CYSA+
An organization implements password policies to tighten security. Which policy is NOT considered deprecated?
2-step verification
An IT expert troubleshoots an email server issue for security purposes. During troubleshooting, the expert discovers that SMTP logs indicate that the service is not available. Which code indicates this type of issue?
421
Public relations personnel for a technology company release a statement regarding a recent breach. The statement describes the incident as an occurrence of data exfiltration. Evaluate the following statements and determine which one PR uses as a source of information.
A transfer of private data to an unknown system.
A security engineer performs a security scan on a network. The engineer decides on a scanning approach that has the possibility of negatively impacting a target system. Which approach does the engineer utilize?
Active
An IT administrator identifies a service interruption on a server through system and application log files and alerts. Users are not able to obtain an IP address and the network is unresponsive. Which issue may be causing the problem?
An attack may have disrupted a service.
An IT manager is performing vendor due diligence with a new server supplier. Of the given choices, which are valid standards? Select all that apply.
Cybersecurity risk management program Financial and regulatory reliability
Which issues may complicate a cloud-based forensics investigation? Select all that apply.
Chain of custody Data recovery Data sovereignty
A user oversees a system that processes data for their company throughout the day. The user also uses the system to mine bitcoin. Which areas is this particular use in conflict with? Select all that apply.
Code of conduct Acceptable use policy Ethics
An engineer configures an intrusion detection system to create alerts when it finds a security issue. A variety of output formats are available. The engineer chooses a format that allows the output file to be easily read in Microsoft Excel. Which format does the engineer decide to use?
Comma-separated values
A company's technical product design documents are currently stored on a shared public folder. Additionally, employee and service contracts have no data protection clauses. Which of the following controls should be deployed to make this documentation confidential? Select all that apply.
Configure access controls to determine permissions Require employees and contractors to sign NDAs
Engineers analyze previous hacks and intrusions to produce definitions of the tactics, techniques, and procedures (TTP) used to perform attacks. When evaluating data, the engineers classify which attack based on the behavior of increased network traffic?
Data exfiltration
A security specialist is responding to an incident for a large firm. The specialist notifies stakeholders in accordance with policy. Which phase does the specialist contribute to?
Detection & Analysis
Management at an organization uses warning signs to advise employees that storing unauthorized items will result in disciplinary procedures. Which control type has been implemented?
Deterrent
A developer seeks to automate the development process for a web application development. Which phase does the developer create a sandbox environment for?
Development
To reduce overall systems monitoring effort, an engineer increases the hardening of all workstations. Which approach ensures that unused hardware components do not become a security concern?
Disable devices
A systems engineer wishes to improve a development environment. The goal is for developers to implement within a virtualized environment. Which solution does the engineer deploy?
Docker
To avoid using hard-coded IP ranges, some malware will switch to dynamically-generated domains by first using an algorithm. This algorithm, used along with another technique, can continually change an IP address that a domain resolves to. Which is the first step in the process?
Domain generation algorithm
In software development, which process uses comparative measurements and ensures that the system outcomes are useful?
Evaluation
A network engineer is reviewing a recent vulnerability report from a colleague. The report conclusively contains many false positives related to hosts that another colleague debunked recently as non-issues. How can the network engineer manage information in later reports so that the team focuses on real vulnerabilities and threats? Select all that apply.
Exclude hosts Use exceptions Change priority
Users at an organization discover an exploit on a sales website. When the users visit a certain page, code executes and tries to install an application. Which attack type do the users experience?
File inclusion
A security firm conducts a process of risk identification and assessment. Using NIST's Managing Information Security Risk principles as a guide, which area does the firm outline that identifies eliminating negative change as an overall goal?
Frame
Analysts are deploying a new IT infrastructure with enhanced security controls. Stakeholders show concern for the state of the deployment as it is behind schedule. Of the given choices, stakeholders show concern in what area?
Governance
An organization needs to block traffic to deter command and control (C&C) traffic. Which traffic type is the most difficult to block?
HTTPS
A security analyst for a technology firm needs to attempt password recovery on a system. The analyst utilizes a tool that takes advantage of Graphics Processor Units (GPUs) for a brute force approach. Which tool does the analyst use?
Hashcat
An analyst needs to rate a vulnerability as 7.0+ using Common Vulnerability Scoring System (CVSS) metrics. Which score does the analyst choose?
High
A security firm establishes an office in a new building. In the office, security analysts gather information from member systems in industry-specific areas. The office functions as which type of facility?
ISAC
An IT administrator documents defensive capabilities mapped to each stage of an adversary's kill chain in a courses of action (CoA) matrix. The matrix uses defensive capabilities adapted from US military doctrine. The administrator focuses on learning about the adversary. Consider the approaches and determine which is in line with the administrator's work.
Identify an adversary's capabilities
A systems administrator is implementing best practices for API key management. Considering the approaches, which of the following will the systems administrator utilize to periodically regenerate keys?
Implement a key management system
A company abruptly terminates an employee. The employee harbors a known grievance as a result of the company's actions. Considering threat types, which two classify the ex-employee? Select all that apply.
Insider Outsider
A technology specialist is investigating a computer infected with malware. The investigator discovers that the malware caused a data leak that reveals the private information for an upcoming product. Which data type did the malware compromise?
Intellectual property (IP)
Malware can use various obfuscation techniques to circumvent signature-matching. The exact form that such malware will take is unknown, but its operation is typically predictable. An admin categorizes this type of attack under which threat class?
Known unknowns
In contrast to traditional packet sniffing, Zeek, a packet capture tool, offers which benefits? Select all that apply.
Log only data of potential interest Reduce storage requirements
8 of 90 Question A systems engineer at an organization tightens security by enabling sandboxing on a crucial system. This measure is in place to help prevent ransomware. Which valid features does the engineer enable on the system? Select all that apply.
Monitor network sockets Monitor network sockets
Numerous energy companies experience cyber attacks utilizing multiple zero days attacks in a short period of time. Analysts that investigate the attacks categorize the threats as coming from which actor type?
Nation-state
Engineers at a company feel that a rogue system exists on a corporate network. The engineers determine that capturing packets may help identify the system. Compare the device types and conclude which of the following the engineers utilize.
Network tap
Threat intelligence reveals a new type of malware is infecting Windows desktops in many companies. Security specialists at a company initiate threat hunting activities to investigate a potential infection. Which areas do the engineers investigate in implementing the hunt? Select all that apply.
Network traffic Process lists
A cybersecurity task force investigates a compromised server. The task force focuses on searching for account-based Indicators of Compromise (IoC). Which areas do members of the task force focus on? Select all that apply.
Off hours usage Failed logins
A security committee at an organization develops a security plan. Numerous security control types are in place. The organization utilizes a training program to provide best practices training to all employees. The committee uses which category to define the program?
Operational
An attacker compromises a user's single-sign on account by harvesting cached credentials on a system. Which attack type does the attacker utilize to accomplish this specific action?
Pass the hash
The Diamond Model suggests a framework to use to analyze an intrusion event by exploring the relationships between four core features. Which is NOT a core feature?
Phase
IT security experts are examining a system that was part of a security breach. The experts determine that port forwarding was a key element in the attack. Which technique do the experts conclude the attacker uses?
Pivoting
Cybersecurity analysts are considering a feasible approach to restoring a compromised cloud-based virtual machine. All systems are based on templates. Which approach do the analysts utilize?
Reimage
IT staff revamp an Active Directory implementation of folder permissions that uses group policy. The staff references user responsibilities in the company when creating permissions. Which control type does the staff focus on?
Role-based access control
An IT professional is creating an assessment scan workflow. Which step should the IT A systems administrator implements the use of trusted firmware for workstations in an organization. The administrator configures the boot process to require operating system certificates. Which capability does this feature require?professional implement before performing an initial scan?
Run suitable patches
A systems administrator implements the use of trusted firmware for workstations in an organization. The administrator configures the boot process to require operating system certificates. Which capability does this feature require?A user makes changes to directory permissions on a Linux system. Which of the given choices allows a group the read and write permissions?
Secure boot
An attack has compromised a virtualized server. Security experts perform forensic activity as part of a recovery effort. The experts conclude that the attack incrementally occurred over time. Evaluate the given challenges and determine which the experts face.
Security must merge any checkpoints to the main image, using a hypervisor tool.
A developer needs to test code for changes that relate to input validChain of custody Data recovery Data sovereigntyation. Which approach does the developer use?
Security regression testing
A security specialist configures an internal email system with enhanced spoofing protection. The approach specifies permitted senders for multiple domains. Which solution does the specialist implement?
Sender Policy Framework
A lead developer has a concern that a junior developer is routinely compromising code. In which way is the compromise possible? Select all that apply.
Software development kit Third-party library Code-reuse
A systems administrator for a large corporation is reviewing security settings on Windows PCs after a small malware incident. After finishing the review, the administrator establishes a group policy that prevents users from using any executables on a system, except within specifically designated folders. Which policies does the administrator implement? Select all that apply.
Software restriction policies Applocker
A systems administrator configures syslog to collect system events on a network. The admin's past experience with an older implementation of syslog did not go so well, as messages were lost on the network. Currently, the admin is configuring the syslog and notices it works quite well. Which of the following technologies did the systems admin utilize? Select all that apply.
TCP TLS
It is important to assess sources when adding information to a data set. Considering threat intelligence, this data is likely to derive from external sources. Which factor is key in disseminating updates?
Timeliness
A user tries to copy a sensitive file in the office and send it to an external email address. Since a data loss prevention service is in place, the attempted emails fail to reach the external email account. The user receives a message describing how their actions violated policy. Unbeknownst to the user, the attempted files in the email are quarantined. Which data loss prevention remediation method is the user experiencing?
Tombstone
There are different levels of data privacy categorization that follow military usage. Which level has the highest privacy rating?
Top-secret
The systems administrator for a medium-sized company manages a bring your own device (BYOD) program. There is concern about device misplacement and theft with small mobile devices, such as tablets and phones. Which area is the administrator concerned with? Select all that apply.
Unencrypted data Bringing work home
A specialized system requires elevated security requirements from other systems on the network. To accomplish this, the admin uses a VLAN for the system. Considering the technique, what isolation type did admin use?
Virtual segmentation
42 of 90 Question A developer researches a fix for a vulnerability that targets what is known as a network channel. Which platform does the developer reference? Select all that apply.
Web Client/server
A cybersecurity firm provides contracted penetration testing by using a variety of functional exercises. A specialist at the firm decides to use a war game approach and creates teams. The specialist needs to select a team to intervene if the game escalates too far. Which team does the firm assign to this role?
White
Which term refers to the way in which a company retains (hires) a forensic examiner to investigate a case?
Work product retention
An IT engineer decides to standardize on regular expression (regex) syntax when writing Security Information and Event Management (SIEM) correlation rules. The engineer needs to specify a match at the start of a line. Which syntax elements does the engineer use to accomplish this goal?
^
A user makes changes to directory permissions on a Linux system. Which of the given choices allows a group the read and write permissions?
d r-- rwx r-- home