SEC+ B

Question 1

A developer has just finished coding a custom web application and would like to test it for bugs by automatically injecting malformed data into it. Which of the following is the developer looking to perform?
Fuzzing
Stress Testing
Sandboxing
Normalizing

Answer 1

Fuzzing

Question 2

A security analyst has identified malware the is propagating automatically to multiple systems on the network. Which of the following types of malware is MOST likely impacting the network?
Virus
Worm
Logic Bomb
Backdoor

Answer 2

Worm

Question 3

A company uses WPA2-PSK, and it appears there are multiple unauthorized devices connected to the wireless network. A technician suspects this is because the wireless password has been shared with unauthorized individuals. Which of the following should the technician implement to BEST reduce the risk of this happening in the future?
Wireless guest isolation
802.1X
WPS
MAC address blacklist

Answer 3

802.1X

Question 4

Which of the following is a symmetric encryption algorithm that applies to the encryption over multiple iterations?
RC4
RSA
3DES
SHA

Answer 4

3DES

Question 5

A company is implementing a remote access portal so employees can work remotely from home. The company wants to implement a solution that would securely integrate with a third party. Which of the following is the BEST solution?
SAML
RADIUS
Secure token
TACACS+

Answer 5

SAML

Question 6

A security admin has been conducting an account permissions review that had identified several users who belong to functional groups and groups responsible for auditing the functional groups’ actions. Several recent outages have not been able to be traced to any user. Which of the following should the security admin recommend preserving future audit log integrity?
Enforcing stricter onboarding workflow policies
Applying least privileged to user group membership
Restricting audit group membership to service accounts

Answer 6

Restricting audit group membership to service accounts

Question 7

Which of the following solutions is the BEST method for controlling data exfiltration during this project?
Require that all consultant activity be restricted to a secure VDI environment
Require the consultants to sign an agreement stating they will only use the company-provided email address for communications during the project
Require updated antivirus, USB blocking, and a host-based firewall on all consultant devices

Answer 7

Require that all consultant activity be restricted to a secure VDI environment

Question 8

A newly hired CSO is reviewing the company’s IRP and notices the procedures for zero-day malware attacks are being poorly executed, resulting in the CSIRT failing to address and coordinates malware removal from the system. Which of the following phases would BEST address these shortcomings?
Identification 
Lessons Learned
Recovery
Eradication

Answer 8

Lessons learned

Question 9

An engineer is configuring a wireless network using PEAP for the authentication protocol. Which of the following is required?
802.11n support on the WAP
X 509 certificate on the server
CCMP support on the network switch

Answer 9

X 509 certificate on the server

Question 10

Which of the following is a resiliency strategy that allows a system to automatically adapt to workload changes?
Fault tolerance
Redundancy
Elasticity

Answer 10

Elasticity

Question 11

A security team has completed the installation of a new server. The OS and applications have been patched and tested, and the server is ready to be deployed. Which of the following actions should be taken before deploying the new server?
Disable the default accounts
Run a penetration test on the network
Create a DMZ in which to place the server

Answer 11

Disable the default accounts

Question 12

A security engineer wants to further secure a sensitive VLAN on the network by introducing MFA. Which if the following is the BEST example of this?
PSK and PIN
RSA token and password
Fingerprint scanner and voice recognition

Answer 12

RSA taken and password

Question 13

Proprietary information was sent by and employee to a distribution list that included external email addresses. Which of the following BEST describes the incident that occurred and the threat actor in this scenario?
Social engineering by a hacktivist
MITM attack by a script kiddie
Unintentional disclosure by an insider

Answer 13

Unintentional disclosure by an insider

Question 14

A security analyst received and after-hours alert indicating that a large number of accounts with the suffix “admin” were locked out. The accounts were all locked out after five unsuccessful login attempts, and no other accounts on the network triggered the same alert. Which of the following is the BEST explanation for these alerts?
The standard naming convention makes administrator accounts easy to identify, and they were targeted for an attack
The admin accounts do not have rigid password complexity rules, and this made them easier to crack
The company has implemented time-of-day restrictions, and this triggered a false positive alert when the admin tried to log in

Answer 14

The standard naming convention makes administrator accounts easy to identify, and they were targeted for an attack

Question 15

A recent security audit identified crypto-currency software installed on one user’s machine. Which of the following is the MOST likely cause of this policy violation and the BEST remediation to prevent a reoccurrence?
The user’s machine was infected with malware; implement the orgs incident response
The user installed the software on the machine; implement technical controls to enforce the written policies
Admin downloaded the software from an untested repository; add a policy that requires integrity checking for all software

Answer 15

The user installed the software on the machine; implement technical controls to enforce the written policies

Question 16

The phones at a business are being replaced with the VoIP phones that get plugged in-line between the switch and PC. The voice and data networks still need to be kept separate. Which of the following would allow for this?
NAT
Intranet
Subnetting
VLAN

Answer 16

VLAN

Question 17

Which of the following models is considered an iterative approach with frequent testing
Agile
Waterfall
DevOps
Sandboxing

Answer 17

Agile

Question 18

A security analyst discovers one of the business processes, which generates 75% of the annual revenue, uses a legacy system. This creates a risk that can contribute to a 2% drop in revenue generation every quarter. Which of the following would be the BEST response to this risk?
Mitigation
Avoidance
Insurance

Answer 18

Insurance

Question 19

A new employee discovered a thumb drive with the company’s logo on it while walking in the parking lot. He was curious as to the contents and placed it into his work computer. Shortly after accessing the contents, he noticed the machine running slower, started to reboot, and displayed new icons on the screen. Which of the following types of attacks occurred?
Social Engineering
Brute force attack
MITM
DoS

Answer 19

Social Engineering

Question 20

Which of the following types of vulnerability scans returns more detailed and thorough insights into actual system vulnerabilities?
Non-credentialed
Intrusive
Credentialed

Answer 20

Credentialed

Question 21

A security analyst is determined the point of compromised after a company was hacked. The analyst checks the server logs and sees that a user account was logged in a at night, and several large, compressed files were exfiltrated. The analyst then discovers the user last logged in four years ago and was terminated. Which of the following should the security analyst recommend preventing this type of attack in the future? (Select Two)
Disable all user accounts that are not logged in to for 180 days
Enable a login banner prohibiting unauthorized use
Perform an audit of all company user accounts
Review and update the firewall settings
Restrict the compromised accounts

Answer 21

Disable all user accounts that are not logged in to for 180 days
Perform an audit of all company user accounts

Question 22

A system admin wants to secure a backup environment, so backups are less prone to ransomware attacks. The admin would like to have a fully isolated set of backups. Which if the following would be the MOST secure option for the admin to implement? 
A DMZ
An air gap
A honeypot
A VLAN

Answer 22

An air gap

Question 23

A secure engineer deploys a certificate from a commercial CA to the RADIuS server for use with the EAP-TLS wireless network. Authentication is failing, so the engineer examines the certificate’s properties: Issuer: (A commercial CA) Valid from: (yesterday’s date) Subject: CN-smithco.com Public key: RSA (2048 bits) Enhanced key usage: Client authentication Key usage: Digital signature, key encipherment (a0) Which of the following is the MOST likely cause of the failure?
The certificate is missing the proper OID
The certificate is missing wireless authentication in key usage
The certificate is self-signed

Answer 23

The certificate is missing the proper OID

Question 24

An organization uses an antivirus scanner from Company A on its firewall, an email system antivirus scanner from Company B, and an endpoint antivirus scanner from Company C. This is an example of:
Unified threat management
An OVAL system
Vendor diversity

Answer 24

vender diversity

Question 25

A NIPS admin needs to install a new signature to observe the behavior of a worm that may be spreading over SMB. Which of the following signatures should be installed on the NIPS?
DENY from ANY:ANY to ANY:445 regex’.”SMB.”
PERMIT from ANY:ANY to ANY:445 regex’. SMB.’

Answer 25

DENY from ANY:ANY to ANY:445 regex’.”SMB.”

Question 26

A red team initiated a DoS attack on the management interface of a switch using a known vulnerability. The monitoring solution then raised an alert, prompting a network engineer to log in to the switch to diagnose the issue. When the engineer logged in, the red team was able to capture the credentials and subsequently log in to the switch. Which of the following actions should the network team take to prevent this type of breach from reoccurring?
Encrypt all communications with TLS 1.3
Transition from SNMPv2c to SNMPv3 with AES-256
Enable Secure Shell and Disable Telnet

Answer 26

Enable Secure Shell and Disable Telnet

Question 27

A penetration tester has unsuccessfully accessed a web server using an exploit in the user-agent string for Apache Struts. The tester then brute forces a credential that provides access to the back-end database server in a different subnet. This is an example of:
Persistence
Pivoting
Escalation of privilege

Answer 27

Pivoting

Question 28

An organization handling highly confidential information needs to update its system. Which of the following is the BEST method to prevent data compromise?
Wiping
Degaussing
Shredding 
Purging

Answer 28

Shredding

Question 29

Which of the following is the BEST example of a reputation impact identified during a risk assessment?
A bad software patch taking down the production systems
A misconfigured firewall exposing intellectual property to the internet
An attacker defacing the e-commerce portal

Answer 29

An attacker defacing the e-commerce portal

Question 30

A penetration tester is testing passively for vulnerability on a company’s network. Which of the following tools should the penetration tester use?
Zenmap
Wireshark
Nmap
Nikto
Snort

Answer 30

Nikto

Question 31

A security analyst is asked to check the configuration of the company’s DNS service on the server. Which of the following command line tools should the analyst use to perform the initial assessment?
Nslookup/dig
Tracert
Ipconfig/ifconfig

Answer 31

Nslookup/dig

Question 32

Which of the following should a company require prior to performing a penetration test?
NDA
CVE score
Data classification
List of threats

Answer 32

NDA

Question 33

Which of the following BEST explains “likelihood of occurrence”?
The chance that an event will happen regardless of how much damage it may cause
The overall impact to the orgs once all factors have been considered
The probability that a threat actor will target and attempt to exploit an organization’s systems

Answer 33

The probability that a threat actor will target and attempt to exploit an organization’s systems

Question 34

A developer is creating a new web application on a public cloud platform and wants to ensure the application can respond to increase in load while minimizing costs during periods of low usage. Which of the following strategies is MOST relevant to the use-case?
Elasticity
Redundancy
High availability

Answer 34

Elasticity

Question 35

An internal intranet sire is required to authentication users and restricts access to content to only those who are authorized to view it. The site admin previously encountered issues with credentials spoofing when using the default NTLM setting and wants to move to be a system that will be more reliant to replay attacks. Which of the following should the admin implement?
NTLMv2
TACACS+
Kerberos

Answer 35

Kerberos

Question 36

Which of the following is a component of multifactor authentication?
RADIUS
SSO
OTP

Answer 36

OTP

Question 37

A company recently experienced a security breach. The security staff determined that the intrusion was due to an out-of-date proprietary software program running on a non-compliant server. The server was imaged and copied onto a hardened VM, with the previous connections re-established. Which of the following is the NEXT step in the incident response process?
Recovery
Eradication
Lessons Learned
Containment

Answer 37

Lessons Learned