wk2-78-154

Question 1

78)Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?
A.
Preparation
B.
Recovery
C.
Lessons learned
D.
Analysis

Answer 1

C.
Lessons learned

Question 2

79)After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?
A.
Console access
B.
Routing protocols
C.
VLANs
D.
Web-based administration

Answer 2

D.
Web-based administration

Question 3

82)A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Choose two.)
A.
Key escrow
B.
TPM presence
C.
Digital signatures
D.
Data tokenization
E.
Public key management
F.
Certificate authority linking

Answer 3

A.
Key escrow
B.
TPM presence

Question 4

83)A security analyst scans a company’s public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?
A.
Changing the remote desktop port to a non-standard number
B.
Setting up a VPN and placing the jump server inside the firewall
C.
Using a proxy for web connections from the remote desktop server
D.
Connecting the remote server to the domain and increasing the password length

Answer 4

B.
Setting up a VPN and placing the jump server inside the firewall

Question 5

84)An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?
A.
ACL
B.
DLP
C.
IDS
D.
IPS

Answer 5

D.
IPS

Question 6

85)Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?
A.
Remote access points should fail closed.
B.
Logging controls should fail open.
C.
Safety controls should fail open.
D.
Logical security controls should fail closed

Answer 6

C.
Safety controls should fail open

Question 7

86)Which of the following would be best suited for constantly changing environments?
A.
RTOS
B.
Containers
C.
Embedded systems
D.
SCADA

Answer 7

B.
Containers

Question 8

87)Which of the following incident response activities ensures evidence is properly handled?
A.
E-discovery
B.
Chain of custody
C.
Legal hold
D.
Preservation

Answer 8

B.
Chain of custody

Question 9

88)An accounting clerk sent money to an attacker’s bank account after receiving fraudulent instructions to use a new account. Which of the following would most likely prevent this activity in the future?
A.
Standardizing security incident reporting
B.
Executing regular phishing campaigns
C.
Implementing insider threat detection measures
D.
Updating processes for sending wire transfers

Answer 9

D.
Updating processes for sending wire transfers

Question 10

89)A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?
A.
Off-the-shelf software
B.
Orchestration
C.
Baseline
D.
Policy enforcement

Answer 10

B.
Orchestration

Question 11

90)A company’s marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?
A.
Processor
B.
Custodian
C.
Subject
D.
Owner

Answer 11

C.
Subject

Question 12

91)Which of the following describes the maximum allowance of accepted risk?
A.
Risk indicator
B.
Risk level
C.
Risk score
D.
Risk threshold

Answer 12

D.
Risk threshold

Question 13

92)A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?
A.
A worm is propagating across the network.
B.
Data is being exfiltrated.
C.
A logic bomb is deleting data.
D.
Ransomware is encrypting files.

Answer 13

B.
Data is being exfiltrated

Question 14

93)A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?
A.
Default credentials
B.
Non-segmented network
C.
Supply chain vendor
D.
Vulnerable software

Answer 14

D.
Vulnerable software

Question 15

94)A systems administrator is working on a solution with the following requirements:Provide a secure zone.Enforce a company-wide access control policy.*Reduce the scope of threats.Which of the following is the systems administrator setting up?
A.
Zero Trust
B.
AAA
C.
Non-repudiation
D.
CIA

Answer 15

A.
Zero Trust

Question 16

95)Which of the following involves an attempt to take advantage of database misconfigurations?
A.
Buffer overflow
B.
SQL injection
C.
VM escape
D.
Memory injection

Answer 16

B.
SQL injection

Question 17

96)Which of the following is used to validate a certificate when it is presented to a user?
A.
OCSP
B.
CSR
C.
CA
D.
CRC

Answer 17

A.
OCSP

Question 18

97)One of a company’s vendors sent an analyst a security bulletin that recommends a BIOS update. Which of the following vulnerability types is being addressed by the patch?
A.
Virtualization
B.
Firmware
C.
Application
D.
Operating system

Answer 18

B.
Firmware

Question 19

98)Which of the following is used to quantitatively measure the criticality of a vulnerability?
A.
CVE
B.
CVSS
C.
CIA
D.
CERT

Answer 19

B.
CVSS

Question 20

99)Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?
A.
Configure all systems to log scheduled tasks.
B.
Collect and monitor all traffic exiting the network.
C.
Block traffic based on known malicious signatures.
D.
Install endpoint management software on all systems

Answer 20

D.
Install endpoint management software on all syst

Question 21

100)An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?
A.
Data in use
B.
Data in transit
C.
Geographic restrictions
D.
Data sovereignty

Answer 21

B.
Data in transit

Question 22

101) Which biometric error would allow an unauthorized user to access a system?
A.False acceptance
B.False entrance
C.False rejection
D.False denial

Answer 22

A.False acceptance

False Acceptance - There are only two metrics that are used to determine the performance of biometrics: FAR (False Acceptance Rate) & FRR (False Rejection Rate). False Acceptance Rate is a metric for biometric performance that determines the number of instances where unauthorized persons were incorrectly authorized. For this question, a biometric error would mean that someone was authorized when they weren’t supposed to be authorized.

Question 23

102) A company is auditing the manner in which its European customers’ personal information is handled. Which of the following should the company consult?
A.GDPR
B.ISO
C.NIST
D.PCI DSS

Answer 23

A.GDPR

GDPR is the General Data Protection Regulation implements security and privacy requirements for personal info of European residents worldwide.

Question 24

103) Which of the following describes the exploitation of an interactive process to gain access to restricted areas?
A.Persistence
B.Buffer overflow
C.Privilege escalation
D.Pharming

Answer 24

C.Privilege escalation

Privilege escalation is the exploitation of an interactive process to gain access to resources that are normally unavailable to an unauthorized user. This can occur when an attacker gains access to a low-privileged account on a system and then uses that access to escalate privileges to a higher level, allowing the attacker to perform actions they wouldn’t normally be able to do. For example, an attacker might use a privilege escalation exploit to gain administrative access to a system or to gain access to sensitive data

Question 25

104) An organization is planning to open other data centers to sustain operations in the event of a natural disaster. Which of the following considerations would BEST support the organization’s resiliency?
A.Geographic dispersal
B.Generator power
C.Fire suppression
D.Facility automation

Answer 25

A.Geographic dispersal

Geographic dispersal. Placing facilities in areas that are not going to be affected by the same disaster.

Question 26

105) An organization has decided to purchase an insurance policy because a risk assessment determined that the cost to remediate the risk is greater than the five- year cost of the insurance policy. The organization is enabling risk:
A.avoidance.
B.acceptance.
C.mitigation.
D.transference.

Answer 26

D. Transference.

Risk Transference is transferring risk to a third party such as a vendor. In cyber security, that can be through utilizing cyber-risk insurance. Cyber insurance generally covers a business’ liability for a data breach involving sensitive customer information, such as account numbers, credit card numbers, health records etc.

Question 27

106) The Chief Information Security Officer (CISO) requested a report on potential areas of improvement following a security incident. Which of the following incident response processes is the CISO requesting?
A.Lessons learned
B.Preparation
C.Detection
D.Containment
E.Root cause analysis

Answer 27

A.Lessons learned

Lessons learned is the final step in the incident response where the organization reviews their incident response and prepare for a future attack. This is where you understand how/why an incident occurred, identify any weaknesses in your organization’s practices, any positive elements or practices that went well, and things that could be done to prepare for a future incident.

Question 28

107) A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources. Which of the following risks would this training help to prevent?
A.Hoaxes
B.SPIMs
C.Identity fraud
D.Credential harvesting

Answer 28

A.Hoaxes

Hoaxes is fake news, company is asking employees to not share messages which are not from a reputed source or a trust worthy news organization for example, not your mom’s facebook group about anti vax.

Question 29

108) A security analyst is receiving numerous alerts reporting that the response time of an internet-facing application has been degraded. However, the internal network performance was not degraded. Which of the following MOST likely explains this behavior?
A.DNS poisoning
B.MAC flooding
C.DDoS attack
D.ARP poisoning

Answer 29

C.DDoS attack

Most denial of service (DoS) attacks against websites and gateways are distributed DoS (DDoS). This means that the attack is launched from multiple hosts simultaneously. Typically, a threat actor will compromise machines to use as handlers in a command and control network. The handlers are used to compromise hundreds or thousands or millions of hosts with DoS tools (bots) forming a botnet.

Question 30

109) Which of the following will increase cryptographic security?
A.High data entropy
B.Algorithms that require less computing power
C.Longer key longevity
D.Hashing

Answer 30

A.High data entropy

High data entropy refers to the unpredictability and randomness of data used as input to a cryptographic system. The higher the entropy, the more difficult it is for an attacker to guess the input data, thereby increasing the cryptographic security of the system.

Question 31

110) Which of the following statements BEST describes zero-day exploits?
A.When a zero-day exploit is discovered, the system cannot be protected by any means.
B.Zero-day exploits have their own scoring category in CVSS.
C.A zero-day exploit is initially undetectable, and no patch for it exists.Most
D.Discovering zero-day exploits is always performed via bug bounty programs.

Answer 31

C.A zero-day exploit is initially undetectable, and no patch for it exists

Question 32

111) A company wants to restrict emailing of PHI documents. The company is implementing a DLP solution. In order to restrict PHI documents, which of the following should be performed FIRST?
A.Retention
B.Governance
C.Classification
D.Change management

Answer 32

C.Classification

Question 33

112) Which of the following describes the continuous delivery software development methodology?
A.Waterfall
B.Spiral
C.V-shaped
D.Agile

Answer 33

D.Agile

Agile methodology is a way to manage a project by breaking it up into several phases. It involves constant collaboration with stakeholders and continuous improvement at every stage. Once the work begins, teams cycle through a process of planning, executing, and evaluating.

Question 34

113) A company suspects that some corporate accounts were compromised. The number of suspicious logins from locations not recognized by the users is increasing.Employees who travel need their accounts protected without the risk of blocking legitimate login requests that may be made over new sign-in properties. Which of the following security controls can be implemented?

A.
Enforce MFA when an account request reaches a risk threshold.
B.
Implement geofencing to only allow access from headquarters.
C.
Enforce time-based login requests that align with business hours.
D.
Shift the access control scheme to a discretionary access control

Answer 34

A.Enforce MFA when an account request reaches a risk threshold

Multi-Factor Authentication (MFA) is an effective security control to mitigate the risk of unauthorized access to corporate accounts. By requiring an additional factor of authentication, such as a one-time code sent to a user’s phone or a fingerprint scan, MFA can help prevent attackers from accessing an account even if they have stolen a password. By implementing MFA only when an account request reaches a risk threshold, the company can ensure that employees who travel and need their accounts protected will not be negatively impacted by the security control, while still providing an extra layer of security for those accounts that are at higher risk of being compromised.

Question 35

114) An organization wants to participate in threat intelligence information sharing with peer groups. Which of the following would MOST likely meet the organization’s requirement?
A.Perform OSINT investigations.
B.Subscribe to threat intelligence feeds.
C.Submit RFCs.
D.Implement a TAXII server.

Answer 35

D.Implement a TAXII server

A TAXII server is a client that exchanges standardized and anonymized cyber threat intelligence among users. It works as a venue for sharing and collecting Indicators of compromise, which have been anonymized to protect privacy.

Question 36

115) Which of the following is the GREATEST security concern when outsourcing code development to third-party contractors for an internet-facing application?
A.Intellectual property theft
B.Elevated privileges
C.Unknown backdoor
D.Quality assurance

Answer 36

C.Unknown backdoor

The greatest security concern when outsourcing code development to third-party contractors for an internet-facing application is the possibility of an unknown backdoor. This is because a contractor may intentionally or unintentionally insert malicious code into the application that could compromise the security and privacy of user data and the organization’s systems. This risk is elevated if the contractor is not fully vetted, or if the organization does not have adequate safeguards in place to ensure the security and integrity of the codebase. To mitigate this risk, the organization should have strict security policies and procedures in place for outsourcing, including background checks for contractors, code review and testing procedures, and continuous monitoring and incident response processes

Question 37

116) An amusement park is implementing a biometric system that validates customers’ fingerprints to ensure they are not sharing tickets. The park’s owner values customers above all and would prefer customers’ convenience over security. For this reason, which of the following features should the security team prioritize FIRST?
A.Low FAR
B.Low efficacy
C.Low FRR
D.Low CER

Answer 37

C.Low FRR

There are two main metrics that are used to determine the performance of biometrics:
1.
FAR (False Acceptance Rate)
2.
FRR (False Rejection Rate)
False Acceptance Rate (FAR) is a metric for bio-metric performance that determines the number of instances where unauthorized persons were incorrectly authorized.
False Rejection Rate (FRR) is a metric that determines the number of instances where an authorized person are incorrectly rejected.
If the emphasis is security, then making sure the False Acceptance Rate is low as a low FAR rate means a lower possibility for someone to be authorized who shouldn’t. If the emphasis is convenience, then you’d want to make sure the False Rejection Rate is low as a low FRR means a lower possibility for someone to be rejected who should be authorized.