2 sec+
Question 55: Skipped A competitor recently bought Dion Training's ITIL 4 Foundation training course, transcribed the video captions into a document, re-recorded the course exactly word for word as an audiobook, then published this newly recorded audiobook for sale on Audible. From Dion Training's perspective, how would you BEST classify this situation?
IP theft
Question 40: Skipped Which of the protocols listed is NOT likely to trigger a vulnerability scan alert when used to support a virtual private network (VPN)?
IPsec
Question 25: Skipped Jamie's organization is attempting to budget for the next fiscal year. Jamie has calculated that the asset value of a database server is $120,000. Based on her analysis, she believes that a data breach to this server will occur once every four years and has a risk factor is 30%. What is the ALE for a data breach within Jamie's organization?
$9,000
Question 57: Skipped You just received a notification that your company's email servers have been blocklisted due to reports of spam originating from your domain. What information do you need to start investigating the source of the spam emails?
The full email header from one of the spam messages
Question 20: Skipped The Pass Certs Fast corporation has recently been embarrassed by several high-profile data breaches. The CIO proposes improving the company's cybersecurity posture by migrating images of all the current servers and infrastructure into a cloud-based environment. What, if any, is the flaw in moving forward with this approach?
This approach only changes the location of the network and not the network's attack surface
Question 44: Skipped What is the utilization of insights gained from threat research and threat modeling to proactively discover evidence of an adversarial TTP within a network or system called?
Threat hunting
Question 38: Skipped A user has reported that their workstation is running very slowly. A technician begins to investigate the issue and notices a lot of unknown processes running in the background. The technician determines that the user has recently downloaded a new application from the internet and may have become infected with malware. Which of the following types of infections does the workstation MOST likely have?
Trojan
Question 48: Skipped Dion Training is hiring a penetration testing firm to conduct an assessment of its corporate network. As part of the contract, the company has specified that it will not provide any network details to the penetration testing firm. Instead, the company wants to see how much information about the network can be found by the penetration testers using open-source research and scanning the corporate network. What type of assessment is this considered?
Unknown environment testing
Question 17: Skipped Which of the following is not normally part of an endpoint security suite?
VPN
Question 4: Skipped Your company has an office in Boston and is worried that its employees may not reach the office during periods of heavy snowfall. You have been asked to select a technology that would allow employees to work remotely from their homes during poor weather conditions. Which of the following should you select?
VPN
Question 65: Skipped You need to determine the best way to test operating system patches in a lab environment before deploying them to your automated patch management system. Unfortunately, your network has several different operating systems in use, but you only have one machine available to test the patches on. What is the best environment to utilize to perform the testing of the patches before deployment?
Virtualization
Question 39: Skipped (refer to picture) You have run a vulnerability scan and received the following output: Which of the following categories should this be classified as?
Web application cryptography vulnerability
Question 37: Skipped Dave's company utilizes Google's G-Suite environment for file sharing and office productivity, Slack for internal messaging, and AWS for hosting their web servers. Which of the following cloud models type of cloud deployment models is being used?
Multi-cloud
Question 30: Skipped Dion Training utilizes a wired network throughout the building to provide network connectivity. Jason is concerned that a visitor might plug their laptop into a CAT 5e wall jack in the lobby and access the corporate network. What technology should be utilized to prevent users from gaining access to network resources if they can plug their laptops into the network?
NAC
Question 29: Skipped You just received an email from Bob, your investment banker, stating that he completed the wire transfer of $10,000 to your bank account in Vietnam. The problem is, you do not have a bank account in Vietnam, so you immediately call Bob to ask what happened. Bob explains that he received an email from you requesting the transfer. You insist you never sent that email to Bob initiating this wire transfer. What aspect of PKI could be used to BEST ensure that a sender sent a particular email message and avoid this type of situation?
Non-repudiation
Question 3: Skipped A security analyst conducts a Nmap scan of a server and found that port 25 is open. What risk might this server be exposed to?
Open mail relay
Question 46: Skipped Which protocol is paired with OAuth2 to provide authentication of users in a federated identity management solution?
OpenID Connect
Question 23: Skipped Your company has decided to move all of its data into the cloud. Your company is small and has decided to purchase some on-demand cloud storage resources from a commercial provider (such as Google Drive) as its primary cloud storage solution. Which of the following types of clouds is your company using?
Public
Question 60: Skipped Taylor needs to sanitize hard drives from some leased workstations before returning them to a supplier at the end of the lease period. The workstations' hard drives contained sensitive corporate data. Which is the most appropriate choice to ensure that data exposure doesn't occur during this process?
Purge, validate, and document the sanitization of the drives
Question 75: Skipped After completing an assessment, you create a chart listing the associated risks based on the vulnerabilities identified with your organization's privacy policy. The chart contains listings such as high, medium, and low. It also utilizes red, yellow, and green colors based on the likelihood and impact of a given incident. Which of the following types of assessments did you just complete?
Qualitative risk assessment
Question 2: Skipped Which of the following is a common attack model of an APT attack?
Quietly gathers information from compromised systems
Question 47: Skipped Frank and John have started a secret club together. They want to ensure that when they send messages to each other, they are truly unbreakable. What encryption key would provide the STRONGEST and MOST secure encryption?
Randomized one-time use pad
Question 31: Skipped You are working as part of the server team for an online retail store. Due to the upcoming holidays, your boss is worried that the current servers may not be able to handle the increased demand during a big sale. Which of the following cloud computing concepts can quickly allow services to scale upward during busy periods and scale down during slower periods based on the changing user demand?
Rapid elasticity
Question 74: Skipped A security analyst is conducting a log review of the company's web server and found two suspicious entries: (check picture) The analyst contacts the web developer and asks for a copy of the source code to the logon.php script. The script is as follows: Based on source code analysis, which type of vulnerability is this web server vulnerable to?
SQL injection
Question 77: Skipped William would like to use full-disk encryption on his laptop. He is worried about slow performance, though, so he has requested that the laptop have an onboard hardware-based cryptographic processor. Based on this requirement, what should William ensure the laptop contains?
TPM
Question 62: Skipped Which of the following policies should contain the requirements for removing a user's access when an employee is terminated?
Account management policy
Question 33: Skipped A cybersecurity analyst is working at a college that wants to increase its network's security by implementing vulnerability scans of centrally managed workstations, student laptops, and faculty laptops. Any proposed solution must scale up and down as new students and faculty use the network. Additionally, the analyst wants to minimize the number of false positives to ensure accuracy in their results. The chosen solution must also be centrally managed through an enterprise console. Which of the following scanning topologies would be BEST able to meet these requirements?
Active scanning engine installed on the enterprise console
Question 52: Skipped What tool is used to collect wireless packet data?
Aircrack-ng
Question 22: Skipped Which law requires government agencies and other organizations that operate systems on behalf of government agencies to comply with security standards?
FISMA
Question 51: Skipped What type of scan will measure the size or distance of a person's external features with a digital video camera?
Facial recognition scan
Question 16: Skipped Your intrusion detection system has produced an alert based on its review of a series of network packets. After analysis, it is determined that the network packets did not contain any malicious activity. How should you classify this alert?
False positive
Question 61: Skipped You have been hired as a cybersecurity analyst for a privately-owned bank. Which of the following regulations would have the greatest impact on your bank's cybersecurity program?
GLBA
Question 50: Skipped Which of the following security controls provides Windows system administrators with an efficient way to deploy system configuration settings across many devices?
GPO
Question 21: Skipped While performing a vulnerability scan, Christina discovered an administrative interface to a storage system is exposed to the internet. She looks through the firewall logs and attempts to determine whether any access attempts have occurred from external sources. Which of the following IP addresses in the firewall logs would indicate a connection attempt from an external source?
192.186.1.100
Question 49: Skipped Which of the following ports should you block at the firewall if you want to prevent a remote login to a server from occurring?
22
Question 1: Skipped You have just finished running a Nmap scan on a server are see the following output: Based on the output above, which of the following ports listed as open represents the most significant security vulnerability to your network?
23
Question 27: Skipped Which of the following cryptographic algorithms is classified as symmetric?
AES
Question 71: Skipped If you cannot ping a target because you are receiving no response or a response that states the destination is unreachable, then ICMP may be disabled on the remote end. If you wanted to elicit a response from a host using TCP, what tool would you use?
Hping
Question 72: Skipped A small business recently experienced a catastrophic data loss due to flooding from a recent hurricane. The customer had no backups, and flooding destroyed all of the hardware associated with the small business. As part of the rebuilding process, the small business contracts with your company to help create a disaster recovery plan to ensure this never reoccurs again. Which of the following recommendations should you include as part of the disaster recovery plan?
Backups should be conducted to a cloud-based storage solution
Question 69: Skipped You have been asked to determine if Dion Training's web server is vulnerable to a recently discovered attack on an older version of SSH. Which technique should you use to determine the current version of SSH running on their web server?
Banner grabbing
Question 58: Skipped Nick is participating in a security exercise as part of the network defense team for his organization. Which team is Nick playing on?
Blue team
Question 79: Skipped A cybersecurity analyst notices that an attacker is trying to crack the WPS pin associated with a wireless printer. The device logs show that the attacker tried 00000000, 00000001, 00000002 and continued to increment by 1 number each time until they found the correct PIN of 13252342. Which of the following type of password cracking was being performed by the attacker?
Brute-force
Question 68: Skipped Lamont is in the process of debugging a software program. As he examines the code, he discovers that it is miswritten. Due to the error, the code does not validate a variable's size before allowing the information to be written into memory. Based on Lamont's discovery, what type of attack might occur?
Buffer overflow
Question 80: Skipped Dion Training has set up a lab consisting of 12 laptops for students to use outside of normal classroom hours. The instructor is worried that a student may try to steal one of the laptops. Which of the following physical security measures should be used to ensure the laptop is not stolen or moved out of the lab environment?
Cable locks
Question 5: Skipped A hacker successfully modified the sale price of items purchased through your company's website. During the investigation that followed, the security analyst has verified the web server, and the Oracle database was not compromised directly. The analyst also found no attacks that could have caused this during their log verification of the Intrusion Detection System (IDS). What is the most likely method that the attacker used to change the items' sale price?
Changing hidden form values
Question 28: Skipped Which of the following BEST describes when a third-party takes components produced by a legitimate manufacturer and assembles an unauthorized replica sold in the general marketplace?
Counterfeiting
Question 14: Skipped Which of the following describes the overall accuracy of a biometric authentication system?
Crossover error rate
Question 36: Skipped Which of the following cryptographic algorithms is classified as asymmetric?
DSA
Question 15: Skipped Your organization has recently suffered a data breach due to a server being exploited. As a part of the remediation efforts, the company wants to ensure that the default administrator password on each of the 1250 workstations on the network is changed. What is the easiest way to perform this password change requirement?
Deploy a new group policy
Question 7: Skipped You are conducting a code review of a program and observe the following calculation of 0xffffffff + 1 was attempted, but the result was returned as 0x0000000. Based on this, what type of exploit could be created against this program?
ECC
Question 35: Skipped What regulation protects the privacy of student educational records?
FERPA
Question 18: Skipped Your company just launched a new invoicing website for use by your five largest vendors. You are the cybersecurity analyst and have been receiving numerous phone calls that the webpage is timing out, and the website overall is performing slowly. You have noticed that the website received three million requests in just 24 hours, and the service has now become unavailable for use. What do you recommend should be implemented to restore and maintain the availability of the new invoicing system?
Implement an allow list
Question 45: Skipped In 2014, Apple's implementation of SSL had a severe vulnerability that, when exploited, allowed an attacker to gain a privileged network position that would allow them to capture or modify data in an SSL/TLS session. This was caused by poor programming in which a failed check of the connection would exit the function too early. Based on this description, what is this an example of?
Improper error handling
Question 66: Skipped A corporate workstation was recently infected with malware. The malware was able to access the workstation's credential store and steal all the usernames and passwords from the machine. Then, the malware began to infect other workstations on the network using the usernames and passwords it stole from the first workstation. The IT Director has directed its IT staff to develop a plan to prevent this issue from occurring again. Which of the following would BEST prevent this from reoccurring?
Install an anti-virus or anti-malware solution that uses heuristic analysis
Question 76: Skipped Dion Training has added a salt and cryptographic hash to their passwords to increase the security before storing them. To further increase security, they run this process many times before storing the passwords. What is this technique called?
Key stretching
Question 59: Skipped Which of the following technologies is NOT a shared authentication protocol?
LDAP
Question 53: Skipped The paparazzi have found copies of pictures of a celebrity's new baby online. The celebrity states they were never publicly released but were uploaded to their cloud provider's automated photo backup. Which of the following threats was the celebrity MOST likely a victim of?
Leaked personal files
Question 78: Skipped A new corporate policy dictates that all access to network resources will be controlled based on the user's job functions and tasks within the organization. For example, only people working in Human Resources can access employee records, and only the people working in finance can access customer payment histories. Which of the following security concepts is BEST described by this new policy?
Least privilege
Question 24: Skipped Which of the following items represents a document that includes detailed information on when an incident was detected, how impactful the incident was, how it was remediated, the effectiveness of the incident response, and any identified gaps that might require improvement?
Lessons learned report
Question 56: Skipped Which type of system would classify traffic as malicious or benign based on explicitly defined examples of malicious and benign traffic?
Machine learning
Question 73: Skipped You have discovered that an employee has been conducting illegal activities using his workplace computer. You have taken possession of the employee's laptop according to your company's procedures and are waiting to give it to law enforcement authorities. What should you do when turning over the laptop to the police?
Maintain the chain of custody
Question 64: Skipped During your review of the firewall logs, you notice that an IP address from within your company's server subnet had been transmitting between 125 to 375 megabytes of data to a foreign IP address overnight each day. You have determined this has been occurring for approximately 5 days, and the affected server has since been taken offline for forensic review. Which of the following is MOST likely to increase the impact assessment of the incident?
PII of company employees and customers was exfiltrated
Question 63: Skipped A firewall administrator has configured a new screened subnet to allow public systems to be segmented from the organization's internal network. The firewall now has three security zones set: Untrusted (Internet) [143.27.43.0/24]; DMZ (Screened Subnet) [161.212.71.0/24]; Trusted (Intranet) [10.10.0.0/24]. The firewall administrator has been asked to enable remote desktop access from a fixed IP on the remote network to a remote desktop server in the screened subnet for the Chief Security Officer to work from his home office after hours. The CSO's home internet uses a static IP of 143.27.43.32. The remote desktop server is assigned a public-facing IP of 161.212.71.14. What rule should the administrator add to the firewall?
Permit 143.27.43.32 161.212.71.14 RDP 3389
Question 32: Skipped (Sample Simulation - On the real exam for this type of question, you would have to rearrange the steps into the proper order by dragging and dropping them into place.) (refer to picture) You are working as part of a cyber incident response team. An ongoing attack has been identified on your webserver. Your company wants to take legal action against the criminals who have hacked your server, so they have brought a forensic analyst from the FBI to collect the evidence from the server. In what order should the digital evidence be collected based on the order of volatility?
Processor Cache, Random Access Memory, Swap File, Hard Drive or USB Drive
Question 13: Skipped Which attack method is MOST likely to be used by a malicious employee or insider trying to obtain another user's passwords?
Shoulder surfing
Question 70: Skipped You are working for a government contractor who requires all users to use a PIV device when sending digitally signed and encrypted emails. Which of the following physical security measures is being implemented?
Smart card
Question 54: Skipped You are investigating a suspected compromise. You have noticed several files that you don't recognize. How can you quickly and effectively check if the files have been infected with malware?
Submit the files to an open-source intelligence provider like VirusTotal
Question 67: Skipped You are conducting an intensive vulnerability scan to detect which ports might be open to exploitation. During the scan, one of the network services becomes disabled and impacts the production server. Which of the following sources of information would provide you with the most relevant information for you to use in determining which network service was interrupted and why?
Syslog
Question 26: Skipped Your team is developing an update to a piece of code that allows customers to update their billing and shipping addresses in the web application. The shipping address field used in the database was designed with a limit of 75 characters. Your team's web programmer has brought you some algorithms that may help prevent an attacker from trying to conduct a buffer overflow attack by submitting invalid input to the shipping address field. Which pseudo-code represents the best solution to prevent this issue?
if (shippingAddress <= 75) {update field} else exit
Question 34: Skipped You are troubleshooting an issue with a Windows desktop and need to display the machine's active TCP connections. Which of the following commands should you use?
netstat