PRACTICE TEST B

SSH, HTTP, MySQL

After running a nmap scan on a system, you receive scanned data, which indicates that the following three ports are open: 22/tcp 80/tcp 3306/tcp

Security incident

Alex works for an organization that classifies security-related events using the National Institute of Standards and Technology's (NIST's) standard definitions. Which classification should Alex use when he discovers keylogging software on one of his executive's laptops?

Honeypot

An analyst has received unusual alerts on the security information and event management (SIEM) dashboard. The analyst wants to get payloads that hackers are sending toward the target system without impacting the business operation. Which of the following should the analyst implement to achieve this task in the given scenario?

Medium

Ben is working in an IT services organization that uses the National Institute of Standards and Technology (NIST) functional impact categories to describe the impact of incidents. During a recent construction project, a contractor plugged a network device to the same switch twice, resulting in a network loop and taking down the organization's network for one-third of its users. Which functional impact category should Ben use to classify the event given in the scenario?

Wipe and rebuild the compromised system.

Bob's manager has asked him to ensure that a compromised system has purged of the compromise. What is Bob's best course of action to ensure this?

The primary link went down and he should check the secondary link for traffic.

Brian works in an XYZ organization. His network suddenly stops working at 8:40 AM, interrupting video conferences, streaming, and other services throughout his organization, and then resumes functioning. When Brian logs into his Paessler Router Traffic Grapher (PRTG) console and checks his router's traffic via the primary connection's redundant network link, he sees the following graph. What should Brian presume occurred based on the given information shown in figure A?

Static analysis

Bruce is considering the acquisition of a software testing package that allows programmers to provide their source code as input. The package analyzes the code and identifies potential security issues without executing it. What type of analysis is Bruce performing in the given scenario?

Burp ZAP Tamper Data

Carla is performing a penetration test of a web application and wants to use a software package that allows her to modify requests being sent from her system to a remote web server. Which of the following tools would meet Carla's needs? Each correct answer represents a complete solution. Choose all that apply.

Preparation

Dan is designing a segmented network that places systems with different levels of security requirements into different subnets with firewalls and other network security devices between them. In which phase of the incident response process is Dan working in the given scenario?

Containment, eradication, and recovery

During an incident response process, Susan heads to a compromised system and pulls its network cable. Which phase of the incident response process is Susan performing?

OpenIOC

Sam works as a security analyst in an XYZ company. He sends threat intelligence information to his manager in a machine-readable format so that the manager can verify it. In that format, Mandiant's indicators are used by Sam for the base framework. Which format did Sam use in the given scenario?

Vulnerability scan

Sam, a security analyst, during a recent audit discovered an issue that many services and desktops were missing security patches. Which of the following best describes the assessment that he should perform to discover the issue in the given scenario?

Risk mitigation

Sasha recently implemented an intrusion prevention system, which is designed to block common network attacks from affecting her organization. Which type of risk management strategy is she pursuing on the system in the given scenario?

Privilege escalation

Some users are able to obtain access to additional resources or functionality that they are normally not allowed to access. Which type of attack is being referred to in the given scenario?

They must meet the intent and rigor of the original requirement. They must provide a similar level of defense as the original requirement. They must be "above and beyond" other PCI DSS procedures.

Which of the following statements are true of proper compensating controls? Each correct answer represents a complete solution. Choose all that apply.

Host firewall

Which of the following technologies is not generally used to implement network segmentation?

Netcat

Which utility will you use to connect and directly interact with a service?

Community

A medical company wants to take advantage of a complex application but wants to manage cost savings by accessing a shared instance of an application hosted in the cloud. Considering regulatory requirements, which type of cloud delivery model should a medical company use in the given scenario?

Sandbox

A security administrator is constructing a development environment and places three virtual servers in a new virtual network to isolate them from the production network. Which of the following describes the environment that the administrator is building in the given scenario?

Zone transfer

Chris wants to gather as much information as he can about an organization using DNS harvesting techniques. Which of the following methods will easily provide useful information about an organization's network that he is targeting?

SIEM

Colin is looking for a solution that will help him to aggregate many different sources of security information created in his environment and correlate those sources for relevant security issues. Which one of the following tools would assist Colin to accomplish the given task?

Severity 5

Donna is analyzing the vulnerability scan report of her organization's network. She wants to determine which vulnerability to remediate first. She would like to focus on the most critical vulnerability according to the potential impact, if exploited. Assuming the organization's firewall is properly configured, which of the following severity-level vulnerabilities in the organization's file server should she give the highest priority?

Vendor lock-in Vulnerability to attack

Which of the following are disadvantages of cloud computing? Each correct answer represents a complete solution. Choose all that apply.

Context-based authentication

A cybersecurity analyst traced the source of an attack to compromise a user's credentials. Log analysis revealed that an attacker was successfully authenticated from an unauthorized foreign country. Management asked the security analyst to research and implement a solution to mitigate attacks based on compromised passwords. Which of the following should the analyst implement in the given scenario?

IPsec

Jenny is evaluating the security of her organization's network management practices. She discovers that the organization is using Remote Authentication Dial-in User Service (RADIUS) for administrator authentication in network devices. Which additional security control should also be in place to ensure a secure operation?

SCADA IoT ICS

Jessica works as a cybersecurity analyst in an organization. She requires a system that allows the connection of physical devices and processes to networks and provides tremendous sources of data for organizations seeking to make their business processes more efficient and effective. Which of the following systems can she use as per the requirement in the given scenario? Each correct answer represents a complete solution. Choose all that apply.

Separation of duties

Katie, a security administrator, notices a potential fraud committed by a database administrator performing various job functions within the company. Which of the following is the best method for him to use to prevent such activities in the future?

ScoutSuite

Lisa, a cloud security administrator, wants to run a security configuration scan of a company's Microsoft Azure cloud environment. Which of the following tools would be most appropriate for Lisa to perform the scan in the given scenario?

Lessons learned report

Mark works as an incident team lead at XYZ Inc. Following the successful response to a data-leakage incident, he facilitates an exercise that focuses on continuous improvement of the organization's incident response capabilities. Which of the following he has facilitated in the given scenario?

Detection and analysis Containment, eradication, and recovery

Matt's incident response team has collected log information and is working on identifying attackers using that information. Which two stages of the NIST incident response process is his team working on in the given scenario? Each correct answer represents a complete solution. Choose two.

CCE

Matthew is creating a new forum for system engineers in his organization to discuss security configuration issues of his organization's systems. He wants administrators to have a standard language for discussing these configuration issues. Which Security Content Automation Protocol (SCAP) component will help Matthew to achieve this task in the given scenario?

SSH

During a port scan of a server, Miguel discovered that the following ports are open on the internal network: TCP port 25 TCP port 80 TCP port 110 TCP port 443 TCP port 1433 TCP port 3389 The scan results provide evidence that a variety of services are running on this server. Which of the following services is not indicated by the scan results?

PII

During their organization's incident response preparation, Charles and Linda are identifying critical information assets that an organization uses. Their organizational data sets include a list of customer names, addresses, phone numbers, and demographic information. By using which of the following should Charles and Linda classify this information?

Immediately

Peter's organization recently upgraded a firewall that protects a network where employees process credit card information. This network is subject to the provisions of the Payment Card Industry Data Security Standard (PCI DSS). When is Peter required to schedule the vulnerability scan of the network in the given scenario?

Sender Policy Framework (SPF)

Jordan is a network administrator who wants to specify which systems can send email messages through his company's mail servers. Which of the following will help him in accomplishing the given task?

Aircrack-ng

Juan, a black hat hacker, wants to perform a wireless network attack by breaking a password used for a network. Which of the following should he use to accomplish the given task?

Application programming interface

Kate works as a cloud solution architect in a cloud service provider company named GoCloud. Her company uses a standard interface to interact with web-based services programmatically. Which of the following is being referred to in the given scenario?

SIEM

Monica, a security administrator, wants to use a tool that will aggregate log and event data from the virtual and real networks, applications, and systems and also provides real-time reporting and alerting on information or events that may require intervention or other types of response. Which tool should she use in the given scenario?

ISO 27001

Roger is the chief information officer (CIO) for a midsize manufacturing firm. He recently returned from a meeting of the board of directors where he had an in-depth discussion about cybersecurity. One member of the board who is familiar with the International Organization for Standardization (ISO) standards in manufacturing quality control, asked if there was an ISO standard covering cybersecurity. Which standard is most relevant to the director's concern in the given scenario?

Agile development

Sam works as a software developer at an XYZ company. For his current project, he wants to work in iterations of phases for the quality of the project with each iteration producing specific deliverable. Which of the following models will he use to accomplish this task?

Pair programming

Sia and Maria work as a software developer on a project in an ABC organization. Both are working on the same workstation. For the quality of the project, Sia writes the code and Maria reviews the code written by Sia so that multiple developers are familiar with the code. Which of the following techniques Sia and Maria are pursuing in the given scenario?

Adversarial threat

Sia works as a security analyst in an organization. She consciously leaks private and crucial information of the organization to one of its business partners. Which of the following NIST's threat category is being referred to in the given scenario?

CPU cache > network traffic > disk drives > optical media

Susan has been asked to capture forensic data from a Windows PC and needs to ensure that she captures this data in their order of volatility. Which order is correct from most volatile to least volatile?

Application or token-based multifactor authentication

Susan's organization has faced a significant increase in successful phishing attacks, resulting in compromised accounts. She wants to implement additional technical controls to prevent successful attacks. Which of the following controls will be the most effective while being relatively simple and inexpensive to deploy in the given scenario?

Signature data analysis

Susan's organization suffered from a major breach that was attributed to an advanced persistent threat (APT), which used exploits of zero-day vulnerabilities to gain control of systems on her company's network. Which of the following is the least appropriate solution for Susan to use in preventing such type of future attacks?

netstat -nr

Fred has configured the Simple Network Management Protocol (SNMP) to gather information from his network devices and executed the following command: $ snmpgetnext -v 1 -c public device1 \ He received a response that included the following data: ip.ipRouteTable.ipRouteEntry.ipRouteDest \ip.ipRouteTable.ipRouteEntry.ipRouteNextHopip.ipRouteTable.ipRouteEntry.ipRouteDest.0.0.0.0 = IpAddress: 0.0.0.0ip.ipRouteTable.ipRouteEntry.ipRouteNextHop.0.0.0.0 = IpAddress: 10.0.11.1 Which local command can Fred execute to gather the same information?

White

Fred works as a penetration tester in an organization. He is responsible for establishing the rules of engagement and performance metrics for the penetration test that needs to be conducted inside the organization. As per the scenario, Fred is working under which of the following penetration testing teams?

Privilege escalation

Gavin is tracing the activities of an attacker who compromised a system on his network. The attacker appears to have used the credentials belonging to a janitor. After doing so, the attacker entered some strange commands with very long strings of text and then began using the sudo command to carry out other actions. What type of attack appears to have taken place in the given scenario?

Regression

Haley, a security administrator, is planning to deploy a security update to an application provided by a third-party vendor. She installed a patch in a test environment and would like to determine whether applying the patch creates other issues. Which type of test can Haley run to best determine the impact of applying the patch in the given scenario?

Traffic analysis

Rex, a security administrator, wants to identify irregular or unexpected behavior in network traffic communication patterns. Which of the following security analysis techniques should he perform?

Determine what users' contract says about investigations. Determine what legal recourse users have with a vendor. Identify data that users needs and whether it is available via methods, which they or their organization controls.

If users are performing forensic investigations on cloud services, it will be very challenging for them to preserve data. Which of the following tasks will users perform to overcome these challenges in the given scenario? Each correct answer represents a complete solution. Choose all that apply.

Qualys's vulnerability scanner

Ryan, a system engineer in an organization, is facing some issues in his system while working. To resolve this issue, he decided to use a vulnerability scanner that offers a deployment model using the SaaS management console and appliances located both in on-premises datacenters and the cloud. Which of the following scanner is he using in the given scenario?

Availability

Selah's organization suffers an outage of a point-to-point encrypted virtual private network (VPN) because of a system compromise at the organization's Internet service provider (ISP). Which type of issue is being referred to in the given scenario?

Static code analyzer

The Open Web Application Security Project (OWASP) maintains an application called Orizon. This application reviews Java classes and identifies potential security flaws. What type of tool describes the referred application?

Honeypot

The security team of an organization has trapped attackers in an isolated environment where they are being monitored. The team has also tricked these attackers into believing that they are causing damage to the organization's systems. Which of the following practices is used by the security team in the given scenario?

Antiforensic activities

Tim works in the forensic department of an organization. During a forensic investigation, Tim discovers a program called Eraser installed on an employee's system. What should Tim expect to find as part of his investigation in the given scenario?

STIX

Which of the following is a standardized Extensible Markup Language (XML) programming language for conveying data about cybersecurity threats in a common language that can be easily understood by humans and security technologies?

Brute-force attack

Which of the following is an automated password cracking technique that uses a random combination of upper and lower-case letters, 0-9 numbers, and special characters?

File carving

Which of the following is the process of extracting data from a computer when that data has no associated file system metadata?

Crime scene tape

Which of the following items is not typically found in corporate forensic kits?

Both the relying party and the SAML identity provider

Which of the following parties directly communicates with end users during a Security Assertion Markup Language (SAML) transaction?

Operational

Which of the following security architectural views would provide details about the flow of information in a complex system?

Installation

Which of the following stages of the Lockheed Martin's Cyber Kill Chain process focuses on persistent backdoor access for attackers?

Honeypot

Which type of system allows attackers to believe they have succeeded with their attack, thus providing defenders with information about their attack methods and tools?

Insider threat

Roma works as a penetration tester in an organization. She is performing a penetration test for a customer and identifies a client machine that is downloading the contents of the customer database, which stores the customer's intellectual property. After that, she also identifies an employee who is exporting the downloaded data to a USB drive. Which type of threat actor is being referred to in the given scenario?

Technical

Rose, a security administrator, implements screen savers that lock the PC after five minutes of inactivity to prevent unauthorized access to the PC. Which of the following controls is being used to achieve the given implementation?

Policies

Which of the following documents are the highest-level component of an organization's cybersecurity program?

Tokenization

Which of the following obfuscation methods replaces sensitive values with a unique identifier using a lookup table?

-v

Which of the following grep flags only shows lines that do not contain any regular expression?

Access control list

Which of the following identifies potentially malicious external domains?

Compensating

Which control satisfies a requirement that isn't able to be met by an existing security measure either because it is too difficult to implement or does not fully meet security needs?

FTK

Joe, an investigator, wants to scan a hard drive to view the deleted communication. Which of the following tools should Joe use to accomplish the given task?

SLA

A company has purchased a new system but security personnel is spending a lot of time on the system's maintenance. A new third party vendor has been appointed for maintaining the company's system. Which of the following documents should be created before assigning this maintenance job to the new vendor?

Segmentation

As part of her post-incident recovery process, Alicia created a separate virtual network, as shown in the figure, to contain compromised systems she needs to investigate. Which containment technique is Alicia using in the given scenario?

Control objectives

Which element of the Control Objectives for Information and Related Technology (COBIT) framework contains the high-level requirements that an organization should implement to manage its information technology functions?

Sarbanes-Oxley

Which law requires publicly traded companies to have proper internal control structures in place to validate that their financial statements accurately reflect their financial results?

Security log

Which of the following contains records of the login/logout activity or other security-related events specified by the system's audit policy?

Honeypot's data

Charles is building an incident response playcourse for his organization that will address command and control (C&C) client-server traffic detection and response. Which of the following information sources is least likely to be part of his playcourse?

Deterrent

Which of the following control types are designed to discourage an attacker?

Red team

Which of the following describes offensive participants in a tabletop exercise?

PCI DSS

Wendy is a security administrator for a membership association that is planning to launch an online store. As part of this launch, she is responsible for ensuring that the website and associated systems are compliant with all relevant standards. Which regulatory standard will Wendy use to specifically cover credit card information?

ruf=

Which Domain-Based Message Authentication, Reporting, and Conformance (DMARC) tag includes a series of uniform resource identifiers (URIs) that lists where to send forensic feedback reports?

Top Secret

You have been hired as a security consultant for an organization that does contract work for the U.S. Department of Defense (DoD). You must ensure that all data that is part of the contract work is categorized appropriately. What is the highest degree of data protection category you can use in the given scenario?

Web application firewall

You work as a network administrator for a company. Your company asks you to analyze the traffic of layer 7 of the OSI model between a web client and a web server. Which of the following will you use to accomplish the given task?

ATT&CK

You work as a security analyst in an organization. You need to select a threat framework for your organization and mainly want threat actor tactics to be in a normalized way. Which threat model would be your best choice for selection in the given scenario?