Study Guide 201-300 Flashcards by Chalon Christianna

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

A. To track the status of patching installations
B. To find shadow IT cloud deployments
C. To continuously the monitor hardware inventory
D. To hunt for active attackers in the network

A. To track the status of patching installations

How well did you know this?

Not at all

Perfectly

Which of the following is classified as high availability in a cloud environment?

A. Access broker
B. Cloud HSM (Hardware Security Module)
C. WAF
D. Load balancer

D. Load balancer

How well did you know this?

Not at all

Perfectly

Which of the following security measures is required when using a cloud-based platform for IoT management?

A. Encrypted connection
B. Federated identity
C. Firewall
D. Single sign-on

A. Encrypted connection

How well did you know this?

Not at all

Perfectly

Which of the following threat vectors is most commonly utilized by insider threat actors attempting data exfiltration?

A. Unidentified removable devices
B. Default network device credentials
C. Spear phishing emails
D. Impersonation of business units through typosquatting

A. Unidentified removable devices

How well did you know this?

Not at all

Perfectly

Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?

A. Encryption
B. Hashing
C. Masking
D. Tokenization

C. Masking

How well did you know this?

Not at all

Perfectly

The Chief Information Security Officer (CISO) has determined the company is non-compliant with local data privacy regulations. The CISO needs to justify the budget request for more resources. Which of the following should the CISO present to the board as the direct consequence of non-compliance?

A. Fines
B. Reputational damage
C. Sanctions
D. Contractual implications

A. Fines

How well did you know this?

Not at all

Perfectly

Which of the following alert types is the most likely to be ignored over time?

A. True positive
B. True negative
C. False positive
D. False negative

C. False positive

How well did you know this?

Not at all

Perfectly

A security analyst is investigating an application server and discovers that software on the server is behaving abnormally. The software normally runs batch jobs locally and does not generate traffic, but the process is now generating outbound traffic over random high ports. Which of the following vulnerabilities has likely been exploited in this software?

A. Memory injection
B. Race condition
C. Side loading
D. SQL injection

A. Memory injection

How well did you know this?

Not at all

Perfectly

An important patch for a critical application has just been released, and a systems administrator is identifying all of the systems requiring the patch. Which of the following must be maintained in order to ensure that all systems requiring the patch are updated?

A. Asset inventory
B. Network enumeration
C. Data certification
D. Procurement process

A. Asset inventory

How well did you know this?

Not at all

Perfectly

Which of the following should a security operations center use to improve its incident response procedure?

A. Playbooks
B. Frameworks
C. Baselines
D. Benchmarks

A. Playbooks

How well did you know this?

Not at all

Perfectly

Which of the following describes an executive team that is meeting in a board room and testing the company’s incident response plan?

A. Continuity of operations
B. Capacity planning
C. Tabletop exercise
D. Parallel processing

C. Tabletop exercise

How well did you know this?

Not at all

Perfectly

A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies. Which of the following is the most important consideration during development?

A. Scalability
B. Availability
C. Cost
D. Ease of deployment

B. Availability

How well did you know this?

Not at all

Perfectly

Which of the following agreement types defines the time frame in which a vendor needs to respond?

A. SOW
B. SLA
C. MOA
D. MOU

B. SLA

How well did you know this?

Not at all

Perfectly

Which of the following is a feature of a next-generation SIEM system?

A. Virus signatures
B. Automated response actions
C. Security agent deployment
D. Vulnerability scanning

B. Automated response actions

How well did you know this?

Not at all

Perfectly

To improve the security at a data center, a security administrator implements a CCTV system and posts several signs about the possibility of being filmed. Which of the following best describe these types of controls? (Choose two.)

A. Preventive
B. Deterrent
C. Corrective
D. Directive
E. Compensating
F. Detective

B. Deterrent
F. Detective

How well did you know this?

Not at all

Perfectly

Which of the following examples would be best mitigated by input sanitization?

A. <script>alert ("Warning!") ;</script>
B. nmap - 10.11.1.130
C. Email message: "Click this link to get your free gift card."
D. Browser message: "Your connection is not private."

alert ("Warning!") ;

How well did you know this?

Not at all

Perfectly

An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

A. Smishing
B. Disinformation
C. Impersonating
D. Whaling

C. Impersonating

How well did you know this?

Not at all

Perfectly

After conducting a vulnerability scan, a systems administrator notices that one of the identified vulnerabilities is not present on the systems that were scanned. Which of the following describes this example?

A. False positive
B. False negative
C. True positive
D. True negative

A. False positive

How well did you know this?

Not at all

Perfectly

A recent penetration test identified that an attacker could flood the MAC address table of network switches. Which of the following would best mitigate this type of attack?

A. Load balancer
B. Port security
C. IPS
D. NGFW

B. Port security

How well did you know this?

Not at all

Perfectly

A user would like to install software and features that are not available with a smartphone’s default software. Which of the following would allow the user to install unauthorized software and enable new features?

A. SQLi
B. Cross-site scripting
C. Jailbreaking
D. Side loading

C. Jailbreaking

How well did you know this?

Not at all

Perfectly

Which of the following phases of an incident response involves generating reports?

A. Recovery
B. Preparation
C. Lessons learned
D. Containment

C. Lessons learned

How well did you know this?

Not at all

Perfectly

Which of the following methods would most likely be used to identify legacy systems?

A. Bug bounty program
B. Vulnerability scan
C. Package monitoring
D. Dynamic analysis

B. Vulnerability scan

How well did you know this?

Not at all

Perfectly

Employees located off-site must have access to company resources in order to complete their assigned tasks. These employees utilize a solution that allows remote access without interception concerns. Which of the following best describes this solution?

A. Proxy server
B. NGFW
C. VPN
D. Security zone

C. VPN

How well did you know this?

Not at all

Perfectly

A company allows customers to upload PDF documents to its public e-commerce website. Which of the following would a security analyst most likely recommend?

A. Utilizing attack signatures in an IDS
B. Enabling malware detection through a UTM (unified threat management)
C. Limiting the affected servers with a load balancer
D. Blocking command injections via a WAF

B. Enabling malware detection through a UTM

How well did you know this?

Not at all

Perfectly

A security analyst developed a script to automate a trivial and repeatable task. Which of the following best describes the benefits of ensuring other team members understand how the script works? A. To reduce implementation cost B. To identify complexity C. To remediate technical debt D. To prevent a single point of failure

D. To prevent a single point of failure

A company is decommissioning its physical servers and replacing them with an architecture that will reduce the number of individual operating systems. Which of the following strategies should the company use to achieve this security requirement? A. Microservices B. Containerization C. Virtualization D. Infrastructure as code

B. Containerization

An administrator needs to perform server hardening before deployment. Which of the following steps should the administrator take? (Choose two.) A. Disable default accounts. B. Add the server to the asset inventory. C. Remove unnecessary services. D. Document default passwords. E. Send server logs to the SIEM. F. Join the server to the corporate domain

A. Disable default accounts. C. Remove unnecessary services.

A Chief Information Security Officer would like to conduct frequent, detailed reviews of systems and procedures to track compliance objectives. Which of the following will be the best method to achieve this objective? A. Third-party attestation B. Penetration testing C. Internal auditing D. Vulnerability scans

C. Internal auditing

Which of the following security concepts is accomplished with the installation of a RADIUS server? A. CIA B. AAA C. ACL D. PEM

B. AAA

The executive management team is mandating the company develop a disaster recovery plan. The cost must be kept to a minimum, and the money to fund additional internet connections is not available. Which of the following would be the best option? A. Hot site B. Cold site C. Failover site D. Warm site

B. Cold site

After creating a contract for IT contractors, the human resources department changed several clauses. The contract has gone through three revisions. Which of the following processes should the human resources department follow to track revisions? A. Version validation B. Version changes C. Version updates D. Version control

D. Version control

An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do? A. Deploy multifactor authentication. B. Decrease the level of the web filter settings. C. Implement security awareness training. D. Update the acceptable use policy.

C. Implement security awareness training.

Which of the following teams is best suited to determine whether a company has systems that can be exploited by a potential, identified vulnerability? A. Purple team B. Blue team C. Red team D. White team

C. Red team

A company is reviewing options to enforce user logins after several account takeovers. The following conditions must be met as part of the solution: * Allow employees to work remotely or from assigned offices around the world. * Provide a seamless login experience. * Limit the amount of equipment required. Which of the following best meets these conditions? A. Trusted devices B. Geotagging C. Smart cards D. Time-based logins

A. Trusted devices

Which of the following methods can be used to detect attackers who have successfully infiltrated a network? (Choose two.) A. Tokenization B. CI/CD C. Honeypots D. Threat modeling E. DNS sinkhole F. Data obfuscation

C. Honeypots E. DNS sinkhole

A company wants to ensure that the software it develops will not be tampered with after the final version is completed. Which of the following should the company most likely use? A. Hashing B. Encryption C. Baselines D. Tokenization

A. Hashing

An organization completed a project to deploy SSO across all business applications last year. Recently, the finance department selected a new cloud-based accounting software vendor. Which of the following should most likely be configured during the new software deployment? A. RADIUS (Remote Authentication Dial-In Service) B. SAML (Security Assertion Markup Language) C. EAP(Extensible Authentication Protocol) D. OpenID

B. SAML

A user, who is waiting for a flight at an airport, logs in to the airline website using the public Wi-Fi, ignores a security warning and purchases an upgraded seat. When the flight lands, the user finds unauthorized credit card charges. Which of the following attacks most likely occurred? A. Replay attack B. Memory leak C. Buffer overflow attack D. On-path attack

D. On-path attack

A network engineer deployed a redundant switch stack to increase system availability. However, the budget can only cover the cost of one ISP connection. Which of the following best describes the potential risk factor? A. The equipment MTBF is unknown. B. The ISP has no SLA. C. An RPO has not been determined. D. There is a single point of failure.

D. There is a single point of failure.

A network team segmented a critical, end-of-life server to a VLAN that can only be reached by specific devices but cannot be reached by the perimeter network. Which of the following best describe the controls the team implemented? (Choose two.) A. Managerial B. Physical C. Corrective D. Detective E. Compensating F. Technical G. Deterrent

E. Compensating F. Technical

Which of the following best describes the risk present after controls and mitigating factors have been applied? A. Residual B. Avoided C. Inherent D. Operational

A. Residual

A threat actor was able to use a username and password to log in to a stolen company mobile device. Which of the following provides the best solution to increase mobile data security on all employees' company mobile devices? A. Application management B. Full disk encryption C. Remote wipe D. Containerization

C. Remote wipe

A software development team asked a security administrator to recommend techniques that should be used to reduce the chances of the software being reverse engineered. Which of the following should the security administrator recommend? A. Digitally signing the software B. Performing code obfuscation C. Limiting the use of third-party libraries D. Using compile flags

B. Performing code obfuscation

Which of the following is a possible factor for MFA? A. Something you exhibit B. Something you have C. Somewhere you are D. Someone you know

B. Something you have

Easy-to-guess passwords led to an account compromise. The current password policy requires at least 12 alphanumeric characters, one uppercase character, one lowercase character, a password history of two passwords, a minimum password age of one day, and a maximum password age of 90 days. Which of the following would reduce the risk of this incident from happening again? (Choose two.) A. Increasing the minimum password length to 14 characters. B. Upgrading the password hashing algorithm from MD5 to SHA-512. C. Increasing the maximum password age to 120 days. D. Reducing the minimum password length to ten characters. E. Reducing the minimum password age to zero days. F. Including a requirement for at least one special character

A. Increasing the minimum password length to 14 characters. F. Including a requirement for at least one special character.

A user downloaded software from an online forum. After the user installed the software, the security team observed external network traffic connecting to the user's computer on an uncommon port. Which of the following is the most likely explanation of this unauthorized connection? A. The software had a hidden keylogger. B. The software was ransomware. C. The user's computer had a fileless virus. D. The software contained a backdoor.

D. The software contained a backdoor.

A utility company is designing a new platform that will host all the virtual machines used by business applications. The requirements include: * A starting baseline of 50% memory utilization * Storage scalability * Single circuit failure resilience Which of the following best meets all of these requirements? A. Connecting dual PDUs to redundant power supplies B. Transitioning the platform to an IaaS provider C. Configuring network load balancing for multiple paths D. Deploying multiple large NAS devices for each host

B. Transitioning the platform to an IaaS provider

Which of the following best describes a use case for a DNS sinkhole? A. Attackers can see a DNS sinkhole as a highly valuable resource to identify a company's domain structure. B. A DNS sinkhole can be used to draw employees away from known-good websites to malicious ones owned by the attacker. C. A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers. D. A DNS sinkhole can be set up to attract potential attackers away from a company's network resources.

C. A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers.

An incident analyst finds several image files on a hard disk. The image files may contain geolocation coordinates. Which of the following best describes the type of information the analyst is trying to extract from the image files? A. Log data B. Metadata C. Encrypted data D. Sensitive data

B. Metadata

Which of the following most likely describes why a security engineer would configure all outbound emails to use S/MIME digital signatures? A. To meet compliance standards B. To increase delivery rates C. To block phishing attacks D. To ensure non-repudiation

D. To ensure non-repudiation

During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers. Which of the following describes an attack method that relates to printing centers? A. Whaling B. Credential harvesting C. Prepending D. Dumpster diving

D. Dumpster diving

Which of the following considerations is the most important regarding cryptography used in an IoT device? A. Resource constraints B. Available bandwidth C. The use of block ciphers D. The compatibility of the TLS version

A. Resource constraints

A coffee shop owner wants to restrict internet access to only paying customers by prompting them for a receipt number. Which of the following is the best method to use given this requirement? A. WPA3 B. Captive portal C. PSK D. IEEE 802.1X

B. Captive portal

While performing digital forensics, which of the following is considered the most volatile and should have the contents collected first? A. Hard drive B. RAM C. SSD D. Temporary files

B. RAM

A hosting provider needs to prove that its security controls have been in place over the last six months and have sufficiently protected customer data. Which of the following would provide the best proof that the hosting provider has met the requirements? A. NIST CSF B. SOC 2 Type 2 report C. CIS Top 20 compliance reports D. Vulnerability report

B. SOC 2 Type 2 report

A city municipality lost its primary data center when a tornado hit the facility. Which of the following should the city staff use immediately after the disaster to handle essential public services? A. BCP B. Communication plan C. DRP D. IRP

C. DRP

Which of the following is considered a preventive control? A. Configuration auditing B. Log correlation C. Incident alerts D. Segregation of duties

D. Segregation of duties

A systems administrator notices that a testing system is down. While investigating, the systems administrator finds that the servers are online and accessible from any device on the server network. The administrator reviews the following information from the monitoring system: Ref Picture Which of the following is the most likely cause of the outage? A. Denial of service B. ARP poisoning C. Jamming D. Kerberoasting

A. Denial of service

A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link that is redirecting to a dead domain. Which of the following is the best step for the security team to take? A. Create a blocklist for all subject lines. B. Send the dead domain to a DNS sinkhole. C. Quarantine all emails received and notify all employees. D. Block the URL shortener domain in the web proxy.

D. Block the URL shortener domain in the web proxy.

A security administrator is working to secure company data on corporate laptops in case the laptops are stolen. Which of the following solutions should the administrator consider? A. Disk encryption B. Data loss prevention C. Operating system hardening D. Boot security

A. Disk encryption

A company needs to keep the fewest records possible, meet compliance needs, and ensure destruction of records that are no longer needed. Which of the following best describes the policy that meets these requirements? A. Security policy B. Classification policy C. Retention policy D. Access control policy

C. Retention policy

Which of the following is a common source of unintentional corporate credential leakage in cloud environments? A. Code repositories B. Dark web C. Threat feeds D. State actors E. Vulnerability databases

A. Code repositories

Which of the following is the best reason an organization should enforce a data classification policy to help protect its most sensitive information? A. End users will be required to consider the classification of data that can be used in documents. B. The policy will result in the creation of access levels for each level of classification. C. The organization will have the ability to create security requirements based on classification levels. D. Security analysts will be able to see the classification of data within a document before opening it.

C. The organization will have the ability to create security requirements based on classification levels.

An analyst is performing a vulnerability scan against the web servers exposed to the internet without a system account. Which of the following is most likely being performed? A. Non-credentialed scan B. Packet capture C. Privilege escalation D. System enumeration E. Passive scan

A. Non-credentialed scan

A security administrator is hardening corporate systems and applying appropriate mitigations by consulting a real-world knowledge base for adversary behavior. Which of the following would be best for the administrator to reference? A. MITRE ATT&CK B. CSIRT C. CVSS D. SOAR

A. MITRE ATT&CK

An architect has a request to increase the speed of data transfer using JSON requests externally. Currently, the organization uses SFTP to transfer data files. Which of the following will most likely meet the requirements? A. A website-hosted solution B. Cloud shared storage C. A secure email solution D. Microservices using API

D. Microservices using API

Which of the following addresses individual rights such as the right to be informed, the right of access, and the right to be forgotten? A. GDPR B. PCI DSS C. NIST D. ISO

A. GDPR

An administrator is installing an LDAP browser tool in order to view objects in the corporate LDAP directory. Secure connections to the LDAP server are required. When the browser connects to the server, certificate errors are being displayed, and then the connection is terminated. Which of the following is the most likely solution? A. The administrator should allow SAN certificates in the browser configuration. B. The administrator needs to install the server certificate into the local truststore. C. The administrator should request that the secure LDAP port be opened to the server. D. The administrator needs to increase the TLS version on the organization's RA.

B. The administrator needs to install the server certificate into the local truststore.

Which of the following is the most important security concern when using legacy systems to provide production service? A. Instability B. Lack of vendor support C. Loss of availability D. Use of insecure protocols

B. Lack of vendor support

A security investigation revealed that malicious software was installed on a server using a server administrator's credentials. During the investigation, the server administrator explained that Telnet was regularly used to log in. Which of the following most likely occurred? A. A spraying attack was used to determine which credentials to use. B. A packet capture tool was used to steal the password. C. A remote-access Trojan was used to install the malware. D. A dictionary attack was used to log in as the server administrator.

B. A packet capture tool was used to steal the password

A user is requesting Telnet access to manage a remote development web server. Insecure protocols are not allowed for use within any environment. Which of the following should be configured to allow remote access to this server? A. HTTPS B. SNMPv3 C. SSH D. RDP E. SMTP

C. SSH

A security administrator is working to find a cost-effective solution to implement certificates for a large number of domains and subdomains owned by the company. Which of the following types of certificates should the administrator implement? A. Wildcard B. Client certificate C. Self-signed D. Code signing

A. Wildcard

An auditor discovered multiple insecure ports on some servers. Other servers were found to have legacy protocols enabled. Which of the following tools did the auditor use to discover these issues? A. Nessus B. curl C. Wireshark D. netcat

A. Nessus

A security analyst received a tip that sensitive proprietary information was leaked to the public. The analyst is reviewing the PCAP and notices traffic between an internal server and an external host that includes the following: ... 12:47:22.327233 PPPoE [ses 0x8122] IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto IPv6 (41), length 331) 10.5.1.1 > 52.165.16.154: IP6 (hlim E3, next-header TCP (6) paylcad length: 271) 2001:67c:2158:a019::ace.53104 > 2001:0:5ef5:79fd:380c:dddd:a601:24fa.13788: Flags [P.], cksum 0xd7ee (correct), seq 97:348, ack 102, win 16444, length 251 ... Which of the following was most likely used to exfiltrate the data? A. Encapsulation B. MAC address spoofing C. Steganography D. Broken encryption E. Sniffing via on-path position

A. Encapsulation

A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize? A. Serverless architecture B. Thin clients C. Private cloud D. Virtual machines

A. Serverless architecture

A security administrator is performing an audit on a stand-alone UNIX server, and the following message is immediately displayed: (Error 13): /etc/shadow: Permission denied. Which of the following best describes the type of tool that is being used? A. Pass-the-hash monitor B. File integrity monitor C. Forensic analysis D. Password cracker

D. Password cracker

A security administrator needs to create firewall rules for the following protocols: RTP, SIP, H.323. and SRTP. Which of the following does this rule set support? A. RTOS B. VoIP C. SoC D. HVAC

B. VoIP

Which of the following best describes a social engineering attack that uses a targeted electronic messaging campaign aimed at a Chief Executive Officer? A. Whaling B. Spear phishing C. Impersonation D. Identity fraud

A. Whaling

During a penetration test, a flaw in the internal PKI was exploited to gain domain administrator rights using specially crafted certificates. Which of the following remediation tasks should be completed as part of the cleanup phase? A. Updating the CRL B. Patching the CA C. Changing passwords D. Implementing SOAR

B. Patching the CA

A company wants to implement MFA. Which of the following enables the additional factor while using a smart card? A. PIN B. Hardware token C. User ID D. SMS

A. PIN

A company hired an external consultant to assist with required system upgrades to a critical business application. A systems administrator needs to secure the consultant's access without sharing passwords to critical systems. Which of the following solutions should most likely be utilized? A. TACACS+ B. SAML C. An SSO platform D. Role-based access control E. PAM software

E. PAM software

A newly implemented wireless network is designed so that visitors can connect to the wireless network for business activities. The legal department is concerned that visitors might connect to the network and perform illicit activities. Which of me following should the security team implement to address this concern? A. Configure a RADIUS server to manage device authentication. B. Use 802.1X on all devices connecting to wireless. C. Add a guest captive portal requiring visitors to accept terms and conditions. D. Allow for new devices to be connected via WPS.

C. Add a guest captive portal requiring visitors to accept terms and conditions

Which of the following data roles is responsible for identifying risks and appropriate access to data? A. Owner B. Custodian C. Steward D. Controller

A. Owner

Which of the following physical controls can be used to both detect and deter? (Choose two.) A. Lighting B. Fencing C. Signage D. Sensor E. Bollard F. Lock

A. Lighting D. Sensor

A multinational bank hosts several servers in its data center. These servers run a business-critical application used by customers to access their account information. Which of the following should the bank use to ensure accessibility during peak usage times? A. Load balancer B. Cloud backups C. Geographic dispersal D. Disk multipathing

A. Load balancer

The author of a software package is concerned about bad actors repackaging and inserting malware into the software. The software download is hosted on a website, and the author exclusively controls the website's contents. Which of the following techniques would best ensure the software's integrity? A. Input validation B. Code signing C. Secure cookies D. Fuzzing

B. Code signing

A third-party vendor is moving a particular application to the end-of-life stage at the end of the current year. Which of the following is the most critical risk if the company chooses to continue running the application? A. Lack of security updates B. Lack of new features C. Lack of support D. Lack of source code access

A. Lack of security updates

A security analyst recently read a report about a flaw in several of the organization's printer models that causes credentials to be sent over the network in cleartext, regardless of the encryption settings. Which of the following would be best to use to validate this finding? A. Wireshark B. netcat C. Nessus D. Nmap

A. Wireshark

A development team is launching a new public-facing web product. The Chief Information Security Officer has asked that the product be protected from attackers who use malformed or invalid inputs to destabilize the system. Which of the following practices should the development team implement? A. Fuzzing B. Continuous deployment C. Static code analysis D. Manual peer review

A. Fuzzing

During an annual review of the system design, an engineer identified a few issues with the currently released design. Which of the following should be performed next according to best practices? A. Risk management process B. Product design process C. Design review process D. Change control process

D. Change control process

Which of the following is best to use when determining the severity of a vulnerability? A. CVE B. OSINT C. SOAR D. CVSS

D. CVSS

An organization experienced a security breach that allowed an attacker to send fraudulent wire transfers from a hardened PC exclusively to the attacker's bank through remote connections. A security analyst is creating a timeline of events and has found a different PC on the network containing malware. Upon reviewing the command history, the analyst finds the following: PS>.\mimikatz.exe "sekurlsa::pth /user:localadmin /domain:corp-domain.com /ntlm:B4B9B02E1F29A3CF193EAB28C8D617D3F327 Which of the following best describes how the attacker gained access to the hardened PC? A. The attacker created fileless malware that was hosted by the banking platform. B. The attacker performed a pass-the-hash attack using a shared support account. C. The attacker utilized living-off-the-land binaries to evade endpoint detection and response software. D. The attacker socially engineered the accountant into performing bad transfers.

B. The attacker performed a pass-the-hash attack using a shared support account.

Which of the following is the best resource to consult for information on the most common application exploitation methods? A. OWASP B. STIX C. OVAL D. Threat intelligence feed E. Common Vulnerabilities and Exposures

A. OWASP

A security analyst is reviewing the logs on an organization's DNS server and notices the following unusual snippet: Refer to picture Which of the following attack techniques was most likely used? A. Determining the organization's ISP-assigned address space B. Bypassing the organization's DNS sinkholing C. Footprinting the internal network D. Attempting to achieve initial access to the DNS server E. Exfiltrating data from fshare.int.complia.org

C. Footprinting the internal network

A security analyst at an organization observed several user logins from outside the organization's network. The analyst determined that these logins were not performed by individuals within the organization. Which of the following recommendations would reduce the likelihood of future attacks? (Choose two.) A. Disciplinary actions for users B. Conditional access policies C. More regular account audits D. Implementation of additional authentication factors E. Enforcement of content filtering policies F. A review of user account permissions

B. Conditional access policies D. Implementation of additional authentication factors

A security team is addressing a risk associated with the attack surface of the organization's web application over port 443. Currently, no advanced network security capabilities are in place. Which of the following would be best to set up? (Choose two.) A. NIDS B. Honeypot C. Certificate revocation list D. HIPS E. WAF F. SIEM

A. NIDS E. WAF

A systems administrator would like to create a point-in-time backup of a virtual machine. Which of the following should the administrator use? A. Replication B. Simulation C. Snapshot D. Containerization

C. Snapshot

A security administrator notices numerous unused, non-compliant desktops are connected to the network. Which of the following actions would the administrator most likely recommend to the management team? A. Monitoring B. Decommissioning C. Patching D. Isolating

B. Decommissioning

Which of the following is a common data removal option for companies that want to wipe sensitive data from hard drives in a repeatable manner but allow the hard drives to be reused? A. Sanitization B. Formatting C. Degaussing D. Defragmentation

A. Sanitization

An organization wants to improve the company's security authentication method for remote employees. Given the following requirements: * Must work across SaaS and internal network applications * Must be device manufacturer agnostic * Must have offline capabilities Which of the following would be the most appropriate authentication method? A. Username and password B. Biometrics C. SMS verification D. Time-based tokens

D. Time-based tokens