SEC + 701 Q256-509

An alert references attacks associated with a zero-day exploit. An analyst places a bastion host in the network to reduce the risk of the exploit. Which of the following types of controls is the analyst implementing? A. Compensating B. Detective C. Operational D. Physical

A. Compensating

A growing organization, which hosts an externally accessible application, adds multiple virtual servers to improve application performance and decrease the resource usage on individual servers. Which of the following solutions is the organization most likely to employ to further increase performance and availability? A. Load balancer B. Jump server C. Proxy server D. SD-WAN

A. Load balancer

A company wants to improve the availability of its application with a solution that requires minimal effort in the event a server needs to be replaced or added. Which of the following would be the best solution to meet these objectives? A. Load balancing B. Fault tolerance C. Proxy servers D. Replication

A. Load balancing

A legal department must maintain a backup from all devices that have been shredded and recycled by a third party. Which of the following best describes this requirement? A. Data retention B. Certi[cation C. Sanitization D. Destruction

A. Data retention

Which of the following activities is the first stage in the incident response process? A. Detection B. Declaration C. Containment D. Verification

A. Detection

An organization needs to determine how many employees are accessing the building each day in order to con[gure the proper access controls. Which of the following control types best meets this requirement? A. Detective B. Preventive C. Corrective D. Directive

A. Detective

Which of the following types of identification methods can be performed on a deployed application during runtime? A. Dynamic analysis B. Code review C. Package monitoring D. Bug bounty

A. Dynamic analysis

Which of the following is a compensating control for providing user access to a high-risk website? A. Enabling threat prevention features on the firewall B. Configuring a SIEM tool to capture all web traffic C. Setting firewall rules to allow traffic from any port to that destination D. Blocking that website on the endpoint protection software

A. Enabling threat prevention features on the firewall

Which of the following should a security team do first before a new web server goes live? A. Harden the virtual host. B. Create WAF rules. C. Enable network intrusion detection. D. Apply patch management.

A. Harden the virtual host.

A company discovers suspicious transactions that were entered into the company's database and attached to a user account that was created as a trap for malicious activity. Which of the following is the user account an example of? A. Honeytoken B. Honeynet C. Honeypot D. Honeyfile

A. Honeytoken

Which of the following is the best way to prevent an unauthorized user from plugging a laptop into an employee's phone network port and then using tools to scan for database servers? A. MAC filtering B. Segmentation C. Certification D. Isolation

A. MAC filtering

A company is implementing a policy to allow employees to use their personal equipment for work. However, the company wants to ensure that only company-approved applications can be installed. Which of the following addresses this concern? A. MDM B. Containerization C. DLP D. FIM

A. MDM

Which of the following types of vulnerabilities is primarily caused by improper use and management of cryptographic certificates? A. Misconfiguration B. Resource reuse C. Insecure key storage D. Weak cipher suites

A. Misconfiguration

A security team at a large, global company needs to reduce the cost of storing data used for performing investigations. Which of the following types of data should have its retention length reduced? A. Packet capture B. Endpoint logs C. OS security logs D. Vulnerability scan

A. Packet capture

An organization wants a third-party vendor to do a penetration test that targets a speci[c device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test? A. Partially known environment B. Unknown environment C. Integrated D. Known environment

A. Partially known environment

A penetration tester finds an unused Ethernet port during an on-site penetration test. Upon plugging a device into the unused port, the penetration tester notices that the machine is assigned an IP address, allowing the tester to enumerate the local network. Which of the following should an administrator implement in order to prevent this situation from happening in the future? A. Port security B. Transport Layer Security C. Proxy server D. Security zones

A. Port security

An organization is implementing a COPE mobile device management policy. Which of the following should the organization include in the COPE policy? (Choose two.) A. Remote wiping of the device B. Data encryption C. Requiring passwords with eight characters D. Data usage caps E. Employee data ownership F. Personal application store access

A. Remote wiping of the device B. Data encryption

Which of the following describes the procedures a penetration tester must follow while conducting a test? A. Rules of engagement B. Rules of acceptance C. Rules of understanding D. Rules of execution

A. Rules of engagement

A security manager wants to reduce the number of steps required to identify and contain basic threats. Which of the following will help achieve this goal? A. SOAR B. SIEM C. DMARC D. NIDS

A. SOAR

An employee clicks a malicious link in an email that appears to be from the company's Chief Executive OXcer. The employee's computer is infected with ransomware that encrypts the company's [les. Which of the following is the most effective way for the company to prevent similar incidents in the future? A. Security awareness training B. Database encryption C. Segmentation D. Reporting suspicious emails

A. Security awareness training

A company is performing a risk assessment on new software the company plans to use. Which of the following should the company assess during this process? A. Software vulnerabilities B. Cost-benefit analysis C. Ongoing monitoring strategies D. Network infrastructure compatibility

A. Software vulnerabilities

A user's workstation becomes unresponsive and displays a ransom note demanding payment to decrypt [les. Before the attack, the user opened a resume they received in a message, browsed the company's website, and installed OS updates. Which of the following is the most likely vector of this attack? A. Spear-phishing attachment B. Watering hole C. Infected website D. Typosquatting

A. Spear-phishing attachment

A security engineer needs to quickly identify a signature from a known malicious file. Which of the following analysis methods would the security engineer most likely use? A. Static B. Sandbox C. Network traffic D. Package monitoring

A. Static

Which of the following cryptographic solutions is used to hide the fact that communication is occurring? A. Steganography B. Data masking C. Tokenization D. Private key

A. Steganography

Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach that would affect offshore oXces. Which of the following is this an example of? A. Tabletop exercise B. Penetration test C. Geographic dispersion D. Incident response

A. Tabletop exercise

Which of the following is the primary reason why false negatives on a vulnerability scan should be a concern? A. The system has vulnerabilities that are not being detected. B. The time to remediate vulnerabilities that do not exist is excessive. C. Vulnerabilities with a lower severity will be prioritized over critical vulnerabilities. D. The system has vulnerabilities, and a patch has not yet been released.

A. The system has vulnerabilities that are not being detected.

A company's website is www.company.com. Attackers purchased the domain www.c0mpany.com. Which of the following types of attacks describes this example? A. Typosquatting B. Brand impersonation C. On-path D. Watering-hole

A. Typosquatting

Which of the following threat actors would most likely deface the website of a high-pro[le music group? A. Unskilled attacker B. Organized crime C. Nation-state D. Insider threat

A. Unskilled attacker

A company is concerned about theft of client data from decommissioned laptops. Which of the following is the most cost-effective method to decrease this risk? A. Wiping B. Recycling C. Shredding D. Deletion

A. Wiping

Which of the following is a type of vulnerability that involves inserting scripts into web-based applications in order to take control of the client's web browser? A. SQL injection B. Cross-site scripting C. Zero-day exploit D. On-path attack

B. Cross-site scripting

Which of the following can be used to compromise a system that is running an RTOS? A. Cross-site scripting B. Memory injection C. Replay attack D. Ransomware

B. Memory injection

A malicious actor is trying to access sensitive [nancial information from a company's database by intercepting and reusing log-in credentials. Which of the following attacks is the malicious actor attempting? A. SQL injection B. On-path C. Brute-force D. Password spraying

B. On-path

Which of the following is an example of a data protection strategy that uses tokenization? A. Encrypting databases containing sensitive data B. Replacing sensitive data with surrogate values C. Removing sensitive data from production systems D. Hashing sensitive data in critical systems

B. Replacing sensitive data with surrogate values

A customer has a contract with a CSP and wants to identify which controls should be implemented in the IaaS enclave. Which of the following is most likely to contain this information? A. Statement of work B. Responsibility matrix C. Service-level agreement D. Master service agreement

B. Responsibility matrix

Which of the following steps in the risk management process involves establishing the scope and potential risks involved with a project? A. Risk assessment B. Risk identification C. Risk treatment D. Risk monitoring and review

B. Risk identification

Which of the following should a security team use to document persistent vulnerabilities with related recommendations? A. Audit report B. Risk register C. Compliance report D. Penetration test

B. Risk register

A company is using a legacy FTP server to transfer financial data to a third party. The legacy system does not support SFTP, so a compensating control is needed to protect the sensitive, financial data in transit. Which of the following would be the most appropriate for the company to use? A. Telnet connection B. SSH tunneling C. Patch installation D. Full disk encryption

B. SSH tunneling

Which of the following would be the greatest concern for a company that is aware of the consequences of non-compliance with government regulations? A. Right to be forgotten B. Sanctions C. External compliance reporting D. Attestation

B. Sanctions

A security engineer at a large company needs to enhance IAM in order to ensure that employees can only access corporate systems during their shifts. Which of the following access controls should the security engineer implement? A. Role-based B. Time-of-day restrictions C. Least privilege D. Biometric authentication

B. Time-of-day restrictions

An organization purchased a critical business application containing sensitive data. The organization would like to ensure that the application is not exploited by common data exfiltration attacks. Which of the following approaches would best help to fulfill this requirement? A. URL scanning B. WAF C. Reverse proxy D. NAC

B. WAF

Which of the following testing techniques uses both defensive and offensive testing methodologies with developers to securely build key applications and software? A. Blue B. Yellow C. Red D. Green

B. Yellow

The Chief Information Officer (CIO) asked a vendor to provide documentation detailing the specific objectives within the compliance framework that the vendor's services meet. The vendor provided a report and a signed letter stating that the services meet 17 of the 21 objectives. Which of the following did the vendor provide to the CIO? A. Penetration test results B. Self-assessment findings C. Attestation of compliance D. Third-party audit report

C. Attestation of compliance

A systems administrator is reviewing the VPN logs and notices that during non-working hours a user is accessing the company [le server and information is being transferred to a suspicious IP address. Which of the following threats is most likely occurring? A. Typosquatting B. Root or trust C. Data exfiltration D. Blackmail

C. Data exfiltration

A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline. Which of the following should the analyst use? A. Intrusion prevention system B. Sandbox C. Endpoint detection and response D. Antivirus

C. Endpoint detection and response

Which of the following should be used to ensure an attacker is unable to read the contents of a mobile device's drive if the device is lost? A. TPM B. ECC C. FDE D. HSM

C. FDE

Which of the following actors attacking an organization is the most likely to be motivated by personal beliefs? A. Nation-state B. Organized crime C. Hacktivist D. Insider threat

C. Hacktivist

Which of the following best describe the bene[ts of a microservices architecture when compared to a monolithic architecture? (Choose two.) A. Easier debugging of the system B. Reduced cost of ownership of the system C. Improved scalability of the system D. Increased compartmentalization of the system E. Stronger authentication of the system F. Reduced complexity of the system

C. Improved scalability of the system D. Increased compartmentalization of the system

A new employee accessed an unauthorized website. An investigation found that the employee violated the company's rules. Which of the following did the employee violate? A. MOU B. AUP C. NDA D. MOA

B. AUP

A systems administrator discovers a system that is no longer receiving support from the vendor. However, this system and its environment are critical to running the business, cannot be modified, and must stay online. Which of the following risk treatments is the most appropriate in this situation? A. Reject B. Accept C. Transfer D. Avoid

B. Accept

Which of the following allows a systems administrator to tune permissions for a file? A. Patching B. Access control list C. Configuration enforcement D. Least privilege

B. Access control list

A company captures log-in details and reviews them each week to identify conditions such as excessive log-in attempts and frequent lockouts. Which of the following should a security analyst recommend to improve security compliance monitoring? A. Including the date and person who reviewed the information in a report B. Adding automated alerting when anomalies occur C. Requiring a statement each week that no exceptions were noted D. Masking the username in a report to protect privacy

B. Adding automated alerting when anomalies occur

A security consultant is working with a client that wants to physically isolate its secure systems. Which of the following best describes this architecture? A. SDN B. Air gapped C. Containerized D. Highly available

B. Air gapped

Which of the following is a possible consequence of a VM escape? A. Malicious instructions can be inserted into memory and give the attacker elevated permissions. B. An attacker can access the hypervisor and compromise other VMs. C. Unencrypted data can be read by a user who is in a separate environment. D. Users can install software that is not on the manufacturer's approved list.

B. An attacker can access the hypervisor and compromise other VMs.

An administrator has configured a quarantine subnet for all guest devices that connect to the network. Which of the following would be best for the security team to perform before allowing access to corporate resources? A. Device fingerprinting B. Compliance attestation C. Penetration test D. Application vulnerability test

B. Compliance attestation

A security team is in the process of hardening the network against externally crafted malicious packets. Which of the following is the most secure method to protect the internal network? A. Anti-malware solutions B. Host-based firewalls C. Intrusion prevention systems D. Network access control E. Network allow list

C. Intrusion prevention systems

The management team reports that employees are missing features on company-provided tablets, which is causing productivity issues. The management team directs the IT team to resolve the issue within 48 hours. Which of the following would be the best solution for the IT team to leverage in this scenario? A. EDR B. COPE C. MDM D. FDE

C. MDM

Which of the following is an example of memory injection? A. Two processes access the same variable, allowing one to cause a privilege escalation. B. A process receives an unexpected amount of data, which causes malicious code to be executed. C. Malicious code is copied to the allocated space of an already running process. D. An executable is overwritten on the disk, and malicious code runs the next time it is executed.

C. Malicious code is copied to the allocated space of an already running process.

A malicious actor conducted a brute-force attack on a company's web servers and eventually gained access to the company's customer information database. Which of the following is the most effective way to prevent similar attacks? A. Regular patching of servers B. Web application [rewalls C. Multifactor authentication D. Enabling encryption of customer data

C. Multifactor authentication

A company discovered its data was advertised for sale on the dark web. During the initial investigation, the company determined the data was proprietary data. Which of the following is the next step the company should take? A. Identify the attacker's entry methods. B. Report the breach to the local authorities. C. Notify the applicable parties of the breach. D. Implement vulnerability scanning of the company's systems.

C. Notify the applicable parties of the breach.

A systems administrator is concerned users are accessing emails through a duplicate site that is not run by the company. Which of the following is used in this scenario? A. Impersonation B. Replication C. Phishing D. Smishing

C. Phishing

A security officer is implementing a security awareness program and is placing security-themed posters around the building and is assigning online user training. Which of the following would the security oXcer most likely implement? A. Password policy B. Access badges C. Phishing campaign D. Risk assessment

C. Phishing campaign

A network engineer is increasing the overall security of network devices and needs to harden the devices. Which of the following will best accomplish this task? A. Con[guring centralized logging B. Generating local administrator accounts C. Replacing Telnet with SSH D. Enabling HTTP administration

C. Replacing Telnet with SSH

Which of the following aspects of the data management life cycle is most directly impacted by local and international regulations? A. Destruction B. Certification C. Retention D. Sanitization

C. Retention

A company is in the process of migrating to cloud-based services. The company's IT department has limited resources for migration and ongoing support. Which of the following best meets the company's needs? A. IPS B. WAF C. SASE D. IAM

C. SASE

A security administrator is addressing an issue with a legacy system that communicates data using an unencrypted protocol to transfer sensitive data to a third party. No software updates that use an encrypted protocol are available, so a compensating control is needed. Which of the following are the most appropriate for the administrator to suggest? (Choose two.) A. Tokenization B. Cryptographic downgrade C. SSH tunneling D. Segmentation E. Patch installation F. Data masking

C. SSH tunneling D. Segmentation

A security architect wants to prevent employees from receiving malicious attachments by email. Which of the following functions should the chosen solution do? A. Apply IP address reputation data. B. Tap and monitor the email feed. C. Scan email traffic inline. D. Check SPF records.

C. Scan email traffic inline.

Which of the following is the main consideration when a legacy system that is a critical part of a company's infrastructure cannot be replaced? A. Resource provisioning B. Cost C. Single point of failure D. Complexity

C. Single point of failure

Which of the following would a security administrator use to comply with a secure baseline during a patch update? A. Information security policy B. Service-level expectations C. Standard operating procedure D. Test result report

C. Standard operating procedure

A company wants to ensure employees are allowed to copy files from a virtual desktop during the workday but are restricted during non-working hours. Which of the following security measures should the company set up? A. Digital rights management B. Role-based access control C. Time-based access control D. Network access control

C. Time-based access control

Which of the following is the best security reason for closing service ports that are not needed? A. To mitigate risks associated with unencrypted traXc B. To eliminate false positives from a vulnerability scan C. To reduce a system's attack surface D. To improve a system's resource utilization

C. To reduce a system's attack surface

An administrator wants to automate an account permissions update for a large number of accounts. Which of the following would best accomplish this task? A. Security groups B. Federation C. User provisioning D. Vertical scaling

C. User provisioning

A company wants to add an MFA solution for all employees who access the corporate network remotely. Log-in requirements include something you know, are, and have. The company wants a solution that does not require purchasing third-party applications or specialized hardware. Which of the following MFA solutions would best meet the company's requirements? A. Smart card with PIN and password B. Security questions and a one-time passcode sent via email C. Voice and fingerprint verification with an SMS one-time passcode D. Mobile application-generated, one-time passcode with facial recognition

C. Voice and fingerprint verification with an SMS one-time passcode

Which of the following security concepts is accomplished when granting access after an individual has logged into a computer network? A. Authorization B. Identification C. Non-repudiation D. Authentication

Correct Answer: A

A company filed a complaint with its IT service provider after the company discovered the service provider's external audit team had access to some of the company's confidential information. Which of the following is the most likely reason the company filed the complaint? A. The MOU had basic clauses from a template. B. A SOW had not been agreed to by the client. C. A WO had not been mutually approved. D. A required NDA had not been signed.

D. A required NDA had not been signed.

A government oXcial receives a blank envelope containing photos and a note instructing the oXcial to wire a large sum of money by midnight to prevent the photos from being leaked on the internet. Which of the following best describes the threat actor's intent? A. Organized crime B. Philosophical beliefs C. Espionage D. Blackmail

D. Blackmail

A security administrator is implementing encryption on all hard drives in an organization. Which of the following security concepts is the administrator applying? A. Integrity B. Authentication C. Zero Trust D. Confidentiality

D. Confidentiality

A security administrator observed the following in a web server log while investigating an incident: "GET ../../../../etc/passwd" Which of the following attacks did the security administrator most likely see? A. Privilege escalation B. Credential replay C. Brute force D. Directory traversal

D. Directory traversal

An analyst is reviewing job postings to ensure sensitive company information is not being shared with the general public. Which of the following is the analyst most likely looking for? A. OXce addresses B. Software versions C. List of board members D. Government identification numbers

D. Government identification numbers

Which of the following options will provide the lowest RTO and RPO for a database? A. Snapshots B. On-site backups C. Journaling D. Hot site

D. Hot site

An engineer has ensured that the switches are using the latest OS, the servers have the latest patches, and the endpoints' definitions are up to date. Which of the following will these actions most effectively prevent? A. Zero-day attacks B. Insider threats C. End-of-life support D. Known exploits

D. Known exploits

Which of the following describes the most effective way to address OS vulnerabilities after they are identified? A. Endpoint protection B. Removal of unnecessary software C. Configuration enforcement D. Patching

D. Patching

Due to a cyberattack, a company's IT systems were not operational for an extended period of time. The company wants to measure how quickly the systems must be restored in order to minimize business disruption. Which of the following would the company most likely use? A. Recovery point objective B. Risk appetite C. Risk tolerance D. Recovery time objective E. Mean time between failure

D. Recovery time objective

Which of the following steps should be taken before mitigating a vulnerability in a production server? A. Escalate the issue to the SDLC team. B. Use the IR plan to evaluate the changes. C. Perform a risk assessment to classify the vulnerability. D. Refer to the change management policy.

D. Refer to the change management policy.

An attacker submits a request containing unexpected characters in an attempt to gain unauthorized access to information within the underlying systems. Which of the following best describes this attack? A. Side loading B. Target of evaluation C. Resource reuse D. SQL injection

D. SQL injection

Which of the following is a type of vulnerability that refers to the unauthorized installation of applications on a device through means other than the oXcial application store? A. Cross-site scripting B. Buffer overgow C. Jailbreaking D. Side loading

D. Side loading

Which of the following is most likely a security concern when installing and using low-cost IoT devices in infrastructure environments? A. Country of origin B. Device responsiveness C. Ease of deployment D. Storage of data

D. Storage of data

Which of the following should a company use to provide proof of external network security testing? A. Business impact analysis B. Supply chain analysis C. Vulnerability assessment D. Third-party attestation

D. Third-party attestation

Which of the following should a systems administrator use to decrease the company's hardware attack surface? A. Replication B. Isolation C. Centralization D. Virtualization

D. Virtualization

Which of the following would be the best solution to deploy a low-cost standby site that includes hardware and internet access? A. Recovery site B. Cold site C. Hot site D. Warm site

D. Warm site

Which of the following techniques can be used to sanitize the data contained on a hard drive while allowing for the hard drive to be repurposed? A. Degaussing B. Drive shredder C. Retention platform D. Wipe tool

D. Wipe tool

An organization wants to implement a secure solution for remote users. The users handle sensitive PHI on a regular basis and need to access an internally developed corporate application. Which of the following best meet the organization's security requirements? (Choose two.) A. Local administrative password B. Perimeter network C. Jump server D. WAF E. MFA F. VPN

E. MFA F. VPN

PBQ 462

PBQ 426

PBQ 440

PBQ 440

PBQ 452

PBQ 452

Which of the following is the fastest and most cost-effective way to confirm a third-party supplier's compliance with security obligations? A. Attestation report B. Third-party audit C. Vulnerability assessment D. Penetration testing

A. Attestation report

A company's accounting department receives an urgent payment message from the company's bank domain with instructions to wire transfer funds. The sender requests that the transfer be completed as soon as possible. Which of the following attacks is described? A. Business email compromise B. Vishing C. Spear phishing D. Impersonation

A. Business email compromise

A security analyst has determined that a security breach would have a [nancial impact of $15,000 and is expected to occur twice within a threeyear period. Which of the following is the ALE for this risk? A. $7,500 B. $10,000 C. $15,000 D. $30,000

B. $10,000

A Chief Information Security OXcer is developing procedures to guide detective and corrective activities associated with common threats, including phishing, social engineering, and business email compromise. Which of the following documents would be most relevant to revise as part of this process? A. SDLC B. IRP C. BCP D. AUP

B. IRP

A company that has a large IT operation is looking to better control, standardize, and lower the time required to build new servers. Which of the following architectures will best achieve the company's objectives? A. IoT B. IaC C. IaaS D. ICS

B. IaC

A penetration test has demonstrated that domain administrator accounts were vulnerable to pass-the-hash attacks. Which of the following would have been the best strategy to prevent the threat actor from using domain administrator accounts? A. Audit each domain administrator account weekly for password compliance. B. Implement a privileged access management solution. C. Create IDS policies to monitor domain controller access. D. Use Group Policy to enforce password expiration.

B. Implement a privileged access management solution.