SEC 601 Questions Sep 21 231-238
QUESTION 233 Which of the following environments minimizes end-user disruption and is MOST likely to be used to assess the impacts of any database migrations or major system changes by using the final version of the code? A. Staging B. Test C. Production D. Development
Answer: A
QUESTION 235 An information security incident recently occurred at an organization, and the organization was required to report the incident to authorities and notify the affected parties. When the organization's customers became of aware of the incident, some reduced their orders or stopped placing orders entirely. Which of the following is the organization experiencing? A. Reputation damage B. Identity theft C. Anonymization D. Interrupted supply chain
Answer: A
QUESTION 236 An attacker is attempting to exploit users by creating a fake website with a similar URL to what users are familiar with. Which of the following social-engineering attacks does this describe? A. Information elicitation B. Typo squatting C. Impersonation D. Watering-hole attack
Answer: B
QUESTION 237 Users at organization have been installing programs from the internet on their workstations without first proper authorization. The organization maintains a portal from which users can install standardized programs. However, some users have administrative access on their workstations to enable legacy programs to function property. Which of the following should the security administrator consider implementing to address this issue? A. Application code signing B. Application whitelisting C. Data loss prevention D. Web application firewalls
Answer: B
QUESTION 238 A company has decided to move its operations to the cloud. It wants to utilize technology that will prevent users from downloading company applications for personal use, restrict data that is uploaded, and have visibility into which applications are being used across the company. Which of the following solutions will BEST meet these requirements? A. An NGFW B. A CASB C. Application whitelisting D. An NG-SWG
Answer: B
QUESTION Li B. CSRF C. Session replay D. API
Answer: B
QUESTION 234 A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop. The analyst reviews the following SIEM log: Which of the following describes the method that was used to compromise the laptop? A. An attacker was able to move laterally from PC1 to PC2 using a pass-the-hash attack B. An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an embedded PowerShell in the file C. An attacker was able to install malware to the CAasdf234 folder and use it to gain administrator nights and launch Outlook D. An attacker was able to phish user credentials successfully from an Outlook user profile
Answer: B Explanation This is the best possible guess after eliminating the other 3 answers.
QUESTION 231 A security analyst is logged into a Windows file server and needs to see who is accessing files and from which computers Which of the following tools should the analyst use? A. netstat B. net share C. netcat D. nbtstat E. net session
Answer: E