Topic 6 (newest questions) Flashcards
A Chief Information Security Officer (CISO) asks the security architect to design a method for contractors to
access the company’s internal wiki, corporate directory, and email services securely without allowing access to systems beyond the scope of their project. Which of the following methods would BEST fit the needs of the
CISO?
VPN
PaaS
laaS
VDI
VPN
A security analyst wishes to scan the network to view potentially vulnerable systems the way an attacker
would. Which of the following would BEST enable the analyst to complete the objective?
Perform a non-credentialed scan.
Conduct an intrusive scan.
Attempt escalation of privilege.
Execute a credentialed scan.
Perform a non-credentialed scan
A contracting company recently completed its period of performance on a government contract and would like to destroy all information associated with contract performance. Which of the following is the best NEXT step for the company to take?
Consult data disposition policies in the contract.
Use a pulper or pulverizer for data destruction
Retain the data for a period no more than one year
Burn hard copies containing Pll or PHI.
Consult data disposition policies in the contract.
A threat actor motivated by political goals that is active for a short period of time but has virtually unlimited
resources is BEST categorized as a:
hacktivist.
nation-state
script kiddie
APT
nation-state
Which of the following types of security testing is the MOST cost-effective approach used to analyze existing code and identity areas that require patching?
Black box Gray box White box Red team Blue team
White box
A security analyst is assessing a small company’s internal servers against recommended security practices.
Which of the following should the analyst do to conduct the assessment? (Select TWO).
Compare configurations against platform benchmarks,
Confirm adherence to the company’s industry-specific regulations.
Review the company’s current security baseline,
Verify alignment with policy related to regulatory compliance
Run an exploitation framework to confirm vulnerabilities
Review the company’s current security baseline.
and
Run an exploitation framework to confirm vulnerabilities
A security analyst is emailing PII in a spreadsheet file to an audit validator for after-actions related to a
security assessment. The analyst must make sure the PII data is protected with the following minimum
requirements:
*Ensure confidentiality at rest.
* Ensure the integrity of the original email message.
Which of the following controls would ensure these data security requirements are carried out?
Encrypt and sign the email using S/MIME.
Encrypt the email and send it using TLS.
Hash the email using SHA-1.
Sign the email using MD5
Encrypt and sign the email using S/MIME
A member of the human resources department received the following email message after sending an email containing benefit and tax information to a candidate:
“Your message has been quarantined for the following policy violation: external_potential_Pll. Please contact
the IT security administrator for further details.”
Which of the following BEST describes why this message was received?
The DLP system flagged the message
The mail gateway prevented the message from being sent to personal email addresses.
The company firewall blocked the recipient’s IP address.
The file integrity check failed for the attached files.
The DLP system flagged the message
Which of the following is the MOST likely motivation for a script kiddie threat actor?
Financial gain
Notoriety
Political expression
Corporate espionage
Notoriety
A Chief Information Security Officer (CISO) for a school district wants to enable SSL to protect all of the
public-facing servers in the domain. Which of the following is a secure solution that is the MOST cost
effective?
Create and install a self-signed certificate on each of the servers in the domain.
Purchase a load balancer and install a single certificate on the load balancer.
Purchase a wildcard certificate and implement it on every server.
Purchase individual certificates and apply them to the individual servers.
Purchase a load balancer and install a single certificate on the load balancer.
Which of the following would provide a safe environment for an application to access only the resources needed to function while not having access to run at the system level?
Sandbox
Honey pot
GPO
DMZ
Sandbox
Which of the following is a technical preventive control?
Two-factor authentication
DVR-supported cameras
Acceptable-use MOTD
Syslog server
Two-factor authentication
A security administrator is reviewing the following firewall configuration after receiving reports that users are
unable to connect to remote websites:
10 PERMIT FROM ANY TO:ANY PORT: 80
20 PERMIT FROM:ANY TO:ANY PORT: 443
30 DENY FROM: ANY TO:ANY PORT:ANY
Which of the following is the MOST secure solution the security administrator can implement to fix this issue
?
A. Add the following rule to the firewall: 5 PERMIT FROM: ANY TO:ANY PORT:53
B. Replace rule number 10 with the following rule: 10 PERMIT FROM: ANY TO:ANY PORT:22
C. Insert the following rule in the firewall: 25 PERMIT FROM ANY TO:ANY PORTS:ANY
D. Remove the following rule from the firewall: 30 DENY FROM:ANY TO:ANY PORT:ANY
B. Replace rule number 10 with the following rule: 10 PERMIT FROM: ANY TO:ANY PORT:22
A security analyst is hardening a large-scale wireless network. The primary requirements are the following
- Must use authentication through EAP-TLS certificates
- Must use an AAA server
- Must use the most secure encryption protocol
Given these requirements, which of the following should the analyst implement and recommend? (Select
TWO).
802.1X
802.3
LDAP
TKIP
CCMP
WPA2-PSK
802.1X
and
WPA2-PSK
A systems engineer is configuring a wireless network. The network must not require installation of third-party
software. Mutual authentication of the client and the server must be used. The company has an internal PKI.
Which of the following configuration should the engineer choose?
EAP-TLS EAP-TTLS EAP-FAST EAP-MD5 PEAP
EAP-TLS
Which of the following is the MOST significant difference between intrusive and non-intrusive vulnerability scanning?
One uses credentials, but the other does not
One has a higher potential for disrupting system operations.
One allows systems to activate firewall countermeasures.
One returns service banners, including running versions
One has a higher potential for disrupting system operations
A systems administrator wants to configure an enterprise wireless solution that supports authentication over HTTPS and wireless encryption using AES. Which of the following should the administrator configure to support these requirements? (Select TWO).
802.1X RADIUS federation WPS Captive portal WPA2 WDS
802.1X
and
WPA2
A company needs to fix some audit findings related to its physical security. A key finding was that multiple
people could physically enter a location at the same time. Which of the following is the BEST control to address this audit finding?
Faraday cage
Mantrap
Biometrics
Proximity cards
Mantrap
During a forensics investigation, which of the following must be addressed FIRST according to the order of
volatility?
Hard drive
RAM
Network-attached storage
USB flash drive
RAM
During a security audit of a company’s network, unsecure protocols were found to be in use. A network
administrator wants to ensure browser-based access to company switches is using the most secure protocol.
Which of the following protocols should be implemented?
SSH2
TLS1.2
SSL1.3
SNMPv3
TLS 1.2
A security administrator has received multiple calls from the help desk about customers who are unable to
access the organization’s web server. Upon reviewing the log files the security administrator determines
multiple open requests have been made from multiple IP addresses, which is consuming system resources.
Which of the following attack types does this BEST describe?
DDoS
DoS
Zero day
Logic bomb
DDoS
The security administrator has installed a new firewall which implements an implicit DENY policy by default.
Click on the firewall and configure it to allow ONLY the following communication.
See PDF 374
PDF 374
A company utilizes 802.11 for all client connectivity within a facility. Users in one part of the building are
reporting they are unable to access company resources when connected to the company SSID. Which of the following should the security administrator use to assess connectivity?
Sniffer
Honeypot
Routing tables
Wireless scanner
Routing tables
A user loses a COPE device. Which of the following should the user do NEXT to protect the data on the
device?
Call the company help desk to remotely wipe the device.
Report the loss to authorities
Check with corporate physical security for the device.
Identify files that are potentially missing on the device.
Call the company help desk to remotely wipe the device
Which of the following represents a multifactor authentication system?
An iris scanner coupled with a palm print reader and fingerprint scanner with liveness detection.
A secret passcode that prompts the user to enter a secret key if entered correctly.
A digital certificate on a physical token that is unlocked with a secret passcode.
A one-time password token combined with a proximity badge.
A one-time password token combined with a proximity badge
A security team has downloaded a public database of the largest collection of password dumps on the Internet. This collection contains the cleartext credentials of every major breach for the last four years. The security team pulls and compares users’ credentials to the database and discovers that more than 30% of the users were still using passwords discovered in this list. Which of the following would be the BEST combination to reduce the risks discovered?
Password length, password encryption, password complexity
Password complexity, least privilege, password reuse
Password reuse, password complexity, password expiration
Group policy, password history, password encryption
Password length, password encryption, password complexity
A Chief Information Officer (CIO) is concerned that encryption keys might be exfiltrated by a contractor. The CIO wants to keep control over key visibility and management. Which of the following would be the BEST solution for the CIO to implement?”
HSM
CA
SSH
SSL
HSM (hardware security module)
A technician has been asked to document which services are running on each of a collection of 200 servers.
Which of the following tools BEST meets this need while minimizing the work required?
Nmap
Nslookup
Netcat
Netstat
Netcat
Which of the following BEST describes a security exploit for which a vendor patch is not readily available?
Integer overflow
Zero-day
End of life
Race condition
Zero-day
A systems administrator is increasing the security settings on a virtual host to ensure users on one VM cannot access information from another VM. Which of the following is the administrator protecting against?
VM sprawl
VM escape
VM migration
VM sandboxing
VM escape
Which of the following BEST distinguishes Agile development from other methodologies in terms of
vulnerability management?
Cross-functional teams Rapid deployments Daily standups Peer review Creating user stories
Daily standups
An organization wishes to allow its users to select devices for business use but does not want to overwhelm the service desk with requests for too many different device types and models. Which of the following deployment models should the organization use to BEST meet these requirements?
VDI environment
CYOD model
DAC mode
BYOD model
CYOD model
A security analyst wishes to scan the network to view potentially vulnerable systems the way an attacker
would. Which of the following would BEST enable the analyst to complete the objective?
Perform a non-credentialed scan.
Conduct an intrusive scan.
Attempt escalation of privilege
Execute a credentialed scan.
Perform a non-credentialed scan
An organization’s IRP prioritizes containment over eradication. An incident has been discovered where an attacker outside of the organization has installed cryptocurrency mining software on the organization’s web servers. Given the organization’s stated priorities, which of the following would be the NEXT step?
Remove the affected servers from the network.
Review firewall and IDS logs to identify possible source IPs.
Identify and apply any missing operating system and software patches.
Delete the malicious software and determine if the servers must be reimaged.
Remove the affected servers from the network
Which of the following is the proper use of a Faraday cage?
To block electronic signals sent to erase a cell phone
To capture packets sent to a honeypot during an attack
To protect hard disks from access during a forensics investigation
To restrict access to a building allowing only one person to enter at a time
To block electronic signals sent to erase a cell phone
A security technician is configuring a new firewall appliance for a production environment. The firewall must support secure web services for client workstations on the 10.10.10.0/24 network. The same client workstations are configured to contact a server at 192.168.1.15/24 for domain name resolution. Which of the
following rules should the technician add to the firewall to allow this connectivity for the client workstations?
(Select TWO).
Permit 10.10.10.0/24 0.0.0.0 -p tcp –dport 22
Permit 10.10.10.0/24 0.0.0.0 -p tcp –dport 80
Permit 10.10.10.0/24192.168.1.15/24 -p udp –dport 21
Permit 10.10.10.0/24 0.0.0.0-p tcp –dport 443
Permit 10.10.10.0/24 192.168.1.15/24 -p tcp –dport 53
Permit 10.10.10.0/24 192.168.1.15/24 -p udp –dport 53
Permit 10.10.10.0/24 0.0.0.0-p tcp –dport 443
and
Permit 10.10.10.0/24 192.168.1.15/24 -p tcp –dport 53
A computer forensics analyst collected a flash drive that contained a single file with 500 pages of text. Which of the following algorithms should the analyst use to validate the integrity of the file?
3DES
AES
MD5
RSA
MD5
A technician, who is managing a secure B2B connection, noticed the connection broke last night. All
networking equipment and media are functioning as expected, which leads the technician to QUESTION NO: certain PKI components. Which of the following should the technician use to validate this assumption?
(Choose two.)
PEM CER SCEP CRL OCSP PFX
CRL
and
OCSP
The exploitation of a buffer-overrun vulnerability in an application will MOST likely lead to:
arbitrary code execution.
resource exhaustion.
exposure of authentication credentials.
dereferencing of memory pointers.
Arbitrary code execution
Company engineers regularly participate in a public Internet forum with other engineers throughout the
industry. Which of the following tactics would an attacker MOST likely use in this scenario?
Watering-hole attack
Credential harvesting
Hybrid warfare
Pharming
Watering hole attack
A contracting company recently completed its period of performance on a government contract and would like to destroy all information associated with contract performance. Which of the following is the best NEXT step for the company to take?
Consult data disposition policies in the contract.
Use a pulper or pulverizer for data destruction.
Retain the data for a period no more than one year.
Burn hard copies containing PII or PHI
Consult data disposition policies in the contract
A company has a team of penetration testers. This team has located a file on the company file server that they believe contains cleartext usernames followed by a hash. Which of the following tools should the penetration testers use to learn more about the content of this file?
Exploitation framework
Vulnerability scanner
Netcat
Password cracker
Password cracker
An incident response analyst in a corporate security operations center receives a phone call from an SOC
analyst. The SOC analyst explains the help desk recently reimaged a workstation that was suspected of being infected with an unknown type of malware; however, even after reimaging, the host continued to generate SIEM alerts. Which of the following types of malware is MOST likely responsible for producing the SIEM alerts?
Ransomware
Logic bomb
Rootkit
Adware
Rootkit
A public relations team will be taking a group of guests on a tour through the facility of a large e-commerce
company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against.
loss of proprietary information
damage to the company’s reputation
social engineering
credential exposure
Social engineering
A security analyst runs a monthly file integrity check on the main web server. When analyzing the logs, the
analyst observed the following entry:
No OS patches were applied to this server during this period. Considering the log output, which of the
following is the BEST conclusion?
The cmd.exe was executed on the scanned server between the two dates. An incident ticket should be
created
The iexplore.exe was executed on the scanned server between the two dates. An incident ticket should
be created.
The cmd.exe was updated on the scanned server. An incident ticket should be created
The iexplore.exe was updated on the scanned server. An incident ticket should be created.
The cmd.exe was updated on the scanned server. An incident ticket should be created.
An employee opens a web browser and types a URL into the address bar. Instead of reaching the requested
site, the browser opens a completely different site. Which of the following types of attacks have MOST likely occurred? (Choose two.)
DNS hijacking Cross-site scripting Domain hijacking Man-in-the-browser Session hijacking
DNS hijacking
and
Session hijacking
An attacker has obtained the user ID and password of a datacenter’s backup operator and has gained access to a production system. Which of the following would be the attacker’s NEXT action?
Perform a passive reconnaissance of the network.
Initiate a confidential data exfiltration process.
Look for known vulnerabilities to escalate privileges.
Create an alternate user ID to maintain persistent access.
Initiate a confidential data exfiltration process
Which of the following documents would provide specific guidance regarding ports and protocols that should be disabled on an operating system?
Regulatory requirements
Secure configuration guide
Application installation guides
User manuals
Secure configuration guide
A technician is investigating a report of unusual behavior and slow performance on a company-owned laptop.
The technician runs a command and reviews the following information:
Based on the above information, which of the following types of malware should the technician report?
Spyware
Rootkit
RAT
Logic bomb
Spyware
After a ransomware attack. a forensics company needs to review a cryptocurrency transaction between the
victim and the attacker. Which of the following will the company MOST likely review to trace this
transaction?
The public ledger
The NetFlow data
A checksum
The event log
The event log
During an audit, the auditor requests to see a copy of the identified mission-critical applications as well as their disaster recovery plans. The company being audited has an SLA around the applications it hosts. With which of the following is the auditor MOST likely concerned?
ARO/ALE
MTTR/MTBF
RTO/RPO
Risk assessment
RTO/RPO
Which of the following provides PFS?
AES
RC4
DHE
HMAC
DHE (Ephemeral Diffie-Hellman)
Joe, a contractor, is hired by a firm to perform a penetration test against the firm’s infrastructure. While
conducting the scan, he receives only the network diagram and the network list to scan against the network.
Which of the following scan types is Joe performing?
Authenticated
White box
Automated
Gray box
Gray box
A company has drafted an Insider-threat policy that prohibits the use of external storage devices. Which of the following would BEST protect the company from data exfiltration via removable media?
Monitoring large data transfer transactions in the firewall logs
Developing mandatory training to educate employees about the removable media policy
Implementing a group policy to block user access to system files
Blocking removable-media devices and write capabilities using a host-based security tool
Developing mandatory training to educate employees about removable media policy
Given the information below:
MD5HASH document.doc 049eab40fd36caadlfab10b3cdf4a883
MD5HASH image.jpg 049eab40fd36caadlfab10b3cdf4a883
Which of the following concepts are described above? (Choose two.)
Salting Collision Steganography Hashing Key stretching
Collision
and
Hashing
Which of the following are the BEST selection criteria to use when assessing hard drive suitability for
time-sensitive applications that deal with large amounts of critical information? (Select TWO).
MTBF MTTR SLA RTO MTTF RPO
MTBF (mean time between failures)
and
MTTR
An organization has hired a new remote workforce. Many new employees are reporting that they are unable to
access the shared network resources while traveling. They need to be able to travel to and from different
locations on a weekly basis. Shared offices are retained at the headquarters location. The remote workforce will have identical file and system access requirements, and must also be able to log in to the headquarters location remotely. Which of the following BEST represent how the remote employees should have been set up initially? (Select TWO).
User-based access control Shared accounts Group-based access control Mapped drives Individual accounts Location-based policies
Group=based access control
and
Individual accounts
A systems administrator is installing and configuring an application service that requires access to read and
write to log and configuration files on a local hard disk partition. The service must run as an account with
authorization to interact with the file system. Which of the following would reduce the attack surface added by the service and account? (Select TWO)
Use a unique managed service account
Utilize a generic password for authenticating
Enable and review account audit logs
Enforce least possible privileges for the account
Add the account to the local administrator’s group.
Use a guest account placed in a non-privileged users’ group
Use a unique managed service account
and
Enforce least possible privileges for the account
A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better:
validate the vulnerability exists in the organization’s network through penetration testing.
research the appropriate mitigation techniques in a vulnerability database.
find the software patches that are required to mitigate a vulnerability.
prioritize remediation of vulnerabilities based on the possible impact.
Prioritize remediation of vulnerabilities based on the possible impact.
A security engineer is analyzing the following line of JavaScript code that was found in a comment field on a web forum, which was recently involved in a security breach:
Given the line of code above, which of the following BEST represents the attack performed during the breach?
CSRF
DDoS
Dos
XSS
XSS
A startup company is using multiple SaaS and laaS platforms to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?
SIEM
DLP
CASB
SWG
CASB
A company employee recently retired, and there was a schedule delay because no one was capable of filling
the employee’s position. Which of the following practices would BEST help to prevent this situation in the future?
Mandatory vacation
Separation of duties
Job rotation
Exit interviews
Job rotation
See PDF 395
395
A system in the network is used to store proprietary secrets and needs the highest level of security possible.
Which of the following should a security administrator implement to ensure the system cannot be reached
from the Internet?
VLAN
Air gap
NAT
Firewall
Air gap
After successfully breaking into several networks and infecting multiple machines with malware. hackers
contact the network owners, demanding payment to remove the infection and decrypt files. The hackers
threaten to publicly release information about the breach if they are not paid. Which of the following BEST describes these attackers?
Gray hat hackers
Organized crime
Insiders
Hacktivists
Organized crime
A system uses an application server and database server Employing the principle of least privilege, only
database administrators are given administrative privileges on the database server, and only application team members are given administrative privileges on the application server. Audit and log file reviews are
performed by the business unit (a separate group from the database and application teams).
The organization wants to optimize operational efficiency when application or database changes are needed, but it also wants to enforce least privilege, prevent modification of log files, and facilitate the audit and log review performed by the business unit. Which of the following approaches would BEST meet the organization’s goals?
-Restrict privileges on the log file directory to “read only” and use a service account to send a copy of
these files to the business unit.
-Switch administrative privileges for the database and application servers. Give the application team
administrative privileges on the database servers and the database team administrative privileges on the
applicationservers.
-Remove administrative privileges from both the database and application servers, and give the business unit “read only” privileges on the directories where the log files are kept.
-Give the business unit administrative privileges on both the database and application servers so they can
Independently monitor server activity.
Restrict privileges on the log file directory to “read only” and use a service account to send a copy of
these files to the business unit.
The president of a company that specializes in military contracts receives a request for an interview. During
the interview, the reporter seems more interested in discussing the president’s family life and personal history than the details of a recent company success. Which of the following security concerns is this MOST likely an example of?
Insider threat
Social engineering
Passive reconnaissance
Phishing
Social engrineering
After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?
A DMZ
A VPN
A VLAN
An ACL
A VLAN
A state-sponsored threat actor has launched several successful attacks against a corporate network. Although the target has a robust patch management program in place, the attacks continue in depth and scope, and the security department has no idea how the attacks are able to gain access. Given that patch management and vulnerability scanners are being used, which of the following would be used to analyze the attack methodology?
Rogue system detection
Honeypots
Next-generation firewall
Penetration test
Honeypots
An organization’s policy requires users to create passwords with an uppercase letter, lowercase letter, number, and symbol. This policy is enforced with technical controls, which also prevents users from using any of their previous 12 passwords. The quantization does not use single sign-on, nor does it centralize storage of passwords.
The incident response team recently discovered that passwords for one system were compromised. Passwords for a completely separate system have NOT been compromised, but unusual login activity has been detected for that separate system. Account login has been detected for users who are on vacation.
Which of the following BEST describes what is happening?
Some users are meeting password complexity requirements but not password length requirements.
The password history enforcement is insufficient, and old passwords are still valid across many different
systems.
Some users are reusing passwords, and some of the compromised passwords are valid on multiple
systems.
The compromised password file has been brute-force hacked, and the complexity requirements are not
adequate to mitigate this risk.
The compromised password file has been brute-force hacked, and the complexity requirements are not
adequate to mitigate this risk.
A security analyst is running a credential-based vulnerability scanner on a Windows host. The vulnerability scanner is using the protocol NetBIOS over TCP/IP to connect to various systems, However, the scan does not return any results. To address the issue, the analyst should ensure that which of the following default ports is open on systems?
135
137
3389
5060
137
Which of the following describes the BEST approach for deploying application patches?
Apply the patches to systems in a testing environment, then to systems in a staging environment, and
finally to production systems.
Test the patches in a staging environment, develop against them in the development environment, and
then apply them to the production systems
Test the patches in a test environment, apply them to the production systems, and then apply them to a
staging environment.
Apply the patches to the production systems, apply them in a staging environment, and then test all of
them in a testing environment.
Apply the patches to the production systems, apply them in a staging environment, and then test all of them in a testing environment.
A systems administrator is auditing the company’s Active Directory environment. It is quickly noted that the username “company\bsmith” is interactively logged into several desktops across the organization. Which of
the following has the systems administrator MOST likely come across?
Service account
Shared credentials
False positive
Local account
Shared credentials
During a forensic investigation, which of the following must be addressed FIRST according to the order of
volatility?
Hard drive
RAM
Network attached storage
USB flash drive
RAM
A company uses an enterprise desktop imaging solution to manage deployment of its desktop computers. Desktop computer users are only permitted to use software that is part of the baseline image. Which of the following technical solutions was MOST likely deployed by the company to ensure only known-good software can be installed on corporate desktops?
Network access control
Configuration manager
Application whitelisting
File integrity checks
Configuration manager
Which of the following scenarios would make a DNS sinkhole effective in thwarting an attack?
-An attacker is sniffing traffic to port 53, and the server is managed using unencrypted usernames and passwords.
-An organization is experiencing excessive traffic on port 53 and suspects an attacker is trying to DoS the
domain name server.
-Malware is trying to resolve an unregistered domain name to determine if it is running in an isolated
sandbox.
-DNS routing tables have been compromised, and an attacker is rerouting traffic to malicious websites.
DNS routing tables have been compromised, and an attacker is rerouting traffic to malicious websites
After a systems administrator installed and configured Kerberos services, several users experienced
authentication issues. Which of the following should be installed to resolve these issues?
RADIUS server
NTLM service
LDAP service
NTP server
LDAP service
An organization wants to set up a wireless network in the most secure way. Budget is not a major
consideration, and the organization is willing to accept some complexity when clients are connecting. It is also
willing to deny wireless connectivity for clients who cannot be connected in the most secure manner.
Which of the following would be the MOST secure setup that conforms to the organization’s requirements?
Enable WPA2-PSK for older clients and WPA2-Enterprise for all other clients.
Enable WPA2-PSK, disable all other modes, and implement MAC filtering along with port security.
Use WPA2-Enterprise with RADIUS and disable pre-shared keys.
Use WPA2-PSK with a 24-character complex password and change the password monthly.
Use WPA2-PSK with a 24-character complex password and change the password monthly.
A company just implemented a new telework policy that allows employees to use personal devices for official email and file sharing while working from home. Some of the requirements are:
- Employees must provide an alternate work location (i.e., a home address).
- Employees must install software on the device that will prevent the loss of proprietary data but will not
restrict any other software from being installed.
Which of the following BEST describes the MDM options the company is using?
Geofencing, content management, remote wipe, containerization, and storage segmentation
Content management, remote wipe, geolocation, context-aware authentication, and containerization
Application management, remote wipe, geofencing, context-aware authentication, and containerization
Remote wipe, geolocation, screen locks, storage segmentation, and full-device encryption
Application management, remote wipe, geofencing, context-aware authentication, and containerization
A company has just experienced a malware attack affecting a large number of desktop users. The antivirus solution was not able to block the malware, but the HIDS alerted to C2 calls as ‘Troj.Generic’. Once the security team found a solution to remove the malware, they were able to remove the malware files
successfully, and the HIDS stopped alerting. The next morning, however, the HIDS once again started alerting
on the same desktops, and the security team discovered the files were back. Which of the following BEST describes the type of malware infecting this company’s network?
Trojan
Spyware
Rootkit
Botnet
Trojan
A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional data. Historically, this setup has
worked without issue, but the researcher recently started getting the following message:
Which of the following network attacks Is the researcher MOST likely experiencing?
MAC cloning
Evil twin
Man-in-the-middle
ARP poisoning
Man-in-the-middle
After being alerted to potential anomalous activity related to trivial DNS lookups, a security analyst looks at the following output of implemented firewall rules:
The analyst notices that the expected policy has no hit count for the day. Which of the following MOST likely
occurred?
Data execution prevention is enabled
The VLAN is not trunked properly
There is a policy violation for DNS lookups
The firewall policy is misconfigured
The firewall policy is misconfigured
The Chief Financial Officer (CFO) of an insurance company received an email from Ann, the company’s Chief Executive Officer (CEO), requesting a transfer of $10,000 to an account. The email states Ann is on vacation and has lost her purse, containing cash and credit cards. Which of the following social-engineering techniques is the attacker using?
Phishing
Whaling
Typo squatting
Pharming
Whaling
Which of the following is a security consideration for IoT devices?
IoT devices have built-in accounts that users rarely access.
IoT devices have less processing capabilities.
IoT devices are physically segmented from each other.
IoT devices have purpose-built applications.
IoT devices have built-in accounts that users rarely access.
A forensics analyst is investigating a hard drive for evidence of suspected illegal activity. Which of the
following should the analyst do FIRST?
Create a hash of the hard drive.
Export the Internet history.
Save a copy of the case number and date as a text file in the root directory.
Back up the pictures directory for further inspection.
Save a copy of the case number and date as a text file in the root directory
An organization’s research department uses workstations in an air-gapped network. A competitor released products based on files that originated in the research department. Which of the following should management do to improve the security and confidentiality of the research files?
Implement multifactor authentication on the workstations.
Configure removable media controls on the workstations.
Install a web application firewall in the research department.
Install HIDS on each of the research workstations.
Configure removable media controls on the workstation
A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site. Upon Investigation, a security analyst identifies the following:
- The legitimate website’s IP address is 10.1.1.20 and eRecruit.local resolves to this IP.
- The forged website’s IP address appears to be 10.2.12.99. based on NetFlow records.
- All three of the organization’s DNS servers show the website correctly resolves to the legitimate IP.
- DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the
approximate time of the suspected compromise.
Which of the following MOST likely occurred?
A reverse proxy was used to redirect network traffic.
An SSL strip MITM attack was performed.
An attacker temporarily poisoned a name server.
An ARP poisoning attack was successfully executed.
An SSL strip MITM attack was performed
When considering loT systems, which of the following represents the GREATEST ongoing risk after a
vulnerability has been discovered?
Difficult-to-update firmware
Tight integration to existing systems
IP address exhaustion
Not using industry standards
Tight integration to existing systems
Which of the following BEST explains the reason why a server administrator would place a document named
password.txt on the desktop of an administrator account on a server?
The document is a honeyfile and is meant to attract the attention of a cyberintruder.
The document is a backup file if the system needs to be recovered
The document is a standard file that the OS needs to verify the login credentials.
The document is a keylogger that stores all keystrokes should the account be compromised.
The document is a honeyfile and is meant to attract the attention of a cyber intruder.
A Security analyst has received an alert about PII being sent via email. The analyst’s Chief Information
Security Officer (CISO) has made it clear that PII must be handled with extreme care. From which of the
following did the alert MOST likely originate?
S/MIME
DLP
IMAP
HIDS
HIDS (host-based intrusion detection system)
A company is examining possible locations for a hot site. Which of the following considerations is of MOST
concern if the replication technology being used is highly sensitive to network latency?
Connection to multiple power substations
Location proximity to the production site
Ability to create separate caged space
Positioning of the site across international borders
Location proximity to the production site
Which of the following command line tools would be BEST to identify the services running in a server?
Traceroute
Nslookup
Ipconfig
Netstat
Netstat
A technician is recommending preventive physical security controls for a server room. Which of the technician MOST likely recommend? (Select Two).
Geofencing Video Surveillance Protected cabinets Mantrap Key exchange Authorized personnel signage
Protected cabinets
and
mantrap
A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credentials twice to log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs, the analyst decides to run some commands on the gateway and obtains the following output:
Which of the following BEST describes the attack the company is experiencing? MAC flooding URL redirection ARP poisoning DNS hijacking
ARP poisoning
A company moved into a new building next to a sugar mil. Cracks have been discovered in the walls of the
server room, which is located on the same side as the sugar mill loading docks. The cracks are believed to
have been caused by heavy trucks. Moisture has begun to seep into the server room, causing extreme
humidification problems and equipment failure. Which of the following BEST describes the type of threat the
organization faces?
Foundational
Man-made
Environmental
Natural
Foundational
Which of the following access management concepts is MOST closely associated with the use of a password
or PIN?
Authorization
Authentication
Accounting
Identification
Authentication