Security Plus Questions 87-135 Flashcards

1
Q

A systems administrator reports degraded performance on a virtual server. The administrator increases the virtual memory allocation, which improves conditions, but performances degrades again after a few days. The administrator runs an analysis tool and sees the following output:

==3212== timeAttend.exe
==3214== ERROR SUMMARY:
==3214== malloc/free: in use at exit:4608 bytes in 18 blocks.
==3214== checked 82116 bytes
==3214== definitely lost: 4608 bytes in 18 blocks

The admin terminates the TIMEATTEND.exe observes systems perforce a over the next few days, and notices that the system performance does not degrade. Which of the following issues is MOST likely occurring?

A) DLL injection
B) API attack
C) Buffer overflow
D) memory leak

A

D) memory leak

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An administrator is experiencing issues when trying to upload a support file to a vendor. A pop up message reveals that a payment card number was found in the file. And the file upload was blocked. Which of the following controls is most likely causing the issue and should be checked FIRST?

A) DLP
B) firewall rule
C) content filter
D) MDM
E) Application allow list

A

C) content filter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following risk management strategies would an organization use to maintain a legacy system with known risks for operational purpose?

A) acceptance
B) Transference
C) Avoidance
D) Mitigation

A

D) mitigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is the BEST action to foster a consistent and auditable incident response process?

A) Incent new hires to constantly update the document with external knowledge.
B) Publish the document in a central repository that is easily accessible to the organization.
C) restrict eligibility to comment on the process to subject matter experts of each IT silo.
D) Rotate CIRT members to foster a shared responsibility model in the organization.

A

D) rotate CIRT members to foster a shared responsibility model in the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

During a recent penetration test, the tester discovers large amount of data were exfiltrated over the course of 12 months via the internet. The penetration tester stops the test to inform the client of the findings. Which of the following should be the clients NEXT step to mitigate the issue?

A) conduct a full vulnerability scan to identify possible vulnerabilities.
B) Perform containments on the critical servers and resources.
C) Review the firewall and identify the source of the active connection
D) disconnect the entire infrastructure from the internet.

A

B) perform containment on the critical servers and resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A security analyst is designing the appropriate controls to limit unauthorized access to a physical site. The analyst has a directive to utilize the lowest possible budget. Which of the following would BEST meet the requirements?

A) preventive controls
B) compensating controls
C) deterrent controls
D) detective controls

A

A) preventive controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has 100 database that are on premises. Which of the following solutions will require the LEAST management and support from the company ?

A) SaaS
B) IaaS
C) PaaS
D) SDN

A

B) IaaS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following employee roles is responsible for protecting an organizations collected personal information?

A) CTO
B) DPO
C) CEO
D) DBA

A

B) DPO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Against the recommendations of the IT security analyst a company set all user passwords on a server as “P@55w0rD” upon review of the /etc/passwd file,an attacker found the following:

Alice: dddytft764edrd6dd5kd567diyd55kdfykug6u7f65d56djyk
Bob: 66f67od6d5d57d5txckcuyf7fc7c5c7f76d76d5d75c75c75
Chris: iihg9uy8v7c6545s4yduvu6v76f67c65cvilgvuk6kfd564d45d

Which of the following BEST explains why the encryption passwords do not match?

A) perfect forward security
B) key stretching
C) salting
D) hashing

A

C) salting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

After gaining access to a dual-homed (ie wired and wireless) multifunction device by exploiting a vulnerability in the devices firmware, a penetration tester then gains shell access on another network assets. This technique is an example of:

A) privilege escalation
B) foot printing
C) persistence
D) pivoting

A

D) pivoting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following should be monitored by threat intelligence researchers who search for leaked credentials?

A) common weakness enumeration
B) OSINT
C) Dark Web
D) vulnerability database

A

C) Dark web

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A security analyst needs to be able to search and correlate logs from multiple sources in a single tool. Which of the following would BEST allow a security analyst to have this ability?

A) SOAR
B) SIEM
C) Log collectors
D) network-attached storage

A

C) Log Collectors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A security analyst is investigating suspicious traffic on the web server located at IP address 10.10.1.1 A search of the WAF logs reveals the following output:

Which of the following is MOST likely occurring?

A) XSS Attack
B) SQLi attack
C) Replay attack
D) XSRF Attack

A

A) SQLI attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following components can be used to consolidate and forward inbound internet traffic to multiple cloud environments though a single firewall?

A) transit gateway
B) Cloud hot site
C) edge computing
D) DNS Sinkhole

A

A) transit gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A DBA reports that several production server hard drives were wiped over the weekend. The DBA also reports that several Linux servers were unavailable due to system files being deleted unexpectedly. A security analyst verified that software was configured to deleted data deliberately from those servers. No back doors to any servers were found. Which of the following attacks was MOST likely used to cause the data loss?

A) Logic Bomb
B) Ransomware
C) Fileless virus
D) Remote access Trojans
E) Rootkit

A

A) logic bomb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Digital signature use asymmetric encryption. This means the message is encrypted with:

A) the sender’s private key and decryption with the senders public key.
B) the senders public key and decryption with the senders private key
C) the sender’s private key and decrypted with the recipient public key
D) the sender’s private key and decrypted with the recipient private key.

A

C) the senders private key and decrypted with the recipient’s public key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A security engineer was assigned to implement a solution to prevent attackers from gaining access by pretending to be authorized users. Which of the following technologies meets the requirements?

A) SSO
B) IDS
C) MFA
D) TPM

A

C) MFA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The Chief information security officer (CISO) has requested that a third party vendor provide supporting documents that show proper controls are in place to protect customer data. Which of the following would be BEST for the third party vendor to provide to the CISO?

A) GDPR compliance attestation
B) Cloud security alliance materials
C) SCO 2 types 2 report
D) NIST RMF workbooks

A

C) SOC 2 Type 2 Report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following is assured when a user signs an email using a private key?

A) Non-repudiation
B) Confidentially
C) Availability
D) authentication

A

D) authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A systems administrator is troubleshooting a servers connections to a internal web server. The administrator needs to determine the correct ports to use. Which of the following tools BEST shows which port on the web server are in a listening state?

A) ipconfig
B) ssh
C) ping
D) netstat

A

D) netstat

21
Q

Which of the following best reduces the security risk introduced when running systems that have expired vendor support and lack of immediate replacement?

A) implement proper network access restrictions
B) initiate a bug bounty program
C) classify the system as shadow IT
D) increase the frequency of vulnerability scans

A

A) implement proper network access restrictions

22
Q

Due to unexpected circumstances, an IT company must vacate its main office, forcing all operations to alternate, off-site locations. Which of the following will the company MOST likely reference for guidance during this change?

A) the business continuity plan
B) the retention policy
C) the disaster recovery plan
D) the incident response plan

A

A) the business continuity plan

23
Q

While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same sign on method. Which of the following would best detect a malicious actor?

A) utilizing SIEM correlation engines
B) deploying net flow at the network border
C) disabling session tokens for all sites
D) deploying a WAF for the web server

A

A) utilizing SIEM correlation engines

24
Q

Two organizations plan to collaborate on the evaluation of new SIEM solutions for their respective companies. A combined effort from both organizations SOC teams would speed up the effort. Which of the following can be written to document this agreement?

A) MOU
B) ISA
C) SLA
D) NDA

A

A) MOU

25
Q

The chief information security officer wants to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations. Which of the following would be the BEST solution to implement ?

A) DLP
B) USB data blocker
C) USB OTG
D) Disabling USB ports

A

B) USB data blocker

26
Q

The board of directors at a company contracted with an insurance firm to limit the organization liability. Which of the following risk management practices does this BEST describe?

A) transference
B) avoidance
C) mitigation
D) acknowledgment

A

A) transference

27
Q

Which of the following is a risk that is specifically associated with hosting applications in the public cloud?

A) unsecured root accounts
B) zero day
C) shared tenancy
D) insider threat

A

C) shared tenancy

28
Q

DDoS attack are causing an overload on the cluster of cloud servers. A security architect is researching alternatives to make the cloud environment response to load fluctuation in a cost effective way. Which of the following options BEST fulfills the architects requirements ?

A) an orchestration solution that can adjust scalability of cloud assists
B) use of multi path by adding more connections to cloud storage
C) cloud asserts replicated on geographically distributed regions
D) an onsite backup that is displayed and only used when the load increases

A

A) an orchestration solution that can adjust scalability of cloud assets

29
Q

Which of the following documents provides expectations at a technical level for quality, availability, and responsibility?

A) EOL
B) SLA
C) MOU
D) EOSL

A

B) SLA

30
Q

Which of the following is an example of transference of risk?

A) purchasing insurance
B) patching vulnerable servers
C) retiring outdated application
D) application owner risk sign off

A

A) purchasing insurance

31
Q

An employee received a word processing file that was delivered as an email attachment. The subject line and email content enticed the employee to open the attachment. Which of the following attack vectors BEST matches this malware?

A) embedded Python code
B) macro-enabled file
C) bash scripting
D) credential harvesting website

A

B) Macro enable file

32
Q

a security proposal was set up to track request for remote access by creating a baseline of the users common sign in properties. When a baseline deviation is detected, an MFA challenge will be triggered. Which of the following should be configured in order to deploy the proposal?

A) context aware authentication
B) simultaneous authentication of equals
C) extensive authentication protocol
D) agent less network access control

A

A) context aware authentication

33
Q

Which of the following secure coding techniques makes compromised code more difficult for hackers to use?

A) obfuscation
B) normalization
C) execution
D) reuse

A

A) obfuscation

34
Q

As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the auditor do to complete the assessment ?

A) user behavior analysis
B) packet captures
C) configuration review
D) log analysis

A

D) log analysis

35
Q

A database administrator wants to grant access to an application that will be reading and writing data to a database. The database is shared by other applications also used by the finance department. Which of the following account types is MOST appropriate for this purpose?

A) service
B) shared
C) generic
D) admin

A

C) generic

36
Q

A security analyst generated a file named HOST1.PCAP and shared it with a team member who is going to use it for further incident analysis. Which of the following tools will the other team member MOST likely use to open this file?

A) autopsy
B) memdump
C) FTK imager
D) wire shark

A

D) wire shark

37
Q

An application developer accidentally uploaded a company’s code signing certificate private key to a public web server. The company is concerned about malicious use of its certificate. Which of the following should the company do FIRST?

A) delete the private key from the repository
B) verify the public key is not exposed as well
C) updated the DLP solution to check for private keys
D) revoke the code signing certificate

A

D) revoke the code signing certificate

38
Q

An organization implemented a process that compares the settings currently configured on systems against secure configurations guidelines in order to identify any gaps. Which of the following control types has the organization implemented?

A) compensating
B) corrective
C) preventive
D) detective

A

D) detective

39
Q

The chief information security officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high risk SaaS applications to be blocked from user access. Which of the following is the BEST security solution to reduce this risk?

A) CASB
B) VPN Concentrator
C) MFA
D) VPC endpoint

A

A) CASB

40
Q

A tech enables full disk encryption on a laptop that will be taken on a business trip. Which of the following does this process BEST protect?

A) data in transit
B) data in processing
C) data at rest
D) data tokenization

A

C) data at rest

41
Q

A security analyst was called to investigate a file received directly from a hardware manufacturer. The analyst is trying to determine whether the file was modified in transit before installing on the users computer. Which of the following can be used to safely assess the file ?

A) check the hash of the installation file
B) match the file names
C) verify the URL download location
D) verify the code signing certificate

A

A) check the hash of the installation file

42
Q

A help desk technician receives a phone call from someone claiming to be a part of the organization’s cybersecurity incident response team.The caller asks the tech to verify the networks internal firewall IP add. Which of the following is the techs best course of actions?

A) direct the caller to stop by the help desk in person and hang up declining any further requests from the caller.
B) ask for the callers name, verify the person’s identity in the email directory and provide the requested information over the phone.
C) write down the phone number of the caller is possible, the name of the person requesting the information, hang up, and notify the organization cybersecurity officer.
D) request the caller send an email for identity verification and provide the requested information via email to the caller.

A

C) write down the phone number of the caller is possible, the name of the person requesting the information, hang up, and notify the organization cybersecurity officer.

43
Q

Which of the following would BEST provide detective and corrective controls for thermal regulation?

A) a smoke detector
B) a fire alarm
C) an HVAC system
D) a fire suppression system
E) Guards

A

C) An HVAC system

44
Q

Which of the following is a benefit of including a risk management framework into an organizations security approach?

A) it defines expected service levels from participating supply chain partners to ensure system outages are remediate in a timely manner.
B) it identifies specific vendor products that have been tested and approved for use in a secure environment
C) it provides legal assurances and remedies in the event a data breach occurs.
D) it incorporates control, development, policy, and management activities into IT operations.

A

D) it incorporates control, development, policy, and management activities into IT operations.

45
Q

An organization maintains several environmental in which patches are delevoped and tested before being deployed to an operational status. Which of the following is the environment in which patches will be deployed just prior to being put into an operational status ?

A) development
B) Test
C) production
D) staging

A

C) production

46
Q

During a trail, a judge determined evidence gathered from a hard drive was not admissible. Which of the following BEST explains this reasoning?

A) The forensic investigator forgot to run and checksum on the disk image after creation.
B) the chain of custody form did not note time zone offsets between transportation regions.
C) The computer was turned off and a RAM image could not be taken at the same time.
D) The hard drive was not properly kept in an anti static bag when it was moved

A

D) The hard drive was not properly kept in an anti static bag when it was moved

47
Q

An organization wants to implement a biometric system with the highest like hood that an unauthorized user will be denied access. Which of the following should the organization use to compare biometric solutions?

A) FRR
B) Difficulty of use
C) Cost
D) FAR
E) CER

A

D) FAR

48
Q

A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels: however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but the documents were downloaded from an employees COPE tablet and passed to the competitor via cloud storage. Which of the following is the BEST remediation for this data leak?

A) User training
B) CASB
C) MDM
D) DLP

A

D) DLP

49
Q

An attackers was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP add associated with the shopping site. Later, the user received an email regarding the credit card statement with unusual purchases. Which of the following attacks took place?

A) on path attack
B) protocol poisoning
C) domain hijacking
D) bluejacking

A

C) domain hijacking