Comp T 10
A network technician identified a web server that has high network utilization and crashes during peak business hours. After making a duplicate of the server. Which of the following should be installed to reduce the business impact caused by these outages? A. A Load balancer B. Layer 3 switch C. Traffic shaper D. Application proxy
A. A Load balancer
A large financial services firm recently released information regarding a security breach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file download from a social media site and subsequently installed it without the user's knowledge. Since the compromise, the attacker was able to take command and control of the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker MOST likely use to gain access? A. A bot B. A fileless virus C. A logic bomb D. A RAT
A. A bot
Joe, an employee, knows he is going to be fired in three days. Which of the following is Joe? A. An insider threat B. A competitor C. A hacktivist D. A state actor
A. An insider threat
An incident responder is preparing to acquire images and files from a workstation that has been compromised. The workstation is still powered on and running. Which of the following should be acquired LAST? A. Application files on hard disk B. Processor cache C. Processes in running memory D. Swap space
A. Application files on hard disk
An incident response team has been working on a high- impact incident response case for the past three days. The incident response team has finally identified and removed impacted systems from the network, but has not yet reimaged the infected computers from a known good baseline image. Which of the following should the incident response team do NEXT? A. Begin the containment phase B. Begin the lessons learned phase C. Begin the recovery phase D. Begin the eradication phase
A. Begin the containment phase
A forensics analyst is investigating a hard drive for evidence of suspected illegal activity. Which of the following should the analyst do FIRST? A. Create a hash of the hard drive. B. Export the Internet history. C. Save a copy of the case number and date as a text file in the root directory. D. Back up the pictures directory for further inspection.
A. Create a hash of the hard drive.
A security analyst was requested to perform a vulnerability scan against a web application. The analyst has been given a single user account to use in the scan. Which of the following techniques should be used in this scenario? A. Credentialed scan B. Reverse proxy scan C. Compliance scan D. Network scan
A. Credentialed scan
Which of the following types of attack takes advantage of OS buffer overflows? A. Denial of service B. Spoofing C. Brute force D. Exhaustive
A. Denial of service
A systems engineer is configuring a wireless network. The network must not require installation of third- party software. Mutual authentication of the client and the server must be used. The company has an internal PKI. Which of the following configurations should the engineer choose? A. EAP-TLS B. EAP-TTLS C. EAP-FAST D. EAP-MD5 E. PEAP
A. EAP-TLS
Which of the following is the BEST method of preventing buffer overflow? A. Error handling B. Code signing C. Input validation D. Fuzzing
A. Error handling
A number of security settings need to be applied on each workstation prior to deployment. However, an administrator struggles to keep up with all the deployments each year. An audit finds that many of the workstations have missing settings. Which of the following should the administrator implement? A. Group Policy B. Recertification C. Network auditing D. Kerberos E. Secure configuration baseline Answer: A
A. Group Policy
A Chief Information Officer (CIO) is concerned that encryption keys might be exfiltrated by a contractor. The CIO wants to keep control over key visibility and management. Which of the following would be the BEST solution for the CIO to implement? A. HSM B. CA C. SSH D. SSL
A. HSM
During a company-sponsored phishing exercise, more than 25% of the employees clicked on the link embedded in the message. Of the employees who clicked the link, 75% then entered their user credentials on the website provided. Which of the following would be the BEST way to improve the metrics for the next exercise? A. Implement stringent mail filters and controls at the mail gateway to prevent phishing messages from reaching employees. Block the website contained in the phishing message on the proxy to prevent B. employees from entering their credentials. C. Increase the complexity requirements for employee passwords and deactivate inactive accounts to reduce the attack surface. D. Provide security awareness training focused on identifying and responding to phishing messages.
A. Implement stringent mail filters and controls at the mail gateway to prevent phishing messages from reaching employees. Block the website contained in the phishing message on the proxy to prevent
A security analyst is hardening access to a company portal and must ensure that when username and password combinations are used, an OTP is utilized to complete authentication and provide access to resources. Which of the following should the analyst configure on the company portal to BEST meet this requirement? A. MFA B. Secure PIN C. PKI D. Security questions
A. MFA
After patching computers with the latest application security patches/updates, users are unable to open certain applications. Which of the following will correct the issue? A. Modifying the security policy for patch management tools B. Modifying the security policy for HIDS/HIPS C. Modifying the security policy for DLP D. Modifying the security policy for media control
A. Modifying the security policy for patch management tools
Which of the following types of controls is a turnstile? A. Physical B. Detective C. Corrective D. Technical
A. Physical
Which of the following control types are alerts sent from a SIEM fulfilling based on vulnerability signatures? A. Preventive B. Corrective C. Compensating D. Detective
A. Preventive
A systems engineer wants to leverage a cloud-based architecture with low latency between network- connected devices that also reduces the bandwidth that is required by performing analytics directly on the endpoints. Which of the following would BEST meet the requirements? (Choose two.) A. Private cloud B. SaaS C. Hybrid cloud D. IaaS E. DRaaS F. Fog computing
A. Private cloud B. SaaS
A technician wants to add wireless guest capabilities to an enterprise wireless network that is currently implementing 802.1X EAP-TLS. The guest network must: - Support client isolation. - Issue a unique encryption key to each client. - Allow guests to register using their personal email addresses. Which of the following should the technician implement? (Select TWO). A. RADIUS Federation B. Captive portal C. EAP-PEAP D. WPA2-PSK E. A separate guest SSID F. P12 certificate format
A. RADIUS Federation D. WPA2-PSK
The help desk received a call from a user who was trying to access a set of files from the day before but received the following error message: File format not recognized. Which of the following types of malware MOST likely caused this to occur? A. Ransomware B. Polymorphic virus C. Rootkit D. Spyware
A. Ransomware
A system uses an application server and database server. Employing the principle of least privilege, only database administrators are given administrative privileges on the database server, and only application team members are given administrative privileges on the application server. Audit and log file reviews are performed by the business unit (a separate group from the database and application teams). The organization wants to optimize operational efficiency when application or database changes are needed, but it also wants to enforce least privilege, prevent modification of log files, and facilitate the audit and log review performed by the business unit. Which of the following approaches would BEST meet the organization's goals? A. Restrict privileges on the log file directory to "read only" and use a service account to send a copy of these files to the business unit. B. Switch administrative privileges for the database and application servers. Give the application team administrative privileges on the database servers and the database team administrative privileges on the application servers. C. Remove administrative privileges from both the database and application servers, and give the business unit "read only" privileges on the directories where the log files are kept. D. Give the business unit administrative privileges on both the database and application servers so they can independently monitor server activity. Answer: A
A. Restrict privileges on the log file directory to "read only" and use a service account to send a copy of these files to the business unit.
A company is executing a strategy to encrypt and sign all proprietary data in transit. The company recently deployed PKI services to support this strategy. Which of the following protocols supports the strategy and employs certificates generated by the PKI? (Select THREE). A. S/MIME B. TLS C. HTTP-Digest D. SAML E. SIP F. IPSec G. Kerberos
A. S/MIME B. TLS F. IPSec
All account executives are being provided with COPE devices for their use. Which of the following mobile device security practices should be enabled for these devices to protect company data? (Select TWO). A. Screen locks B. Remote wipe C. Containerization D. Full device encryption E. Push notification services
A. Screen locks C. Containerization
A new company is doing business outside of its national area. Company policy requires: All email must be retrieved in a manner that does not expose credentials or sessions for extended periods. - No part of the authentication should be sent in cleartext. - The email itself should be encrypted. Which of the following is the BEST protocol to use? A. Secure POP B. SRTP C. TLS D. SMTP
A. Secure POP
Which of the following is the MAIN disadvantage of using SSO? A. The architecture can introduce a single point of failure. B. Users need to authenticate for each resource they access. C. It requires an organization to configure federation. D. The authentication is transparent to the user.
A. The architecture can introduce a single point of failure.
An organization plans to transition the intrusion detection and prevention techniques on a critical subnet to an anomaly-based system. Which of the following does the organization need to determine for this to be successful? A. The baseline B. The endpoint configurations C. The adversary behavior profiles D. The IPS signatures
A. The baseline
During routine maintenance. a security engineer discovers many photos on a company-issued laptop. Several of the photos appear to be the same. except the file sizes are noticeably different and the image resolution is lower. The security engineer confiscates the user's laptop. Which of the following threats is the security engineer MOST likely concerned about? A. The security engineer suspects the photos contain viruses. B. The photos are taking up too much space on the user's hard drive. C. The security engineer suspects the photos contain rootkits. D. The security engineer suspects steganography is being used.
A. The security engineer suspects the photos contain viruses.
Which of the following is the proper use of a Faraday cage? A. To block electronic signals sent to erase a cell phone B. To capture packets sent to a honeypot during an attack C. To protect hard disks from access during a forensics investigation D. To restrict access to a building allowing only one person to enter at a time
A. To block electronic signals sent to erase a cell phone
A security administrator is defining security requirements for a new wireless network. The director has instructed the administrator to meet the following requirements: - Maximum security without a shared secret - Client-based authentication - Centralized auditing of access Which of the following protocols would BEST meet these requirements? A. WPA2-PSK B. 802.1X with EAP-TLS C. EAP-PEAP-MSCHAPv2 D. WPS
A. WPA2-PSK
An organization has established the following account management practices with respect to naming conventions: - User accounts must have firstname.lastname - Privileged user accounts must be named kfirstname.lastname - Service accounts must be named sv.applicationname_environment There is an application called "Unicycle Inventory" running in the development (dev), staging (stg), and production (prod) environments. Mary Smith, the systems administrator, is checking account permissions on the application servers in the development environment. Which of the following accounts should she expect to see? (Select TWO). A. x.mary.smith 7 B. sv. unicycleinventory_dev C. sv. unicycleinventory_stg 7 D. sv. unicycleinventoryprod E. mary.smith
A. x.mary.smith 7 B. sv. unicycleinventory_dev
An organization recently implemented an account lockout policy on its portal. The portal was configured to display a banner instructing locked out users to contact the help desk. Which of the following tools should the security administrator use to test whether the account lockout policy is working correctly? A. An online password cracker B. A banner grabbing tool. C. A port scanning tool D. A protocol analyzer
B. A banner grabbing tool.
A security analyst wants to ensure the integrity of a file downloaded from the Internet. The name of the file is code.zip. The analyst uses the vendor website to determine the 160-bit fingerprint of the input, and then reviews the following output: 8532f8c0bcb335cf231ec09e02dagf77e921e4c0 code. zip Which of the following can be determined from this output? A. A message digest of 160 bits should be a SHA-1 hash. The message digest listed is for MD5. B. A message digest of 160 bits should be a SHA-1 hash. The message digest listed is for SHA-1. C. A message digest of 160 bits should be an MD5 hash. The message digest listed is for MD5. D. A message digest of 160 bits should be an MD5 hash. The message digest listed is for SHA-1.
B. A message digest of 160 bits should be a SHA-1 hash. The message digest listed is for SHA-1.
A security administrator receives a malware alert from the antivirus software on a server and, after investigation, proceeds to remove the malware. Once the cleanup procedure is complete, the administrator runs another scan, and the malware is no longer detected. However, a week later, after the server is patched and rebooted, the security administrator once again receives a malware alert. Which of the following types of malware has MOST likely infected this server? A. A logic bomb B. A worm C. A trojan D. A rootkit
B. A worm
A security technician is reviewing packet captures. The technician is aware that there is unencrypted traffic on the network. so sensitive information may be present. Which of the following physical security controls should the technician use? A. Key management B. Air gap C. Faraday cage D. Screen filter
B. Air gap
A coding error has been discovered on a customer-facing website. The error causes each request to return confidential PHI data for the incorrect organization. The IT department is unable to identify the specific customers who are affected. As a result, all customers must be notified of the potential breach. Which of the following would allow the team to determine the scope of future incidents? A. Intrusion detection system B. Database access monitoring C. Application fuzzing D. Monthly vulnerability scans
B. Database access monitoring
Which of the following impacts are associated with vulnerabilities in embedded systems? Select TWO. A. Repeated exploitation due to unpatchable firmware B. Denial of service due to an integrated legacy operating system C. Loss of inventory accountability due to device deployment D. Key reuse and collision issues due to decentralized management E. Exhaustion of network resources resulting from poor NIC management
B. Denial of service due to an integrated legacy operating system E. Exhaustion of network resources resulting from poor NIC management
A security administrator successfully used a tool to guess a six-digit code and retrieve the WPA master password from a SOHO access point. Which of the following should the administrator configure to prevent this type of attack? A. Disable WPS. B. Enable WPA2. C. Configure CCMP. D. Implement TKIP.
B. Enable WPA2.
An organization is developing its mobile device management policies and is concerned about vulnerabilities that are associated with sensitive data being saved to a mobile device, as well as weak authentication when using a PIN. As part of some discussion on the topic, several solutions are proposed. Which of the following controls, when required together, will address the protection of data at rest as well as strong authentication? (Select TWO) A. Containerization B. FDE C. Remote wipe capability D. MDB E. MFA F. OTA updates
B. FDE E. MFA
Fuzzing is used to reveal which of the following vulnerabilities in web applications? A. Weak cipher suites B. Improper input handling C. DLL injection D. Certificate signing flaws
B. Improper input handling
A network administrator was concerned during an audit that users were able to use the same passwords the day after a password change policy took effect. The following settings are in place: - Users must change their passwords every 30 days. - Users cannot reuse the last 10 passwords Which of the following settings would prevent users from being able to immediately reuse the same passwords? A. Minimum password age of five days B. Password history of ten passwords C. Password length greater than ten characters D. Complex passwords must be used
B. Password history of ten passwords
Which of the following BEST describes the concept of perfect forward secrecy? A. Using quantum random number generation to make decryption effectively impossible B. Preventing cryptographic reuse so a compromise of one operation does not affect other operations C. Implementing elliptic curve cryptographic algorithms with true random numbers D. The use of NDAs and policy controls to prevent disclosure of company secrets
B. Preventing cryptographic reuse so a compromise of one operation does not affect other operations
Which of the following BEST describes the staging environment where sandbox coding and proof of concept are deployed? A. Development B. Quality assurance C. Production D. SaaS
B. Quality assurance
A company has purchased a new SaaS application and is in the process of configuring it to meet the company's needs. The director of security has requested that the SaaS application be integrated into the company's IAM processes. Which of the following configurations should the security administrator set up in order to complete this request? A. LDAP B. RADIUS C. SAML D. NTLM
B. RADIUS
During a forensic investigation, which of the following must be addressed FIRST according to the order of volatility? A. Hard drive B. RAM C. Network attached storage D. USB flash drive
B. RAM
In the event of a breach. intrusion into which of the following systems is MOST likely to cause damage to critical infrastructure? A. SCADA B. RTOS C. UAV D. HVAC
B. RTOS
A security analyst is writing views for the SIEM. Some of the views are focused on activities of service accounts and shared accounts. Which of the following account management practices would BEST aid the analyst's efforts? A. Standard naming convention B. Role-based access control C. Rule-based access control D. Least-privilege standard
B. Role-based access control
security administrator is configuring parameters on a device. The administrator fills out the following information: username uauser auth SHA1 Y3SoR0i3&1xM priv AES128 *@IOtx43qK Which of the following protocols is being configured? A. DNSSEC B. SNMPv3 C. LDAPS D. Secure IMAP E. Secure POP
B. SNMPv3
A systems administrator is auditing the company's Active Directory environment. It is quickly noted that the username "company\bsmith" is interactively logged into several desktops across the organization. Which of the following has the systems administrator MOST likely come across? A. Service account B. Shared credentials C. False positive D. Local account
B. Shared credentials
Ann, a user, reported to the service desk that many files on her computer will not open or the contents are not readable. The service desk technician asked Ann if she encountered any strange messages on boot- up or login, and Ann indicated she did not. Which of the following has MOST likely occurred on Ann's computer? A. The hard drive is falling, and the files are being corrupted. B. The computer has been infected with crypto-malware. C. A replay attack has occurred. D. A keylogger has been installed.
B. The computer has been infected with crypto-malware.
Which of the following is a benefit of credentialed vulnerability scans? A. Credentials provide access to scan documents to identify possible data theft B. The vulnerability scanner is able to inventory software on the target. C. A scan will reveal data loss in real time. D. Black-box testing can be performed.
B. The vulnerability scanner is able to inventory software on the target.
Which of the following is a reason why an organization would define an AUP? A. To define the lowest level of privileges needed for access and use of the organization's resources B. To define the set of rules and behaviors for users of the organization's IT systems C. To define the intended partnership between two organizations D. To define the availability and reliability characteristics between an IT provider and consumer
B. To define the set of rules and behaviors for users of the organization's IT systems
Which of the following is used during the identification phase when a user is trying to access a resource? A. Password B. Username C. Permission D. Ticket
B. Username
A security technician is evaluating a new application-vulnerability-scanning service in the cloud. This service can only be configured to scan external URLs. and this is the only information the technician has. Which of the following tests can the security technician perform? A. Black box B. White box C. Gray box D. Source code E. Regression
B. White box
A threat actor motivated by political goals that is active for a short period of time but has virtually unlimited resources is BEST categorized as a: A. hacktivist. B. nation-state. C. script kiddie. D. APT.
B. nation-state.
An application developer is working on a new calendar and scheduling application. The developer wants to test new functionality that is time/date dependent and set the local system time to one year in the future. The application also has a feature that uses SHA-256 hashing and AES encryption for data exchange. The application attempts to connect to a separate remote server using SSL, but the connection fails. Which of the following is the MOST likely cause and next step? A. The date is past the certificate expiration; reset the system to the current time and see if the connection still fails. B. The remote server cannot support SHA-256; try another hashing algorithm like SHA-1 and see if the application can connect. C. AES is date/time dependent; either reset the system time to the correct time or try a different encryption approach. D. SSL is not the correct protocol to use in this situation; change to TLS and try the client-server connection again. Answer: C
C. AES is date/time dependent; either reset the system time to the correct time or try a different encryption approach.
A security administrator's review of network logs indicates unauthorized network access, the source of which appears to be wired data jacks in the lobby area. Which of the following represents the BEST course of action to prohibit this access? A. Enabling BDPU guard B. Enabling loop prevention C. Enabling port security D. Enabling anti-spoofing
C. Enabling port security
A security technician has identified an infected machine on a network. Which of the following should the technician do NEXT? A. Power off the machine so it will not do any more damage. B. Isolate the machine by disconnecting it from the network. C. Escalate the issue to a senior security advisor. D. Question the user as to what the user was doing before the machine became infected.
C. Escalate the issue to a senior security advisor.
hospital has received reports from multiple patients that their PHI was stolen after completing forms on the hospital's website. Upon investigation. the hospital finds a packet analyzer was used to steal data. Which of the following protocols would prevent this attack from reoccurring? A. SFTP B. HTTPS C. FTPS D. SRTP
C. FTPS
An administrator wants to implement two-factor authentication. Which of the following methods would provide two-factor authentication when used with a user's fingerprint? A. Voice print B. Complicated password C. Iris scan D. Facial recognition
C. Iris scan
A security operations team recently detected a breach of credentials. The team mitigated the risk and followed proper processes to reduce risk. Which of the following processes would BEST help prevent this issue from happening again? A. Risk assessment B. Chain of custody C. Lessons learned D. Penetration test Answer: C
C. Lessons learned
A company has a team of penetration testers. This team has located a file on the company file server that they believe contains cleartext usernames followed by a hash. Which of the following tools should the penetration testers use to learn more about the content of this file? A. Exploitation framework B. Vulnerability scanner C. Netcat D. Password cracker
C. Netcat
A coffee company has hired an IT consultant to set up a WiFi network that will provide Internet access to customers who visit the company's chain of caf 閟 The coffee company has provided no requirements other than that customers should be granted access after registering via a web form and accepting the terms of service. Which of the following is the minimum acceptable configuration to meet this single requirement? A. Captive portal B. WPA with PSK C. Open WiFi D. WPS
C. Open WiFi
A security administrator receives a request from a customer for certificates to access servers securely. The customer would like a single encrypted file that supports PKCS and contains the private key. Which of the following formats should the technician use? A. PEM B. DER C. P12 D. PFX
C. P12
A company has a web server that uses encrypted TLS sessions to transmit passwords between clients and the server. Despite this, the company has determined that user credentials were intercepted and decrypted. Which of the following attack types was MOST likely used? A. Rainbow table attack B. Protocol downgrade attack C. Pass-the-hash attack D. Evil twin attack E. Cross-site request forgery attack
C. Pass-the-hash attack
Which of the following BEST identifies repeated exploitation of different network hosts after mitigation has occurred? A. Privilege escalation B. Pivoting C. Persistence D. Zero day Answer: C
C. Persistence
Which of the following vulnerabilities can lead to unexpected system behavior, including the bypassing of security controls, due to differences between the time of commitment and the time of execution? A. Buffer overflow B. DLL injection C. Pointer Dereference D. Race condition
C. Pointer Dereference
A technician is recommending preventive physical security controls for a server room. Which of the following would the technician MOST likely recommend? (Choose two.) A. Geofencing B. Video surveillance C. Protected cabinets D. Mantrap E. Key exchange F. Authorized personnel signage
C. Protected cabinets D. Mantrap
A small retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing. The business owner now needs to ensure two things: - Protection from power outages - Always-available connectivity in case of an outage The owner has decided to implement battery backups for the computer equipment. Which of the following would BEST fulfill the owner's second need? A. Lease a telecommunications line to provide POTS for dial-up access. B. Connect the business router to its own dedicated UPS. C. Purchase services from a cloud provider for high availability. D. Replace the business's wired network with a wireless network.
C. Purchase services from a cloud provider for high availability.
A fire that occurred after-hours created significant damage to a company's server room. The Chief Information Officer (CIO) was notified of the fire the next morning and was instructed to relocate the computer center to the corporate hot site. Which of the following should the CIO activate? A. Business impact analysis B. Succession plan C. Reporting requirements/escalation D. Continuity of operations plan
C. Reporting requirements/escalation
Which of the following must be configured to provide authentication between the switch and the TACACS+ server? A systems administrator is configuring a new network switch for TACACS+ management and authentication. Which of the following must be configured to provide authentication between the switch and the TACACS+ server? A. 802.1X B. SSH C. Shared secret D. SNMPv3 E. CHAP
C. Shared secret
An attacker is able to capture the payload for the following packet: IP 192.168.1.22:2020 10.10.10.5:443 IP 192.168.1.10:1030 10.10.10.1:21 IP 192.168.1.57:5217 10.10.10.1:3389 During an investigation, an analyst discovers that the attacker was able to capture the information above and use it to log on to other servers across the company. Which of the following is the MOST likely reason? A. The attacker has exploited a vulnerability that is commonly associated with TLS1.3. B. The application server is also running a web server that has been compromised. C. The attacker is picking off unencrypted credentials and using those to log in to the secure server. D. User accounts have been improperly configured to allow single sign-on across multiple servers.
C. The attacker is picking off unencrypted credentials and using those to log in to the secure server.
A security administrator is adding a NAC requirement for all VPN users to ensure the devices connecting are compliant with company policy. Which of the following items provides the HIGHEST assurance to meet this requirement? A. Implement a permanent agent. B. Install antivirus software. C. Use an agentless implementation. D. Implement PKI.
C. Use an agentless implementation.
A developer wants to use a life-cycle model that utilizes a cascade model and has a definite beginning and end to each stage. Which of the following models BEST meets this need? A. Agile B. Iterative C. Waterfall D. Spiral
C. Waterfall
During an OpenVAS scan, it was noted that the RDP port was open. Upon further investigation, the port was verified as being open. This is an example of: A. a false positive. B. a false negative. C. a true positive. D. a true negative.
C. a true positive.
A security analyst is performing a BIA. The analyst notes that in a disaster, failover systems must be up and running within 30 minutes. The failover systems must use backup data that is no older than one hour. Which of the following should the analyst include in the business continuity plan? A. A maximum MTTR of 30 minutes B. A maximum MTBF of 30 minutes C. A maximum RTO of 60 minutes D. A maximum RPO of 60 minutes E. An SLA guarantee of 60 minutes
D. A maximum RPO of 60 minutes
An intruder sniffs network traffic and captures a packet of internal network transactions that add funds to a game card. The intruder pushes the same packet multiple times across the network, which increments the funds on the game card. Which of the following should a security administrator implement to BEST protect against this type of attack? A. An IPS B. A WAF C. SSH D. An IPSec VPN
D. An IPSec VPN
Which of the following BEST represents the difference between white-box and black-box penetration testing methodologies? A. The use of NDAs B. Access to source code C. Internal vs. external access D. Authenticated vs. unauthenticated
D. Authenticated vs. unauthenticated
A technician, who is managing a secure B2B connection, noticed the connection broke last night. All networking equipment and media are functioning as expected, which leads the technician to question certain PKI components. Which of the following should the technician use to validate this assumption? (Choose two.) A. PEM B. CER C. SCEP D. CRL E. OCSP F. PFX
D. CRL E. OCSP
A systems administrator wants to disable the use of usernames and passwords for SSH authentication and enforce key-based authentication. Which of the following should the administrator do NEXT to enforce this new configuration? A. Issue a public/private key pair for each user and securely distribute a private key to each employee. B. Instruct users on how to create a public/private key pair and install users' public keys on the server. C. Disable the username and password authentication and enable TOTP in the sshd.conf file. D. Change the default SSH port. enable TCP tunneling. and provide a pre-configured SSH client.
D. Change the default SSH port. enable TCP tunneling. and provide a pre-configured SSH client.
A security administrator wants to better prepare the incident response team for possible security events. The IRP has been updated and distributed to incident response team members. Which of the following is the BEST option to fulfill the administrator's objective? A. Identify the members' roles and responsibilities. B. Select a backup/failover location. C. Determine the order of restoration. D. Conduct a tabletop test.
D. Conduct a tabletop test.
A company has had a BYOD policy in place for many years and now wants to roll out an MDM solution. The company has decided that end users who wish to utilize their personal devices for corporate use must opt in to the MDM solution. End users are voicing concerns about the company having access to their personal devices via the MDM solution. Which of the following should the company implement to ease these concerns? A. Sideloading B. Full device encryption C. Application management D. Containerization
D. Containerization
A systems engineer is setting up a RADIUS server to support a wireless network that uses certificate authentication. Which of the following protocols must be supported by both the RADIUS server and the WAPs? A. CCMP B. TKIP C. WPS D. EAP
D. EAP
A systems engineer is configuring a wireless network. The network must not require installation of third-party software. Mutual authentication of the client and the server must be used. The company has an internal PKI. Which of the following configurations should the engineer choose? A. EAP-TLS B. EAP-TTLS C. EAP-FAST D. EAP-MD5 E. PEAP
D. EAP-MD5
A security administrator in a bank is required to enforce an access control policy so no single individual is allowed to both initiate and approve financial transactions. Which of the following BEST represents the impact the administrator is deterring? A. Principle of least privilege B. External intruder C. Conflict of interest D. Fraud
D. Fraud
Which of the following can be used to obfuscate malicious code without the need to use a key to reverse the encryption process? A. ROT13 B. MD4 C. ECDHE D. HMAC
D. HMAC
A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives? A. Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares. B. Purchase cyber insurance from a reputable provider to reduce expenses during an incident. C. Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization's susceptibility to phishing attacks. D. Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.
D. Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.
After a systems administrator installed and configured Kerberos services, several users experienced authentication issues. Which of the following should be installed to resolve these issues? A. RADIUS server B. NTLM service C. LDAP service D. NTP server
D. NTP server
A network administrator is creating a new network for an office. For security purposes, each department should have its resources isolated from every other department but be able to communicate back to central servers. Which of the following architecture concepts would BEST accomplish this? A. Air gapped network B. Load balanced network C. Network address translation D. Network segmentation
D. Network segmentation
The director of security at an organization has begun reviewing vulnerability scanner results and notices a wide range of vulnerabilities scattered across the company. Most systems appear to have OS patches applied on a consistent basis_ but there is a large variety of best practices that do not appear to be in place. Which of the following would be BEST to ensure all systems are adhering to common security standards? A. Configuration compliance B. Patch management C. Exploitation framework D. Network vulnerability database
D. Network vulnerability database
An administrator is beginning an authorized penetration test of a corporate network. Which of the following tools would BEST assist in identifying potential attacks? A. Netstat B. Honeypot C. Company directory D. Nmap
D. Nmap
An attacker has gathered information about a company employee by obtaining publicly available information from the Internet and social networks. Which of the following types of activity is the attacker performing? A. Pivoting B. Exfiltration of data C. Social engineering D. Passive reconnaissance
D. Passive reconnaissance
A security technician is configuring a new firewall appliance for a production environment. The firewall must support secure web services for client workstations on the 10.10.10.0/24 network. The same client workstations are configured to contact a server at 192.168.1.15/24 for domain name resolution. Which of the following rules should the technician add to the firewall to allow this connectivity for the client workstations? (Select TWO). A. Permit 10.10.10.0/24 0.0.0.0 -p tcp --dport 22 B. Permit 10.10.10.0/24 0.0.0.0 -p tcp --dport 80 _ C. Permit 10.10.10.0/24 192.168.1.15/24 -p udp --dport 21 D. Permit 10.10.10.0/24 0.0.0.0 -p tcp --dport 443 E. Permit 10.10.10.0/24 192.168.1.15/24 -p tcp --dport 53 F. Permit 10.10.10.0/24 192.168.1.15124 -p udp --dport 53
D. Permit 10.10.10.0/24 0.0.0.0 -p tcp --dport 443 F. Permit 10.10.10.0/24 192.168.1.15124 -p udp --dport 53
A company recently purchased a new application and wants to enable LDAP-based authentication for all employees using the application. Which of the following should be set to connect the application to the company LDAP server in a secure manner? (Select TWO). A. LDAP Path: ou=users,dc=company,dc=com B. LDAP Path: dc=com,dc=company,ou=users C. Port 88 D. Port 636 E. Search filter: (cn=JoeAdmin)(ou=admins)(dc=company)(dc=com) F. Search filter: (cn=dc01)(ou=computers)(dc=com)(dc=company)
D. Port 636 E. Search filter: (cn=JoeAdmin)(ou=admins)(dc=company)(dc=com)
The Chief Information Officer (CIO) has informed the network administrator that company policy will allow BYOD to be configured to the network. The policy also requires the capability to control users' devices. Which of the following is the BEST security control to ensure the network administrator has the ability to mitigate risk in the event a device is lost or stolen? A. Remotely change the passwords and PINs. B. Remotely lock the screen. C. Remotely locate the device and return it to the owner. D. Remotely wipe proprietary data on the device.
D. Remotely wipe proprietary data on the device.
A law office has been leasing dark fiber from a local telecommunications company to connect a remote office to company headquarters. The telecommunications company has decided to discontinue its dark fiber product and is offering an MPLS connection, which the law office feels is too expensive. Which of the following is the BEST solution for the law office? A. Remote access VPN B. VLAN C. VPN concentrator D. Site-to-site VPN
D. Site-to-site VPN
A developer wants to use a life-cycle model that utilizes a cascade model and has a definite beginning and end to each stage. Which of the following models BEST meets this need? A. Agile B. Iterative C. Waterfall D. Spiral
D. Spiral
Which of the following is the purpose of an industry-standard framework? A. To promulgate compliance requirements for sales of common IT systems B. To provide legal relief to participating organizations in the event of a security breach C. To promulgate security settings on a vendor-by-vendor basis D. To provide guidance across common system implementations
D. To provide guidance across common system implementations
A company recently experienced a security incident in which its domain controllers were the target of a DoS attack. In which of the following steps should technicians connect domain controllers to the network and begin authenticating users again? A. Preparation B. Identification C. Containment D. Eradication E. Recovery F. Lessons learned
E. Recovery
A security analyst is trying to improve the security posture of an organization. The analyst has determined there is a significant risk of pass-the-hash attacks on the desktop computers within the company. Which of the following would help to reduce the risk of this type of attack? A. Require the desktop OS to use a stronger password hash. B. Prevent credentials from being cached on the desktops C. Use TLS encryption in which plain text credentials are transmitted. D. Use salts on the password hashes to prevent offline cracking attempts. E. Require that passwords meet high length and complexity requirements.
E. Require that passwords meet high length and complexity requirements.
An email recipient is unable to open a message encrypted through PKI that was sent from another organization. Which of the following does the recipient need to decrypt the message? A. The sender's private key B. The recipient's private key C. The recipient's public key D. The CQA's root certificate E. The sender's public key F. An updated CRL
E. The sender's public key