2.1.7 - 5.12.16
Which of the following techniques are likely associated with advanced persistent threat (APT) activity? (Select three.)
Anti-forensic techniques The exfiltration of personally identifiable information (PII) The presence of C&C
At which layer is a web application firewall log used to record HTTP traffic?
Application
You have observed that an employee at your company has been coming in at odd hours, requesting sensitive data that is unrelated to their position, and bringing in their own flash drive. The employee's actions are common indicators of which of the following threats?
Data loss
An engineer is studying the hardware architecture of a company's various systems. In which of the following items can the engineer can find the x86 architecture? (Select three.)
Desktops Laptops Servers
An organization is reviewing its incident response plan and wants to improve its overall security posture by streamlining the authentication process for its employees during a security incident. Which of the following approaches can help achieve this goal without compromising security?
Federation
What is the name of a computer on which a hypervisor runs to provide one or more virtual machines?
Host
Why is security for VMs more important than security for physical machines?
One bad configuration could be replicated across your network.
A large corporation's security operations center (SOC) team is processing a recent incident. The team refers to a playbook for guidance about the incident.What type of functional security control does the playbook represent?
Responsive
The Chief Information Security Officer (CISO) for a large pharmaceutical corporation receives a report that a hacktivist has vandalized one of the company's web servers due to an authentication flaw at the server level. As an organizational leader working to prevent future incidents, what should be the CISO's top priority
Reviewing the company's service-level objectives and incident response plan to ensure they are in keeping with industry best practices.
Which of the following security procedures often uses digital certificates on end devices, allowing encrypted traffic to be intercepted, decrypted, and inspected by security tools or software before being re-encrypted and forwarded to the intended destination?
SSL inspection
A security analyst is trying to explain attack methodology frameworks in the context of protecting cloud-based applications and data. Which of the following solutions can help the analyst in achieving this objective?
Cloud access security broker (CASB)
Which of the following are phases of an attack as described by the kill chain model? (Select three.)
Command and control Actions on objectives Exploitation
On most operating systems, you can track and log a wide range of event types. Which type of data would you expect to find for a user-level event?
Commands used and unsuccessful attempts to access resources.
Which cloud deployment model would MOST likely be used by several organizations that share the same regulatory requirements?
Community cloud
A company has implemented a new security control requiring employees to use two-factor authentication to log in to their workstations. However, many employees are experiencing difficulty using the new authentication process, affecting productivity.What type of controls should the company consider implementing to address this issue?
Compensating
Which of the following is an essential network architecture security concept for the Windows Registry?
System hardening
A support technician conducts system hardening after provisioning a server. Why is system hardening such a vital practice? (Select three.)
System hardening includes disabling unnecessary services. System hardening involves patching the operating system. System hardening reduces the attack surface of a system.
A network administrator is using Nmap to scan a target host for open ports. Which Nmap scan type is known for being a fast and stealthy technique?
TCP SYN
You are the security analyst for a corporate network that uses Cisco routers. You are preparing to submit a proposal to set up a centralized syslog server where logs from all of the 35 routing devices will send their logs to be stored. Which of the following is the MOST important justification for the expense of a syslog server?
The log data is centralized and monitored in one place.
A recently patched Windows machine on your network no longer responds to ping, but you have confirmed it is otherwise functioning normally and servicing incoming connections to other machines on the network. No other changes were made to the machine or its connection to the network. When you use hping3, you get the following output. Which of the following BEST explains that behavior?
The machine's firewall is blocking ICMP.
Which of the following are true statements about CIS Benchmarks? (Select two.)
They are designed to be flexible and scalable. They can be used to assess the protection of individual systems and configurations.
What is the benefit of hardening the operating system in the context of system and network architecture?
To decrease the risk of unauthorized access to sensitive data
Which of the following is the most important reason to implement system hardening measures in a networked environment?
To reduce the risk of data breaches
3.2.8
picture on pc
A company has hired a consulting firm to conduct penetration testing on their network. As the PenTest team begins testing, they notice significant network traffic to and from a private IP address they do not recognize. What should be their next step?
Conduct a passive discovery to identify potential vulnerabilities.
An index-card marketing company's login portal encounters a computer attempting to log in to the system administrator's web portal account. The portal then compares the username and hash of the user's password to the known credentials in its database. What is the login portal attempting to accomplish?
Conduct authentication activities
A mid-sized stuffed pumpkin manufacturer has hired a penetration testing consulting firm to conduct penetration testing on their network. As the penetration testing team begins testing, they notice DNS records pointing to public-facing devices for the manufacturer that they were not previously aware of. What should be their next step?
Conduct edge discovery to identify other potential targets and vulnerabilities
An HVAC company's web application allows users to schedule appointments with their HVAC technicians. The application runs on outdated software and represents a security risk, but the software is also critical for the company's operations. The company decides not to upgrade the application and keep it as-is for business reasons. What kind of risk response does this represent?
Acceptance
While reviewing alerts, an analyst notices a new signature is generating a high volume of false positives. This appears to be the result of an error in the way the signature is written. This represents an issue with what attribute of threat intelligence?
Accuracy
A managed security service provider (MSSP) is deploying a sensor on a new client's network. The service level objectives (SLOs) discussed between the two parties would need to perform vulnerability scans that perform enumerating services and banner grabbing. These services directly interact with the devices/software to identify vulnerabilities. Which method of vulnerability scanning would BEST meet the goals arranged in the SLOs?
Active
Which cybersecurity approach seeks to asymmetrically put the odds in the security analyst's favor by using maneuverability of sensitive data, honeypots, and anti-malware programs?
Active defense approach
Which threat modeling component identifies potential threat sources, what these adversaries can do, and how likely these attacks are?
Adversary capability analysis
A company has hired a red team to simulate the tactics, techniques, and procedures of APT 1337, a Malaysian profit-focused hacker syndicate, against their network. As they attempt to gain access to the company's systems, they use APT 337's signature combination of social engineering techniques, data protection bypasses, and technical exploits to bypass security controls. What activity is the red team conducting?
Adversary emulation
A support team is preparing for an upcoming maintenance window. What tasks should the support team accomplish during the proactive maintenance windows? (Select three.)
Analyze events Deploy patches Restart devices
A security analyst at an organization receives an alert from their security information and event management (SIEM) system. Upon reviewing the log data, the analyst notices an increase in high-privilege actions within the network. What should the analyst prioritize when investigating this issue to identify the potential underlying cause?
Analyze new user accounts.
A financial institution's security analyst must discover any active threats to the network. The analyst relies on the OSSTMM and OWASP Testing Guide to effectively monitor and analyze these threats. After receiving an alert regarding a potential spear-phishing attack, what should be the analyst's initial priority when evaluating the situation?
Detecting threat markers and weaknesses
Which type of security control identifies, logs, and reports incidents as they happen?
Detective
A company's website is vulnerable to several attack vectors. The company has hired a red team to identify these vulnerabilities and exploit them to gain access to the company's systems. What is the best way to mitigate the risk of these attacks?
Attack surface reduction
Which type of threat actor only uses their skills and knowledge for defensive purposes?
Authorized hacker
A transport network company that provides private taxi cab services has a web application that allows customers to schedule appointments with their driver. The application runs on outdated software and represents a security risk, but the software is also critical for business operations. The company decides to discontinue using this software given the risks that it entails, instead electing to run tasks manually using Excel spreadsheets. What kind of risk response does this represent?
Avoidance
Which of the following works with IDS software to detour suspected malicious traffic to a honeypot that mirrors the real network without alerting the attacker?
Bait and Switch
A security analyst analyzes application logs to identify any suspicious activities and notices that one of the company's recently resigned employees had downloaded a large amount of data just before leaving. What is the analyst's most appropriate next step based on the scenario?
Check the company's firewall logs to identify any external connections made by the former employee
A security analyst for a large financial institution notices abnormal OS process behavior, unauthorized changes, and file system changes occurring on one of the company's servers. The analyst believes there may be a security breach. What is the BEST way to confirm the analyst's suspicions of a breach?
Check the system logs for unusual activity.
What information will be returned from the following Google search?
Excel documents with the word "password" in the title, but not from .gov and .gov.uk websites.
A system engineer wants to harden a system as a precaution against malicious port scans and probes. Which type of malicious activity is the engineer likely concerned about?
External
Which data monitoring method do the steps below BEST describe? Keep a user log to document everyone that handles each piece of sensitive data. Monitor the system in real time.
File monitoring
Which of the following is true about log review?
For logs to be beneficial, they must be analyzed.
Which of the following CISA critical infrastructure sectors focuses on interference in the electoral process and the security of electronic voting mechanisms?
Government Services
A company's cyber security team is responsible for protecting its network against cyber threats. The team wants to gather open-source intelligence (OSINT) on potential threats to the company. Which of the following is a source the team can use to achieve this requirement?
Government bulletins
Which of the following sources are potential sources of offensive open-source intelligence (OSINT)? (Select three.)
HTML code Metadata Blogs and social media
A group that advocates for the protection of animal rights has recently begun carrying out cyberattacks against large food production companies. They have defaced websites, stolen confidential data, and disrupted operations. What type of threat actor group is this?
Hacktivist
A threat actor obtains and releases confidential information about a political candidate to the public domain. The information damages the person's candidacy and helps the opposing party. These actions were likely performed by which type of threat actor?
Hacktivist
Attackers often target data and intangible assets. What might hackers do with the information they collect. (Select two.)
Harm a company's reputation Sell the data to the competition
Which of the following honeypot interaction levels simulates all services and applications and can be completely compromised by attackers to gain full access to a system in a controlled area?
High
A security analyst is evaluating the company's vulnerability management program in a mixed infrastructure environment. Which of the following infrastructure models requires the analyst to consider multiple environments when understanding vulnerability scoring concepts?
Hybrid cloud
Which of the following statements is true regarding IDS and IPS?
IDS is a passive system; IPS is an active system.
Behavioral threat research combines IoCs to show patterns and techniques used in previous attacks. Which of the following threat indicators is normally associated with a denial-of-service (DoS) attack?
IP addresses from unusual geographic locations
Which of the following provides cybersecurity information and services to the owners and operators of critical infrastructure?
ISACs
You are employed by a small startup company. The company is in a small office and has several remote employees. You must find a business service that will accommodate the current size of the company and scale up as the company grows. The service needs to provide adequate storage as well as additional computing power. Which of the following cloud service models should you use?
IaaS
A cybersecurity analyst at a software company needs to implement a patch management process to improve the organization's security posture. To ensure that they follow industry best practices, the analyst consults the Open Web Application Security Project (OWASP) Testing Guide. While working on the patch management process, the analyst learns about a recent cyberattack on the company's network. The analyst must now analyze the attack using the Diamond Model of Intrusion Analysis. What should be the analyst's primary focus while working on the patch management process?
Identifying and prioritizing vulnerabilities
Each user on a network must have a unique digital identity. Which of the following is this known as?
Identity and access management (IAM)
You have outlined a new approach to IT security in your organization, pushing heavily for an active defense design. Which of the following tools and methods should you use? (Select two.)
Implement anti-malware defenses. Use honeypots to learn attackers' capabilities.
A video gaming company is preparing a security patch to fix a known non-critical vulnerability in their game. What is the best way to approach this patch deployment as an administrator?
Implement it during the maintenance window.
An HVAC company's cybersecurity department has discovered a critical security vulnerability in their host devices and has received a patch from the vendor. What is the BEST way to ensure the cybersecurity department addresses and fixes the vulnerability?
Implementation
An organization recently experienced a cyber incident that temporarily halted its operations. The cybersecurity team wants to strengthen its resilience strategies and address potential threats before they cause significant harm. As part of this process, the team must look into the primary factor behind the recent incident. Which of the following techniques would MOST effectively pinpoint the cause and enhance operational preparedness?
Implementing a hypothesis-driven investigation
Which of the following statements BEST describes VDI?
It starts a minimal operating system for a remote user to access.
Which of the following honeypot detection methods uses the TCP/IP stack and is effectively employed to slow the spread of worms, backdoors, and similar malware?
Layer 4 tarpit
A network administrator at a large organization is working on enhancing the company's network infrastructure's monitoring and alerting capabilities. The administrator wants to optimize the system logs to detect and respond to potential security threats efficiently. What action should the network administrator prioritize to achieve this goal?
Logging levels
An organization has tasked a network administrator with analyzing a recent cyberattack on the system. They want to understand the attack methodology used by the attackers. Which framework can the administrator use to access a database of known tactics, techniques, and procedures (TTPs) used by different threat actor groups?
MITRE ATT&CK
A network security engineer provided a report to the operations manager with a large amount of public information that is accessible solely from the company's website. For example, the report shows email addresses and other company phone numbers on a graph that would otherwise be known internally. What tool did the network security engineer most likely use to gather this information with little effort?
Maltego
An information security project manager has an important stakeholder meeting for the security operations center's (SOC's) future projections. Most executives will require visualizers of critical systems across the network and how they correlate to simulated attacks, which the SOC has built controls around. Which tool can help stakeholders understand how the mapped network prevents mock attacks?
Maltego
Which security control category controls system oversight?
Managerial
As a security analyst for a U.S. federal agency, you have been asked by management to make sure that the company meets all requirements for FISMA (the Federal Information Security Modernization Act) in a practical and applicable way for your organization. At the moment, these requirements are not focused on personal data and privacy. Which of the following resources would MOST likely provide the guidance that you need to meet the FISMA regulations?
NIST
You would like to extend the functionality of the Nmap tool to let you perform tasks such as basic vulnerability detection performance and Windows user account discovery. Which of the following would allow you to extend that functionality?
NSE Scripts
Threat actors can be divided into different types based on their methods and motivations. Which type of hacker works for a government and attempts to gain top-secret information by hacking other governments' devices?
Nation-state
As a security analyst, you are looking for a vulnerability scanning tool for internal company use that is an industry-standard tool. Which of the following tools BEST fits this requirement?
Nessus
John, a security analyst, needs a network mapping tool that will diagram network configurations. Which of the following tools BEST meets John's requirements?
NetAuditor
A network administrator is deploying a new layer 3 switch for the company. The manager mentioned that the traffic flow needed to be more predictable, easier to monitor, and simpler to filter. What should the administrator implement during the setup for the security and performance benefits the manager asked?
Network segmentation
As a security analyst for a large financial institution, you want to discover information available through the open ports in your network that could provide hackers with details that could result in guessing software and software versions available in the network. Which of the following would you MOST likely use to discover that information?
Nmap fingerprinting
An organization has tasked an IT team with implementing vulnerability scanning methods and concepts. They are considering different industry frameworks to use. Which of the following frameworks focuses on user interaction to prioritize vulnerabilities?
OWASP
A security analyst needs to identify vulnerabilities in the organization's network infrastructure. They need to understand the stages of an attack and use a comprehensive testing methodology that considers the context of vulnerabilities. Which of the following should the analyst use to effectively achieve these goals?
Open Source Security Testing Methodology Manual (OSSTMM)
A web developer at a startup company is building a new web application. The developer wants to ensure that the application is secure from various types of attacks. Which of the following frameworks would be the most appropriate for the web developer to use?
Open Web Application Security Project (OWASP)
A security analyst is going through systems looking for potential misconfigurations. What are some key items the analyst should search for while misconfiguration hunting? (Select three.)
Open ports Weak passwords Unpatched software
The Department of Defense Cyber Crime Center's Vulnerability Disclosure Program and AT&T's Alien Labs Threat Exchange are examples of which type of intelligence source?
Open-source intelligence
Security guards are included in which control category?
Operational
A security researcher identifies a financial fraud scheme targeting multiple pharmaceutical companies. What type of actor is most likely responsible for this activity?
Organized crime
A cybersecurity team at a large financial organization that uses various operating systems, applications, and hardware devices is responsible for configuring these systems securely to prevent potential security breaches. As part of their research, they came across a set of global data protection standards maintained by a consortium that help prevent fraud and protect transactions for card transactions. Which of the following standards is designed to meet these protection requirements?
PCI DSS
Which cloud service model would MOST likely be used by a software developer?
PaaS
The businesses security operations center (SOC) is currently re-evaluating the yearly budget. They want to use different alternatives, including reduced overhead spending and less intensive resources on the company's current systems. The SOC's final decision is to use a different scanning method that monitors and inspects the network traffic more thoroughly. What method of scanning best matches what the SOC has decided?
Passive
A cybersecurity team is investigating a security incident and needs to efficiently manage access to sensitive resources during the response process. Which solutions can BEST help the team protect against the issues related to credential theft and misuse?
Privileged access management (PAM)
A company has hired a security analyst to perform a comprehensive information gathering and reconnaissance phase of a penetration testing engagement. The analyst needs to use a tool that can automate gathering information about a target and performing reconnaissance on the target network. Which of the following tools is best suited for this task?
Recon-ng
A small business wants to identify, assess, and prioritize adverse events by filtering out data that isn't critically important. Which aspect of threat intelligence data should the cyber security team of the business maximize to handle these events and reduce the likelihood and impact of cyber-attacks?
Relevancy
Which of the following is a standard for sending log messages to a central logging server?
Syslog
A company plans to upgrade its network infrastructure to enhance security and reduce the attack surface. The company has tasked the security analyst with identifying key areas to focus on while planning the upgrade. Which of the following areas should the security analyst prioritize to directly enhance security and minimize vulnerabilities?
System hardening
A security engineer installs a next-generation firewall on the perimeter of a network.This installation is an example of what type of security control class?
Technical
A golf services company is planning to implement a critical security patch to address a known vulnerability in their bookings system. What is the BEST way to ensure that the patch does not cause any unintended consequences or disruptions to the system?
Testing
A cybersecurity analyst who works for a large corporation has been analyzing a recent cyber attack that targeted his company's network. The analyst is using both the Cyber Kill Chain and Open Source Security Testing Methodology Manual (OSSTMM) frameworks to analyze the attack. What is the main difference between the Cyber Kill Chain and OSSTMM frameworks in incident response and management?
The Cyber Kill Chain focuses on identifying and analyzing the stages of a cyber attack, while OSSTMM focuses on assessing the maturity level of an organization's security practices.
A security analyst is investigating a potential intrusion into their organization's network. The analyst uses the Diamond Model of Intrusion Analysis to identify and analyze the attacker's tactics, techniques, and procedures. Which of the following statements accurately describes the Diamond Model of Intrusion Analysis?
The Diamond Model of Intrusion Analysis tracks an attacker's activity across the cyber kill chain and identifies the attacker's tactics, techniques, and procedures.
An attacker may poison the DNS by making changes to an organization's DNS table. Why might an attacker take this action?
The attacker can redirect users to a malicious website.
A security consultant is using the dark web as a source of defensive open-source intelligence (OSINT). Which of the following should the consultant be aware of when using the dark web? (Select three.)
The dark web can provide evidence of previously undiscovered breaches. Threat actors leverage the dark web for criminal activities. The dark web serves as an operating platform for cybercrimes.
You created a honeypot server using Pentbox. After a while, you return to the honeypot server to see what it has been capturing. Which of the following can be gleaned from the results shown below?
The operating system used by the attacker.
A network engineer is gathering requirements from a security operations center (SOC) analyst. Which of the following requirements might lead the engineer to suggest deploying a honeypot? (Select two.)
The organization needs to regularly develop new indicators of compromise (IoCs) and indicators of attack (IoAs) based on the attacks they are experiencing. Network defenders need the ability to observe attacks on the network.
As a system administrator for a financial institution, you add a new desktop to the network, power on the desktop, and then create a new user and disable the local administrator and guest accounts. What vulnerability did you introduce when you powered on the desktop?
The system was not updated or patched. Explanation
A security analyst at a large corporation must analyze an attack on their network. They have decided to use the Cyber Kill Chain and MITRE ATT&CK frameworks to break down the attack and identify potential vulnerabilities. What is the primary benefit of using both the Cyber Kill Chain and MITRE ATT&CK frameworks for analyzing a security incident?
They break down a complex attack into smaller, more manageable components.
An engineer is considering appropriate risk responses using threat modeling. The engineer is trying to understand which threat actors are in scope for their organization. How does threat modeling identify the principal risks and tactics, techniques, and procedures (TTPs) for which their system may be susceptible? (Select three.)
Through using tools such as diagrams By analyzing the system from the defender's perspective By evaluating the system from an attacker's point of view
An organization has chosen to automatically ingest indicators. This action is MOST likely intended to ensure what desired threat intelligence consideration?
Timeliness
A company was affected by a recent ransomware attack that impacted its critical systems. The incident response team is conducting a scope and impact analysis to determine the extent of the damage. They identify the affected systems, the encrypted data, and the potential impact on business operations. What would a scope and impact analysis provide for the company's incident response and management team?
To determine the extent of the damage and identify affected systems and data.
A company experiences a severe security incident where an attacker accesses and steals sensitive information from its servers. The incident response team investigates the issue and performs a root cause and forensic analysis. What will the company gain from conducting the forensic analysis?
To gather evidence
A company is implementing PKI to enhance the security of its network after a recent series of intercepted emails. What is the purpose of PKI in this context?
To verify the authenticity of digital documents and the identity of users or devices
When conducting reputational threat research, you begin by selecting one or more sources for indicators of a reputational threat. Which of the following should you compare these indicators against after collecting them?
Unusual entries in log files
A health software vendor issues a security patch to fix a known vulnerability in their system. What is the BEST way to ensure that the hospital security administrator correctly applies the patch on the hospital's systems and addresses the original vulnerability?
Validation
When a host initiates a connection to a server via the TCP Protocol, a three-way handshake is used. What is the host's final reply?
ACK
A systems administrator installs a syslog server to capture and report events for wireless infrastructure. Following a requirement from the Chief Information Officer (CIO), recorded logging levels should include a status if an access point is unusable and if any immediate action is required. Which logging levels does the administrator evaluate and configure? (Select two.)
1-Alert 0-Emergency
Which of the following BEST describes Central Policy?
A program that checks for the correct attributes in an attribute-based system.
A company's security operations center has implemented a data loss prevention (DLP) solution to monitor and prevent sensitive data from being transmitted outside the organization. The security team also maintains strict controls over cardholder data (CHD) and personally identifiable information (PII) to comply with industry regulations and protect customer privacy. Which of the following is a potential benefit of implementing a DLP solution in a security operations environment?
A DLP solution can help prevent sensitive data from being transmitted outside the organization, reducing the risk of data breaches and compliance violations.
A large grass seed corporation wants to proactively monitor for potential cyber threats to its grass seed total management system containing customer payment information, the company's own bank accounts, and all historical orders. Which type of threat hunting focus area does this most closely represent?
Business-critical assets and processes
An employee contacts a company system administrator complaining that each time they try to change a display configuration setting in the Windows operating system, the setting is restored to its original configuration. Which of the following is MOST likely causing this issue?
CCMS
Which of the following might help a company coordinate the response to a cyberterrorist attack? (Select two.)
CERT CSIRT
A small ice cream truck leasing agency detects a cyberattack targeting their systems. The agency needs to respond quickly and contain the attack. Which organization should the agency contact for assistance with incident response and handling?
CSIRT
The solutions architect is in charge of assembling the initial security configuration of various systems on the network, such as Mac, Windows, UNIX, and Linux. Where would the architect look for configuration guidelines to cover these different systems?
Center for Internet Security (CIS) benchmarks
A system administrator is looking for a process that reduces the time and resources required to keep the company network up to date with the latest patches and configurations. Which of the following is specifically designed to meet the administrator's requirements?
Centralized operating system, application, and device management
A software development company is looking to enhance its security practices by incorporating attack methodology frameworks into its vulnerability assessment process. The company's management wants to ensure its web applications are secure against known threats and attack techniques. Which of the following actions should the company prioritize to integrate these frameworks and improve its security posture?
Conduct regular penetration testing of web applications.
Which of the following technologies is a hypervisor substitute that separates resources at the operating system level?
Containerization
An exercise equipment marketing company is experiencing a data breach in which the company's website is displaying customers' payment information. The information disclosure is disastrous; customers are canceling their subscriptions in droves.Unfortunately, the company has no SOAR or plans on what to do during a compromise.What functional type of controls should the company implement to mitigate the damages?
Corrective
Which of the following is a site where many leading cybersecurity vendors openly share threat information?
Cyber Threat Alliance (CTA)
A network administrator has noticed a series of unusual network activities that indicate a possible cyberattack. The administrator analyzes the event using a framework that explores the relationships among four core features: adversary, capability, infrastructure, and victim. Which of the following methodologies would the network administrator use for the review?
Diamond Model of Intrusion Analysis
Xavier is doing reconnaissance using a tool that pulls information from social media postings that were made using location services. He is gathering information about a company and its employees by going through their social media content. What tool is MOST likely being used?
Echosec
A large retail chain has recently experienced a significant data breach, and the IT security team is working to prevent future breaches. As the team analyzes network traffic, they discover that the attacker was able to gain access through a previously unknown and publicly accessible entry point. What should be the team's top priority?
Edge discovery
A company's website is vulnerable to several attack vectors. The company has hired a security analyst to identify these vulnerabilities and propose solutions. One solution is to raise awareness of the potential risks and the importance of security measures. Which of the following methods is the security analyst describing?
Employee training
Which of the following are advantages of implementing single sign-on (SSO) technology for an organization's authentication process? (Select two.)
Enabling passwordless authentication through the use of smart cards or mobile devices Improving user experience by reducing the need for multiple logins and passwords
A security analyst needs a data loss prevention (DLP) solution to prevent users from transferring data without authorization. What components typically makeup DLP solutions? (Select three.)
Endpoint agents Policy Server Network agents
A company is planning to conduct a vulnerability scan on its systems. Before starting the scan, what should the security administrator consider regarding data sensitivity levels?
Ensure that sensitive data is appropriately scanned and protected.
While investigating a potential security breach on a Windows machine, you list the commands that have recently been executed from the command line and find the following: arp -a, set username, set computername, net localgroup administrators, and tasklist. There are other commands as well. You then check the running processes and see the output below in Task Manager. It is clear that someone has compromised the Windows machine. What would you call the phase of the attack that you have found?
Enumeration
A security team reviews an incident where someone made unauthorized changes to a system and granted certain users unauthorized privileges. The team needs to recommend the most suitable control type to avoid such incidents in the future.Which of the following control types should the security team recommend?
Preventive Controls
A company implements a new security protocol that requires employees to use a two-factor authentication process to log in to the system. However, one employee frequently forgets their password and shares it with colleagues. Which type of threat does this employee pose to the company's cybersecurity?
Insider pawn
What do each of the letters represent in the CIA triad? (Select three.)
Integrity Availability Confidentiality
Which of the following malware detection methods establishes a baseline for a system and then alerts the user if any suspicious changes occur? (This method cannot distinguish if a change is from malware, a system failure, or another cause.)
Integrity checking
A cybersecurity organization recently created a centralized repository for storing log data. This action is likely designed to improve analysis of what kind of information?
Internal sources
An IT professional is responsible for ensuring the security of a company's information systems. The professional wants to implement a cybersecurity framework that covers personal data and privacy. Which of the following industry standard publishers should the IT professional choose?
International Organization for Standardization (ISO)
A U.S.-based financial company collects sensitive PII data from its customers, including U.S. social security numbers, biometric information, and financial records. What measures can the company take to protect the data from breaches or unauthorized access? (Select two.)
Introduce access controls Implement multi-factor authentication
A systems administrator is searching for potential vulnerabilities in the network. Which threat-hunting focus area should the administrator examine, as attackers often exploit it through connected systems or physical access?
Isolated networks
Which of the following is an advantage to having self-contained components in SOA?
It is easier to maintain than interdependent services.
A cloud security analyst is reviewing the output of a cloud vulnerability assessment. The analyst's primary objective is to determine which vulnerabilities pose the greatest risk to the organization. Which approach should the analyst prioritize to achieve this goal?
Map vulnerabilities to the Diamond Model's elements to prioritize remediation
A medium size paper supply firm's web application allows customers to schedule appointments with their paper sales associate. Unfortunately, the application runs on outdated software and represents a security risk containing a remote code execution vulnerability. However, because the software is needed for the company to function, they decide to implement an application-layer firewall to control incoming requests to the application. What kind of risk response does this represent?
Mitigation
A record label's web application allows aspiring artists to schedule appointments with the producer. Although the application runs on outdated software and represents a security risk, the software is critical for the label to discover new talent. The record label company requests that the software vendor address the security risks while instructing internal IT personnel to limit the software's access to its internal network. What kind of risk response does this represent?
Mitigation
An organization recently suffered a data breach and must focus on validating data integrity and implementing compensating controls. The IT security team will need to analyze network indicators to identify potential threats and improve security measures. Which of the following actions would be MOST appropriate for the security team to take in this situation?
Monitor network traffic for unusual patterns.
A cloud operations engineer monitors and maintains visibility into the organization's serverless architecture. The engineer needs to ensure that the system is functioning optimally and efficiently. Which of the following actions would be MOST helpful for the engineer to achieve this goal?
Monitoring system processes
A company tasks a security analyst with mitigating the risk of a brute force attack that exploits weak passwords on systems. Which concepts would be most effective in defending against this attack methodology? (Select two.)
Multi-factor authentication System hardening
When performing an authorized security audit of a website, you are given only the website address and asked to find other hosts on that network that might be vulnerable to attack. Which of the following tools might be used to lead you to the following Nmap output? (Select two.)
nslookup whois.org
A mid-sized company wants to incorporate e-commerce to improve sales. The company has decided to hire an information security consultant to assist in bolstering security measures in preparation for the company's new changes. The consultant is focusing on the potential risk associated with storing and processing bank information. What information security standard is the consultant concentrating efforts on?
Payment Card Industry Data Security Standard (PCI DSS)
The Security Operations (SecOps) completed a rollout of a next-generation antivirus solution to better protect the company from known viruses and provide heuristic scanning for unknown viruses. After the implementation, the team received a flood of tickets complaining about computer sluggishness. What did the SecOps team fail to consider with the new antivirus and its effects on potential settings?
Performance
Which security control functional type operates before an attack can take place?
Preventative
Which type of honeypot is a high-interaction honeypot that is deployed by research institutes, governments, or military organizations to gain detailed knowledge about the actions of intruders?
Research honeypot
A mortgage underwriter specializing in circus equipment loans implements a SOAR system for cybersecurity.Which security control functional type best describes this situation?
Responsive
An organization is considering increasing threat intelligence sharing. They are likely to experience direct benefits to which of the following parts of the organization? (Select three.)
Risk management Incident response Security engineering
A compliance team keeps a record of the time between issuing and applying a security patch. Who would MOST likely be interested in analyzing this type of information on a regular basis?
Risk managers
The legal affairs team of an international conglomerate elects to assign certain risks to a third party. Which risk management principle are they implementing?
Risk transference
A tire sales and servicing company has implemented a security patch to fix a known vulnerability in their web server's ordering system. But shortly after implementation, the company receives calls from customers that the ordering system is no longer functioning as intended. What is the BEST course of action to take next?
Rollback
An IT professional is responsible for their organization's patch and configuration management. The organization has assigned the professional the task of ensuring that patching and configuration changes get completed safely and efficiently. The professional is also responsible for ensuring that rollback plans are in place in the case of any problems during the patching or configuration change process. Which of the following statements is true about the IT professional's responsibilities to manage the necessary rollback plans?
Rollback plans are necessary for patching and configuration changes during maintenance windows.
As a security analyst, you are notified by an employee that their work iPad has some setting changes and a new app that they didn't download. What is the first step you should take to discover what is happening?
Run an antivirus software scan on the device and scan the entire network.
A support technician examines the Windows Registry for a host on a local area network (LAN). Which subkey should the technician use to find username information for accounts on the computer?
SAM
Which of the following software design styles is XML-based and is used by identity providers to pass authorization credentials to service providers?
SAML
A security analyst is investigating an incident and needs to identify possible malicious activity within the network. Which technology should the analyst focus on to better manage network traffic and dynamically configure security policies?
SDN
TCP is a connection-oriented protocol that uses a three-way handshake to establish a connection to a system port. Computer 1 sends a SYN packet to Computer 2. Which packet does Computer 2 send back?
SYN/ACK
Someone with a casual interest in hacking techniques launches a random attack against a widely known enterprise using tools readily available online. What type of threat actor is likely behind this attack?
Script kiddie
Which of the following BEST describes a federation?
Stores a user's credentials so that trusted third parties can authenticate using those credentials without actually seeing them.
The IT department of a company has identified significant risks to a critical piece of business software. There are no available controls to alleviate the software's vulnerability, but the business will lose all revenue sources without this software. What is the best course of action?
Submit a formal request for a risk management exception
A company has recently implemented a program to encourage ethical hackers to identify vulnerabilities in their systems. An independent cybersecurity researcher has discovered a critical vulnerability that could potentially compromise the company's user data. What is the responsible and ethical action for the researcher to take?
Submit the findings to the company's bug bounty program.
During which phase of the kill chain framework is malware code encapsulated into commonly used file formats, such as PDF files, image files, or Word documents?
Weaponization
An attacker needs the following information about his target: domain ownership, domain names, IP addresses, and server types. Which tool is BEST matched for this operation?
Whois
Iggy, a penetration tester, is conducting an unknown penetration test. She wants to do reconnaissance by gathering information about ownership, IP addresses, domain name, locations, and server types. Which of the following tools would be MOST helpful?
Whois
Listen to exam instructions A security analyst is reviewing the company's current network security posture and needs to take into account the context of each vulnerability, including factors such as the environment, asset criticality, and potential business impact. Which of the following security approaches should the analyst consider implementing to address these special considerations more effectively?
Zero trust
Which of the following provides the MOST accurate description of zero-days in vulnerability management reporting and communication?
Zero-days are vulnerabilities that require immediate attention and must track in a dashboard.