Questions 2

A. A list of policies, which should be revised to provide better clarity to employees regarding acceptable use F. A list of topics that should be added to the organization's security awareness training program based on weaknesses exploited during the attack

A CSIRT has completed restoration procedures related to a breach of sensitive data is creating documentation used to improve the organization's security posture. The team has been specifically tasked to address logical controls in their suggestions. Which of the following would be MOST beneficial to include in lessons learned documentation? (Choose two.) A. A list of policies, which should be revised to provide better clarity to employees regarding acceptable use B. Recommendations relating to improved log correlation and alerting tools C. Data from the organization's IDS/IPS tools, which show the timeline of the breach and the activities executed by the attacker D. A list of potential improvements to the organization's NAC capabilities, which would improve AAA within the environment E. A summary of the activities performed during each phase of the incident response activity F. A list of topics that should be added to the organization's security awareness training program based on weaknesses exploited during the attack

B. privilege escalation caused by TPM override.

A buffer overflow can result in: A. loss of data caused by unauthorized command execution. B. privilege escalation caused by TPM override. C. reduced key strength due to salt manipulation. D. repeated use of one-time keys.

D. Time-of-day restrictions

A call center company wants to implement a domain policy primarily for its shift workers. The call center has large groups with different user roles. Management wants to monitor group performance. Which of the following is the BEST solution for the company to implement? A. Reduced failed logon attempts B. Mandatory password changes C. Increased account lockout time D. Time-of-day restrictions

B. Air gap

A company has just completed a vulnerability scan of its servers. A legacy application that monitors the HVAC system in the datacenter presents several challenges, as the application vendor is no longer in business.Which of the following secure network architecture concepts would BEST protect the other company servers if the legacy server were to be exploited? A. Virtualization B. Air gap C. VLAN D. Extranet

C.Password complexity requirements E.Account disablement

A company has migrated to two-factor authentication for accessing the corporate network, VPN, and SSO. Several legacy applications cannot support multifactor authentication and must continue to use usernames and passwords. Which of the following should be implemented to ensure the legacy applications are as secure as possible while ensuring functionality? (Choose two.) A.Privileged accounts B.Password reuse restrictions C.Password complexity requirements D.Password recovery E.Account disablement

B. RADIUS

A company has purchased a new SaaS application and is in the process of configuring it to meet the company's needs. The director of security has requested that the SaaS application be integrated into the company's IAM processes. Which of the following configurations should the security administrator set up in order to complete this request? A. LDAP B. RADIUS C. SAML D. NTLM

A. Vulnerability scanning

A company hires a consulting firm to crawl its Active Directory network with a non-domain account looking for unpatched systems. Actively taking control of systems is out of scope, as is the creation of new administrator accounts. For which of the following is the company hiring the consulting firm? A. Vulnerability scanning B. Penetration testing C. Application fuzzing D. User permission auditing

A. PAP B. PEAP

A company is currently using the following configuration: - IAS server with certificate-based EAP-PEAP and MSCHAP - Unencrypted authentication via PAP A security administrator needs to configure a new wireless setup with the following configurations: - PAP authentication method - PEAP and EAP provide two-factor authentication Which of the following forms of authentication are being used? (Choose two.) A. PAP B. PEAP C. MSCHAP D. PEAP- MSCHAP E. EAP F. EAP-PEAP

C.Implement Kerberos

A company is deploying a file-sharing protocol access a network and needs to select a protocol for authenticating clients. Management requests that the service be configured in the most secure way possible. The protocol must also be capable of mutual authentication, and support SSO and smart card logons. Which of the following would BEST accomplish this task? A.Store credentials in LDAP B.Use NTLM authentication C.Implement Kerberos D.Use MSCHAP authentication

A.Mission-essential function

A company is performing an analysis of the corporate enterprise network with the intent of identifying what will cause losses in revenue, referrals, and/or reputation when out of commission. Which of the following is an element of a BIA that is being addressed? A.Mission-essential function B.Single point of failure C.backup and restoration plans D.Identification of critical systems

802.1x using EAP with MSCHAPv2

A company needs to implement stronger authentication by adding an authentication factor to its wireless system. The wireless system only supports WPA with pre-shared keys, but the backend authentication system supports EAP and TTLS. What should the network administrator implement?

D. Port mirroring

A company recently experienced data exfiltration via the corporate network. In response to the breach, a security analyst recommends deploying an out-of-bandIDS solution. The analyst says the solution can be implemented without purchasing any additional network hardware. Which of the following solutions will be used to deploy the IDS? A. Network tap B. Network proxy C. Honeypot D. Port mirroring

D. PEAP

A company wants to implement a wireless network with the following requirements: ✑ All wireless users will have a unique credential. ✑ User certificates will not be required for authentication. ✑ The company's AAA infrastructure must be utilized. ✑ Local hosts should not store authentication tokens. Which of the following should be used in the design to meet the requirements? A. EAP-TLS B. WPS C. PSK D. PEAP

Enable sampling of the data

A company's NetFlow collection system can handle up to 2 Gbps. Due to excessive load, this has begun to approach full utilization at various times of the day. If the security team does not have additional money in their budget to purchase a more capable collector, which of the following options could they use to collect useful data?

D. Using magnetic fields to erase the data

A dumpster diver recovers several hard drives from a company and is able to obtain confidential data from one of the hard drives. The company then discovers its information is posted online. Which of the following methods would have MOST likely prevented the data from being exposed? A. Removing the hard drive from its enclosure B. Using software to repeatedly rewrite over the disk space C. Using Blowfish encryption on the hard drives D. Using magnetic fields to erase the data

B. The root CA has revoked the certificate of the intermediate CA

A help desk is troubleshooting user reports that the corporate website is presenting untrusted certificate errors to employees and customers when they visit the website. Which of the following is the MOST likely cause of this error, provided the certificate has not expired? A. The certificate was self signed, and the CA was not imported by employees or customers B. The root CA has revoked the certificate of the intermediate CA C. The valid period for the certificate has passed, and a new certificate has not been issued D. The key escrow server has blocked the certificate from being validated

B. RAID 1

A junior systems administrator noticed that one of two hard drives in a server room had a red error notification. The administrator removed the hard drive to replace it but was unaware that the server was configured in an array. Which of the following configurations would ensure no data is lost? A. RAID 0 B. RAID 1 C. RAID 2 D. RAID 3

D. Network segmentation

A network administrator is creating a new network for an office. For security purposes, each department should have its resources isolated from every other department but be able to communicate back to central servers. Which of the following architecture concepts would BEST accomplish this? A. Air gapped network B. Load balanced network C. Network address translation D. Network segmentation

C. VPN

A network administrator wants to implement a method of securing internal routing. Which of the following should the administrator implement? A. DMZ B. NAT C. VPN D. PAT

C. System sprawl

A recent internal audit is forcing a company to review each internal business unit's VMs because the cluster they are installed on is in danger of running out of computer resources. Which of the following vulnerabilities exist? A. Buffer overflow B. End-of-life systems C. System sprawl D. Weak configuration

D. Implement WPA2 Enterprise

A security administrator is performing a risk assessment on a legacy WAP with a WEP-enabled wireless infrastructure. Which of the following should be implemented to harden the infrastructure without upgrading the WAP? A. Implement WPA and TKIP B. Implement WPS and an eight-digit pin C. Implement WEP and RC4 D. Implement WPA2 Enterprise

B. It provides extended site validation

A security administrator is trying to encrypt communication. For which of the following reasons should administrator take advantage of the Subject Alternative Name (SAM) attribute of a certificate? A. It can protect multiple domains B. It provides extended site validation C. It does not require a trusted certificate authority D. It protects unlimited subdomains

C. ABAC

A security administrator needs to configure remote access to a file share so it can only be accessed between the hours of 9:00 a.m. and 5:00 p.m. Files in the share can only be accessed by members of the same department as the data owner. Users should only be able to create files with approved extensions, which may differ by department. Which of the following access controls would be the MOST appropriate for this situation? A. RBAC B. MAC C. ABAC D. DAC

C. Input validation

A security analyst accesses corporate web pages and inputs random data in the forms. The response received includes the type of database used and SQL commands that the database accepts. Which of the following should the security analyst use to prevent this vulnerability? A.Application fuzzing B.Error handling C.Input validation D.Pointer dereference

D.Peer review

A security analyst has been asked to perform a review of an organization's software development lifecycle. The analyst reports that the lifecycle does not contain a phase in which team members evaluate and provide critical feedback of another developer's code. Which of the following assessment techniques is BEST described in the analyst's report? A.Architecture evaluation B.Baseline reporting C.Whitebox testing D.Peer review

C. Review the company's current security baseline E. Run an exploitation framework to confirm vulnerabilities

A security analyst is assessing a small company's internal servers against recommended security practices. Which of the following should the analyst do to conduct the assessment? (Choose two.) A. Compare configurations against platform benchmarks B. Confirm adherence to the company's industry-specific regulations C. Review the company's current security baseline D. Verify alignment with policy related to regulatory compliance E. Run an exploitation framework to confirm vulnerabilities

A. 802.1X F. WPA2-PSK

A security analyst is hardening a large-scale wireless network. The primary requirements are the following: ✑ Must use authentication through EAP-TLS certificates ✑ Must use an AAA server ✑ Must use the most secure encryption protocol Given these requirements, which of the following should the analyst implement and recommend? (Select TWO.) A. 802.1X B. 802.3 C. LDAP D. TKIP E. CCMP F. WPA2-PSK

A. Generate an X.509-compliant certificate that is signed by a trusted CA. D. Ensure port 636 is open between the clients and the servers using the communication.

A security analyst is hardening a server with the directory services role installed. The analyst must ensure LDAP traffic cannot be monitored or sniffed and maintains compatibility with LDAP clients. Which of the following should the analyst implement to meet these requirements? (Choose two.) A. Generate an X.509-compliant certificate that is signed by a trusted CA. B. Install and configure an SSH tunnel on the LDAP server. C. Ensure port 389 is open between the clients and the servers using the communication. D. Ensure port 636 is open between the clients and the servers using the communication. E. Remote the LDAP directory service role from the server

A. .pfx certificate

A security analyst is implementing PKI-based functionality to a web application that has the following requirements: ✑ File contains certificate information ✑ Certificate chains ✑ Root authority certificates ✑ Private key All of these components will be part of one file and cryptographically protected with a password. Given this scenario, which of the following certificate types should the analyst implement to BEST meet these requirements? A. .pfx certificate B. .cer certificate C. .der certificate D. .crt certificate

D. Document findings and processes in the after-action and lessons learned report

A security analyst notices anomalous activity coming from several workstations in the organizations. Upon identifying and containing the issue, which of the following should the security analyst do NEXT? A. Document and lock the workstations in a secure area to establish chain of custody B. Notify the IT department that the workstations are to be reimaged and the data restored for reuse C. Notify the IT department that the workstations may be reconnected to the network for the users to continue working D. Document findings and processes in the after-action and lessons learned report

D. JavaScript data insertion

A security analyst receives an alert from a WAF with the following payload:var data= "<test test test>" ++ <../../../../../../etc/passwd>"Which of the following types of attacks is this? A. Cross-site request forgery B. Buffer overflow C. SQL injection D. JavaScript data insertion E. Firewall evasion script

A. Implement SRTP between the phones and the PBX

A security analyst wants to harden the company's VoIP PBX. The analyst is worried that credentials may be intercepted and compromised when IP phones authenticate with the BPX. Which of the following would best prevent this from occurring? A. Implement SRTP between the phones and the PBX. B. Place the phones and PBX in their own VLAN. C. Restrict the phone connections to the PBX. D. Require SIPS on connections to the PBX.

C. PEAP

A security engineer is configuring a wireless network that must support mutual authentication of the wireless client and the authentication server before users provide credentials. The wireless network must also support authentication with usernames and passwords. Which of the following authentication protocolsMUST the security engineer select? A. EAP-FAST B. EAP-TLS C. PEAP D. EAP

C. Generate a CSR

A security engineer wants to add SSL to the public web server. Which of the following would be the FIRST step to implement the SSL certificate? A. Download the web certificate B. Install the intermediate certificate C. Generate a CSR D. Encrypt the private key

A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.

A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery? A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis. B. Restrict administrative privileges and patch all systems and applications. C. Rebuild all workstations and install new antivirus software. D. Implement application whitelisting and perform user application hardening.

C.Purchase services from a cloud provider for high availability.

A small retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing. The business owner now needs to ensure two things: Protection from power outages Always-available connectivity in case of an outage The owner has decided to implement battery backups for the computer equipment. Which of the following would BEST fulfill the owner's second need? A.Lease a telecommunications line to provide POTS for dial-up access. B.Connect the business router to its own dedicated UPS. C.Purchase services from a cloud provider for high availability. D.Replace the business's wired network with a wireless network.

B.All calls to different DLLs should be hard-coded in the application

A software developer is concerned about DLL hijacking in an application being written. Which of the following is the MOST viable mitigation measure of this type of attack? A.The DLL of each application should be set individually B.All calls to different DLLs should be hard-coded in the application C.Access to DLLs from the Windows registry should be disabled D.The affected DLLs should be renamed to avoid future hijacking

B.New protocols often introduce unexpected vulnerabilities, even when developed with otherwise secure and tested algorithm libraries.

A software development company needs to share information between two remote servers, using encryption to protect it. A programmer suggests developing a new encryption protocol, arguing that using an unknown protocol with secure, existing cryptographic algorithm libraries will provide strong encryption without being susceptible to attacks on other known protocols. Which of the following summarizes the BEST response to the programmer's proposal? A.The newly developed protocol will only be as secure as the underlying cryptographic algorithms used. B.New protocols often introduce unexpected vulnerabilities, even when developed with otherwise secure and tested algorithm libraries. C.A programmer should have specialized training in protocol development before attempting to design a new encryption protocol. D.The obscurity value of unproven protocols against attacks often outweighs the potential for introducing new vulnerabilities.

A.Restrict privileges on the log file directory to "read only" and use a service account to send a copy of these files to the business unit.

A system uses an application server and database server. Employing the principle of least privilege, only database administrators are given administrative privileges on the database server, and only application team members are given administrative privileges on the application server. Audit and log file reviews are performed by the business unit (a separate group from the database and application teams). The organization wants to optimize operational efficiency when application or database changes are needed, but it also wants to enforce least privilege, prevent modification of log files, and facilitate the audit and log review performed by the business unit. Which of the following approaches would BEST meet the organization's goals? A.Restrict privileges on the log file directory to "read only" and use a service account to send a copy of these files to the business unit. B.Switch administrative privileges for the database and application servers. Give the application team administrative privileges on the database servers and the database team administrative privileges on the application servers. C.Remove administrative privileges from both the database and application servers, and give the business unit "read only" privileges on the directories where the log files are kept D.Give the business unit administrative privileges on both the database and application servers so they can independently monitor server activity.

A. Implement time-of-day restrictions. D. Create privileged accounts.

A systems administrator has been assigned to create accounts for summer interns. The interns are only authorized to be in the facility and operate computers under close supervision. They must also leave the facility at designated times each day. However, the interns can access intern file folders without supervision.Which of the following represents the BEST way to configure the accounts? (Select TWO.) A. Implement time-of-day restrictions. B. Modify archived data. C. Access executive shared portals. D. Create privileged accounts. E. Enforce least privilege.

C. Least privilege

A systems administrator has created network file shares for each department with associated security groups for each role within the organization. Which of the following security concepts is the systems administrator implementing? A. Separation of duties B. Permission auditing C. Least privilege D. Standard naming conversation

B. TLS host certificate

A systems administrator has implemented multiple websites using host headers on the same server. The server hosts two websites that require encryption and other websites where encryption is optional. Which of the following should the administrator implement to encrypt web traffic for the required websites? A. Extended domain validation B. TLS host certificate C. OCSP stapling D. Wildcard certificate

D. Adware

A technician is investigating a potentially compromised device with the following symptoms: ✑ Browser slowness ✑ Frequent browser crashes ✑ Hourglass stuck ✑ New search toolbar ✑ Increased memory consumption Which of the following types of malware has infected the system? A. Man-in-the-browser B. Spoofer C. Spyware D. Adware

A. Poorly trained users D. Improperly configured accounts

After a security assessment was performed on the enterprise network, it was discovered that:1. Configuration changes have been made by users without the consent of IT.2. Network congestion has increased due to the use of social media.3. Users are accessing file folders and network shares that are beyond the scope of their need to know.Which of the following BEST describe the vulnerabilities that exist in this environment? (Choose two.) A. Poorly trained users B. Misconfigured WAP settings C. Undocumented assets D. Improperly configured accounts E. Vulnerable business processes

A.Mandatory access control C.Rule-based access control

An administrator is implementing a secure web server and wants to ensure that if the web server application is compromised, the application does not have access to other parts of the server or network. Which of the following should the administrator implement? (Choose two.) A.Mandatory access control B.Discretionary access control C.Rule-based access control D.Role-based access control E.Attribute-based access control

C. WPA+TKIP

An administrator is replacing a wireless router. The configuration of the old wireless router was not documented before it stopped functioning. The equipment connecting to the wireless network uses older legacy equipment that was manufactured prior to the release of the 802.11i standard. Which of the following configuration options should the administrator select for the new wireless router? A. WPA+CCMP B. WPA2+CCMP C. WPA+TKIP D. WPA2+TKIP

D. Backdoor

An analyst is part of a team that is investigating a potential breach of sensitive data at a large financial services organization. The organization suspects a breach occurred when proprietary data was disclosed to the public. The team finds servers were accessed using shared credentials that have been in place for some time. In addition, the team discovers undocumented firewall rules, which provided unauthorized external access to a server. Suspecting the activities of a malicious insider threat, which of the following was MOST likely to have been utilized to exfiltrate the proprietary data? A. Keylogger B. Botnet C. Crypto-malware D. Backdoor E. Ransomware F. DLP

The attack widely fragmented the image across the host file system

An attacker has compromised a virtualized server. You are conducting forensic analysis as part of the recovery effort but found that the attacker deleted a virtual machine image as part of their malicious activity. Which of the following challenges do you now have to overcome as part of the recovery and remediation efforts?

The attachment is using a double file extension to mask its identity

An employee contacts the service desk because they cannot open an attachment they receive in their email. The service desk agent conducts a screen sharing session with the user and investigates the issue. The agent notices that the attached file is named Invoice1043.pdf, and a black pop-up window appears and then disappears quickly when the attachment was double-clicked. Which of the following is most likely causing this issue?

D. Disconnect the CEO's workstation from the network

An incident response analyst at a large corporation is reviewing proxy data log. The analyst believes a malware infection may have occurred. Upon further review, the analyst determines the computer responsible for the suspicious network traffic is used by the Chief Executive Officer (CEO).Which of the following is the best NEXT step for the analyst to take? A. Call the CEO directly to ensure awareness of the event B. Run a malware scan on the CEO's workstation C. Reimage the CEO's workstation D. Disconnect the CEO's workstation from the network

C.Group-based access control E.Individual accounts

An organization has hired a new remote workforce. Many new employees are reporting that they are unable to access the shared network resources while traveling. They need to be able to travel to and from different locations on a weekly basis. Shared offices are retained at the headquarters location. The remote workforce will have identical file and system access requirements, and must also be able to log in to the headquarters location remotely. Which of the following BEST represent how the remote employees should have been set up initially? (Choose two.) A.User-based access control B.Shared accounts C.Group-based access control D.Mapped drives E.Individual accounts F.Location-based policies

D. Username/password with a CAPTCHA

An organization hosts a public-facing website that contains a login page for users who are registered and authorized to access a secure, non-public section of the site. That non-public site hosts information that requires multifactor authentication for access. Which of the following access management approaches would be the BEST practice for the organization? A. Username/password with TOTP B. Username/password with pattern matching C. Username/password with a PIN D. Username/password with a CAPTCHA

C.Implement containerization on the workstations.

An organization is building a new customer services team, and the manager needs to keep the team focused on customer issues and minimize distractions. The users have a specific set of tools installed, which they must use to perform their duties. Other tools are not permitted for compliance and tracking purposes. Team members have access to the Internet for product lookups and to research customer issues. Which of the following should a security engineer employ to fulfill the requirements for the manager? A.Install a web application firewall. B.Install HIPS on the team's workstations. C.Implement containerization on the workstations. D.Configure whitelisting for the team.

B. Change management

An organization is comparing and contrasting migration from its standard desktop configuration to the newest version of the platform. Before this can happen, the Chief Information Security Officer (CISO) voices the need to evaluate the functionality of the newer desktop platform to ensure interoperability with existing software in use by the organization. In which of the following principles of architecture and design is the CISO engaging? A. Dynamic analysis B. Change management C. Baselining D. Waterfalling

White Team

An organization is conducting a cybersecurity training exercise. What team is Jason assigned to if he has been asked to monitor and manage the defenders' and attackers' technical environment during the exercise?

C. Web application firewall

An organization wants to implement a method to correct risks at the system/application layer. Which of the following is the BEST method to accomplish this goal? A. IDS/IPS B. IP tunneling C. Web application firewall D. Patch management

B.SAML E.Kerberos

An organization would like to allow employees to use their network username and password to access a third-party service. The company is using Active Directory Federated Services for their directory service. Which of the following should the company ensure is supported by the third-party? (Select TWO.) A.LDAPS B.SAML C.NTLM D.OAUTH E.Kerberos

C. Incremental

An organization's file server has been virtualized to reduce costs. Which of the following types of backups would be MOST appropriate for the particular file server? A. Snapshot B. Full C. Incremental D. Differential

C.Incremental

An organization's file server has been virtualized to reduce costs. Which of the following types of backups would be MOST appropriate for the particular file server? A.Snapshot B.Full C.Incremental D.Differential

A. New Vendor Entry - Required Role: Accounts Payable Clerk New Vendor Approval - Required Role: Accounts Payable Manager Vendor Payment Entry - Required Role: Accounts Payable Clerk Vendor Payment Approval - Required Role: Accounts Payable Manager

An organization's internal auditor discovers that large sums of money have recently been paid to a vendor that management does not recognize. The IT security department is asked to investigate the organizations the organization's ERP system to determine how the accounts payable module has been used to make these vendor payments The IT security department finds the following security configuration for the accounts payable module: - New Vendor Entry - Required Role: Accounts Payable Clerk - New Vendor Approval - Required Role: Accounts Payable Clerk - Vendor Payment Entry - Required Role: Accounts Payable Clerk - Vendor Payment Approval - Required Role: Accounts Payable Manager Which of the following changes to the security configuration of the accounts payable module would BEST mitigate the risk? A. New Vendor Entry - Required Role: Accounts Payable Clerk New Vendor Approval - Required Role: Accounts Payable Manager Vendor Payment Entry - Required Role: Accounts Payable Clerk Vendor Payment Approval - Required Role: Accounts Payable Manager B. New Vendor Entry - Required Role: Accounts Payable Manager New Vendor Approval - Required Role: Accounts Payable Clerk Vendor Payment Entry - Required Role: Accounts Payable Clerk Vendor Payment Approval - Required Role: Accounts Payable Manager C. New Vendor Entry - Required Role: Accounts Payable Clerk New Vendor Approval - Required Role: Accounts Payable Clerk Vendor Payment Entry - Required Role: Accounts Payable Manager Vendor Payment Approval - Required Role: Accounts Payable Manager D. New Vendor Entry - Required Role: Accounts Payable Clerk New Vendor Approval - Required Role: Accounts Payable Manager Vendor Payment Entry - Required Role: Accounts Payable Manager Vendor Payment Approval - Required Role: Accounts Payable Clerk

A. Option A

An organizations internal auditor discovers that large sums of money have recently been paid to a vendor that management does not recognize. The IT security department is asked to investigate the organizations the organizations ERP system to determine how the accounts payable module has been used to make these vendor payments.The IT security department finds the following security configuration for the accounts payable module: ✑ New Vendor Entry Required Role: Accounts Payable Clerk ✑ New Vendor Approval Required Role: Accounts Payable Clerk ✑ Vendor Payment Entry Required Role: Accounts Payable Clerk ✑ Vendor Payment Approval Required Role: Accounts Payable Manager Which of the following changes to the security configuration of the accounts payable module would BEST mitigate the risk? A. Option A B. Option B C. Option C D. Option D

B. Use a configuration compliance scanner.

As part of a new industry regulation, companies are required to utilize secure, standardized OS settings. A technical must ensure the OS settings are hardened. Which of the following is the BEST way to do this? A. Use a vulnerability scanner. B. Use a configuration compliance scanner. C. Use a passive, in-line scanner. D. Use a protocol analyzer

B.Use of active directory federation between the company and the cloud-based service

Company XYZ has decided to make use of a cloud-based service that requires mutual, certificate- based authentication with its users. The company uses SSL-inspecting IDS at its network boundary and is concerned about the confidentiality of the mutual authentication. Which of the following model prevents the IDS from capturing credentials used to authenticate users to the new service or keys to decrypt that communication? A.Use of OATH between the user and the service and attestation from the company domain B.Use of active directory federation between the company and the cloud-based service C.Use of smartcards that store x.509 keys, signed by a global CA D.Use of a third-party, SAML-based authentication service for attestation

A. It improves the legal defensibility of the company.

Corporations choose to exceed regulatory framework standards because of which of the following incentives? A. It improves the legal defensibility of the company. B. It gives a social defense that the company is not violating customer privacy laws. C. It proves to investors that the company takes APT cyber actors seriously D. It results in overall industrial security standards being raised voluntarily.

Application whitelisting

Dion Training wants to implement technology within their corporate network to BEST mitigate the risk that a zero-day virus might infect their workstations. Which of the following should be implemented FIRST?

A. Run weekly vulnerability scans and remediate any missing patches on all company devices

During a recent audit, several undocumented and unpatched devices were discovered on the internal network. Which of the following can be done to prevent similar occurrences? A. Run weekly vulnerability scans and remediate any missing patches on all company devices B. Implement rogue system detection and configure automated alerts for new devices C. Install DLP controls and prevent the use of USB drives on devices D. Configure the WAPs to use NAC and refuse connections that do not pass the health check

One-time password authentication

How would you appropriately categorize the authentication method being displayed here? (Note: the hardware token is being by itself used for authentication.)

Improper error handling

In 2014, Apple's implementation of SSL had a severe vulnerability that, when exploited, allowed an attacker to gain a privileged network position that would allow them to capture or modify data in an SSL/TLS session. This was caused by poor programming in which a failed check of the connection would exit the function too early. Based on this description, what is this an example of?

D. Pulverizing

Joe recently assumed the role of data custodian for this organization. While cleaning out an unused storage safe, he discovers several hard drives that are labeled "unclassified" and awaiting destruction. The hard drives are obsolete and cannot be installed in any of his current computing equipment. Which of the following is the BEST method for disposing of the hard drives? A. Burning B. Wiping C. Purging D. Pulverizing

C. Full

Joe, a backup administrator, wants to implement a solution that will reduce the restoration time of physical servers. Which of the following is the BEST method forJoe to use? A. Differential B. Incremental C. Full D. Snapshots

D. Missing null check

Refer to the following code: public class rainbow { public static void main (String [] args) { object blue = null; blue.hashcode ();} } Which of the following vulnerabilities would occur if this is executed? A. Page exception B. Pointer deference C. NullPointerException D. Missing null check

A.Account lockout

Stan notices there are several user accounts on the local network generating spam with embedded malicious code. Which of the following technical control should Stan put in place to BEST reduce these incidents? A.Account lockout B.Group Based Privileges C.Least privilege D.Password complexity

C.Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations

The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to upgrade the entire corporate IT infrastructure. The architecture consists of a centralized cloud environment hosting the majority of data, small server clusters at each corporate location to handle the majority of customer transaction processing, ATMs, and a new mobile banking application accessible from smartphones, tablets, and the Internet via HTTP. The corporation does business having varying data retention and privacy laws. Which of the following technical modifications to the architecture and corresponding security controls should be implemented to provide the MOST complete protection of data? A.Revoke exiting root certificates, re-issue new customer certificates, and ensure all transactions are digitally signed to minimize fraud, implement encryption for data in-transit between data centers B.Ensure all data is encryption according to the most stringent regulatory guidance applicable, implement encryption for data in-transit between data centers, increase data availability by replicating all data, transaction data, logs between each corporate location C.Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations D.Install redundant servers to handle corporate customer processing, encrypt all customer data to ease the transfer from one country to another, implement end-to-end encryption between mobile applications and the cloud.

C. Intrusion prevention system

The local electric power plant contains both business networks and ICS/SCADA networks to control their equipment. Which technology should the power plant's security administrators look to implement first as part of configuring better defenses for the ICS/SCADA systems? A. Anti-virus software B. Automated patch deployment C. Intrusion prevention system D. Log consolidation

Router and switch-based MAC address reporting

The management at Steven's work is concerned about rogue devices being attached to the network. Which of the following solutions would quickly provide the most accurate information that Steve could use to identify rogue devices on a wired network?

B. Patch the scanner

To get the most accurate results on the security posture of a system, which of the following actions should the security analyst do prior to scanning? A. Log all users out of the system B. Patch the scanner C. Reboot the target host D. Update the web plugins

C.Migrate the relevant emails into an "Archived" folder.

To reduce disk consumption, an organization's legal department has recently approved a new policy setting the data retention period for sent email at six months. Which of the following is the BEST way to ensure this goal is met? A.Create a daily encrypted backup of the relevant emails. B.Configure the email server to delete the relevant emails. C.Migrate the relevant emails into an "Archived" folder. D.Implement automatic disk compression on email servers.

B. CA

Two users need to send each other emails over unsecured channels. The system should support the principle of non-repudiation. Which of the following should be used to sign the user's certificates? A. RA B. CA C. CRL D. CSR

Directing traffic to internal services if the contents of the traffic comply with the policy

What is a reverse proxy commonly used for?

C. Blowfish

What technology is NOT PKI x.509 compliant and cannot be used in various secure functions? A. SSL/TLS B. PKCS C. Blowfish D. AES

Nessus

What tool can be used to scan a network to perform vulnerability checks and compliance auditing?

D.4

When backing up a database server to LTO tape drives, the following backup schedule is used. Backups take one hour to complete: - Sunday(7 PM): Full backup - Monday(7 PM): Incremental - Tuesday(7 PM): Incremental - Wednesday (7 PM): Differential - Thursday(7 PM): Incremental - Friday(7 PM): Incremental - Saturday(7 PM): Incremental On Friday at 9:00 p.m., there is a RAID failure on the database server. The data must be restored from backup. Which of the following is the number of backup tapes that will be needed to complete this operation? A.1 B.2 C.3 D.4 E.6

C.Daily standups

Which of the following BEST distinguishes Agile development from other methodologies in terms of vulnerability management? A.Cross-functional teams B.Rapid deployments C.Daily standups D.Peer review E.Creating user stories

D. It restricts the access of the software to a contained logical space and limits possible damage.

Which of the following BEST explains why sandboxing is a best practice for testing software from an untrusted vendor prior to an enterprise deployment? A. It allows the software to run in an unconstrained environment with full network access. B. It eliminates the possibility of privilege escalation attacks against the local VM host. C. It facilitates the analysis of possible malware by allowing it to run until resources are exhausted. D. It restricts the access of the software to a contained logical space and limits possible damage.

D.It restricts the access of the software to a contained logical space and limits possible damage.

Which of the following BEST explains why sandboxing is a best practice for testing software from an untrusted vendor prior to an enterprise deployment? A.It allows the software to run in an unconstrained environment with full network access. B.It eliminates the possibility of privilege escalation attacks against the local VM host. C.It facilitates the analysis of possible malware by allowing it to run until resources are exhausted. D.It restricts the access of the software to a contained logical space and limits possible damage.

A.Fuzzing

Which of the following allows an auditor to test proprietary-software compiled code for security flaws? A.Fuzzing B.Static review C.Code signing D.Regression testing

C. No valid digital signature from a known security organization E. Embedded URLs

Which of the following are considered among the BEST indicators that a received message is a hoax? (Choose two.) A. Minimal use of uppercase letters in the message B. Warnings of monetary loss to the receiver C. No valid digital signature from a known security organization D. Claims of possible damage to computer hardware E. Embedded URLs

C.No valid digital signature from a known security organization E.Embedded URLs

Which of the following are considered among the BEST indicators that a received message is a hoax? (Choose two.) A.Minimal use of uppercase letters in the message B.Warnings of monetary loss to the receiver C.No valid digital signature from a known security organization D.Claims of possible damage to computer hardware E.Embedded URLs

B. Rainbow tables must include precomputed hashes. E. Rainbow table attacks bypass maximum failed login restrictions.

Which of the following characteristics differentiate a rainbow table attack from a brute force attack? (Choose two.) A. Rainbow table attacks greatly reduce compute cycles at attack time. B. Rainbow tables must include precomputed hashes. C. Rainbow table attacks do not require access to hashed passwords. D. Rainbow table attacks must be performed on the network. E. Rainbow table attacks bypass maximum failed login restrictions.

B.VM escape

Which of the following describes the ability of code to target a hypervisor from inside a guest OS? A.Fog computing B.VM escape C.Software-defined networking D.Image forgery E.Container breakout

C. Agile

Which of the following development models entails several iterative and incremental software development methodologies such as Scrum? A. Spiral B. Waterfall C. Agile D. Rapid

A.ARP poisoning

Which of the following enables sniffing attacks against a switched network? A.ARP poisoning B.IGMP snooping C.IP spoofing D.SYN flooding

D. Escalation of privilege

Which of the following penetration testing concepts is an attacker MOST interested in when placing the path of a malicious file in the Windows/CurrentVersion/Run registry key? A. Persistence B. Pivoting C. Active reconnaissance D. Escalation of privilege

A.Privilege escalation

Which of the following specifically describes the exploitation of an interactive process to access otherwise restricted areas of the OS? A.Privilege escalation B.Pivoting C.Process affinity D.Buffer overflow

Whaling

Which of the following types of attacks occurs when an attacker specifically targets the CEO, CFO, CIO, and other board members during their attack?

RP

Which party in a federation provides services to members of the federation?

B. Malicious Processes

You are conducting an incident response and want to determine if any account-based indicators of compromise (IoC) exist on a compromised server. Which of the following would you NOT search for on the server? A. Unauthorized Access B. Malicious Processes C. Off-hours usage D. Failed logins

Block all unused ports on the switch, router, and firewall Logically place the Windows 2019 Server into the network's DMZ

You are setting up the Remote Desktop Services on a Windows 2019 server. To increase the security of the server, which TWO of the following actions should you take?

NAC

You received an incident response report indicating a piece of malware was introduced into the company's network through a remote workstation connected to the company's servers over a VPN connection. Which of the following controls should be applied to prevent this type of incident from occurring again?

DaaS

You want to play computer-based video games from anywhere in the world using your laptop or tablet. You heard about a new product called a Shadow PC that is a virtualized Windows 10 Home gaming PC in the cloud. Which of the following best describes this type of service?