Sec Plus 601 (2022)
A company recently experienced an attack in which a malicious actor was able to exfiltrate data by cracking stolen passwords, using a rainbow table the sensitive data. Which of the following should a security engineer do to prevent such an attack in the future? A. Disable password reuse. B. Use password hashing. C. Enforce password complexity. D. Implement password salting.
A
A company recently set up an e-commerce portal to sell its product online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard. Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform? A. PCI DSS B. NIST CSF C. ISO 22301 D. ISO 27001
A
A financial institution would like to stare is customer data a could but still allow the data ta he accessed and manipulated while encrypted. Doing se would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concern about computational overheads and slow speeds, Which of the following cryptographic techniques would BEST meet the requirement? A. Symmetric B. Homeomorphic C. Ephemeral D. Asymmatric
A
A global pandemic is forcing a private organization to close some business units and reduce staffing at others.Which of the following would be BEST to help the organization's executives determine the next course of action? A. A business continuity plan B. An incident response plan C. A communications plan D. A disaster recovery plan
A
A network technician is installing a guest wireless network at a coffee shop. When a customer purchases an Item, the password for the wireless network is printed on the recent so the customer can log in. Which of the following will the technician MOST likely configure to provide the highest level of security with the least amount of overhead? A. WPA-EAP B. WPS-PIN C. WEP-TKIP D. WPA-PSK
A
A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers the company is unable to upgrade the encryption standard. Which of the following types of controls should be used to reduce the risk created by this scenario? A. Compensating B. Detective C. Physical D. Preventive
A
A security an alyst needs to implement security features across smartphones. laptops, and tablets Which of the following would be the MOST effective across heterogeneous platforms? A. Applying MDM software B. Removing administrative permissions C. Deploying GPOs D. Enforcing encryption
A
A security analyst has been reading about a newly discovered cyber attack from a known threat actor. Which of the following would BEST support the analyst's review of the tactics, techniques, and protocols the threat actor was observed using in previous campaigns? A. The MITRE ATT&CK framework B. The Diamond Model of Intrusion Analysis C. The Cyber Kill Chain D. Security research publications
A
A security analyst is preparing a threat for an upcoming internal penetration test. The analyst needs to identify a method for determining the tactics, techniques, and procedures of a threat against the organization's network.Which of the following will the analyst MOST likely use to accomplish the objective? A. MTRE ATT$CK B. A table exercise C. OWASP D. NST CSF
A
A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place? A. Lessons learned B. Recovery C. Identification D. Preparation
A
A security analyst reviews the datacenter access logs for a fingerprint scanner and notices an abundance of errors that correlate with users' reports of issues accessing the facility. Which of the following MOST likely the cause of the cause of the access issues? A. Cross-over error rate B. False rejection C. Efficacy rale D. Attestation
A
A security auditor is reviewing vulnerability scan data provided by an internal security team. Which of the following BEST indicates that valid credentials were used? A. The scan enumerated software versions of installed programs B. The scan identified expired SSL certificates C. The scan results show open ports, protocols, and services exposed on the target host D. The scan produced a list of vulnerabilities on the target host
A
A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery? A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis B. Implement application whitelisting and perform user application hardening C. Restrict administrative privileges and patch ail systems and applications. D. Rebuild all workstations and install new antivirus software
A
A user is concerned that a web application will not be able to handle unexpected or random input without crashing. Which of the following BEST describes the type of testing the user should perform? A. Fuzzing B. Code signing C. Dynamic code analysis D. Manual code review
A
After a phishing scam for a user's credentials, the red team was able to craft a payload to deploy on a server. The attack allowed the installation of malicious software that initiates a new remote session. Which of the following types of attacks has occurred? A. Privilege escalation B. Application programming interface C. Directory traversal D. Session replay
A
An end user reports a computer has been acting slower than normal for a few weeks. During an investigation, an analyst determines the system is sending the user's email address and a ten-digit number to an IP address once a day. The only recent log entry regarding the user's computer is the following: Which of the following is the MOST likely cause of the issue? A. The end user purchased and installed a PUP from a web browser B. Ransomware is communicating with a command-and-control server. C. A hacker is attempting to exfiltrate sensitive data D. A bot on the computer is brute forcing passwords against a website
A
An organization is concerned that is hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities? A. nmp comptia, org -p 80 -aV B. Nc -1 -v comptia, org -p 80 C. nslookup -port=80 comtia.org D. Hping3 -s comptia, org -p 80
A
Users at organization have been installing programs from the internet on their workstations without first proper authorization. The organization maintains a portal from which users can install standardized programs.However, some users have administrative access on their workstations to enable legacy programs to function property. Which of the following should the security administrator consider implementing to address this issue? A. Application whitelisting B. Web application firewalls C. Application code signing D. Data loss prevention
A
Which of the following is a reason why an organization would define an AUP? A. To define the set of rules and behaviors for users of the organization's IT systems B. To define the lowest level of privileges needed for access and use of the organization's resources C. To define the intended partnership between two organizations D. To define the availability and reliability characteristics between an IT provider and consumer
A
Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud-based services? A. Data encryption B. Tokenization C. Data masking D. Anonymization
A
Which of the following control sets should a well-written BCP include? (Select THREE) A. Corrective B. Preventive C. Physical D. Compensating E. Recovery F. Detective G. Deterrent
A, B, E
Which of the following cryptographic concepts would a security engineer utilize while implementing non-repudiation? (Select TWO) A. Private key B. Symmetric keys C. Hashing D. Salting E. Block cipher F. Perfect forward secrecy
A, C
A systems analyst is responsible for generating a new digital forensics chain-of-custody form Which of the following should the analyst Include in this documentation? (Select TWO). A. The order of volatility B. A checksum C. A warning banner D. The location of the artifacts E. The vendor's name F. The date and time
A, F
A Chief Executive Officer's (CEO) personal information was stolen in a social engineering attack. Which of the following sources would reveal if the CEO's personal information is for sale? A. Vulnerability databases B. The dark web C. Open-source intelligence D. Automated information sharing
B
A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operation in the event of a prolonged DDoS attack on its local datacenter that consumes database resources.Which of the following will the CISO MOST likely recommend to mitigate this risk? A. Switch to a complete SaaS offering to customers B. Implement a hot-site failover location C. Upgrade the bandwidth available into the datacenter D. Implement a challenge response test on all end-user queries
B
A RAT that was used to compromise an organization's banking credentials was found on a user's computer.The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set. Which of the following recommendations would BEST prevent this from reoccurring? A. Create a new acceptable use policy. B. Enforce application whitelisting. C. Implement DLP at the network boundary. D. Segment the network into trusted and untrusted zones.
B
A company wants to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy to implement? A. Full backups followed by differential backups B. Full backups followed by incremental backups C. Delta backups followed by differential backups D. Incremental backups followed by delta backups E. Incremental backups followed by differential backups
B
A cybersecurity administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive All connections are being dropped by the firewall. Which of the following would be the BEST option to remove the rules? A. # iptables -F B. # iptables -P INPUT -j DROP C. # iptables -Z D. # iptables -t mangle -X
B
A host was infected with malware. During the incident response, Joe, a user, reported that he did not receive any emails with links, but he had been browsing the Internet all day. Which of the following would MOST likely show where the malware originated? A. The web server logs B. The DNS logs C. The SIP traffic logs D. The SNMP logs
B
A security analyst discovers several .jpg photos from a cellular phone during a forensics investigation involving a compromised system. The analyst runs a forensics tool to gather file metadata. Which of the following would be part of the images if all the metadata is still intact? A. The total number of print jobs B. The GPS location C. When the file was deleted D. The number of copies made
B
A security analyst discovers that a company username and password database was posted on an internet forum. The username and passwords are stored in plan text. Which of the following would mitigate the damage done by this type of data exfiltration in the future? A. Increase password complexity requirements B. Implement salting and hashing C. Configure the web content filter to block access to the forum. D. Create DLP controls that prevent documents from leaving the network
B
A security analyst is configuring a large number of new company-issued laptops. The analyst received the following requirements:* The devices will be used internationally by staff who travel extensively.* Occasional personal use is acceptable due to the travel requirements.* Users must be able to install and configure sanctioned programs and productivity suites.* The devices must be encrypted* The devices must be capable of operating in low-bandwidth environments.Which of the following would provide the GREATEST benefit to the security posture of the devices? A. Implementing application whitelisting B. Configuring an always-on VPN C. Requiring web traffic to pass through the on-premises content filter D. Setting the antivirus DAT update schedule to weekly
B
A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software. Which of the following types of malware is MOST likely infecting the hosts? A. A RAT B. Polymophic C. Ransomware D. A worm
B
A security analyst is reviewing information regarding recent vulnerabilities. Which of the following will the analyst MOST likely consult to validate which platforms have been affected? A. OSINT B. CVE C. CVSS D. SIEM
B
A security analyst is using a recently released security advisory to review historical logs, looking for the specific activity that was outlined in the advisory. Which of the following is the analyst doing? A. A packet capture B. Threat hunting C. A user behavior analysis D. Credentialed vulnerability scanning
B
A security analyst needs to make a recommendation for restricting access to certain segments of the network using only data-link layer security. Which of the following controls will the analyst MOST likely recommend? A. ARP B. MAC C. BPDU D. ACL
B
A security analyst notices several attacks are being blocked by the NIPS but does not see anything on the boundary firewall logs. The attack seems to have been thwarted Which of the following resiliency techniques was applied to the network to prevent this attack? A. NIC Teaming B. Defense in depth C. Port mirroring D. High availability E. Geographic dispersal
B
A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet. Which of the following should the analyst implement to authenticate the entire packet? A. LDAP B. ESP C. AH D. SRTP
B
An organization routes all of its traffic through a VPN Most users are remote and connect into a corporate datacenter that houses confidential information There is a firewall at the Internet border followed by a DIP appliance, the VPN server and the datacenter itself. Which of the following is the WEAKEST design element? A. The DLP appliance should be integrated into a NGFW. B. Encrypted VPN traffic will not be inspected when entering or leaving the network C. Adding two hops in the VPN tunnel may slow down remote connections D. Split-tunnel connections can negatively impact the DLP appliance's performance
B
Given the following logs: Which of the following BEST describes the type of attack that is occurring? A. Pass-the-hash B. Password spraying C. Dictionary D. Rainbow table
B
The facilities supervisor for a government agency is concerned about unauthorized access to environmental systems in the event the staff WiFi network is breached. Which of the blowing would BEST address this security concern? A. Implement Zigbee on the staff WiFi access points. B. Segment the staff WiFi network from the environmental systems network. C. Place the environmental systems in the same DHCP scope as the staff WiFi. D. install a smart meter on the staff WiFi.
B
To secure an application after a large data breach, an e-commerce site will be resetting all users' credentials.Which of the following will BEST ensure the site's users are not compromised after the reset? A. Account lockout after three failed attempts B. Encrypted credentials in transit C. A geofencing policy based on login history D. A password reuse policy
B
Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the read data? A. Data minimization B. Data masking C. Data encryption D. Data deduplication
B
Which of the following environments minimizes end-user disruption and is MOST likely to be used to assess the impacts of any database migrations or major system changes by using the final version of the code? A. Production B. Test C. Development D. Staging
B
Which of the following is MOST likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented? A. A business impact analysis B. A risk register C. An asset value register D. An RTO report E. A disaster recovery plan
B
Which of the following is a risk that is specifically associated with hosting applications in the public cloud? A. Insider threat B. Shared tenancy C. Zero day D. Unsecured root accounts
B
Which of the following is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization? A. To only allow approved, organization-owned devices onto the business network B. To provide data to quantity risk based on the organization's systems. C. To keep all software and hardware fully patched for known vulnerabilities D. To standardize by selecting one laptop model for all users in the organization
B
Which of the following is the MOST secure but LEAST expensive data destruction method for data that is stored on hard drives? A. Degaussing B. Shredding C. Incinerating D. Pulverizing
B
Which of the following should a data owner require all personnel to sign to legally protect intellectual property? A. An AUP B. An MOU C. An NDA D. An ISA
B
Which of the following would MOST likely support the integrity of a voting machine? A. Blockchain B. Perfect forward secrecy C. Asymmetric encryption D. Transport Layer Security
B
Which of the following would be the BEST resource for a software developer who is looking to improve secure coding practices for web applications? A. Vulnerability scan results B. OWASP C. NIST CSF D. Third-party libraries
B
Which of the following will provide the BEST physical security countermeasures to stop intruders? (Select TWO.) A. Sensors B. Mantraps C. Signage D. Fencing E. Lighting F. Alarms
B, D
A nationwide company is experiencing unauthorized logins at all hours of the day. The logins appear to originate from countries in which the company has no employees. Which of the following controls.should the company consider using as part of its IAM strategy? (Select TWO). A. An impossible travel policy B. A complex password policy C. Geofencing D. Time-based logins E. Geolocation F. Self-service password reset
B, E
An organization is developing an authentication service for use at the entry and exit ports of country borders.The service will use data feeds obtained from passport systems, passenger manifests, and high-definition video feeds from CCTV systems that are located at the ports. The service will incorporate machine-learning techniques to eliminate biometric enrollment processes while still allowing authorities to identify passengers with increasing accuracy over time. The more frequently passengers travel, the more accurately the service will identify them. Which of the following biometrics will MOST likely be used, without the need for enrollment? (Choose two.) A. Fingerprint B. Facial C. Retina D. Voice E. Gait F. Vein
B, E
A user enters a password to log in to a workstation and is then prompted to enter an authentication code.Which of the following MFA factors or attributes are being utilized in the authentication process? (Select TWO). A. Somewhere you are B. Something you know C. Something you can do D. Someone you are E. Something you are F. Something you have
B, F
A company is launching a new internet platform for its clients. The company does not want to implement its own authorization solution but instead wants to rely on the authorization provided by another platform. Which of the following is the BEST approach to implement the desired solution? A. SAML B. OAuth C. RADIUS D. TACACS+
C
A company's bank has reported that multiple corporate credit cards have been stolen over the past several weeks. The bank has provided the names of the affected cardholders to the company's forensics team to assist in the cyber-incident investigation.An incident responder learns the following information:* The timeline of stolen card numbers corresponds closely with affected users making Internet-based purchases from diverse websites via enterprise desktop PCs.* All purchase connections were encrypted, and the company uses an SSL inspection proxy for the inspection of encrypted traffic of the hardwired network.* Purchases made with corporate cards over the corporate guest WiFi network, where no SSL inspection occurs, were unaffected.Which of the following is the MOST likely root cause? A. HTTPS sessions are being downgraded to insecure cipher suites B. The SSL inspection proxy is feeding events to a compromised SIEM C. The payment providers are insecurely processing credit card charges D. The adversary has not yet established a presence on the guest WiFi network
C
A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect these designs? A. A demilitarized zone B. A Faraday cage C. An air gap D. A shielded cable
C
A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output: Which of the following is the router experiencing? A. Memory leak B. DDoS attack C. Resource exhaustion D. Buffer overflow
C
A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money:Which of the following types of attack is MOST likely being conducted? A. Session replay B. SQLi C. CSRF D. API
C
A security analyst is running a vulnerability scan to check for missing patches during a suspected security rodent During which of the following phases of the response process is this activity MOST likely occurring? A. Identification B. Containment C. Preparation D. Recovery
C
An attacker was easily able to log in to a company's security camera by performing a baste online search for a setup guide for that particular camera brand and model. Which of the following BEST describes the configurations the attacker exploited? A. Weak encryption B. Unsecure protocols C. Default settings D. Open permissions
C
An incident response technician collected a mobile device during an investigation. Which of the following should the technician do to maintain chain of custody? A. Record the collection in a blockchain-protected public ledger. B. Lock the device in a safe or other secure location to prevent theft or alteration. C. Document the collection and require a sign-off when possession changes. D. Place the device in a Faraday cage to prevent corruption of the data.
C
An organization's help desk is flooded with phone calls from users stating they can no longer access certain websites. The help desk escalates the issue to the security team, as these websites were accessible the previous day. The security analysts run the following command: ipconfig /flushdns, but the issue persists. Finally, an analyst changes the DNS server for an impacted machine, and the issue goes away. Which of the following attacks MOST likely occurred on the original DNS server? A. Distributed denial-of-service B. DNS tunneling C. Domain hijacking D. DNS cache poisoning
C
In which of the following risk management strategies would cybersecurity insurance be used? A. Mitigation B. Avoidance C. Transference D. Acceptance
C
Thewebsite http://companywebsite.com requires users to provide personal information including security responses, for registration. which of the following would MOST likely cause a date breach? A. UNSCECURE PROTOCOL B. OPEN PERMISSIONS C. LACK OF INPUT VALIDATION D. MISSING PATCHES
C
To mitigate the impact of a single VM being compromised by another VM on the same hypervisor, an administrator would like to utilize a technical control to further segregate the traffic. Which of the following solutions would BEST accomplish this objective? A. Move exposed or vulnerable VMs to the DMZ. B. Install a hypervisor firewall to filter east-west traffic. C. Add more VLANs to the hypervisor network switches. D. Implement a zero-trust policy and physically segregate the hypervisor servers.
C
Which of the following distributes data among nodes, making it more difficult to manipulate the data while also minimizing downtime? A. Public cloud B. Fog computing C. Hybrid cloud D. MSSP
C
Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts? A. NIPS B. DLP C. EDR D. HIDS
C
Which of the following will MOST likely cause machine learning and Al-enabled systems to operate with unintended consequences? A. Stored procedures B. Buffer overflows C. Data bias D. Code reuse
C
Which of the following would be BEST to establish between organizations to define the responsibilities of each party outline the key deliverables and include monetary penalties for breaches to manage third-party risk? A. A BPA B. An ARO C. An SLA D. An MOU
C
While checking logs, a security engineer notices a number of end users suddenly downloading files with the.tar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring? A. A logic bomb was executed and is responsible for the data transfers. B. The workstations are beaconing to a command-and-control server. C. A RAT was installed and is transferring additional exploit tools. D. A fireless virus is spreading in the local network environment.
C
A security engineer needs to Implement the following requirements:* All Layer 2 switches should leverage Active Directory tor authentication.* All Layer 2 switches should use local fallback authentication If Active Directory Is offline.* All Layer 2 switches are not the same and are manufactured by several vendors.Which of the following actions should the engineer take to meet these requirements? (Select TWO). A. Configure port security on the switch with the secondary login method. B. Enable the local firewall on the Active Directory server. C. Configure AAA on the switch with local login as secondary. D. Implement a DHCP server. E. Implement RADIUS. F. Implement TACACS+
C, E
Joe. a security analyst, recently performed a network discovery to fully understand his organization's electronic footprint from a "public" perspective. Joe ran a set of commands and received the following output: Which of the following can be determined about the organization's public presence and security posture?(Select TWO). A. Joe used cURL to produce this output. B. Joe used Wireshark to produce this output C. Joe used Who is to produce this output. D. The organization has too little information available in public registration E. The organization has adequate information available in public registration. F. The organization has too much information available in public registration.
C, E
Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable code in a software company's final software releases? (Select TWO.) A. Vendors/supply chain B. Use of penetration-testing utilities C. Unsecure protocols D. Weak passwords E. Included third-party libraries F. Outdated anti-malware software
C, E
A company has decided to move its operations to the cloud. It wants to utilize technology that will prevent users from downloading company applications for personal use, restrict data that is uploaded, and have visibility into which applications are being used across the company. Which of the following solutions will BEST meet these requirements? A. Application whitelisting B. An NG-SWG C. An NGFW D. A CASB
D
A company's Chief Information Office (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company's developers. Which of the following would be MOST suitable for training the developers'? A. Physical security training B. Baste awareness training C. A capture-the-flag competition D. A phishing simulation
D
A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts.Which of the following security practices would have addressed the issue? A. Least privilege B. A non-disclosure agreement C. An acceptable use policy D. Offboarding
D
A security administrator has noticed unusual activity occurring between different global instances and workloads and needs to identify the source of the unusual traffic. Which of the following log sources would be BEST to show the source of the unusual traffic? A. HIDS B. VPC C. UEBA D. CASB
D
A security administrator needs to create a RAIS configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drivers will fail simultaneously. Which of the following RAID configurations should the administration use? A. RA1D 0 B. RAID1 C. RAID 10 D. RAID 5
D
A security analyst needs to perform periodic vulnerability scans on production systems. Which of the following scan Types would produce the BEST vulnerability scan report? A. Intrusive B. Host discovery C. Port D. Credentialed
D
A security analyst sees the following log output while reviewing web logs:Which of the following mitigation strategies would be BEST to prevent this attack from being successful? A. Stored procedures B. Code signing C. Secure cookies D. Input validation
D
A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal? A. Tokenizing the credit cards in the database B. Salting the magnetic strip information C. Encrypting the credit card information in transit. D. Hashing the credit card numbers upon entry.
D
An incident, which is affecting dozens of systems, involves malware that reaches out to an Internet service for rules and updates. The IP addresses for the Internet host appear to be different in each case. The organization would like to determine a common IoC to support response and recovery actions. Which of the following sources of information would BEST support this solution? A. Browser cache B. Antivirus C. Web log files D. DNS query logs
D
An information security incident recently occurred at an organization, and the organization was required to report the incident to authorities and notify the affected parties. When the organization's customers became of aware of the incident, some reduced their orders or stopped placing orders entirely. Which of the following is the organization experiencing? A. Identity theft B. Interrupted supply chain C. Anonymlzation D. Reputation damage
D
An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification? A. It certifies the organization can work with foreign entities that require a security clearance B. It allows for the sharing of digital forensics data across organizations C. It provides insurance in case of a data breach D. It assures customers that the organization meets security standards E. It provides complimentary training and certification resources to IT security staff.
D
In which of the following common use cases would steganography be employed? A. Integrity B. Non-repudiation C. Blockchain D. Obfuscation
D
Phishing and spear-phishing attacks have been occurring more frequently against a company's staff. Which of the following would MOST likely help mitigate this issue? A. DNSSEC and DMARC B. The addition of DNS conditional forwarders C. DNS query logging D. Exact mail exchanger records in the DNS
D
The CSIRT is reviewing the lessons learned from a recent incident. A worm was able to spread unhindered throughout the network and infect a large number of computers and servers. Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future? A. Update all antivirus signatures daily. B. Install a NIDS device at the boundary. C. Implement application blacklisting. D. Segment the network with firewalls.
D
The SOC is reviewing process and procedures after a recent incident. The review indicates it took more than30 minutes to determine that quarantining an infected host was the best course of action. The allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process? A. Implementing manual quarantining of infected hosts B. Dividing the network into trusted and untrusted zones C. Providing additional end-user training on acceptable use D. Updating the playbooks with better decision points
D
The lessons-learned analysis from a recent incident reveals that an administrative office worker received a call from someone claiming to be from technical support. The caller convinced the office worker to visit a website, and then download and install a program masquerading as an antivirus package. The program was actually a backdoor that an attacker could later use to remote control the worker's PC. Which of the following would be BEST to help prevent this type of attack in the future? A. Data loss prevention B. Segmentation C. Quarantine D. Application whitelisting
D
The website http://companywebsite.com requires users to provide personal Information, Including security question responses, for registration. Which of the following would MOST likely cause a data breach? A. Missing patches B. Lack of input validation C. Open permissions D. Unsecure protocol
D
When used at the design stage, which of the following improves the efficiency, accuracy, and speed of a database? A. Obfuscation B. Data masking C. Tokenization D. Normalization
D
Which of the following would BEST identify and remediate a data-loss event in an enterprise using third-party, web-based services and file-sharing platforms? A. DLP B. UTM C. SIEM D. CASB
D
Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a "cloud-first" adoption strategy? A. Risk register B. Risk matrix C. Risk appetite D. Risk tolerance
D
While reviewing the wireless router, the systems administrator of a small business determines someone is spoofing the MAC address of an authorized device. Given the table below: Which of the following should be the administrator's NEXT step to detect if there is a rogue system without impacting availability? A. Deny Internet access to the "UNKNOWN" hostname. B. Physically check each system, C. Conduct a ping sweep. D. Apply MAC filtering,
D
A security analyst is investigating a vulnerability in which a default file permission was set incorrectly. The company uses non-credentialed scanning for vulnerability management.Which of the following tools can the analyst use to verify the permissions? A. ssh B. nc C. setuid D. 1s E. chmod F. nessus
E
In which of the following situations would it be BEST to use a detective control type for mitigation? A. A company implemented a network load balancer to ensure 99.999% availability of its web application. B. A company designed a backup solution to increase the chances of restoring services in case of a natural disaster. C. A company purchased liability insurance for flood protection on all capital assets. D. A company purchased an application-level firewall to isolate traffic between the accounting department and the information technology department. E. A company purchased an IPS system, but after reviewing the requirements, the appliance was supposed to monitor, not block, any traffic.
E
An analyst is trying to identify insecure services that are running on the internal network After performing a port scan the analyst identifies that a server has some insecure services enabled on default ports Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them' (Select THREE) A. POP, IMAP B. SNMPv1, SNMPv2 C. Login, rlogin D. SFTP FTPS E. TLS, SSL F. Telnet SSH G. SNMPv2 SNMPv3 H. TFTP FTP I. HTTP, HTTPS
F, G , I