Sec + Day 3
A company's Chief Information Security Officer (CISO) recently warned the security manager that the company's Chief Executive Officer (CEO) is planning to publish a controversial option article in a national newspaper, which may result in new cyberattacks. Which of the following would be BEST for the security manager to use in a threat mode? A. Hacktivists B. White-hat hackers C. Script kiddies D. Insider threats
A
A company's bank has reported that multiple corporate credit cards have been stolen over the past several weeks. The bank has provided the names of the affected cardholders to the company's forensics team to assist in the cyber-incident investigation. An incident responder learns the following information: ✑ The timeline of stolen card numbers corresponds closely with affected users making Internet-based purchases from diverse websites via enterprise desktop PCs. ✑ All purchase connections were encrypted, and the company uses an SSL inspection proxy for the inspection of encrypted traffic of the hardwired network. ✑ Purchases made with corporate cards over the corporate guest WiFi network, where no SSL inspection occurs, were unaffected. Which of the following is the MOST likely root cause? A. HTTPS sessions are being downgraded to insecure cipher suites B. The SSL inspection proxy is feeding events to a compromised SIEM C. The payment providers are insecurely processing credit card charges D. The adversary has not yet established a presence on the guest WiFi network
A
A forensics examiner is attempting to dump password cached in the physical memory of a live system but keeps receiving an error message. Which of the following BEST describes the cause of the error? A. The examiner does not have administrative privileges to the system B. The system must be taken offline before a snapshot can be created C. Checksum mismatches are invalidating the disk image D. The swap file needs to be unlocked before it can be accessed
A
A large enterprise has moved all its data to the cloud behind strong authentication and encryption A sales director recently had a laptop stolen and later, enterprise data was found to have been a compromised database. Which of the following was the MOST likely cause? A. Shadow IT B. Credential stuffing C. SQL injection D. Man-in-the-browser E. Bluejacking
A
A remote user recently took a two-week vacation abroad and brought along a corporate-owned laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN. Which of the following is the MOST likely reason for the user's inability to connect the laptop to the VPN? A. Due to foreign travel, the user's laptop was isolated from the network. B. The user's laptop was quarantined because it missed the latest path update. C. The VPN client was blacklisted. D. The user's account was put on a legal hold.
A
A security administrator suspects an employee has been emailing proprietary information to a competitor. Company policy requires the administrator to capture an exact copy of the employee's hard disk. Which of the following should the administrator use? A. dd B. chmod C. dnsenum D. logger
A
A security analyst is performing a forensic investigation compromised account credentials. Using the Event Viewer, the analyst able to detect the following message, ''Special privileges assigned to new login.'' Several of these messages did not have a valid logon associated with the user before these privileges were assigned. Which of the following attacks is MOST likely being detected? A. Pass-the-hash B. Buffer overflow C. Cross-site scripting D. Session replay
A
A security analyst reviews the datacenter access logs for a fingerprint scanner and notices an abundance of errors that correlate with users' reports of issues accessing the facility. Which of the following MOST likely the cause of the cause of the access issues? A. False rejection B. Cross-over error rate C. Efficacy rale D. Attestation
A
A software developer needs to perform code-execution testing, black-box testing, and non-functional testing on a new product before its general release. Which of the following BEST describes the tasks the developer is conducting? A. Verification B. Validation C. Normalization D. Staging
A
An attacker is exploiting a vulnerability that does not have a patch available. Which of the following is the attacker exploiting? A. Zero-day B. Default permissions C. Weak encryption D. Unsecure root accounts
A
An incident response technician collected a mobile device during an investigation. Which of the following should the technician do to maintain chain of custody? A. Document the collection and require a sign-off when possession changes. B. Lock the device in a safe or other secure location to prevent theft or alteration. C. Place the device in a Faraday cage to prevent corruption of the data. D. Record the collection in a blockchain-protected public ledger.
A
Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario? A. Watering-hole attack B. Credential harvesting C. Hybrid warfare D. Pharming
A
Some laptops recently went missing from a locked storage area that is protected by keyless RFID-enabled locks. There is no obvious damage to the physical space. The security manager identifies who unlocked the door, however, human resources confirms the employee was on vacation at the time of the incident. Which of the following describes what MOST likely occurred? A. The employee's physical access card was cloned. B. The employee is colluding with human resources C. The employee's biometrics were harvested D. A criminal used lock picking tools to open the door.
A
Which of the following descibes applications and systems that are used within an organization without consent or approval? A. Shadow IT B. OSINT C. Dark web D. Insider threats
A
Which of the following refers to applications and systems that are used within an organization without consent or approval? A. Shadow IT B. OSINT C. Dark web D. Insider threats
A
Which of the following types of controls is a CCTV camera that is not being monitored? A. Detective B. Deterrent C. Physical D. Preventive
A
Which of the following would be the BEST method for creating a detailed diagram of wireless access points and hot-spots? A. Footprinting B. White-box testing C. A drone/UAV D. Pivoting
A
Which of the following would be the BEST resource lor a software developer who is looking to improve secure coding practices for web applications? A. OWASP Open Web Application Security Project B. Vulnerability scan results C. NIST CSF D. Third-party libraries
A
A user enters a password to log in to a workstation and is then prompted to enter an authentication code. Which of the following MFA factors or attributes are being utilized in the authentication process? (Select TWO). A. Something you know B. Something you have C. Somewhere you are D. Someone you are E. Something you are F. Something you can do
A, B
A security analyst is performing a packet capture on a series of SOAP HTTP requests for a security assessment. The analyst redirects the output to a file After the capture is complete, the analyst needs to review the first transactions quickly and then search the entire series of requests for a particular string. Which of the following would be BEST to use to accomplish the task? (Select TWO). A. head B. Tcpdump C. grep D. rail E. curl F. openssi G. dd
A, C
A university with remote campuses, which all use different service providers, loses Internet connectivity across all locations. After a few minutes, Internet and VoIP services are restored, only to go offline again at random intervals, typically within four minutes of services being restored. Outages continue throughout the day, impacting all inbound and outbound connections and services. Services that are limited to the local LAN or WiFi network are not impacted, but all WAN and VoIP services are affected. Later that day, the edge-router manufacturer releases a CVE outlining the ability of an attacker to exploit the SIP protocol handling on devices, leading to resource exhaustion and system reloads. Which of the following BEST describe this type of attack? (Choose two.) A. DoS B. SSL stripping C. Memory leak D. Race condition E. Shimming F. Refactoring
A, D
A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies? A. PCI DSS B. GDPR C. NIST D. ISO 31000
B
A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers. Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to: A. perform attribution to specific APTs and nation-state actors. B. anonymize any PII that is observed within the IoC data. C. add metadata to track the utilization of threat intelligence reports. D. assist companies with impact assessments based on the observed data.
B
A development team employs a practice of bringing all the code changes from multiple team members into the same development project through automation. A tool is utilized to validate the code and track source code through version control. Which of the following BEST describes this process? A. Continuous delivery B. Continuous integration C. Continuous validation D. Continuous monitoring
B
A forensics investigator is examining a number of unauthorized payments the were reported on the company's website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be: Which of the following will the forensics investigator MOST likely determine has occurred? A. SQL injection B. CSRF (cross site request forgery) C. XSS D. XSRF
B
A network engineer needs to create a plan for upgrading the wireless infrastructure in a large office Priority must be given to areas that are currently experiencing latency and connection issues. Which of the following would be the BEST resource for determining the order of priority? A. Nmapn B. Heat maps C. Network diagrams D. Wireshark
B
A security analyst has received an alert about being sent via email. The analyst's Chief information Security Officer (CISO) has made it clear that PII must be handle with extreme care. From which of the following did the alert MOST likely originate? A. S/MIME B. DLP C. IMAP D. HIDS
B
A security analyst needs to generate a server certificate to be used for 802.1X and secure RDP connections. The analyst is unsure what is required to perform the task and solicits help from a senior colleague. Which of the following is the FIRST step the senior colleague will most likely tell the analyst to perform to accomplish this task? A. Create an OCSP B. Generate a CSR C. Create a CRL D. Generate a .pfx file
B
A security analyst sees the following log output while reviewing web logs: Which of the following mitigation strategies would be BEST to prevent this attack from being successful? A. Secure cookies B. Input validation C. Code signing D. Stored procedures
B
A user contacts the help desk to report the following: - Two days ago, a pop-up browser window prompted the user for a name and password after connecting to the corporate wireless SSID. This had never happened before, but the user entered the information as requested. - The user was able to access the Internet but had trouble accessing the department share until the next day. - The user is now getting notifications from the bank about unauthorized transactions. Which of the following attack vectors was MOST likely used in this scenario? A. Rogue access point B. Evil twin C. DNS poisoning D. ARP poisoning
B
A user reports constant lag and performance issues with the wireless network when working at a local coffee shop. A security analyst walks the user through an installation of Wireshark and get a five-minute pcap to analyze. The analyst observes the following output:*****SHOWS SEVERAL DEAUTHENICATION**** Which of the following attacks does the analyst MOST likely see in this packet capture? A. Session replay B. Evil twin C. Bluejacking D. ARP poisoning
B
An organization has decided to host its web application and database in the cloud. Which of the following BEST describes the security concerns for this decision? A. Access to the organization's servers could be exposed to other cloud-provider clients B. The cloud vendor is a new attack vector within the supply chain C. Outsourcing the code development adds risk to the cloud provider D. Vendor support will cease when the hosting platforms reach EOL.
B
Given the following logs: *****SHOWS A BUNCH OF ATTEMPTS USING PLAIN TEXT WORDS***** Which of the following BEST describes the type of attack that is occurring? A. Rainbow table B. Dictionary C. Password spraying D. Pass-the-hash
B
The process of passively gathering information poor to launching a cyberattack is called: A. tailgating B. reconnaissance C. pharming D. prepending
B
Users at organization have been installing programs from the internet on their workstations without first proper authorization. The organization maintains a portal from which users can install standardized programs. However, some users have administrative access on their workstations to enable legacy programs to function property. Which of the following should the security administrator consider implementing to address this issue? A. Application code signing B. Application whitelIsting C. Data loss prevention D. Web application firewalls
B
Which of the following scenarios BEST describes a risk reduction technique? A. A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches. B. A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation. C. A security control objective cannot be met through a technical change, so the company changes as method of operation D. A security control objective cannot be met through a technical change, so the Chief Information Officer (CIO) decides to sign off on the risk.
B
Which of the following is MOST likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented? A. An RTO report B. A risk register C. A business impact analysis D. An asset value register E. A disaster recovery plan
B https://www.projectmanager.com/blog/guide-using-risk-register
An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them' (Select THREE) A. SFTP FTPS B. SNMPv2 SNMPv3 C. HTTP, HTTPS D. TFTP FTP E. SNMPv1,SNMPv2 F. Telnet SSH G. TLS, SSL H. POP, IMAP I. Login, rlogin
B, C, F
An organization is developing an authentication service for use at the entry and exit ports of country borders. The service will use data feeds obtained from passport systems, passenger manifests, and high-definition video feeds from CCTV systems that are located at the ports. The service will incorporate machine-learning techniques to eliminate biometric enrollment processes while still allowing authorities to identify passengers with increasing accuracy over time. The more frequently passengers travel, the more accurately the service will identify them. Which of the following biometrics will MOST likely be used, without the need for enrollment? (Choose two.) A. Voice B. Gait C. Vein D. Facial E. Retina F. Fingerprint
B, D
A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks. Which of the following methods would BEST prevent data? (Select TWO) A. VPN B. Drive encryption C. Network firewall D. File-level encryption E. USB blocker F. MFA
B, E
A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks. Which of the following methods would BEST prevent the exfiltration of data? (Select TWO). A. VPN B. Drive encryption C. Network firewall D. File level encryption E. USB blocker F. MFA
B, E
A RAT that was used to compromise an organization's banking credentials was found on a user's computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set. Which of the following recommendations would BEST prevent this from reoccurring? A. Create a new acceptable use policy. B. Segment the network into trusted and untrusted zones. C. Enforce application whitelisting. D. Implement DLP at the network boundary.
C
A cloud administrator is configuring five compute instances under the same subnet in a VPC Three instances are required to communicate with one another, and the other two must he logically isolated from all other instances in the VPC. Which of the following must the administrator configure to meet this requirement? A. One security group B. Two security groups C. Three security groups D. Five security groups
C
A company provides mobile devices to its users to permit access to email and enterprise applications. The company recently started allowing users to select from several different vendors and device models. When configuring the MDM, which of the following is a key security implication of this heterogeneous device approach? A. The most common set of MDM configurations will become the effective set of enterprise mobile security controls. B. All devices will need to support SCEP-based enrollment; therefore, the heterogeneity of the chosen architecture may unnecessarily expose private keys to adversaries. C. Certain devices are inherently less secure than others, so compensatory controls will be needed to address the delta between device vendors. D. MDMs typically will not support heterogeneous deployment environments, so multiple MDMs will need to be installed and configured.
C
A network administrator has been asked to install an IDS to improve the security posture of an organization. Which of the following control types is an IDS? A. Corrective B. Physical C. Detective D. Administrative
C
A network administrator is setting up wireless access points in all the conference rooms and wants to authenticate device using PKI. Which of the following should the administrator configure? A. A captive portal B. PSK C. 802.1X D. WPS
C
A network engineer notices the VPN concentrator overloaded and crashes on days when there are a lot of remote workers. Senior management has placed greater importance on the availability of VPN resources for the remote workers than the security of the end users' traffic. Which of the following would be BEST to solve this issue? A. iPSec B. Always On C. Split tunneling D. L2TP
C
A root cause analysis reveals that a web application outage was caused by one of the company's developers uploading a newer version of the third-party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent the issue from reoccurring? A. CASB B. SWG C. Containerization D. Automated failover
C
A security analyst is preparing a threat for an upcoming internal penetration test. The analyst needs to identify a method for determining the tactics, techniques, and procedures of a threat against the organization's network. Which of the following will the analyst MOST likely use to accomplish the objective? A. A table exercise B. NST CSF C. MITRE ATTACK D. OWASP
C
A security analyst is reviewing logs on a server and observes the following output:****Using multiple words to attempt log in*** Which of the following is the security analyst observing? A. A rainbow table attack B. A password-spraying attack C. A dictionary attack D. A keylogger attack
C
A security analyst is reviewing the following attack log output: Which of the following types of attacks does this MOST likely represent? *****Log shows multiple attempts on multiple users using common password combinations***** A. Rainbow table B. Brute-force C. Password-spraying D. Dictionary
C
A security analyst is using a recently released security advisory to review historical logs, looking for the specific activity that was outlined in the advisory. Which of the following is the analyst doing? A. A packet capture B. A user behavior analysis C. Threat hunting D. Credentialed vulnerability scanning
C
A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place? A. Recovery B. Identification C. Lessons learned D. Preparation
C
An attacker was easily able to log in to a company's security camera by performing a base online search for a setup guide for that particular camera brand and model. Which of the following BEST describes the configurations the attacker exploited? A. Weak encryption B. Unsecure protocols C. Default settings D. Open permissions
C
An attacker was easily able to log in to a company's security camera by performing a basic online search for a setup guide for that particular camera brand and model. Which of the following BEST describes the configurations the attacker exploited? A. Weak encryption B. Unsecure protocols C. Default settings D. Open permissions
C
An employee has been charged with fraud and is suspected of using corporate assets. As authorities collect evidence, and to preserve the admissibility of the evidence, which of the following forensic techniques should be used? A. Order of volatility B. Data recovery C. Chain of custody D. Non-repudiation
C
An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has only been given the documentation available to the customers of the applications. Which of the following BEST represents the type of testing that will occur? A. Bug bounty B. Black-box C. Gray-box D. White-box
C
An organization blocks user access to command-line interpreters but hackers still managed to invoke the interpreters using native administrative tools. Which of the following should the security team do to prevent this from Happening in the future? A. Implement HIPS to block Inbound and outbound SMB ports 139 and 445. B. Trigger a SIEM alert whenever the native OS tools are executed by the user C. Disable the built-in OS utilities as long as they are not needed for functionality. D. Configure the AV to quarantine the native OS tools whenever they are executed
C
An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operation in a: A. business continuity plan B. communications plan. C. disaster recovery plan. D. continuity of operations plan
C
An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operation in a: A. business continuity plan B. communications plan. C. disaster recovery plan. D. continuity of operations plan
C
The website http://companywebsite.com requires users to provide personal Information, Including security question responses, for registration. Which of the following would MOST likely cause a data breach? A. Lack of input validation B. Open permissions C. Unsecure protocol D. Missing patches
C
To secure an application after a large data breach, an e-commerce site will be resetting all users' credentials. Which of the following will BEST ensure the site's users are not compromised after the reset? A. A password reuse policy B. Account lockout after three failed attempts C. Encrypted credentials in transit D. A geofencing policy based on login history
C
Under GDPR, which of the following is MOST responsible for the protection of privacy and website user rights? A. The data protection officer B. The data processor C. The data owner D. The data controller
C
Which of the following is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization? A. To provide data to quantity risk based on the organization's systems. B. To keep all software and hardware fully patched for known vulnerabilities C. To only allow approved, organization-owned devices onto the business network D. To standardize by selecting one laptop model for all users in the organization
C
Which of the following is the purpose of a risk register? A. To define the level or risk using probability and likelihood B. To register the risk with the required regulatory agencies C. To identify the risk, the risk owner, and the risk measures D. To formally log the type of risk mitigation strategy the organization is using
C
A company has drafted an insider-threat policy that prohibits the use of external storage devices. Which of the following would BEST protect the company from data exfiltration via removable media? A. Monitoring large data transfer transactions in the firewall logs B. Developing mandatory training to educate employees about the removable media policy C. Implementing a group policy to block user access to system files D. Blocking removable-media devices and write capabilities using a host-based security tool
D
A company is setting up a web server on the Internet that will utilize both encrypted and unencrypted web-browsing protocols. A security engineer runs a port scan against the server from the Internet and sees the following output:****SHOWS PORTS AND 22 IS OPEN**** Which of the following steps would be best for the security engineer to take NEXT? A. Allow DNS access from the internet. B. Block SMTP access from the Internet C. Block HTTPS access from the Internet D. Block SSH access from the Internet.
D
A company was recently breached .Part of the company's new cybersecurity strategy is to centralize the logs from all security devices. Which of the following components forwards the logs to a central source? A. Log enrichment B. Log aggregation C. Log parser D. Log collector
D
A cybersecurity administrator has a reduced team and needs to operate an on-premises network and security infrastructure efficiently. To help with the situation, the administrator decides to hire a service provider. Which of the following should the administrator use? A. SDP B. AAA C. IaaS D. MSSP E. Microservices
D
A cybersecurity administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive All connections are being dropped by the firewall. Which of the following would be the BEST option to remove the rules? A. # iptables -t mangle -X B. # iptables -F C. # iptables -Z D. # iptables -P INPUT -j DROP
D
A cybersecurity administrator needs to add disk redundancy for a critical server. The solution must have a two- drive failure for better fault tolerance. Which of the following RAID levels should the administrator select? A. 0 B. 1 C. 5 D. 6
D
A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be BEST to help the organization's executives determine the next course of action? A. An incident response plan B. A communications plan C. A disaster recovery plan D. A business continuity plan
D
A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output:****SHOWS CPU USAGE BEING VERY HIGH****** Which of the following is the router experiencing? A. DDoS attack B. Memory leak C. Buffer overflow D. Resource exhaustion
D
A network administrator has been asked to design a solution to improve a company's security posture. The administrator is given the following, requirements? • The solution must be inline in the network • The solution must be able to block known malicious traffic • The solution must be able to stop network-based attacks Which of the following should the network administrator implement to BEST meet these requirements? A. HIDS B. NIDS C. HIPS D. NIPS
D
A security analyst has been asked to investigate a situation after the SOC started to receive alerts from the SIEM. The analyst first looks at the domain controller and finds the following events:***first shows a log of failed authentication** To better understand what is going on, the analyst runs a command and receives the following output:****shows how many failed for each user. Each user has higher than normal failures**** Based on the analyst's findings, which of the following attacks is being executed? A. Credential harvesting B. Keylogger C. Brute-force D. Spraying
D
A security analyst is reviewing a new website that will soon be made publicly available. The analyst sees the following in the URL: http://dev-site.comptia.org/home/show.php? sessionID=77276554&loc=us The analyst then sends an internal user a link to the new website for testing purposes, and when the user clicks the link, the analyst is able to browse the website with the following URL: http://dev-site.comptia.org/home/show.php?sessionID=98988475&loc=us Which of the following application attacks is being tested? A. Pass-the-hash B. Session replay C. Object deference D. Cross-site request forgery
D
A security engineer is reviewing log files after a third party discovered usernames and passwords for the organization's accounts. The engineer sees there was a change in the IP address for a vendor website one hour earlier. This change lasted eight hours. Which of the following attacks was MOST likely used? A. Man-in- the middle B. Spear-phishing C. Evil twin D. DNS poising (pharming attack)
D
A security engineer needs to enhance MFA access to sensitive areas in a building. A key card and fingerprint scan are already in use. Which of the following would add another factor of authentication? A. Hard token B. Retina scan C. SMS text D. Keypad PIN
D
A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal? A. Salting the magnetic strip information B. Encrypting the credit card information in transit. C. Hashing the credit card numbers upon entry. D. Tokenizing the credit cards in the database
D
An analyst needs to set up a method for securely transferring files between systems. One of the requirements is to authenticate the IP header and the payload. Which of the following services would BEST meet the criteria? A. TLS B. PFS C. ESP D. AH
D
An engineer wants to access sensitive data from a corporate-owned mobile device. Personal data is not allowed on the device. Which of the following MDM configurations must be considered when the engineer travels for business? A. Screen locks B. Application management C. Geofencing D. Containerization
D
An organization just experienced a major cyberattack . The attack was well coordinated sophisticated and highly skilled. Which of the following targeted the organization? A. Shadow IT B. An insider threat C. A hacktivist D. An advanced persistent threat
D
An organization's RPO for a critical system is two hours. The system is used Monday through Friday, from 9:00 am to 5:00 pm. Currently, the organization performs a full backup every Saturday that takes four hours to complete. Which of the following additional backup implementations would be the BEST way for the analyst to meet the business requirements? A. Incremental backups Monday through Friday at 6:00 p.m and differential backups hourly B. Full backups Monday through Friday at 6:00 p.m and incremental backups hourly. C. incremental backups Monday through Friday at 6:00 p.m and full backups hourly. D. Full backups Monday through Friday at 6:00 p.m and differential backups hourly.
D
In which of the following situations would it be BEST to use a detective control type for mitigation? A. A company implemented a network load balancer to ensure 99.999% availability of its web application. B. A company designed a backup solution to increase the chances of restoring services in case of a natural disaster. C. A company purchased an application-level firewall to isolate traffic between the accounting department and the information technology department. D. A company purchased an IPS system, but after reviewing the requirements, the appliance was supposed to monitor, not block, any traffic. E. A company purchased liability insurance for flood protection on all capital assets.
D
The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve in the environment patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO's concerns? A. SSO would simplify username and password management, making it easier for hackers to pass guess accounts. B. SSO would reduce password fatigue, but staff would still need to remember more complex passwords. C. SSO would reduce the password complexity for frontline staff. D. SSO would reduce the resilience and availability of system if the provider goes offline.
D
When selecting a technical solution for identity management, an architect chooses to go from an in-house to a third-party SaaS provider. Which of the following risk management strategies is this an example of? A. Acceptance B. Mitigation C. Avoidance D. Transference
D
Which of the following would BEST identify and remediate a data-loss event in an enterprise using third-party, web-based services and file-sharing platforms? A. SIEM B. CASB C. UTM D. DLP
D
Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company's final software releases? (Select TWO.) A. Unsecure protocols B. Use of penetration-testing utilities C. Weak passwords D. Included third-party libraries E. Vendors/supply chain F. Outdated anti-malware software
D, E
A security architect at a large multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multi-cloud provider environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control and management regardless of the data location Which of the following would BEST meet the architect's objectives? A. Trusted Platform Module B. laaS C. HSMaaS D. PaaS E. Key Management Service
E
In the middle of a cybersecurity, a security engineer removes the infected devices from the network and lock down all compromised accounts. In which of the following incident response phases is the security engineer currently operating? A. Identification B. Preparation C. Eradiction D. Recovery E. Containment
E