerabilities. Which of the following would BEST meet this need?

Answer 288

SOAR

Question 289

An organization’s IRP prioritizes containment over eradication. An incident has been discovered where an
attacker outside of the organization has installed cryptocurrency mining software on the organization’s web
servers. Given the organization’s stated priorities, which of the following would be the NEXT step?

Answer 289

Remove the affected servers from the network

Question 290

A junior systems administrator noticed that one of two hard drives in a server room had a red error
notification. The administrator removed the hard drive to replace it but was unaware that the server was
configured in an array. Which of the following configurations would ensure no data is lost?

Answer 290

. RAID 1

Question 291

A security analyst is specifying requirements for a wireless network. The analyst must explain the security
features provided by various architecture choices. Which of the following is provided by PEAP, EAP-TLS, and EAP-TTLS?

Answer 291

Mutual authentication

Question 292

A security administrator is adding a NAC requirement for all VPN users to ensure the co requirement?

Answer 292

Implement a permanent agent

Question 293

A small enterprise decides to implement a warm site to be available for business continuity in case of a
disaster. Which of the following BEST meets its requirements?

Answer 293

An operational site requiring some equipment to be relocated as well as data transfer to the site

Question 294

A security administrator in a bank is required to enforce an access control policy so no single individual is
allowed to both initiate and approve financial transactions. Which of the following BEST represents the
impact the administrator is deterring?

Answer 294

Principle of least privilege

Question 295

A security analyst is running a credential-based vulnerability scanner on a Windows host. The vulnerability
scanner is using the protocol NetBIOS over TCP/IP to connect to various systems, However, the scan does
not return any results. To address the issue, the analyst should ensure that which of the following default
ports is open on systems?

Answer 295

137

Question 296

A company that processes sensitive information has implemented a BYOD policy and an MDM solution to
secure sensitive data that is processed by corporate and personally owned mobile devices. Which of the
following should the company implement to prevent sensitive data from being stored on mobile devices?

Answer 296

Storage segmentation

Question 297

A company is implementing a tool to mask all PII when moving data from a production server to a testing
server. Which of the following security techniques is the company applying?

Answer 297

Data sanitization

Question 298

A security analyst wishes to scan the network to view potentially vulnerable systems the way an attacker
would. Which of the following would BEST enable the analyst to complete the objective?

Answer 298

Perform a non-credentialed scan.

Question 299

An organization’s research department uses workstations in an air-gapped network. A competitor released
products based on files that originated in the research department. Which of the following should
management do to improve the security and confidentiality of the research files?

Answer 299

Configure removable media controls on the workstations.

Question 300

An attacker is attempting to harvest user credentials on a client’s website. A security analyst notices
multiple attempts of random usernames and passwords. When the analyst types in a random username
and password, the logon screen displays the following message:
The username you entered does not exist. Which of the following should the analyst recommend be enabled?

Answer 300

. Username lockout

Question 301

A company wants to configure its wireless network to require username and password authentication. Which of the following should the systems administrator Implement?

Answer 301

WPS

Question 302

A security consultant was asked to revise the security baselines that are utilized by a large organization. Although the company provides different platforms for its staff, including desktops, laptops, and mobile
devices, the applications do not vary by platform. Which of the following should the consultant recommend?
(Select Two).

Answer 302

Apply patch management on a daily basis

Disable default accounts and/or passwords.

Question 303

A company network is currently under attack. Although security controls are in place to stop the attack, the
security administrator needs more information about the types of attacks being used. Which of the following
network types would BEST help the administrator gather this information?

Answer 303

Honeynet

Question 304

A company has won an important government contract. Several employees have been transferred from
their existing projects to support a new contract. Some of the employees who have transferred will be
working long hours and still need access to their project information to transition work to their replacements. Which of the following should be implemented to validate that the appropriate offboarding process has been
followed?

Answer 304

Permission auditing

Question 305

The Chief Information Officer (CIO) has determined the company’s new PKI will not use OCSP. The
purpose of OCSP still needs to be addressed. Which of the following should be implemented?

Answer 305

Install a CRL.

Question 306

A company wants to deploy PKI on its Internet-facing website. The applications that are currently deployed
are: • www company com (mam website) • contactus company com (for locating a nearby location) • quotes company com (for requesting a price quote)
The company wants to purchase one SSL certificate that will work for all the existing applications and any
future applications that follow the same naming conventions, such as store company com. Which of the
following certificate types would BEST meet the requirements?

Answer 306

Wildcard

Question 307

A contracting company recently completed its period of performance on a government contract and would
like to destroy all information associated with contract performance. Which of the following is the best NEXT
step for the company to take?

Answer 307

Consult data disposition policies in the contract.

Question 308

Which of the following BEST describes the purpose of authorization?

Answer 308

Authorization provides permissions to a resource and comes after authentication.

Question 309

A company has just experienced a malware attack affecting a large number of desktop users. The antivirus
solution was not able to block the malware, but the HIDS alerted to C2 calls as ‘Troj.Generic’. Once the
security team found a solution to remove the malware, they were able to remove the malware files
successfully, and the HIDS stopped alerting. The next morning, however, the HIDS once again started
alerting on the same desktops, and the security team discovered the files were back. Which of the following
BEST describes the type of malware infecting this company’s network?

Answer 309

Trojan

Question 310

Which of the following attacks can be mitigated by proper data retention policies?

Answer 310

Dumpster diving

Question 311

While monitoring the SIEM, a security analyst observes traffic from an external IP to an IP address of the
business network on port 443. Which of the following protocols would MOST likely cause this traffic?

Answer 311

SSH

Question 312

Which of the following terms BEST describes an exploitable vulnerability that exists but has not been
publicly disclosed yet?

Answer 312

Zero-day

Question 313

An organization has hired a new remote workforce. Many new employees are reporting that they are unable
to access the shared network resources while traveling. They need to be able to travel to and from different
locations on a weekly basis. Shared offices are retained at the headquarters location. The remote
workforce will have identical file and system access requirements, and must also be able to log in to the
headquarters location remotely. Which of the following BEST represent how the remote employees should
have been set up initially? (Select TWO).

Answer 313

Group-based access control

Individual accounts

Question 314

Which of the following algorithms would be used to provide non-repudiation of a file transmission?

Answer 314

MD5

Question 315

Which of the following access management concepts is MOST closely associated with the use of a
password or PIN??

Answer 315

Authentication

Question 316

Which of the following is an example of resource exhaustion?

Answer 316

. A penetration tester requests every available IP address from a DHCP server.

Question 317

During a security audit of a company’s network, unsecure protocols were found to be in use. A network
administrator wants to ensure browser-based access to company switches is using the most secure
protocol. Which of the following protocols should be implemented?

Answer 317

SSH2

Question 318

Which of the following attacks can be used to exploit a vulnerability that was created by untrained users?

Answer 318

A spear-phishing email with a file attachment

Question 319

Which of the following is unique to a stream cipher?

Answer 319

It performs bit-level encryption

Question 320

Which of the following can occur when a scanning tool cannot authenticate to a server and has to rely on
limited information obtained from service banners?

Answer 320

. False positive

Question 321

A security analyst is investigating a vulnerability In which a default file permission was set incorrectly. The
company uses non-credentialed scanning for vulnerability management. Which of the following tools can
the analyst use to verify the permissions?

Answer 321

chmod

Question 322

A member of the human resources department received the following email message after sending an
email containing benefit and tax information to a candidate: “Your message has been quarantined for the following policy violation: external potential_PII. Please
contact the IT security administrator for further details”. Which of the following BEST describes why this message was received?

Answer 322

The DLP system flagged the message.

Question 323

A cybersecurity analyst needs to Implement secure authentication to third-party websites without users’ passwords Which of the following would be the BEST way to achieve this objective?

Answer 323

SSO

Question 324

A retail executive recently accepted a job with a major competitor. The following week, a security analyst
reviews the security logs and Identifies successful logon attempts to access the departed executive’s
accounts. Which of the following security practices would have addressed the issue?

Answer 324

Least privilege

Question 325

After patching computers with the latest application security patches/updates, users are unable to open
certain applications. Which of the following will correct the issue?

Answer 325

Modifying the security policy for DLP

Question 326

An incident response analyst at a large corporation is reviewing proxy log data. The analyst believes a
malware infection may have occurred. Upon further review, the analyst determines the computer
responsible for the suspicious network traffic is used by the Chief Executive Officer (CEO). Which of the
following is the best NEXT step for the analyst to take?

Answer 326

Disconnect the CEO’s workstation from the network.

Question 327

Users are attempting to access a company’s website but are transparently redirected to another websites. The users confirm the URL is correct. Which of the following would BEST prevent this issue in the future?

Answer 327

DNSSEC

Question 328

A security analyst needs to be proactive in understanding the types of attacks that could potentially target
the company’s executives. Which of the following intelligence sources should the security analyst review?

Answer 328

Vulnerability feeds

Question 329

An analyst has determined that a server was not patched and an external actor extiltrated data on port 139. Which of the following sources should the analyst review to BEST ascertain how the incident could have
been prevented?

Answer 329

The security logs

Question 330

A company has a team of penetration testers. This team has located a file on the company file server that
they believe contains cleartext usernames followed by a hash. Which of the following tools should the
penetration testers use to learn more about the content of this file?

Answer 330

Password cracker

Question 331

A government contracting company Issues smartphones lo employees lo enable access lo corporate
resources. Several employees will need to travel to a foreign country (or business purposes and will require
access lo their phones. However, the company recently received intelligence that its intellectual property is
highly desired by the same country’s government. Which of the following MDM configurations would BEST
reduce the risk of compromise while on foreign soil?

Answer 331

Disable wipe

Question 332

A security analyst is hardening a large-scale wireless network. The primary requirements are the following
* Must use authentication through EAP-TLS certificates
Lead to pass your exam quickly and easily. First Test, First Pass! - visit - http://www.certleader.com
* Must use an AAA server * Must use the most secure encryption protocol
Given these requirements, which of the following should the analyst implement and recommend? (Select
TWO).

Answer 332

802.1X

WPA2-PSK

Question 333

A security analyst is performing a manual audit of captured data from a packet analyzer. The analyst looks
forbase64 encoded strings and applies the filter http.authbasic. Which of the following describes what the
analysts looking for?

Answer 333

Unencrypted credentials

Question 334

During a forensic investigation, which of the following must be addressed FIRST according to the order of
volatility?

Answer 334

RAM

Question 335

A buffer overflow can result in:

Answer 335

privilege escalation caused by TPN override.

Question 336

After a security assessment was performed on the enterprise network, it was discovered that:
Configuration changes have been made by users without the consent of IT. Network congestion has increased due to the use of social media. Users are accessing file folders and network shares that are beyond the scope of their need to know. Which of the following BEST describe the vulnerabilities that exist in this environment? (Choose two.

Answer 336

Poorly trained users

Improperly configured accounts

Question 337

Which of !he following Impacts are associated with vulnerabilities in embedded systems? (Select TWO).

Answer 337

Repeated exploitation due to unpatchtable firmware

Denial of service due to an integrated legacy operating system

Question 338

During an audit, the auditor requests to see a copy of the identified mission-critical applications as well as
their disaster recovery plans. The company being audited has an SLA around the applications it hosts. With
which of the following is the auditor MOST likely concerned?

Answer 338

RTO/RPO

Question 339

Which of the following may indicate a configuration item has reached end-of-life?

Answer 339

The vendor has not published security patches recently

Question 340

A security administrator is configuring a RADIUS server for wireless authentication. The configuration must
ensure client credentials are encrypted end-to-end between the client and the authenticator. Which of the
following protocols should be configured on the RADIUS server? (Select TWO).

Answer 340

MSCHAP

PEAP

Question 341

A user receives a security alert pop-up from the host-based IDS, and a few minutes later notices a
document on the desktop has disappeared and in its place is an odd filename with no icon image. When
clicking on this icon, the user receives a system notification that it cannot find the correct program to use to
open this file. Which of the following types of malware has MOST likely targeted this workstation?

Answer 341

Ransomware

Question 342

A company is having Issues with intellectual property being sent to a competitor from its system. The
information being sent Is not random but has an identifiable pattern. Which of the following should be
implemented in the system to stop the content from being sent?

Answer 342

DLP

Question 343

A security analyst is using a recently released security advisory to review historical logs, looking for the
specific activity that was outlined in the advisory. Which of the following is

Answer 343

Credentialed vulnerability scanning`

Question 344

An organization has decided to purchase an insurance policy because a risk assessment determined that
the cost to remediate the risk Is greater than the five-year cost of the insurance policy. The organization is
enabling risk:

Answer 344

acceptance

Question 345

A systems administrator wants to implement a secure wireless network requiring wireless clients to
pre-register with the company and install a PKI client certificate prior to being able to connect to the
wireless network. Which of the following should the systems administrator configure?

Answer 345

EAP-TLS

Question 346

In a lessons learned report, it is suspected that a well-organized, well-funded, and extremely sophisticated
group of attackers may have been responsible for a breach at a nuclear facility. Which of the following describes the type of actors that may have been implicated?

Answer 346

Nation-state

Question 347

After reading a security bulletin, a network security manager Is concerned that a malicious actor may have
breached the network using the same software flaw. The exploit code Is publicly available and has been
reported as being used against other industries in the same vertical. Which of the following should the
network security manager consult FIRST to determine a priority list for forensic review?

Answer 347

The vulnerability scan output

Question 348

A network technician needs to monitor and view the websites that are visited by an employee. The
employee Is connected to a network switch. Which of the following would allow the technician to monitor the
employee’s web traffic?

Answer 348

Install and configure a transparent proxy server

Question 349

A manager makes an unannounced visit to the marketing department and performs a walk-through of the
office. The manager observes unclaimed documents on printers. A closer look at these documents reveals
employee names, addresses, ages, birth dates, marital/dependent statuses, and favorite ice cream flavors.
Lead to pass your exam quickly and easily. First Test, First Pass! - visit - http://www.certleader.com
The manager brings this to the attention of the marketing department head. The manager believes this
information to be PII, but the marketing head does not agree. Having reached a stalemate, which of the
following is the MOST appropriate action to take NEXT?

Answer 349

Find the privacy officer in the organization and let the officer act as the arbiter.

Question 350

A security operations team recently detected a breach of credentials. The team mitigated the risk and
followed proper processes to reduce risk. Which of the following processes would BEST help prevent this
issue from happening again?

Answer 350

Chain of custody

Question 351

A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?

Answer 351

tcpdump

Question 352

A company recently experienced a security incident in which its domain controllers were the target of a DoS
attack. In which of the following steps should technicians connect domain controllers to the network and
begin authenticating users again?

Answer 352

Recovery

Question 353

An accountant is attempting to log in to the internal accounting system and receives a message that the
website’s certificate is fraudulent. The accountant finds instructions for manually installing the new trusted
root onto the local machine. Which of the following would be the company’s BEST option for this situation in
the future?

Answer 353

Implement certificate management.

Question 354

Which of the following are considered to be “something you do”? (Select TWO).

Answer 354

Handwriting

Gait

Question 355

A systems analyst is responsible for generating a new digital forensics chain-of-custody form. Which of the
following should the analyst include in this documentation? (Select TWO)

Answer 355

A checksum

The location of the artifacts

Question 356

A large Industrial system’s smart generator monitors the system status and sends alerts to third-party
maintenance personnel when critical failures occur. While reviewing the network logs, the company’s
security manager notices the generator’s IP is sending packets to an internal file server’s IP. Which of the
following mitigations would be BEST for the security manager to implement while maintaining alerting
capabilities?

Answer 356

Firewall whitelisting

Question 357

A security engineer is analyzing the following line of JavaScript code that was found in a comment field on a
web forum, which was recently involved in a security breach:

Given the line of code above, which of the following BEST represents the attack performed during the
breach?

Answer 357

XSS

Question 358

Which of the following vulnerabilities can lead to unexpected system behavior, including the bypassing of
security controls, due to differences between the time of commitment and the time of execution?

Answer 358

Buffer overflow

Question 359

A security administrator is Implementing a secure method that allows developers to place files or objects
onto a Linux server Developers ate required to log In using a username. password, and asymmetric key. Which of the following protocols should be implemented?

Answer 359

SFTP

Question 360

A systems administrator wants to replace the process of using a CRL to verify certificate validity. Frequent
downloads are becoming problematic. Which of the following would BEST suit the administrator’s needs?

Answer 360

OCSP

Question 361

A company is performing an analysis of which corporate units are most likely to cause revenue loss in the
event the unit is unable to operate. Which of the following is an element of the BIA that this action is
addressing?

Answer 361

Mission-essential functions

Question 362

A systems administrator wants to configure an enterprise wireless solution that supports authentication
over HTTPS and wireless encryption using AES. Which of the following should the administrator configure
to support these requirements? (Select TWO).

Answer 362

802.1X

WPA2