Sec Pre

A project to integrate a new financial service application has been undertaken by a large banking institution. The new application will allow users to report on their financial health in real-time. This new application requires several connections between different database servers and a reporting service. In managing the project, a risk register has been completed. One of the risks associated with the project is that the reporting service could create deadlocks on the database taking it down for other services that clients are using. The likelihood of the risk occurring has been put at medium, and the impact of the risk has been estimated to cost around $50,000 per occurrence. The cost to mitigate the risk by installing a new database server is $250,000 and installing a new database server comes with additional uncalculated risks. The company culture is to take risks in order to increase the bottom line for each quarter. What should you do as the project manager in this situation?

Accept the risk and monitor the situation

Your organization currently has strict change management procedures setup internally. The change review board meets once a week to review any non-emergency changes to review the possible impact they will make to the organization. During the most recent change review meeting, the discussion came up regarding a vulnerability to a frequently used piece of software. Several workarounds were discussed as a potential solution. but all required changes to infrastructure that would cause downtime in other areas of the business. One of the solutions put forward was to disallow the use of the software until a patch is released. The vendor has indicated that it will be several weeks before a patch is released. You have been asked to disallow the application, how might you achieve this?

Add the application to the block list in the endpoint security solution

In a recent re-organization, your company has let go of the district sales manager for the east coast of the US. In parting ways with each employee HR reviews the non-compete contract that each employee has signed along with any severance package they may be due. Since his departure your organization has lost a lot of the east coast business to the competition. The CEO heard rumors that the departed sales manager is now working for a close competitor in violation of the non-compete. Additionally, the CEO believes that the sales manager took the organizations customer data with him when he left. You have been asked to look at the user's laptop to determine if any data was exfiltrated. You first start a chain of custody record on the laptop and create an image of it using DD. What tool can you use to conduct the forensic analysis?

Autopsy

You have been brought a computer from a network administrator to do a data recovery on. The computer was in use by the CFO of the organization. The network administrator tells you that the CFO got wind that the company was going to be letting them go so they deleted the upcoming quarterly report from their computer and left the organization without notice. You ask the administrator if anything has changed on the machine since the user left. He mentions that it may have done a Windows update. You take the disk from the computer and take an image of it using DD. The image is then loaded into Autopsy and scanned for deleted files. You don't find any file artifacts using autopsy that would be of interest. Why would you use an image and not the drive to conduct your investigation?

Avoid accidentally writing to the drive could overwrite deleted files

You have been brought into a company that recently experienced a data breach of their customer data. The company had been using an MSP but has decided to create their own internal IT department after the breach. The MSP blamed an email that came from a bad actor for the breach and had done a cleanup on the local machine prior to handing operations over to you. You have reviewed all equipment and systems within the organization and have created a patch management strategy to help keep systems up to date. In doing so you have found several older systems and noticed that much of your network infrastructure looks dated. You have contacted the vendor for support, but they have indicated that these items were purchased without a service contract. What information should you look for to determine if these systems are maintainable?

Check the model end of service life

You are a member of the IT team for an online service portal. A security analysis is going to be performed on your web applications and you want to make sure that there are no alerts due to things that can be changed without reconfiguring the web apps What action has the least risk of breaking any web services?

Closing unused open ports and services

A construction company recently won a bid to build a new library in a major city. This build project has strict timelines as the city wants to have it operation prior to the next election cycle. One of the cities recent projects was delayed because of a ransomware attack against the building company. Thus, the city has put in place some cybersecurity requirements for the construction company. You have been hired to help meet these security requirements. The construction company already has a decent firewall solution and is using role-based access internally. They have a strong password policy and are using two-factor authentication for email access. One of the items on your to do list is to replace an FTP server that the company uses to transfer files between subcontractors. Currently subcontractors are using a shared account for access. What solution will best ensure only those that need access to the FTP are allowed in?

Configure a SFTP using SSH keys

You have recently joined a new company in the role of a systems analyst. The company hosts several custom web facing applications for clients throughout the USA. You have been asked to take on a project to help harden the websites against possible intrusion. One of the websites runs a legacy application. This application is still in use by two customers. They access the website to place orders for new product. The website is hosted in the company DMZ, and the next-gen firewall traffic shows many SQL injection attempts against the website. You want to harden this server first. What option would best secure the website against attack?

Configure an access control list and only allow connections from customer IP addresses

After a recent network breach, your organization has made significant changes to the user account policy. This included implementing password complexity and disabling guest access to the network. User accounts have been configured to login only during business hours. The local firewall has been replaced with a next-gen security appliance and a security information and event management suite has been setup. Your organization has made significant strides in protecting the network in a short time period. After the implementation in conduction the weekly audit of network access your IT security team have notified you that they are seeing significant penetration attempts late at night from another country. You want to limit this as much as possible. What solution might you implement to decrease the attack surface of your network?

Configure geolocation and block access from other countries

An external red team exercise at nuclear plant has made several key findings that the station should improve upon. The report highlighted that the surveillance camera system relied on wireless cameras that could easily be disassociated with the network. Several loT sensors and smart devices recently installed to control physical security were found to be running outdated firmware. Lastly, the red team was able to breach the air-gapped network using a USB device that mimicked a keyboard. This could potentially allow for the execution of commands on the air-gapped network that is meant to be tightly controlled. What change to the security policy should immediately be undertaken?

Control USB access to terminals on the air-gapped network

Your firm has recently taken on a large client that is trying to integrate a newly acquired organization that will continue to operate independently. But they want to integrate IT systems across the company to help reduce operating costs. The parent organization utilizes a server-less architecture using edge computing to ensure the best service to each branch office. The smaller organization has an on-premises infrastructure using directory services in a virtualized environment. Moving the smaller organization to the cloud will require planning and implementation over several months' timeframe. The board wants the small organization integrated immediately so their IT security team can gain visibility over their systems and the architecture team can start moving sewers to me ciona What best gives the parent company access to their systems to move them into the cloud?

Create a transit gateway to connect the on-premises network to the cloud.

You are a member of the security team for a financial institution. You are educating your team on some of the common types of social engineering techniques that might be used by threat actors against the company. You have educated your company's users to watch for grammatical mistakes and email addresses coming from domains that are not owned by legitimate companies. What two types of social engineering will these techniques be most effective against?

Credential harvesting, Identity fraud

You are a member of the security team for a small online toy store. You are hosting your retail web site on an older Linux based platform and software that has not had any security updates available for the last 2 years. There is a well-known vulnerability on this system that allows a user to perform read-only queries against the backend database using SQL injection. What type of impact would this most likely have on your organization if the vulnerability was exploited?

Data exfiltration

E-mail has become the norm in many organizations but brings with it certain risks that administrators need to guard against. What can you do to secure mail gateways within the network infrastructure? (Choose three.)

Data loss prevention, Server-to-server encryption, Spam filter

A network technician has been tasked with managing the user accounts within the Sales department. A user has recently reported that they will be leaving the office for a year on maternity leave. Which account management practice would be BEST applied to the user's computer account?

Disable the user's account until they return to the office.

You have added an important document to a file share on your organization's network. You have given individual users different permission levels to access this file. Which type of access control model have you implemented?

Discretionary access control

The company you work for has just replaced all their IT equipment with new products. The IT refresh was long overdue and has been implemented seamlessly by the IT team. The project was managed well and came in on budget. During the annual review of the disaster recovery plan, you noticed that several technical details referenced systems that were outdated. During the review you have made a note that the Disaster recovery plan should be updated to include new systems and services. Updating the policy going forward should become a function of change management internally. In reviewing this you realize that little documentation was updated during the IT refresh. In addition to updating the disaster recover plan, what is another document should you update?

Functional recovery plan

You arrived Monday morning to find that during the evening on Sunday a cyber event happened. Your core fileserver and several servers and desktops have been locked up with ransomware. The ransom has been set at 5 bitcoins to get your services back to operational. Your CIO has decided not to pay the ransom and has initiated the disaster recovery and business continuity plan. It is expected to take weeks to get all servers backup and operational. There is also the likelihood that it could happen again if the backdoor isn't closed. While you have been trying to find the root cause of the issue so that you can mitigate the risk of it happening again during the cleanup, you have been approached by several staff members and different area managers asking for updates. The frequent interruptions have made it difficult to manage the event, how could you best prevent this?

Have a communication plan for disaster/business continuity situations

You are leading a software project in which security is one of the most important considerations. Once the project is complete there will be no changes made to the specific environment in which an application runs. This environment will specify the software and contiguration of the environment needed to run the application These are examples of which security principles? (Choose two.)

Immutable systems, Baselining

The company you work for has several mobile sales representatives that travel the country trying to drum up new business. Recently several members of the sales team were hired by another national company that has been rapidly expanding in a similar line of business. HR has initiated the employee termination process for each of the departing sales representatives. After termination several of the sales representatives sent back two laptops, a tablet, and a phone. Some sent back nothing. You have been asked to ensure all equipment is returned to the organization. You have asked each of the departing sales reps and they have indicated that they returned all company equipment. You unfortunately have no method of verifying that all equipment has been returned, and a competing company has approached your CFO to report that a former employee was trying to sell company secrets. What policy should your organization consider going forward?

Implement an asset management policy

As the developer working to protect your code, you decide to use the Blowfish cipher. You decide to add protections that make weak keys more secure using Bcrypt, which incorporates a salt to protect against rainbow table attacks and increases the iteration count, which makes it slower and more resistant to brute-force attacks. The use of Bcrypt is an example of using what cryptographic mechanism?

Key Stretching

As system administrator for a small corporation, you're currently in the process of configuring network access control, or NAC. How can you deploy NAC in this scenario? (Choose three.)

Let the authentication server perform health checks at logon for any agentless devices on the network, Use a dissolvable agent to check the status on a device or client system prior to granting that client network access, Implement host health checks to verify the status of any system attempting to connect to the network

You are a member of the security forensics team reviewing an attack on your organization. In the latest attack a user received an email on their Microsoft Windows workstation from what appeared to be the CEO of the company with a note to open an attached document. When they opened the document the system locked up and a ransomware notice was posted on the screen. Later other users encountered the same email. What type of network attack has your organization most likely suffered?

Macro virus

As a security administrator trying to manage the possible business impact of various risks you need to identify the specific services or functions that your company provides that must be either fault tolerant or able to resume quickly after a disruption. In doing this you are identifying which of the following?

Mission-Essential Functions

You have been hired by a small organization to conduct a security audit of their network and server infrastructure. You have run a ping sweep of their subnet and a port scan using an IP scanner. You have run dnsenum on their DNS server, and enum4linux against the domain controller. At this point you are confident that you have an accurate map of their network and know what servers and infrastructure lie where. The company has asked that you provide them a list of all potential vulnerabilities on their network. What tool would you use to meet this requirement?

Nessus

You have been brought on-site to help in a digital forensics case where a disgruntled employee is believed to have conducted a network attack from their computer. After following all the proper steps to obtain the computer and gather the evidence you quickly find that malware was downloaded through a thumb drive on the employee's computer and uploaded to the network. You call law enforcement with the findings and turn it over to the district attorney's office. During the court appearance you are summoned to take the stand. The user denies they installed the malware and are insisting that someone has set them up. You discuss the findings in court, but there is no video evidence showing the user was at their computer during that time period. The case ends up being thrown out. What should you aim to accomplish with future forensics investigations?

Non-repudiation

You are on the security team for a large software company. You are concerned about how social engineering can be used against your organization when information about your employees can be used to create trust when performing spear phishing or vishing attacks. What area of penetration testing could you educate your users about to help them be aware of how information about them could be discovered?

OSINT

When talking about open-source intelligence, which of the terms correctly describe its true meaning?

Open-source intelligence is data that has been collected from publicly available sources.

During an active incident you have data to acquire from the machine hard drives, the active RAM, the log files and the USB device suspected to have brought the malicious payload inside the network. You decide to capture the RAM first based on what procedural principle?

Order of volatility

A system on your network was accessed during working hours and some sensitive intormation was viewed by an unintended user. Which actions will help prevent this issue from occurring in the future? (Choose TWO.)

Perform permission auditing and review, Perform usage auditing and review

As the security administrator of your organization you have been asked to identify the specific PIl that is stored on the servers your company maintains and to spell out exactly how it is protected, shared, and maintained. Which of the following describes the type of document you are generating?

Privacy Impact Assessment

Which of the following technologies can assist with asset tracking and inventory control of mobile devices?

RFID tags

You have downloaded a graphic driver from a third party website that is supposed to include additional enchantments. You notice that the checksum of this file does not match the original driver found on the vender website. You decided to install the driver anyway. After a couple of weeks, you discover that personal information including your banking information, name, and other vital information was leaked on to the internet. Which of the following attacks is being described?

Refactoring

You are a member of the security team for a mining operation. Your loT devices monitor and manage many automated processes. You are concerned about unauthorized access being used in an attempt to create availability loss. What are the two most likely vectors for an advanced persistent threat (APT) against your organization?

Removable media, Email

Your organization is developing an Al to help traders maximize their investments. You already have VC backing and a few paying customers. The application is running microservices in containers on a cloud-based service to help ensure availability. The containers are configured to dynamically allocate resources depending upon their usage and run in their own virtual subnet that you have a virtual private cloud endpoint to for troubleshooting. A client mentioned a company they used that had their system hacked because of a vulnerability in one of their containers allowing hackers to gain access to the full containerized environment. You are using a very similar method of container management. What solution might you implement to protect the environment?

Run containers as non-root and disallow containers from acquiring new privileges

A small company has recently been awarded a Government contract to modernize their internal land registry system. The contract has several requirements around security that the organization will need to adhere to. The requirements are outlined in specific sections of NIST SP 800-53. The newly hired CIO within the small organization is looking for a method of transferring files between the Government and the company. These files will need to be encrypted in transit and at rest. The information being transferred will contain personally identifiable information and needs to be treated internally with the highest level of data security. What is the best file transfer method for the small organization to implement?

SFTP

You have installed a new firewall solution that allows for deep packet inspection. The firewall will allow remote VPN users to connect and work from home. The network you are running is currently configured with two subnets and a DMZ. The first subnet contains all production computers, server infrastructure, mobile devices, and industrial control systems. The second subnet contains your VolP solution and the internal IP security camera solution. The DMZ is housing two web servers and an ftp that clients use to upload information. Operations has reported that one of their industrial control systems keeps faulting because of unknown network traffic. This keeps taking a boiler offline that is used in production and could potentially be a safety issue. What solution best secures the industrial control equipment?

Segment the industrial control network and use the firewall to filter unwanted traffic

A company running Azure directory services has several internally built applications that they use to conduct daily business. They have a customized CRM, an inventory management suite, a custom ERP, and several other web-based applications the development team has made to make life easier within the business. In conducting a user audit of these services, you have noticed that several users are frequently resetting their passwords and others are using shared accounts on several of the systems. The IT security policy does not allow for the use of shared accounts and the number of password reset being conducted is taking significant time away from daily operations. You have been tasked with fixing this in the most secure way possible. What technology might you implement to help users manage authentication better?

Single sign on

Which type of lock allows for a certain amount of individual accountability?

Smart lock

The board of directors at your company has recently updated the information security policy for your organization. The new policy requires that all data is encrypted at rest. Your desktop machines are older and running Windows 7. Many of the machines in your organization meet the minimum system requirements for Windows 10, and to save money you have decided to purchase licenses and update those computers. The Active Directory server has been encrypted and updated. With that update you have installed the administrative templates for Windows 10 to support enforcing BitLocker through group policy. When the group policy was pushed out, several of the older computers did not encrypt their drives. What might have caused those computers not to be able to encrypt their hard drives

The computers did not have a TPM

The organization you work for has implemented a new security policy that governs the use and access of data at a much stricter level than before. The organization is requiring that a classification system be put in place that classifies data as public, private sensitive, and confidential. Users have been trained internally on how to assign appropriate metadata to files to ensure classification is maintained. The security policy also requires that the data is secure and encrypted at rest. This includes any financial information that is contained within the internal database systems. These systems already have the values hashed in the database, but drive encryption is not turned on. Who in the organization would typically be responsible for implementing the security controls to protect the data?

The data custodian

A local college is rolling out a new wireless access system across the campus. The old system used WPA2 authentication and had several challenges. After about the first week, student had connected several devices to the network that were unauthorized. These unauthorized devices slowed down the network to the point that it was unusable during examination time. In configuring the new network, the college has purchased high density access points to support more devices. The college has also installed 10gbe trunk lines that will connect to the access points. The college still wants to ensure that only authorized devices are on the network however, and that the WPA2 key cannot be shared. What solution would you recommend?

Use EAP-TLS and issue certificates only to authorized devices

A large retail organization is updating their enterprise resource planning software to manage their supply chain on a national level. They want to implement a system that will allow them to track every item through the supply chain and avoid having significant user overhead as the supply chain handles millions of transactions between their warehouses, vendors, and stores daily. The new system must allow for each item in the supply chain to be tracked and audited at any time. It must also allow for vendors to conduct lookups of their supplies to verify their own sales numbers and ensure that they can meet supply demands for the retailer. What technical solution would best meet these requirements?

Use a distributed ledger and blockchain to record changes within the supply chain

Your company is developing a new application that will modernize how your organizations customers interact with the business. Customers used to place orders and would wait for the product to arrive at their location. The new software will allow them to peer into production as see where their product is at. This will allow customers to better project how long before items are delivered. You are managing a small development team. The team is using secure coding practices and live code review to ensure that bugs are not being introduced into the final product. The CISO has made it clear he wants to limit the impact of any SQL injection attempt. To achieve this, you have implemented input validation and installed a next-gen firewall that does deep packet inspection. What other configuration item would you want to implement to lesson the impact of a SQL injection?

Use a random salt to hash values stored within the database

Your organization has recently had thousands of dollars stolen during a phishing campaign. The phishing campaign faked an email from the CFO looking for account information to process an emergency payment as a vendor was threatening to cut off services. The victim of the attack thought they were responding to an actual email from the CFO and provided the account details in full to the attacker. It took several days before the access to the account was noticed and during that time the attackers accessed the account multiple times to make transactions. The banking company and your insurance company are refusing to provide support for this incident as your organization knowingly gave away the account details to a third party. The CFO has asked you to help solve this problem going forward. What solution would best help solve this issue going forward?

Use computer-based end user training and run a phishing simulation

What is a minimum requirement when placing mission-critical systems in wiring closets or server rooms?

Use electronic access control with all entry attempts logged by security systems.

You are a recent graduate from a server administration program at a local community college. Thankfully after a short search you have found an entry level position doing server installations for a financial firm. This financial firm spins up virtual machines for clients daily so that they can run analytics on daily transactions in the market. You have been assigned the task of reviewing all the server configurations to ensure that they are meeting security requirements. You start doing this manually, but it takes you hours to complete each individual server. You want to find a quicker way to conduct this audit so that you can impress your new boss and take on further responsibility. What might you do in order to accomplish this task faster?

Use security benchmarks provided by the operating system vendor

Which technology will allow you to sandbox an OS?

Virtualization

You are running routine scans of the system when you receive the notification: "Windows Resource Protection found some corrupt files and successfully repaired them." If you refer to the relevant log file, what can it tell you about what occurred? (Choose two.)

Which core system files failed the file integrity check, What was changed and subsequently fixed

You are a member of the security forensics team reviewing an attack on your organization. In the latest attack users could not login using their RFID badges at security. There was a huge backlog waiting to get in and security had to check IDs manually. It was determined that a person slipped past security at this time and gained access to an unattended system. What type of network attack has your organization most likely suffered?

Wireless Dos

You are working for a security research firm that specializes in malware analysis. A new form of ransomware has been detected in the wild. This new form takes advantage of a zero-day exploit in a leading security gateway company to gain a foothold and then conducts local attacks through a remote command session. You have gotten intentionally infected a vulnerable security gateway with this malware and are dumping live data from the device through a promiscuous network port. You are capturing traffic on both sides of the security gateway and you want to find out how the command and control is functioning remotely. What tool would you use to analyse the captured network traffic?

Wireshark

You have implemented the use of request verification tokens associated with user sessions for a web server. Which type of attack will this help prevent?

XSRF

Your supervisor mentions that they are implementing secure boot. Which technology includes Secure Boot?

UEFI

When speaking about penetration testing, which of the following best describes persistence?

Installing a backdoor that needs authentication

Which of the following would provide the BEST results for warning security personnel of unauthorized access in a building?

Alarm system

The organization you are working for recently had a server failure during a power outage. This caused several pieces of manufacturing equipment to enter an errored state that had to be manually cleared by the vendor. This outage took several hours to repair and cost the organization several hundred thousand in lost production. In reviewing the issue, you logged the following series of events. The power went out and emergency lighting came on. The generator came online, and the transfer switch moved power over to the generator within 15 seconds. The power then was restored to the building. During this time the servers went down. What system would have prevented the outage from occurring?

An uninterruptable power supply

There are several methods for assessing the security of your systems. One method involves sending data and collecting the responses to determine what application is running on the server. What is this process called?

Banner grabbing

One of your webservers has been compromised by an attacker exploiting the SUID bit set to run as the superuser. What was the most likely attack vector used?

Buffer overflow

As a security administrator managing the cryptography of your network, you are concerned about ensuring that data transmitted from a web site to a database server over the network is neither visible in clear text nor vulnerable to modification if intercepted. Which aspects of cryptography do you specifically need to support in this case? (Select TWO)

Confidentiality, Integrity

Your company uses a PKI. As a member of your local IT team, you have been tasked with implementing a method of storing keys that can be used by law enforcement to decrypt encrypted documents. What should you do to meet this requirement?

Configure a key escrow

When installing security lighting around a building, what should you ensure is done? (Select THREE)

Distributed low intensity lighting is installed for ground cover., The lights are installed high up on poles or the building., A secondary power source is available

You need to provide a solution that will allow you to use asymmetric cryptography to encrypt data on mobile devices, while keeping overhead at a minimum. Which of the following options would BEST accomplish this task?

ECC

A malicious user disconnects an AP from the network. They proceed to configure their personal laptop with the same name as the AP. Which type of attack was launched?

Evil twin

A network administrator recently had an internal security audit completed to ensure that the network configuration met the requirements outlined within the corporate security policy. The audit found several issues with the internal configuration. The audit returned showing that passwords in router and switch configuration files were shared across several devices and not encrypted within the stored backup. The audit also found that username and passwords transferred to a local web application were being transferred in plain text. The application itself is old, but it is important that users are unable to login as other users or see the traffic to the website. What technology would make it impossible to see plain text information being sent via HTTP requests?

HTTPS

Which term describes an individual or a group of people who use exploits or hacking methods to express a particular ideology or political stance?

Hacktivist

You recently had issues with unauthorized access to your computer from the Internet. Which tool can be used to block these connections to your computer?

Host-based firewall

An industrial control company has recently had a major vulnerability that has made their private key cryptographic methods easy to crack with any modem video card. This vulnerability has exposed sensitive communications between devices across many industrial settings that are considered critical infrastructure. The organization has significant limitations within the processing power that exists on the current controllers. The controllers still fall within the support lifecycle from the industrial control company, and they must find an alternate method of encrypting traffic that is secure without introducing significant computation overhead. What cryptographic solutions might the industrial control company want to consider?

A lightweight cryptographic stream cipher like Trivium

You have been brought in to handle the clean-up after an end user downloaded an application that gave a remote attacker shell access to a local machine to install ransomware on a server after all internal customer data was downloaded by the third party. You were able to restore from backup very easily and bring all servers back online. Local computers did lose some settings, but thanks to a OneDrive integration, you were able to restore all users documents to their pcs easily. The response to the incident took several weeks to complete. Your organization is looking to update some hardware and software to prevent this specific scenario from happening again. What technical solution would you recommend be implemented?

A web application firewall configured as a forward proxy for all web traffic

A user reports that they have received an e-mail from their credit card company. The e-mail states there is a problem with their account. The e-mail provides a link to follow to correct the issue; however, upon further inspection, the user notices the URL looks suspicious. Of which of the following is this MOST likely an example?

Phishing attack

You are a member of the security team for a future online social media platform. You have decided to outsource many elements of the software as much as possible. Due to the nature of your software what third-party related security risk should be your top priority?

Control and access to stored data

Which vulnerability scanning concept is best described as logging into a network with a valid user account to run vulnerability scans?

Credentialed vulnerability scanning

Which of the following is a function of DHE?

Provides perfect forward secrecy

You are a member of the security forensics team reviewing an attack on your organization. In the latest attack users attempted to logon to the corporate intranet but found they had to put in their credentials twice. It was discovered that the first entry was being registered at a different IP address and then the second successful logon was at the correct portal IP. What type of network attack has your organization most likely suffered?

DNS URL redirection

In response to an incident you capture a system image of the affected system, plan a review of network traffic and logs, capture video of the incident. record time offset. take hashes and screenshots, and schedule witness interviews. These are all examples of what?

Data acquisition

Which role is responsible for processing data backups?

Data custodian

You responded to a critical SAN failure that led to the loss of all running servers within your data center. To restore services you had to restore backups from offsite tapes onto a new SAN that took 72 hours to arrive. The restoration process for each virtual machine took several hours to complete as the backup tapes took several hours to copy over your virtual disk files. It took a period of 15 days to fully restore services to the organization and several board members are upset about the length of the downtime of several critical services. In conducting a post-mortem review of activities to update procedures in the case that such an event took place again it has been brought up that several small services were restored prior to critical systems. What change should be made to the disaster recovery plan going forward?

Establish a restoration order based on business value

Your supervisor tells you the company wants to incorporate hardware root of trust. Which of the following is used for this purpose? (Choose two.)

HSM, TPM

You work for an oil and gas company as the IT security architect. You are reviewing the systems that are installed at one of your remote sites. The remote site is internet connected and many of the control systems are fed back to the head office for monitoring and control. One of the systems is a pump that is considered mission critical. The pump has been in use since the late 90's and has been out of manufacture support for several years. The pump costs around $5 million to replace. The replacement pump would take several weeks to install causing the company to lose millions more in revenue. The current pump control software runs on Windows NT. The operating system has several known exploits for it in the wild and it is considered a risk to the organizations network to run it. The CIO has asked that you bring any potential risks up for board approval. What type of risk would this be considered?

Legacy system risk

An intruder shows interest in an employee to gain the employee's trust. Which type of influence tactic is this?

Liking

You are a member of the security team for a municipal electric utility. You have discovered that false negatives are relatively easy to create in your threat hunting penetration testing. What actions could you perform in order to best reduce the number of false negatives in your organization?

Require credentialed access, Perform a configuration review

Preventing password crackers from accessing your password database is a key part of system security. What are some safeguards you can implement to mitigate password crackers? (Choose three.)

Setting a maximum number of login attempts, Enforcing rules for creating strong passwords, Salting passwords

You need to provide a username, password, and PIN to log in to a computer successfully. Which form of authentication is being used?

Single-factor authentication

As part of your Risk Assessment you are analyzing third-party risks. Which of the tollowing would you want to include as part of negotiating any third-party agreements? (Choose two.)

Supply chain assessment, Privacy considerations

Your organization has ordered new computers that include a chip on the motherboard that can manage encryption keys. What is this chip called?

TPM

Your company has rolled out a new mobile device usage policy. This policy encompasses all mobile devices such as laptops, tablets, and phones. All users within the organization are issued a corporately owned phone. These phones have an unlimited data plan on them and are to be used by staff when travelling, and when on-call. The mobile device usage policy does not allow corporate devices to connect to third party WIFI networks. This was done after a user's laptop picked up malware on a hotels WIFI. Staff are complaining that they will not be able to do any work while on the road now because they will not be able to use WIFI. What should you recommend they do instead?

Tether their phone or use it as a mobile hotspot

The incident response team has responded to a security threat where an employee's computer has been infected with a virus. During the recovery phase of incident response, what should be done?

The computer should be rebuilt.

Users authenticated in Domain A are automatically authenticated in Domain B and vice versa. Users authenticated in Domain B are automatically authenticated in Domain C and vice versa. Through this association, users in Domain A are automatically authenticated in Domain C and vice versa. Which term best describes this concept?

Transitive trust

Your organization has configured a security information and event management solution. The SIEM solution uses a series of log collectors to manage incoming data. These log collectors are configured to be redundant and access to the storage has been limited. You currently have the SIEM solution alerting anytime an admin account logs in locally to a machine. Additionally, alerts are generated for any critical system events, or anytime 3 or more failed login attempts are made to a user account. Your CISO would like to see alerts generated when users operate outside of an established baseline. What type of SIEM analysis should be done to achieve this?

Trend analysis

Which type of standalone malware can infect a computer, replicate itself, and spread to other computers?

Worm