Security Plus Questions 87-135 Flashcards
A systems administrator reports degraded performance on a virtual server. The administrator increases the virtual memory allocation, which improves conditions, but performances degrades again after a few days. The administrator runs an analysis tool and sees the following output:
==3212== timeAttend.exe
==3214== ERROR SUMMARY:
==3214== malloc/free: in use at exit:4608 bytes in 18 blocks.
==3214== checked 82116 bytes
==3214== definitely lost: 4608 bytes in 18 blocks
The admin terminates the TIMEATTEND.exe observes systems perforce a over the next few days, and notices that the system performance does not degrade. Which of the following issues is MOST likely occurring?
A) DLL injection
B) API attack
C) Buffer overflow
D) memory leak
D) memory leak
An administrator is experiencing issues when trying to upload a support file to a vendor. A pop up message reveals that a payment card number was found in the file. And the file upload was blocked. Which of the following controls is most likely causing the issue and should be checked FIRST?
A) DLP
B) firewall rule
C) content filter
D) MDM
E) Application allow list
C) content filter
Which of the following risk management strategies would an organization use to maintain a legacy system with known risks for operational purpose?
A) acceptance
B) Transference
C) Avoidance
D) Mitigation
D) mitigation
Which of the following is the BEST action to foster a consistent and auditable incident response process?
A) Incent new hires to constantly update the document with external knowledge.
B) Publish the document in a central repository that is easily accessible to the organization.
C) restrict eligibility to comment on the process to subject matter experts of each IT silo.
D) Rotate CIRT members to foster a shared responsibility model in the organization.
D) rotate CIRT members to foster a shared responsibility model in the organization
During a recent penetration test, the tester discovers large amount of data were exfiltrated over the course of 12 months via the internet. The penetration tester stops the test to inform the client of the findings. Which of the following should be the clients NEXT step to mitigate the issue?
A) conduct a full vulnerability scan to identify possible vulnerabilities.
B) Perform containments on the critical servers and resources.
C) Review the firewall and identify the source of the active connection
D) disconnect the entire infrastructure from the internet.
B) perform containment on the critical servers and resources
A security analyst is designing the appropriate controls to limit unauthorized access to a physical site. The analyst has a directive to utilize the lowest possible budget. Which of the following would BEST meet the requirements?
A) preventive controls
B) compensating controls
C) deterrent controls
D) detective controls
A) preventive controls
A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has 100 database that are on premises. Which of the following solutions will require the LEAST management and support from the company ?
A) SaaS
B) IaaS
C) PaaS
D) SDN
B) IaaS
Which of the following employee roles is responsible for protecting an organizations collected personal information?
A) CTO
B) DPO
C) CEO
D) DBA
B) DPO
Against the recommendations of the IT security analyst a company set all user passwords on a server as “P@55w0rD” upon review of the /etc/passwd file,an attacker found the following:
Alice: dddytft764edrd6dd5kd567diyd55kdfykug6u7f65d56djyk
Bob: 66f67od6d5d57d5txckcuyf7fc7c5c7f76d76d5d75c75c75
Chris: iihg9uy8v7c6545s4yduvu6v76f67c65cvilgvuk6kfd564d45d
Which of the following BEST explains why the encryption passwords do not match?
A) perfect forward security
B) key stretching
C) salting
D) hashing
C) salting
After gaining access to a dual-homed (ie wired and wireless) multifunction device by exploiting a vulnerability in the devices firmware, a penetration tester then gains shell access on another network assets. This technique is an example of:
A) privilege escalation
B) foot printing
C) persistence
D) pivoting
D) pivoting
Which of the following should be monitored by threat intelligence researchers who search for leaked credentials?
A) common weakness enumeration
B) OSINT
C) Dark Web
D) vulnerability database
C) Dark web
A security analyst needs to be able to search and correlate logs from multiple sources in a single tool. Which of the following would BEST allow a security analyst to have this ability?
A) SOAR
B) SIEM
C) Log collectors
D) network-attached storage
C) Log Collectors
A security analyst is investigating suspicious traffic on the web server located at IP address 10.10.1.1 A search of the WAF logs reveals the following output:
Which of the following is MOST likely occurring?
A) XSS Attack
B) SQLi attack
C) Replay attack
D) XSRF Attack
A) SQLI attack
Which of the following components can be used to consolidate and forward inbound internet traffic to multiple cloud environments though a single firewall?
A) transit gateway
B) Cloud hot site
C) edge computing
D) DNS Sinkhole
A) transit gateway
A DBA reports that several production server hard drives were wiped over the weekend. The DBA also reports that several Linux servers were unavailable due to system files being deleted unexpectedly. A security analyst verified that software was configured to deleted data deliberately from those servers. No back doors to any servers were found. Which of the following attacks was MOST likely used to cause the data loss?
A) Logic Bomb
B) Ransomware
C) Fileless virus
D) Remote access Trojans
E) Rootkit
A) logic bomb
Digital signature use asymmetric encryption. This means the message is encrypted with:
A) the sender’s private key and decryption with the senders public key.
B) the senders public key and decryption with the senders private key
C) the sender’s private key and decrypted with the recipient public key
D) the sender’s private key and decrypted with the recipient private key.
C) the senders private key and decrypted with the recipient’s public key
A security engineer was assigned to implement a solution to prevent attackers from gaining access by pretending to be authorized users. Which of the following technologies meets the requirements?
A) SSO
B) IDS
C) MFA
D) TPM
C) MFA
The Chief information security officer (CISO) has requested that a third party vendor provide supporting documents that show proper controls are in place to protect customer data. Which of the following would be BEST for the third party vendor to provide to the CISO?
A) GDPR compliance attestation
B) Cloud security alliance materials
C) SCO 2 types 2 report
D) NIST RMF workbooks
C) SOC 2 Type 2 Report
Which of the following is assured when a user signs an email using a private key?
A) Non-repudiation
B) Confidentially
C) Availability
D) authentication
D) authentication