Test Bank Version 3
A forensics analyst is investigating a hard drive for evidence of suspected illegal activity. Which of the following should the analyst do FIRST? A. Create a hash of the hard drive. B. Export the Internet history. C. Save a copy of the case number and date as a text file in the root directory. D. Back up the pictures directory for further inspection.
A
A large financial services firm recently released information regarding a security breach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file download from a social media site and subsequently installed it without the user's knowledge. Since the compromise, the attacker was able to take command and control of the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker MOST likely use to gain access? A. A bot B. A fileless virus C. A logic bomb D. A RAT
A
A network administrator at a large organization is reviewing methods to improve the security of the wired LAN. Any security improvement must be centrally managed and allow corporate-owned devices to have access to the intranet but limit others to Internet access only. Which of the following should the administrator recommend? A. 802.1X utilizing the current PKI infrastructure B. SSO to authenticate corporate users C. MAC address filtering with ACLs on the router D. PAM for users account management
A
A network administrator was concerned during an audit that users were able to use the same passwords the day after a password change policy took effect. The following settings are in place: Users must change their passwords every 30 days. Users cannot reuse the last 10 passwords. Which of the following settings would prevent users from being able to immediately reuse the same passwords? A. Minimum password age of five days B. Password history of ten passwords C. Password length greater than ten characters D. Complex passwords must be used
A
A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions? A. Nmap B. Wireshark C. Autopsy D. DNSEnum
A
A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery? A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis. B. Restrict administrative privileges and patch all systems and applications. C. Rebuild all workstations and install new antivirus software. D. Implement application whitelisting and perform user application hardening.
A
A system uses an application server and database server. Employing the principle of least privilege, only database administrators are given administrative privileges on the database server, and only application team members are given administrative privileges on the application server. Audit and log file reviews are performed 868B7E94756F6685AFF3084F8F0DEC40 by the business unit (a separate group from the database and application teams). The organization wants to optimize operational efficiency when application or database changes are needed, but it also wants to enforce least privilege, prevent modification of log files, and facilitate the audit and log review performed by the business unit. Which of the following approaches would BEST meet the organization's goals? A. Restrict privileges on the log file directory to "read only" and use a service account to send a copy of these files to the business unit. B. Switch administrative privileges for the database and application servers. Give the application team administrative privileges on the database servers and the database team administrative privileges on the application servers. C. Remove administrative privileges from both the database and application servers, and give the business unit "read only" privileges on the directories where the log files are kept. D. Give the business unit administrative privileges on both the database and application servers so they can independently monitor server activity.
A
A user loses a COPE device. Which of the following should the user do NEXT to protect the data on the device? A. Call the company help desk to remotely wipe the device. B. Report the loss to authorities. C. Check with corporate physical security for the device. D. Identify files that are potentially missing on the device.
A
An incident responder is preparing to acquire images and files from a workstation that has been compromised. The workstation is still powered on and running. Which of the following should be acquired LAST? A. Application files on hard disk B. Processor cache C. Processes in running memory D. Swap space
A
An organization plans to transition the intrusion detection and prevention techniques on a critical subnet to an anomaly-based system. Which of the following does the organization need to determine for this to be successful? A. The baseline B. The endpoint configurations C. The adversary behavior profiles D. The IPS signatures
A
During a risk assessment, results show that a fire in one of the company's datacenters could cost up to $20 million in equipment damages and lost revenue. As a result, the company insures the datacenter for up to $20 million damages for the cost of $30,000 a year. Which of the following risk response techniques has the company chosen? A. Transference B. Avoidance C. Mitigation D. Acceptance
A
In which of the following risk management strategies would cybersecurity insurance be used? A. Transference B. Avoidance C. Acceptance D. Mitigation
A
Joe, an employee, knows he is going to be fired in three days. Which of the following is Joe? A. An insider threat B. A competitor C. A hacktivist D. A state actor
A
QUESTION 13 ON TEST BANK*** A security administrator has received multiple calls from the help desk about customers who are unable to access the organization's web server. Upon reviewing the log files, the security administrator determines multiple open requests have been made from multiple IP addresses, which is consuming system resources. Which of the following attack types does this BEST describe? A. DDoS B. DoS C. Zero day D. Logic bomb
A
The exploitation of a buffer-overrun vulnerability in an application will MOST likely lead to: A. arbitrary code execution. B. resource exhaustion. C. exposure of authentication credentials. D. dereferencing of memory pointers.
A
The help desk received a call from a user who was trying to access a set of files from the day before but received the following error message: File format not recognized. Which of the following types of malware MOST likely caused this to occur? A. Ransomware B. Polymorphic virus C. Rootkit D. Spyware
A
Using a one-time code that has been texted to a smartphone is an example of: A. something you have. B. something you know. C. something you do. D. something you are.
A
Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server? A. The document is a honeyfile and is meant to attract the attention of a cyberintruder. B. The document is a backup file if the system needs to be recovered. C. The document is a standard file that the OS needs to verify the login credentials. D. The document is a keylogger that stores all keystrokes should the account be compromised
A
Which of the following is the BEST use of a WAF? A. To protect sites on web servers that are publicly accessible B. To allow access to web services of internal users of the organization C. To maintain connection status of all HTTP requests D. To deny access to all websites with certain contents
A
Which of the following is the MAIN disadvantage of using SSO? A. The architecture can introduce a single point of failure. B. Users need to authenticate for each resource they access. C. It requires an organization to configure federation. D. The authentication is transparent to the user.
A
Which of the following is the proper use of a Faraday cage? A. To block electronic signals sent to erase a cell phone B. To capture packets sent to a honeypot during an attack C. To protect hard disks from access during a forensics investigation D. To restrict access to a building allowing only one person to enter at a time
A
Which of the following types of controls is a turnstile? A. Physical B. Detective C. Corrective D. Technical
A
Which of the following would provide a safe environment for an application to access only the resources needed to function while not having access to run at the system level? A. Sandbox B. Honeypot C. GPO D. DMZ
A
While testing a new vulnerability scanner, a technician becomes concerned about reports that list security concerns that are not present on the systems being tested. Which of the following BEST describes this flaw? A. False positives B. Crossover error rate C. Uncredentialed scan D. Passive security controls
A
A systems engineer wants to leverage a cloud-based architecture with low latency between network-connected devices that also reduces the bandwidth that is required by performing analytics directly on the endpoints. Which of the following would BEST meet the requirements? (Choose two.) A. Private cloud B. SaaS C. Hybrid cloud D. IaaS E. DRaaS F. Fog computing
AB
The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer (CIO) believes the company can implement some basic controls to mitigate the majority of the risk. Which of the following would be BEST to mitigate the CEO's concerns? (Choose two.) A. Geolocation B. Time-of-day restrictions C. Certificates D. Tokens E. Geotagging F. Role-based access controls
AB
An employee opens a web browser and types a URL into the address bar. Instead of reaching the requested site, the browser opens a completely different site. Which of the following types of attacks have MOST likely occurred? (Choose two.) A. DNS hijacking B. Cross-site scripting C. Domain hijacking D. Man-in-the-browser E. Session hijacking
AC
A systems administrator is installing and configuring an application service that requires access to read and write to log and configuration files on a local hard disk partition. The service must run as an account with authorization to interact with the file system. Which of the following would reduce the attack surface added by the service and account? (Choose two.) A. Use a unique managed service account. B. Utilize a generic password for authenticating. C. Enable and review account audit logs. D. Enforce least possible privileges for the account. E. Add the account to the local administrators group. F. Use a guest account placed in a non-privileged users group.
AD
A coding error has been discovered on a customer-facing website. The error causes each request to return confidential PHI data for the incorrect organization. The IT department is unable to identify the specific customers who are affected. As a result, all customers must be notified of the potential breach. Which of the following would allow the team to determine the scope of future incidents? A. Intrusion detection system B. Database access monitoring C. Application fuzzing D. Monthly vulnerability scans
B
A company needs to fix some audit findings related to its physical security. A key finding was that multiple people could physically enter a location at the same time. Which of the following is the BEST control to address this audit finding? A. Faraday cage B. Mantrap C. Biometrics D. Proximity cards
B
A forensics investigator is examining a number of unauthorized payments that were reported on the company's website. Some unusual log entries show users received an email for an unwanted mailing attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be: <a href="https://www.company.com/payto.do? routing=00001111&acct=22223334&amount=250">Click here to unsubscribe</a> Which of the following will the forensics investigator MOST likely determine has occurred? A. SQL injection B. CSRF C. XSS D. XSRF
B
A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked. Which of the following would BEST meet these requirements? A. RA B. OCSP C. CRI D. CSR
B
A systems administrator is auditing the company's Active Directory environment. It is quickly noted that the username "company\bsmith" is interactively logged into several desktops across the organization. Which of the following has the systems administrator MOST likely come across? A. Service account B. Shared credentials C. False positive D. Local account
B
After successfully breaking into several networks and infecting multiple machines with malware, hackers contact the network owners, demanding payment to remove the infection and decrypt files. The hackers threaten to publicly release information about the breach if they are not paid. Which of the following BEST describes these attackers? A. Gray hat hackers B. Organized crime C. Insiders D. Hacktivists
B
An organization has decided to host its web application and database in the cloud. Which of the following BEST describes the security concerns for this decision? A. Access to the organization's servers could be exposed to other cloud-provider clients. B. The cloud vendor is a new attack vector within the supply chain. C. Outsourcing the code development adds risk to the cloud provider. D. Vendor support will cease when the hosting platforms reach EOL.
B
Ann, a user, reported to the service desk that many files on her computer will not open or the contents are not readable. The service desk technician asked Ann if she encountered any strange messages on boot-up or login, and Ann indicated she did not. Which of the following has MOST likely occurred on Ann's computer? A. The hard drive is falling, and the files are being corrupted. B. The computer has been infected with crypto-malware. C. A replay attack has occurred. D. A keylogger has been installed
B
During a forensic investigation, which of the following must be addressed FIRST according to the order of volatility? A. Hard drive B. RAM C. Network attached storage D. USB flash drive
B
Fuzzing is used to reveal which of the following vulnerabilities in web applications? A. Weak cipher suites B. Improper input handling C. DLL injection D. Certificate signing flaws
B
QUESTION 28 **The application team within a company is asking the security team to investigate why its application is slow after an upgrade. The source of the team's application is 10.13.136.9, and the destination IP is 10.17.36.5. The security analyst pulls the logs from the endpoint security software but sees nothing is being blocked. The analyst then looks at the UTM firewall logs and sees the following: Which of the following should the security analyst request NEXT based on the UTM firewall analysis? A. Request the application team to allow TCP port 87 to listen on 10.17.36.5. B. Request the network team to open port 1433 from 10.13.136.9 to 10.17.36.5. C. Request the network team to turn off IPS for 10.13.136.8 going to 10.17.36.5. D. Request the application team to reconfigure the application and allow RPC communication.
B
The CSIRT is reviewing the lessons learned from a recent incident. A worm was able to spread unhindered throughout the network and infect a large number of computers and server. Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future? A. Install a NIDS device at the boundary. B. Segment the network with firewalls. C. Update all antivirus signatures daily. D. Implement application blacklisting.
B
Which of the following BEST describes a security exploit for which a vendor patch is not readily available? A. Integer overflow B. Zero-day C. End of life D. Race condition
B
Which of the following BEST describes the concept of perfect forward secrecy? A. Using quantum random number generation to make decryption effectively impossible B. Preventing cryptographic reuse so a compromise of one operation does not affect other operations C. Implementing elliptic curve cryptographic algorithms with true random numbers D. The use of NDAs and policy controls to prevent disclosure of company secrets
B
Which of the following describes the ability of code to target a hypervisor from inside a guest OS? A. Fog computing B. VM escape C. Software-defined networking D. Image forgery E. Container breakout
B
Which of the following incident response steps involves actions to protect critical systems while maintaining business operations? A. Investigation B. Containment C. Recovery D. Lessons learned
B
Which of the following is a benefit of credentialed vulnerability scans? A. Credentials provide access to scan documents to identify possible data theft. B. The vulnerability scanner is able to inventory software on the target. C. A scan will reveal data loss in real time. D. Black-box testing can be performed.
B
Which of the following is a passive method to test whether transport encryption is implemented? A. Black box penetration test B. Port scan C. Code analysis D. Banner grabbing
B
Which of the following is a reason why an organization would define an AUP? A. To define the lowest level of privileges needed for access and use of the organization's resources B. To define the set of rules and behaviors for users of the organization's IT systems C. To define the intended partnership between two organizations D. To define the availability and reliability characteristics between an IT provider and consumer
B
During an incident, a company's CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes? A. Physically move the PC to a separate Internet point of presence. B. Create and apply microsegmentation rules. C. Emulate the malware in a heavily monitored DMZ segment. D. Apply network blacklisting rules for the adversary domain
BA
An organization is developing its mobile device management policies and procedures and is concerned about vulnerabilities that are associated with sensitive data being saved to a mobile device, as well as weak authentication when using a PIN. As part of some discussions on the topic, several solutions are proposed. Which of the following controls, when required together, will address the protection of data-at-rest as well as strong authentication? (Choose two.) A. Containerization B. FDE C. Remote wipe capability D. MDM E. MFA F. OTA updates
BE
A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly. Which of the following technologies should the IT manager use when implementing MFA? A. Onetime passwords B. Email tokens C. Push notifications D. Hardware authentication
C
A computer forensics analyst collected a flash drive that contained a single file with 500 pages of text. Which of the following algorithms should the analyst use to validate the integrity of the file? A. 3DES B. AES C. MD5 D. RSA
C
A first responder needs to collect digital evidence from a compromised headless virtual host. Which of the following should the first responder collect FIRST? A. Virtual memory B. BIOS configuration C. Snapshot D. RAM
C
A government agency with sensitive information wants to virtualize its infrastructure. Which of the following cloud deployment models BEST fits the agency's needs? A. Public B. Community C. Private D. Hybrid
C
A malicious actor recently penetrated a company's network and moved laterally to the datacenter. Upon investigation, a forensics firm wants to know what was in the memory on the compromised server. Which of the following files should be given to the forensics firm? A. Security B. Application C. Dump D. Syslog
C
A security administrator found the following piece of code referenced on a domain controller's task scheduler: $var = GetDomainAdmins If $var != 'fabio' SetDomainAdmins = NULL With which of the following types of malware is the code associated? A. RAT B. Backdoor C. Logic bomb D. Crypto-malware
C
A security operations team recently detected a breach of credentials. The team mitigated the risk and followed proper processes to reduce risk. Which of the following processes would BEST help prevent this issue from happening again? A. Risk assessment B. Chain of custody C. Lessons learned D. Penetration test
C
A security professional wants to test a piece of malware that was isolated on a user's computer to document its effect on a system. Which of the following is the FIRST step the security professional should take? A. Create a sandbox on the machine. B. Open the file and run it. C. Create a secure baseline of the system state. D. Harden the machine.
C
A security team has downloaded a public database of the largest collection of password dumps on the Internet. This collection contains the cleartext credentials of every major breach for the last four years. The security team pulls and compares users' credentials to the database and discovers that more than 30% of the users were still using passwords discovered in this list. Which of the following would be the BEST combination to reduce the risks discovered? A. Password length, password encryption, password complexity B. Password complexity, least privilege, password reuse C. Password reuse, password complexity, password expiration D. Group policy, password history, password encryption
C
A small retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing. The business owner now needs to ensure two things: Protection from power outages Always-available connectivity in case of an outage The owner has decided to implement battery backups for the computer equipment. Which of the following would BEST fulfill the owner's second need? A. Lease a telecommunications line to provide POTS for dial-up access. B. Connect the business router to its own dedicated UPS. C. Purchase services from a cloud provider for high availability. D. Replace the business's wired network with a wireless network.
C
A systems administrator needs to configure an SSL remote access VPN according to the following organizational guidelines: The VPN must support encryption of header and payload. The VPN must route all traffic through the company's gateway. Which of the following should be configured on the VPN concentrator? A. Full tunnel B. Transport mode C. Tunnel mode D. IPSec
C
An attacker is able to capture the payload for the following packet: IP 192.168.1.22:2020 10.10.10.5:443 IP 192.168.1.10:1030 10.10.10.1:21 IP 192.168.1.57:5217 10.10.10.1:3389 During an investigation, an analyst discovers that the attacker was able to capture the information above and use it to log on to other servers across the company. Which of the following is the MOST likely reason? A. The attacker has exploited a vulnerability that is commonly associated with TLS1.3. B. The application server is also running a web server that has been compromised. C. The attacker is picking off unencrypted credentials and using those to log in to the secure server. D. User accounts have been improperly configured to allow single sign-on across multiple servers.
C
An auditor is performing an assessment of a security appliance with an embedded OS that was vulnerable during the last two assessments. Which of the following BEST explains the appliance's vulnerable state? A. The system was configured with weak default security settings. B. The device uses weak encryption ciphers. C. The vendor has not supplied a patch for the appliance. D. The appliance requires administrative credentials for the assessment.
C
An incident response analyst in a corporate security operations center receives a phone call from an SOC analyst. The SOC analyst explains the help desk recently reimaged a workstation that was suspected of being infected with an unknown type of malware; however, even after reimaging, the host continued to generate SIEM alerts. Which of the following types of malware is MOST likely responsible for producing the SIEM alerts? A. Ransomware B. Logic bomb C. Rootkit D. Adware
C
An organization has a policy in place that states the person who approves firewall controls/changes cannot be the one implementing the changes. Which of the following is this an example of? A. Change management B. Job rotation C. Separation of duties D. Least privilege
C
An organization is drafting an IRP and needs to determine which employees have the authority to take systems offline during an emergency situation. Which of the following is being outlined? A. Reporting and escalation procedures B. Permission auditing C. Roles and responsibilities D. Communication methodologies
C
An organization wants to set up a wireless network in the most secure way. Budget is not a major consideration, and the organization is willing to accept some complexity when clients are connecting. It is also willing to deny wireless connectivity for clients who cannot be connected in the most secure manner. Which of the following would be the MOST secure setup that conforms to the organization's requirements? A. Enable WPA2-PSK for older clients and WPA2-Enterprise for all other clients. B. Enable WPA2-PSK, disable all other modes, and implement MAC filtering along with port security. C. Use WPA2-Enterprise with RADIUS and disable pre-shared keys. D. Use WPA2-PSK with a 24-character complex password and change the password monthly
C
In highly secure environments where the risk of malicious actors attempting to steal data is high, which of the following is the BEST reason to deploy Faraday cages? A. To provide emanation control to prevent credential harvesting B. To minimize signal attenuation over distances to maximize signal strength C. To minimize external RF interference with embedded processors D. To protect the integrity of audit logs from malicious alteration
C
A technician is recommending preventive physical security controls for a server room. Which of the following would the technician MOST likely recommend? (Choose two.) A. Geofencing B. Video surveillance C. Protected cabinets D. Mantrap E. Key exchange F. Authorized personnel signage
CD
**After being alerted to potential anomalous activity related to trivial DNS lookups, a security analyst looks at the following output of implemented firewall rules: The analyst notices that the expected policy has no hit count for the day. Which of the following MOST likely occurred? A. Data execution prevention is enabled. B. The VLAN is not trunked properly. C. There is a policy violation for DNS lookups. D. The firewall policy is misconfigured.
D
**Question 91 on test bank A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output: Which of the following is the router experiencing? A. DDoS attack B. Memory leak C. Buffer overflow D. Resource exhaustion
D
**Question 94 on test bank While reviewing the wireless router, the systems administrator of a small business determines someone is spoofing the MAC address of an authorized device. Given the table below: Which of the following should be the administrator's NEXT step to detect if there is a rogue system without impacting availability? A. Conduct a ping sweep. B. Physically check each system. C. Deny Internet access to the "UNKNOWN" hostname. D. Apply MAC filtering.
D
A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives? A. Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares. B. Purchase cyber insurance from a reputable provider to reduce expenses during an incident. C. Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization's susceptibility to phishing attacks. D. Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.
D
A company has had a BYOD policy in place for many years and now wants to roll out an MDM solution. The company has decided that end users who wish to utilize their personal devices for corporate use must opt in to the MDM solution. End users are voicing concerns about the company having access to their personal devices via the MDM solution. Which of the following should the company implement to ease these concerns? A. Sideloading B. Full device encryption C. Application management D. Containerization
D
A cryptographer has developed a new proprietary hash function for a company and solicited employees to test the function before recommending its implementation. An employee takes the plaintext version of a document and hashes it, then changes the original plaintext document slightly and hashes it, and continues repeating this process until two identical hash values are produced from two different documents. Which of the following BEST describes this cryptographic attack? A. Brute force B. Known plaintext C. Replay D. Collision
D
A local coffee shop runs a small WiFi hotspot for its customers that utilizes WPA2-PSK. The coffee shop would like to stay current with security trends and wants to implement WPA3 to make its WiFi even more secure. Which of the following technologies should the coffee shop use in place of PSK? A. WEP B. EAP C. WPS D. SAE
D
A mobile application developer wants to secure an application that transmits sensitive information. Which of the following should the developer implement to prevent SSL MITM attacks? A. Stapling B. Chaining C. Signing D. Pinning
D
A security administrator in a bank is required to enforce an access control policy so no single individual is allowed to both initiate and approve financial transactions. Which of the following BEST represents the impact the administrator is deterring? A. Principle of least privilege B. External intruder C. Conflict of interest D. Fraud
D
A security analyst is performing a BIA. The analyst notes that in a disaster, failover systems must be up and running within 30 minutes. The failover systems must use backup data that is no older than one hour. Which of the following should the analyst include in the business continuity plan? A. A maximum MTTR of 30 minutes B. A maximum MTBF of 30 minutes C. A maximum RTO of 60 minutes D. A maximum RPO of 60 minutes E. An SLA guarantee of 60 minutes
D
A systems administrator needs to install the same X.509 certificate on multiple servers. Which of the following should the administrator use? A. Key escrow B. A self-signed certificate C. Certificate chaining D. An extended validation certificate
D
A systems engineer is setting up a RADIUS server to support a wireless network that uses certificate authentication. Which of the following protocols must be supported by both the RADIUS server and the WAPs? A. CCMP B. TKIP C. WPS D. EAP
D
A technician is designing a solution that will be required to process sensitive information, including classified government data. The system needs to be common criteria certified. Which of the following should the technician select? A. Security baseline B. Hybrid cloud solution C. Open-source software applications D. Trusted operating system
D
An intruder sniffs network traffic and captures a packet of internal network transactions that add funds to a game card. The intruder pushes the same packet multiple times across the network, which increments the funds on the game card. Which of the following should a security administrator implement to BEST protect against this type of attack? A. An IPS B. A WAF C. SSH D. An IPSec VPN
D
An organization just experienced a major cyberattack incident. The attack was well coordinated, sophisticated, and highly skilled. Which of the following targeted the organization? A. Shadow IT B. An insider threat C. A hacktivist D. An advanced persistent threat
D
QUESTION 26 ON TEST BANK After a systems administrator installed and configured Kerberos services, several users experienced authentication issues. Which of the following should be installed to resolve these issues? A. RADIUS server B. NTLM service C. LDAP service D. NTP server
D
To further secure a company's email system, an administrator is adding public keys to DNS records in the company's domain. Which of the following is being used? A. PFS B. SPF C. DMARC D. DNSSEC
D
When implementing automation with IoT devices, which of the following should be considered FIRST to keep the network secure? A. Z-Wave compatibility B. Network range C. Zigbee configuration D. Communication protocols
D
Which of the following BEST explains the difference between a credentialed scan and a non-credentialed scan? A. A credentialed scan sees devices in the network, including those behind NAT, while a non-credentialed scan sees outward-facing applications. B. A credentialed scan will not show up in system logs because the scan is running with the necessary authorization, while non-credentialed scan activity will appear in the logs. C. A credentialed scan generates significantly more false positives, while a non-credentialed scan generates fewer false positives. D. A credentialed scan sees the system the way an authorized user sees the system, while a non-credentialed scan sees the system as a guest.
D
Which of the following attacks is used to capture the WPA2 handshake? A. Replay B. IV C. Evil twin D. Disassociation
D
Which of the following scenarios would make a DNS sinkhole effective in thwarting an attack? A. An attacker is sniffing traffic to port 53, and the server is managed using unencrypted usernames and passwords. B. An organization is experiencing excessive traffic on port 53 and suspects an attacker is trying to DoS the domain name server. C. Malware is trying to resolve an unregistered domain name to determine if it is running in an isolated sandbox. D. DNS routing tables have been compromised, and an attacker is rerouting traffic to malicious websites.
D
A systems engineer is configuring a wireless network. The network must not require installation of third-party software. Mutual authentication of the client and the server must be used. The company has an internal PKI. Which of the following configurations should the engineer choose? A. EAP-TLS B. EAP-TTLS C. EAP-FAST D. EAP-MD5 E. PEAP
E
An email recipient is unable to open a message encrypted through PKI that was sent from another organization. Which of the following does the recipient need to decrypt the message? A. The sender's private key B. The recipient's private key C. The recipient's public key D. The CA's root certificate E. The sender's public key F. An updated CRL
E
An organization recently acquired an ISO 27001 certification. Which of the following would MOST likely be considered a benefit of this certification? A. It allows for the sharing of digital forensics data across organizations. B. It provides insurance in case of a data breach. C. It provides complimentary training and certification resources to IT security staff. D. It certifies the organization can work with foreign entities that require a security clearance. E. It assures customers that the organization meets security standards.
E
**********************Question 85 HOTSPOT The security administration has installed a new firewall which implements an implicit DENY policy by default. INSTRUCTIONS Click on the firewall and configure it to allow ONLY the following communication: The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks. The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port. The Admin workstation should ONLY be able to access the server on the secure network over the default TFTP port. The firewall will process the rules in a top-down manner in order as a first match. The port number must be typed in and only one port number can be entered per rule. Type ANY for all ports. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button
Refer to test bank, question 85