sec + pt 2 Flashcards
An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a “page not found” error message. Which of the following types of social engineering attacks occurred?
A. Brand impersonation
B. Pretexting
C. Typosquatting
D. Phishing
D. Phishing
Which of the following scenarios describes a possible business email compromise attack?
A. An employee receives a gift card request in an email that has an executive’s name in the display field of the email.
B. Employees who open an email attachment receive messages demanding payment in order to access files.
C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.
D. An employee receives an email with a link to a phishing site that is designed to look like the company’s email portal.
C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.
Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated:
“I’m in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address.”
Which of the following are the best responses to this situation? (Choose two).
A. Cancel current employee recognition gift cards.
B. Add a smishing exercise to the annual company training.
C. Issue a general email warning to the company.
D. Have the CEO change phone numbers.
E. Conduct a forensic investigation on the CEO’s phone.
F. Implement mobile device management.
B. Add a smishing exercise to the annual company training.
C. Issue a general email warning to the company.
Which of the following provides the details about the terms of a test with a third-party penetration tester?
A. Rules of engagement
B. Supply chain analysis
C. Right to audit clause
D. Due diligence
A. Rules of engagement
A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement. Which of the following reconnaissance types is the tester performing?
A. Active
B. Passive
C. Defensive
D. Offensive
A. Active
A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?
A. encryption=off
B. http://
C. www.*.com
D. :443
B. http://
A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following methods is most secure?
A. Implementing a bastion host
B. Deploying a perimeter network
C. Installing a WAF
D. Utilizing single sign-on
A. Implementing a bastion host
A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?
A. Application
B. IPS/IDS
C. Network
D. Endpoint
D. Endpoint
A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.
SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?
A. Digital forensics
B. E-discovery
C. Incident response
D. Threat hunting
D. Threat hunting
Which of the following security control types does an acceptable use policy best represent?
A. Detective
B. Compensating
C. Corrective
D. Preventive
D. Preventive
Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?
A. Risk tolerance
B. Risk transfer
C. Risk register
D. Risk analysis
C. Risk register
A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?
A. Open-source intelligence
B. Bug bounty
C. Red team
D. Penetration testing
B. Bug bounty
A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs. Which of the following security benefits do these actions provide? (Choose two.)
A. If a security incident occurs on the device, the correct employee can be notified.
B. The security team will be able to send user awareness training to the appropriate device.
C. Users can be mapped to their devices when configuring software MFA tokens.
D. User-based firewall policies can be correctly targeted to the appropriate laptops.
E. When conducting penetration testing, the security team will be able to target the desired laptops.
F. Company data can be accounted for when the employee leaves the organization.
A. If a security incident occurs on the device, the correct employee can be notified.
F. Company data can be accounted for when the employee leaves the organization.
A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work. Which of the following is the best option?
A. Send out periodic security reminders.
B. Update the content of new hire documentation.
C. Modify the content of recurring training.
D. Implement a phishing campaign.
Modify the content of recurring training.
A systems administrator receives the following alert from a file integrity monitoring tool:
The hash of the cmd.exe file has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?
A. The end user changed the file permissions.
B. A cryptographic collision was detected.
C. A snapshot of the file system was taken.
D. A rootkit was deployed.
A rootkit was deployed.
Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?
A. Client
B. Third-party vendor
C. Cloud provider
D. DBA
A. Client
Which of the following describes the reason root cause analysis should be conducted as part of incident response?
A. To gather IoCs for the investigation
B. To discover which systems have been affected
C. To eradicate any trace of malware on the network
D. To prevent future incidents of the same nature
To prevent future incidents of the same nature
A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?
A. Capacity planning
B. Redundancy
C. Geographic dispersion
D. Tabletop exercise
Capacity planning
A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?
A. Data masking
B. Encryption
C. Geolocation policy
D. Data sovereignty regulation
Geolocation policy
Which of the following is a hardware-specific vulnerability?
A. Firmware version
B. Buffer overflow
C. SQL injection
D. Cross-site scripting
Firmware version
A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?
A. Testing input validation on the user input fields
B. Performing code signing on company-developed software
C. Performing static code analysis on the software
D. Ensuring secure cookies are use
Performing code signing on company-developed software
Which of the following allows for the attribution of messages to individuals?
A. Adaptive identity
B. Non-repudiation
C. Authentication
D. Access logs
Non-repudiation
A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis. Which of the following types of controls is the company setting up?
A. Corrective
B. Preventive
C. Detective
D. Deterrent
Detective
A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?
A. Clustering servers
B. Geographic dispersion
C. Load balancers
D. Off-site backups
Geographic dispersion
Which of the following is the most likely to be included as an element of communication in a security awareness program?
A. Reporting phishing attempts or other suspicious activities
B. Detecting insider threats using anomalous behavior recognition
C. Verifying information when modifying wire transfer data
D. Performing social engineering as part of third-party penetration testing
Reporting phishing attempts or other suspicious activities
An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?
A. ACL
B. DLP
C. IDS
D. IPS
IPS
An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?
A. Exception
B. Segmentation
C. Risk transfer
D. Compensating controls
Compensating controls
After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?
A. Insider threat
B. Email phishing
C. Social engineering
D. Executive whaling
Social engineering
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
A. Cross-site scripting
B. Buffer overflow
C. Jailbreaking
D. Side loading
Jailbreaking
Malware spread across a company’s network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?
A. Impersonation
B. Disinformation
C. Watering-hole
D. Smishing
Watering-hole
Which of the following best ensures minimal downtime and data loss for organizations with critical computing equipment located in earthquake-prone areas?
A. Generators and UPS
B. Off-site replication
C. Redundant cold sites
D. High availability networking
Off-site replication
During a penetration test, a vendor attempts to enter an unauthorized area using an access badge. Which of the following types of tests does this represent?
A. Defensive
B. Passive
C. Offensive
D. Physical
Physical
A company is redesigning its infrastructure and wants to reduce the number of physical servers in use. Which of the following architectures is best suited for this goal?
A. Serverless
B. Segmentation
C. Virtualization
D. Microservices
Virtualization
A bank set up a new server that contains customers’ PII. Which of the following should the bank use to make sure the sensitive data is not modified?
A. Full disk encryption
B. Network access control
C. File integrity monitoring
D. User behavior analytics
File integrity monitoring
An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?
A. Tokenization
B. Hashing
C. Obfuscation
D. Segmentation
Hashing
Client files can only be accessed by employees who need to know the information and have specified roles in the company. Which of the following best describes this security concept?
A. Availability
B. Confidentiality
C. Integrity
D. Non-repudiation
Confidentiality
An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident. Which of the following plans is the IT manager creating?
A. Business continuity
B. Physical security
C. Change management
D. Disaster recovery
Business continuity
A security team is setting up a new environment for hosting the organization’s on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices?
A. Virtualization and isolation of resources
B. Network segmentation
C. Data encryption
D. Strong authentication policies
Virtualization and isolation of resources
A company wants to verify that the software the company is deploying came from the vendor the company purchased the software from. Which of the following is the best way for the company to confirm this information?
A. Validate the code signature.
B. Execute the code in a sandbox.
C. Search the executable for ASCII strings.
D. Generate a hash of the files.
Validate the code signature.
Which of the following security measures is required when using a cloud-based platform for IoT management?
A. Encrypted connection
B. Federated identity
C. Firewall
D. Single sign-on
Encrypted connection
An important patch for a critical application has just been released, and a systems administrator is identifying all of the systems requiring the patch. Which of the following must be maintained in order to ensure that all systems requiring the patch are updated?
A. Asset inventory
B. Network enumeration
C. Data certification
D. Procurement process
Asset inventory
An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?
A. Smishing
B. Disinformation
C. Impersonating
D. Whaling
Impersonating
Which of the following methods would most likely be used to identify legacy systems?
A. Bug bounty program
B. Vulnerability scan
C. Package monitoring
D. Dynamic analysis
Vulnerability scan
After creating a contract for IT contractors, the human resources department changed several clauses. The contract has gone through three revisions. Which of the following processes should the human resources department follow to track revisions?
A. Version validation
B. Version changes
C. Version updates
D. Version control
Version control
A company is reviewing options to enforce user logins after several account takeovers. The following conditions must be met as part of the solution:
- Allow employees to work remotely or from assigned offices around the world.
- Provide a seamless login experience.
- Limit the amount of equipment required.
Which of the following best meets these conditions?
A. Trusted devices
B. Geotagging
C. Smart cards
D. Time-based logins
Trusted devices
A utility company is designing a new platform that will host all the virtual machines used by business applications. The requirements include:
- A starting baseline of 50% memory utilization
- Storage scalability
- Single circuit failure resilience
Which of the following best meets all of these requirements?
A. Connecting dual PDUs to redundant power supplies
B. Transitioning the platform to an IaaS provider
C. Configuring network load balancing for multiple paths
D. Deploying multiple large NAS devices for each host
Transitioning the platform to an IaaS provider
Which of the following best describes a use case for a DNS sinkhole?
A. Attackers can see a DNS sinkhole as a highly valuable resource to identify a company’s domain structure.
B. A DNS sinkhole can be used to draw employees away from known-good websites to malicious ones owned by the attacker.
C. A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers.
D. A DNS sinkhole can be set up to attract potential attackers away from a company’s network resources.
A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers
Which of the following most likely describes why a security engineer would configure all outbound emails to use S/MIME digital signatures?
A. To meet compliance standards
B. To increase delivery rates
C. To block phishing attacks
D. To ensure non-repudiation
To ensure non-repudiation
Which of the following is considered a preventive control?
A. Configuration auditing
B. Log correlation
C. Incident alerts
D. Segregation of duties
Segregation of duties
Which of the following is a common source of unintentional corporate credential leakage in cloud environments?
A. Code repositories
B. Dark web
C. Threat feeds
D. State actors
E. Vulnerability databases
Code repositories
Which of the following is the best reason an organization should enforce a data classification policy to help protect its most sensitive information?
A. End users will be required to consider the classification of data that can be used in documents.
B. The policy will result in the creation of access levels for each level of classification.
C. The organization will have the ability to create security requirements based on classification levels.
D. Security analysts will be able to see the classification of data within a document before opening it.
The organization will have the ability to create security requirements based on classification levels.
An administrator is installing an LDAP browser tool in order to view objects in the corporate LDAP directory. Secure connections to the LDAP server are required. When the browser connects to the server, certificate errors are being displayed, and then the connection is terminated. Which of the following is the most likely solution?
A. The administrator should allow SAN certificates in the browser configuration.
B. The administrator needs to install the server certificate into the local truststore.
C. The administrator should request that the secure LDAP port be opened to the server.
D. The administrator needs to increase the TLS version on the organization’s RA.
The administrator needs to install the server certificate into the local truststore.
A third-party vendor is moving a particular application to the end-of-life stage at the end of the current year. Which of the following is the most critical risk if the company chooses to continue running the application?
A. Lack of security updates
B. Lack of new features
C. Lack of support
D. Lack of source code access
Lack of security updates
Which of the following is best to use when determining the severity of a vulnerability?
A. CVE
B. OSINT
C. SOAR
D. CVSS
CVSS
An organization wants to improve the company’s security authentication method for remote employees. Given the following requirements:
- Must work across SaaS and internal network applications
- Must be device manufacturer agnostic
- Must have offline capabilities
Which of the following would be the most appropriate authentication method?
A. Username and password
B. Biometrics
C. SMS verification
D. Time-based tokens
Time-based tokens
A security officer is implementing a security awareness program and has placed security-themed posters around the building and assigned online user training. Which of the following will the security officer most likely implement?
A. Password policy
B. Access badges
C. Phishing campaign
D. Risk assessment
Phishing campaign
Which of the following is used to conceal credit card information in a database log file?
A. Tokenization
B. Masking
C. Hashing
D. Obfuscation
Masking
Which of the following control types is AUP an example of?
A. Physical
B. Managerial
C. Technical
D. Operational
Managerial
Which of the following would be the best way to test resiliency in the event of a primary power failure?
A. Parallel processing
B. Tabletop exercise
C. Simulation testing
D. Production failover
Production failover
