Skillsoft - SS-SY0-601 - TestPrep CompTIA Security+ SY0-601
You are a member of the security forensics team reviewing an attack on your organization. In the latest attack a threat actor was let into the backend server supporting a public facing web application. What type of application attack has your organization most likely suffered? A. Directory Traversal B. Server side request forgery C. Resource exhaustion D. SSL Stripping
B. Server side request forgery
An industrial control company has recently had a major vulnerability that has made their private key cryptographic methods easy to crack with any modern video card. This vulnerability has exposed sensitive communications between devices across many industrial settings that are considered critical infrastructure. The organization has significant limitations within the processing power that exists on the current controllers. The controllers still fall within the support lifecycle from the industrial control company, and they must find an alternate method of encrypting traffic that is secure without introducing significant computation overhead. What cryptographic solutions might the industrial control company want to consider? A. A lightweight cryptographic stream cipher like Trivium B. AES encryption C. Recommend controllers be isolated to their own network segment D. A post-quantum cryptographic method
A. A lightweight cryptographic stream cipher like Trivium
You have been brought on-site to help law enforcement in a digital forensics case. They have a desktop computer they want to bring into evidence in a case involving an insider conducting a network attack. They believe that the user had become disgruntled when passed over for a recent promotion and may have launched an attack from their PC. You start a chain of custody record and photograph the scene. You take the computer into your care and place it into a secure bag and take a photo. The bag is tagged with the chain of custody record. You take the computer to your secure facility for a forensics audit. You quickly find that the malware was downloaded through a thumb drive and uploaded to the network. You call law enforcement with the findings and turn it over to the district attorney's office. During the court appearance you are summoned to take the stand. The user is denying that they had installed the malware and are insisting that someone has set them up. You discuss the findings with a judge, but there is no video evidence showing the user was at their computer during that time period. The case ends up being thrown out. What should you aim to accomplish with future forensics inv
A. Non-repudiation
As the administrator of a PKI in your network you need to protect the keys of the root certificate authority (CA) from theft or compromise. Which of the following PKI mechanism will aid you most in that goal? A. Offline CA B. Certificate Chaining C. Certificate Pinning D. Certificate Stapling
A. Offline CA
A small company has recently been awarded a Government contract to modernize their internal land registry system. The contract has several requirements around security that the organization will need to adhere to. The requirements are outlined in specific sections of NIST SP 800-53. The newly hired CIO within the small organization is looking for a method of transferring files between the Government and the company. These files will need to be encrypted in transit and at rest. The information being transferred will contain personally identifiable information and needs to be treated internally with the highest level of data security. What is the best file transfer method for the small organization to implement? A. SFTP B. IMAP C. VPN D. SMB
A. SFTP
Your company is developing a new application that will modernize how your organizations customers interact with the business. Customers used to place orders and would wait for the product to arrive at their location. The new software will allow them to peer into production as see where their product is at. This will allow customers to better project how long before items are delivered. You are managing a small development team. The team is using secure coding practices and live code review to ensure that bugs are not being introduced into the final product. The CISO has made it clear he wants to limit the impact of any SQL injection attempt. To achieve this, you have implemented input validation and installed a next-gen firewall that does deep packet inspection. What other configuration item would you want to implement to lesson the impact of a SQL injection? A. Use a random salt to hash values stored within the database B. Implement a host-based intrusion detection system on the SQL server C. Move the database to a bit locker encrypted drive D. Implement secure cookies
A. Use a random salt to hash values stored within the database
Not long ago a datacenter your organization manages had a disaster event. A processor in one of the servers overheated and caught on fire. That triggered the sprinkler system internally and the entire data center ended up being a loss. The response from your organization was good, and the team was able to restore operations at the datacenter within 3 weeks from the time of disaster. In reviewing the disaster, the board of directors have indicated that they want as close to an immediate restoration as possible. They do not want to spend money to have a hot site available in the case of disaster, but instead have opted for a cloud-based disaster recovery service. This service is run by a smaller company within the area. One of the concerns you have is that customer data could be accessed by the cloud provider as they now house your entire organization's backups. What cloud-based solution would ease that concern? A. Use encrypted cloud-based storage and encrypt your backups B. Configure audit logging to see who has accessed the backups C. Set cloud-based permissions to only allow yourself access D. Segment the backup network
A. Use encrypted cloud-based storage and encrypt your backups
You are a member of the security forensics team reviewing an attack on your organization. In the latest attack your storage server stopped responding to requests by a virtualization service to create new containers on the fastest available disk. What type of application attack has your organization most likely suffered? A. XML Injection B. API attack C. Driver manipulation D. Request forgery
B. API attack
You are a member of the security team establishing the protocols and policies for a financial institution. You have ensured that employees are using password management software that creates complex passwords and that they are changed on a regular basis. You also ensure that multifactor authentication is in place within your organization using text verification. What type of attack are you still most vulnerable to when it comes to compromised credentials? A. Malicious Flash Drives B. Card Cloning C. Spraying D. Spyware
B. Card Cloning
A hotel chain has recently decided to offer free wi-fi to their gold elite status members. This new perk is being rolled out using a national ad campaign. The hotel chain is putting some capital investment behind this to ensure that the roll-out is smooth. You work for the company that received the contract to do the wireless installation across the northeast. You will be installing dedicated access points for every 4 rooms that will use WPA2 for security. The hotel chain wants to ensure that only gold elite status members can access the free wi-fi. Non gold elite status members will be forced to pay $4.99 for the privilege to use the network. What wireless configuration would best meet these requirements? A. Configure a RADIUS server B. Configure a captive portal that gives the option to login or pay for the service C. Hand out cards with the wi-fi password to guests that pay or meet proper status D. Use WPA3 instead of WPA2
B. Configure a captive portal that gives the option to login or pay for the service
A drug manufacturer has recently made significant strides in hair restoration. The recent breakthrough has seen promising results in the lab. The potential market for the product represents several billion dollars in revenue for the company. The CISO for the organization has become concerned about lax physical security. The concern is that the research could be exfiltrated from the company and sold to a competitor. Additionally, recent actions by state actors against other drug manufacturers has raised concerns about a coordinated theft by a state actor. To help protect the research, the network housing it has been isolated and all network cables installed in faraday cages. A secure vault has been setup to help protect the server that is housing the research. Access logs and biometric verification has been configured to help control access. All systems accessing the data have been configured as thin clients to prevent local storage of information. What other physical security control should be considered to help prevent the exfiltration of data? A. Install an antivirus client on the thin clients B. Install a USB data blocker on the thin clients C. Use robotic sentries to monitor staf
B. Install a USB data blocker on the thin clients
You are on the security team for a large software company. You are concerned about how social engineering can be used against your organization when information about your employees can be used to create trust when performing spear phishing or vishing attacks. What area of penetration testing could you educate your users about to help them be aware of how information about them could be discovered? A. Drones B. OSINT C. Rules of engagement D. Cleanup
B. OSINT
You work for the server administration team at a medium sized company. You oversee over 200 servers running locally within your data center. You have recently updated your retention policy and switch backup software providers. The backup solution allows you to move servers to the cloud in the interim in the case of a disaster. You have updated the disaster recovery policy and the backup configuration document to reflect changes to your infrastructure. The solution is working and has taken several weeks worth of backups to the cloud. What should you do next? A. Create an additional backup on-site B. Simulate a downtime event and test your backups during a maintenance window C. Encrypt your backups so that the backup solution provider cannot access them D. Purchase a redundant san to ensure local backups are safe
B. Simulate a downtime event and test your backups during a maintenance window
You are a member of the IT team for an online service portal. A security analysis is going to be performed on your web applications and you want to make sure that there are no alerts due to things that can be changed without reconfiguring the web apps themselves. What action has the least risk of breaking any web services? A. Enabling stronger encryption B. Switching to more secure protocols C. Closing unused open ports and services D. Securing root accounts
C. Closing unused open ports and services
Which technology is commonly used to provide Internet users with access to a company's web server without having to host the server on the internal network? A. NAT B. Honeynet C. DMZ D. Intranet
C. DMZ
A small company has recently had to let one of their helpdesk technicians go. During a recent antivirus update, the helpdesk technician's PC was found to be full of illegal movies and music. These movies and music were being downloaded from a popular torrent site while at work. Some contained malware and backdoors that could have potentially opened access to the computer network. The desktop machine was cleaned, and the network was scanned for viruses and no other data was found. The firewall is configured to block bit torrent traffic, but the helpdesk technician was able to circumvent the block using a VPN provider. What solution could be implemented to detect this type of user behavior before it becomes problematic? A. Use a protocol analyzer B. Disable local admin access C. Use a bandwidth monitor D. Monitor web metadata
C. Use a bandwidth monitor
An employee has recently reported that his cellular device has gone missing. The last known GPS co-ordinates in the MDM suite show that the phone was last seen when the employee was travelling. You verified that the device is not connected to the internal WIFI, so you cannot do WIFI triangulation. The employee says the last time he remembers having it was in the airport. You want to find the device or at least pinpoint the location, but it is not showing with a data connection on the MDM suite. When you call the device, it does ring through to the device and eventually goes to voicemail. How might you best pinpoint the location of the device? A. Wait for it to connect to the MDM platform B. Call the airline to see if it is in lost and found C. Use cellular triangulation D. Ask the user to search their luggag
C. Use cellular triangulation
You work for an organization that has several business units. Each business unit has specific requirements for access to servers and network infrastructure. Recently you attended a conference and the presenter spoke about zero-trust architecture. You found it fascinating and thought it might be applicable to your business. In reviewing zero-trust architecture with your network administrator, he brought to your attention that the organization currently has a flat network. He also pointed out that it would require significant time and effort to configure and maintain zero trust architecture and that the organization does not have that kind of budget. You have decided with the network administrator that something needed to be setup that would limit the visibility of computers and network assets to just those in certain business roles. What technical solution might you implement to achieve this? A. VPN connectivity B. Port security C. VLANs for each business unit D. Role based authentication
C. VLANs for each business unit
You are reviewing the work done by a security analyst you hired to secure the network and discover that LDAP traffic from one of your Domain Controllers can be monitored and sniffed as clear text. What is the contractor most likely guilty of? A. Improper error handling B. Improper input handling C. Race conditions D. Improper certificate and key management
D. Improper certificate and key management
You have designed a company application that implements storage spaces for calculating the total number of items ordered by each employee daily. The application's storage spaces hold a maximum of four digits that are generated by completing an arithmetic operation. Which option can occur if the arithmetic operation attempts to place a value into the storage space that is larger than four digits? A. Buffer overflow B. Session hijacking C. Cross-site scripting D. Integer overflow
D. Integer overflow
A local college is rolling out a new wireless access system across the campus. The old system used WPA2 authentication and had several challenges. After about the first week, students had connected several devices to the network that were unauthorized. These unauthorized devices slowed down the network to the point that it was unusable during examination time. In configuring the new network, the college has purchased high density access points to support more devices. The college has also installed 10gbe trunk lines that will connect to the access points. The college still wants to ensure that only authorized devices are on the network however, and that the WPA2 key cannot be shared. What solution would you recommend? A. Use a captive portal B. Use IEEE 802.1x and mac filtering C. Double up on access points to support additional users D. Use EAP-TLS and issue certificates only to authorized devices
D. Use EAP-TLS and issue certificates only to authorized devices
A large retail organization has taken on a new project to update their enterprise resource planning software so that they can manage their supply chain on a national level. They want to implement a system that will allow them to track every item through the supply chain. The project sponsor wants to avoid having significant user overhead as the supply chain handles millions of transactions between their warehouses, vendors, and stores daily. To meet the needs the organization is willing to invest significant human resources and capital into the project. The new system must allow for each item in the supply chain to be tracked and audited at any time. It must also allow for vendors to conduct lookups of their supplies to verify their own sales numbers and ensure that they can meet supply demands for the retailer. What technical solution would best meet these requirements? A. Use the current ERP system and develop changes to it using the Agile methodology B. Install a large database server and record database transactions C. Use an off the shelf solution from a major vendor D. Use a distributed ledger and blockchain to record changes within the supply chain
D. Use a distributed ledger and blockchain to record changes within the supply chain
A construction company recently won a bid to build a new library in a major city. This build project has strict timelines as the city wants to have it operation prior to the next election cycle. One of the cities recent projects was delayed because of a ransomware attack against the building company. Thus, the city has put in place some cybersecurity requirements for the construction company. You have been hired to help meet these security requirements. The construction company already has a decent firewall solution and is using role-based access internally. They have a strong password policy and are using two-factor authentication for email access. One of the items on your to do list is to replace an FTP server that the company uses to transfer files between subcontractors. Currently subcontractors are using a shared account for access. What solution will best ensure only those that need access to the FTP are allowed in? A. Configure a SFTP using SSH keys B. Disable the FTP and use a shared file service account C. Use the shared account but log the IP address D. Configure individual accounts for each subcontractor
A. Configure a SFTP using SSH keys
You are a member of the security team for a future online social media platform. You have decided to outsource many elements of the software as much as possible. Due to the nature of your software what third-party related security risk should be your top priority? A. Control and access to stored data B. Outsourced code development C. Vendor management D. Integration with on premise systems?
A. Control and access to stored data
In response to an incident you capture a system image of the affected system, plan a review of network traffic and logs, capture video of the incident, record time offset, take hashes and screenshots, and schedule witness interviews. These are all examples of what? A. Data acquisition B. Legal hold C. Preservation D. Chain of custody
A. Data acquisition
You are working for a mining company that operates several remote sites throughout the world. These remote sites are often difficult to get to in a timely fashion and the equipment on-site is considered mission critical. After a recent malware attack against the industrial controls systems at a remote mining camp took operations offline for several weeks, the organization has created a new IT security division and assigned you the task of securing operations. In reviewing systems, you have found several challenges. Many of the industrial control systems that are networked are badly outdated and cost tens of thousands to replace. The underlying systems are no longer vendor supported and even if you could apply security patches to them, the cost of bringing down operations for even an hour amounts to hundreds of thousands in lost revenue. Additionally, these remote sites have inadequate network resources to do any active monitoring of the devices. In reviewing these constraints, what solution might you recommend for these remote mining sites? A. During the next maintenance cycle, move the operational controllers to an isolated network and only allow local interface through a laptop B. A
A. During the next maintenance cycle, move the operational controllers to an isolated network and only allow local interface through a laptop
A network administrator recently had an internal security audit completed to ensure that the network configuration met the requirements outlined within the corporate security policy. The audit found several issues with the internal configuration. The audit returned showing that passwords in router and switch configuration files were shared across several devices and not encrypted within the stored backup. The audit also found that username and passwords transferred to a local web application were being transferred in plain text. The application itself is old, but it is important that users are unable to login as other users or see the traffic to the website. What technology would make it impossible to see plain text information being sent via HTTP requests? A. HTTPS B. SFTP C. VPN D. DNSSEC
A. HTTPS
After a long weekend, staff arrived on a Tuesday morning to find that many computers within the organization had been stolen from the office. Many of these computers contained sensitive customer information and were not encrypted at rest. In reviewing the CCTV security camera footage, a box truck pulled up to the building late Saturday evening, and three individuals entered the building through force and physically stole several computers. The footage has been handed over to law enforcement, and many of the computers replaced. In conducting a post-mortem, the board has asked for recommendations to upgrade physical security so that this does not happen again. The organization already has a good CCTV system, and magnetic locks with access cards installed on the doors. What recommendation would you make that would improve physical security the most? A. Hire security guards to provide 24x7 coverage B. Random spot checks of the facility C. Install computer locks to prevent them from being taken from the desk D. Install bollards in the parking lot, and control access with a gate
A. Hire security guards to provide 24x7 coverage
You are a member of the security team for a financial institution. You are educating your team on some of the common types of social engineering techniques that might be used by threat actors against the company. You have educated your company's users to watch for grammatical mistakes and email addresses coming from domains that are not owned by legitimate companies. What two types of social engineering will these techniques be most effective against? A. Identity fraud B. Social media influence campaigns C. Prepending D. Credential harvesting
A. Identity fraud D. Credential harvesting
As a security administrator trying to manage the possible business impact of various risks you need to identify the specific services or functions that your company provides that must be either fault tolerant or able to resume quickly after a disruption. In doing this you are identifying which of the following? A. Mission-Essential Functions B. Critical Systems C. Single Points of Failure D. RTO
A. Mission-Essential Functions
You are a member of the security team for a municipal electric utility. You have discovered that false negatives are relatively easy to create in your threat hunting penetration testing. What actions could you perform in order to best reduce the number of false negatives in your organization? A. Perform a configuration review B. Reconfigure systems to use more web applications rather than local applications C. Enable non-credentialed access D. Require credentialed access
A. Perform a configuration review D. Require credentialed access
Your HR department has a public facing web portal where they can post available positions at the company. The web portal has been a great source of IT recruitment for the company. It allows for individuals to setup a profile, import their resume and apply at various positions within the organization. The web portal is configured using SSL to keep sessions secure. The front end is hosted on the corporate DMZ, and the data is stored on a SQL server located on the internal network. The Firewall only allows the front end to connect to the SQL server. Recently HR has reported a significant drop in usage of the website. You go to the website and you are greeted with a message saying your connection is not private with a back to safety button. You view the certificate for the website, and it appears that is has expired. What solution would best solve this problem? A. Purchase a new certificate from a recognized certificate authority and issue it on the website B. Turn off HTTPS traffic to the website C. Issue a new self-signed certificate for the website D. Add the certificate to your enterprise root trust group
A. Purchase a new certificate from a recognized certificate authority and issue it on the website
You are on the security team for a large corporation. You are developing a security penetration testing exercise in order to discover weaknesses in your enterprise infrastructure. You have decided to create a team that will be challenging the plans, policies, and procedures of the company and performing penetration tests, ethical hacking, and social engineering. What type of security exercise team would best suit your needs? A. Red-Team B. Purple-Team C. White-Team D. Blue-Team
A. Red-Team
Your organization works with local Governments to provide taxation accounting services. The organization doesn't house any PII, but it does hold data that would be considered sensitive for each local Government. Recently the organization has had an email breach that may have led to the disclose of some of this sensitive client information. Under the law of the jurisdiction you are in, you are required to notify any parties that are subject to a potential breach directly in the case that one has occurred. The disclosure should include the information that may have potentially been breached. The CEO has asked that you sweep this under the rug. You have refused to do so under your professional code of ethics and have let the CEO know of his duties to disclose. The CEO is worried that customers might not want to do business with the organization any longer. What kind of organizational consequence is the CEO concerned about? A. Reputational damage B. Personnel risk C. IP theft D. Fines
A. Reputational damage
You have configured a firewall to filter external traffic entering your company's network. Which type of access control does a firewall use? A. Rule-based access control B. Discretionary access control C. Role-based access control D. Mandatory access control E. Attribute-based access control
A. Rule-based access control
You are working for a security research firm that specializes in malware analysis. A new form of ransomware has been detected in the wild. This new form takes advantage of a zero-day exploit in a leading security gateway company to gain a foothold and then conducts local attacks through a remote command session. You intentionally infected a vulnerable security gateway with this malware and are dumping live data from the device through a promiscuous network port. You are capturing traffic on both sides of the security gateway and you want to find out how the command and control is functioning remotely. What tool would you use to analyse the captured network traffic? A. Wireshark B. NMAP C. TCPScan D. PowerShell
A. Wireshark
Which option provides port-based security for a wireless network by communicating with an authentication server to provide network authentication? A. 802.1X B. 802.11x C. MAC address limiting D. MAC address filtering
B. 802.11x
You recently joined an organization to replace an outgoing project manager. The project manager has been overseeing customization of the organization's internal enterprise resource planning suite. The software has been integrated across operations internationally and is currently handling all manufacturing, HR, and business logic internally to the company. The project has been ongoing and has been developed in sprints using the Agile methodology. The current product backlog has several hundred items in it ranging from minor tweaks in the UI to major overhauls of key system functionality. In speaking with one of your senior developers they have been very keen to fill you in on the best practices they have been using in development. The team has been using the principle of least privilege and have been practicing live code reviews. Updates are being delivered continuously and they have been writing strong validation scripts to ensure accuracy across all modules during each deployment. They have however struggled recently with many IT security related issues as a recent red team exercise pointed out several major flaws in the underlying architecture that allowed them to conduct a remote co
B. Adopt the OWASP Application Security Verification Standard
In a recent re-organization, your company has let go of the district sales manager for the east coast of the US. In parting ways with each employee HR reviews the non-compete contract that each employee has signed along with any severance package they may be due. Since his departure your organization has lost a lot of the east coast business to the competition. The CEO heard rumors that the departed sales manager is now working for a close competitor in violation of the non-compete. Additionally, the CEO believes that the sales manager took the organizations customer data with him when he left. You have been asked to look at the user's laptop to determine if any data was exfiltrated. You first start a chain of custody record on the laptop and create an image of it using DD. What tool can you use to conduct the forensic analysis? A. WinHex B. Autopsy C. Exfiltr8 D. Wireshark
B. Autopsy
You are a member of the security team for a municipal electric utility. You are performing threat hunting in order to determine if you have any compromised systems. You are adopting a holistic approach that uses information from multiple sources to feed your SIEM. You receive an SIEM alert indicating a resource has a CVSS score of 9. What provides the basis of this score? A. advisories and bulletins B. Common Vulnerabilities and Exposures C. Intelligence fusion D. threat feeds
B. Common Vulnerabilities and Exposures
A large corporate client has hired you to install new wireless access points at their head office. Their current configuration runs older hardware that supports WPA2 authentication. They want to move to a faster access point that will support WPA3 authentication. In reviewing the requirements, the customer has mentioned that they want to be as secure as possible with this installation. While they trust that WPA3 authentication is going to be secure, they want to limit the access that individuals have to the wireless network externally. What configuration would you recommend to the customer? A. Overlap channels B. Conducting a site survey pre- and post-installation and limiting access point power. C. Use a captive portal D. Disable access point advertisement
B. Conducting a site survey pre- and post-installation and limiting access point power.
A nuclear power generating station recently finished conducting an external red team exercise and is reviewing the findings. The report came back showing that the organization had a good security posture overall but made several key findings that the generating station should improve upon before the next series of red team exercises. The report highlighted that the surveillance camera system relied on wireless cameras that could easily be disassociated with the network. Several IoT sensors and smart devices recently installed to control physical security were found to be running outdated firmware. The final finding showed that the red team was able to breach the air-gapped network using a USB device that mimicked a keyboard. This could potentially allow for the execution of commands on the air-gapped network that is meant to be tightly controlled. What change to the security policy should immediately be undertaken? A. Update the firmware on the IoT sensors B. Control USB access to terminals on the air-gapped network C. Replace the wireless cameras with wired cameras D. Schedule red team exercises to happen less frequently
B. Control USB access to terminals on the air-gapped network
You are a member of the security team for a mining operation. Your IoT devices monitor and manage many automated processes. You are concerned about unauthorized access being used in an attempt to create availability loss. What are the two most likely vectors for an advanced persistent threat (APT) against your organization? A. Social Media B. Email C. Removable Media D. Supply Chain
B. Email C. Removable Media
Recently during a disastrous patch Tuesday, several key systems were taken offline for an extended period. The operating system patches had known compatibility issues with your antivirus software that caused your servers to no longer see the boot sector of the drive. This update requires you to restore all servers from backup. Operationally you have introduced a procedure for testing updates prior to implementation. This is not the first major issue that has happened in the environment lately. A recent configuration change to a firewall knocked a branch office offline for two days as they couldn't get the site-to-site VPN connection to reconnect. The CIO wants to implement a managerial control help ensure that these issues stop popping up. What managerial control would best be suited to help reduce these issues from happening? A. Install a WSUS server B. Formalize a change control review process C. Install a configuration management utility D. Let all employees know that further issues will result in termination
B. Formalize a change control review process
Your organization has recently undergone a change at the board of directors. One of the incoming directors has cyber security experience and is really pushing that the organization move to utilizing a standards-based approach to security controls.You are putting together a list of security controls the organization currently has in place. You are using the CIS controls list as it pertains to a medium sized organization. Many of these security controls are in use currently, but some are on the IT roadmap for the next year. In reviewing your work, the board of directors has sent you back to come up with a standards-based approach. Where could you find a list of security controls that would allow you to take a standards-based approach? A. Google security suite B. ISO 27002 C. ISO 27001 D. Third party vendor certification
B. ISO 27002
Your company has recently moved some of your server infrastructure to the cloud. This was done to extend some of the benefits of using the cloud to your enterprise sales portal. Users were complaining that the service only worked well when they were in the region, and when oversees it often struggled to keep a connection. By using the cloud, you have been able to use a geographic distribution model that ensures the portal is served from a closer location. When you moved the portal to the cloud, you configured container security for both the front end and back end. For users to use it they need to connect to the virtual private cloud endpoint for your organization. The rollout of this service has been such a success that the CIO wants to move more services into the cloud. One of the challenges is that your organization loses visibility over network connectivity once the service is made cloud based. What would best increase visibility over the cloud-based network? A. Use zero-trust architecture and segment each container B. Install a next-generation secure web gateway C. Configure a promiscuous port on the virtual private cloud endpoint and point it to your firewall D. Configure securit
B. Install a next-generation secure web gatewayv
You work for a managed service provider that specializes in supporting small to medium businesses with their IT needs. You received a support call from a local medical clinic that has lost all network connectivity internally. Upon arriving at the office, you notice that the switch between the virtual hosts and the storage array is no longer receiving power. A new switch was ordered, and it took 48 hours to be delivered on-site. Upon replacing the switch, the client has called a meeting to discuss the root cause and next steps. You have been tasked with coming up with a solution that will allow for some redundancy within the network in the case that this happens again. This solution will be presented to the client during the upcoming meeting. What solution would best solve this problem? A. Install a redundant san and add more virtual hosts. B. Installing redundant switching infrastructure and configuring NIC teaming on the virtual hosts. C. Install a power conditioner D. Move the server infrastructure to the clou
B. Installing redundant switching infrastructure and configuring NIC teaming on the virtual hosts.
You are a member of the security forensics team reviewing an attack on your organization. In the latest attack a user received an email on their Microsoft Windows workstation from what appeared to be the CEO of the company with a note to open an attached document. When they opened the document the system locked up and a ransomware notice was posted on the screen. Later other users encountered the same email. What type of network attack has your organization most likely suffered? A. Python virus B. Macro virus C. Bash virus D. PowerShell virus
B. Macro virus
A company running Azure directory services has several internally built applications that they use to conduct daily business. They have a customized CRM, an inventory management suite, a custom ERP, and several other web-based applications the development team has made to make life easier within the business. In conducting a user audit of these services, you have noticed that several users are frequently resetting their passwords and others are using shared accounts on several of the systems. The IT security policy does not allow for the use of shared accounts and the number of password reset being conducted is taking significant time away from daily operations. You have been tasked with fixing this in the most secure way possible. What technology might you implement to help users manage authentication better? A. Smart cards B. Single sign on C. Role based authentication D. Knowledge-based authentication
B. Single sign on
A small marketing company has a main office in Kentucky. They have recently landed a contract in London and have purchased office space. Currently the company has several staff members located in London, but they work from home. The establishment of an office will support the growth of the organization within the UK. You have configured an Active Directory server along with Azure directory services in hybrid mode. You have also installed a new firewall at the branch office. The new firewall is the same model you have at your main office and supports various VPN types. You want staff to be able to share data between the two offices easily as if it was all one network. This will allow the UK staff to access graphical access located on the fileserver at the Kentucky site. What type of VPN would you recommend be used for the branch office? A. Cloud-based VPN B. Site-to-site VPN C. SSL VPN D. Round robin VPN
B. Site-to-site VPN
You are a member of the security team for a federal government agency associated with elections. What type of threat actor should your team be especially aware of because of the nature of your organization? A. Hackers B. State actor C. Shadow IT D. Criminal Syndicates
B. State actor
You are a recent graduate from a server administration program at a local community college. Thankfully after a short search you have found an entry level position doing server installations for a financial firm. This financial firm spins up virtual machines for clients daily so that they can run analytics on daily transactions in the market. You have been assigned the task of reviewing all the server configurations to ensure that they are meeting security requirements. You start doing this manually, but it takes you hours to complete each individual server. You want to find a quicker way to conduct this audit so that you can impress your new boss and take on further responsibility. What might you do in order to accomplish this task faster? A. Patch all systems to the latest patch B. Use security benchmarks provided by the operating system vendor C. Create a system server image and deploy it across the environment D. Check every other server to reduce the time by half
B. Use security benchmarks provided by the operating system vendor
You are a member of the security team for a federal government agency. You would like to share cyber threat indicators and defensive measures with others using Automated Indicator Sharing (AIS). When configuring your software to participate in this sharing you receive an error indicated that you cannot perform predictive analysis because the exchange of information is not configured correctly. What is most likely the source of this error? A.Your threat maps B. Your code repository C. STIX D. TAXII
C. STIX
Preventing password crackers from accessing your password database is a key part of system security. What are some safeguards you can implement to mitigate password crackers? (Choose three.) A. Ensuring that passwords are stored in clear text B. Use a common phrase for your password C. Salting passwords D. Setting a maximum number of login attempts E. Enforcing rules for creating strong passwords
C. Salting passwords D. Setting a maximum number of login attempts E. Enforcing rules for creating strong password
Your company has recently launched a new online platform that allows users to post public and private media content. The service has several security controls built in to help protect users to ensure that data integrity is maintained. The service has been audited by a third-party security company and they were unable to find any areas for improvement. The CISO for your organization Is very happy with the IT security posture of the organization. The service has been launched with great user adoption rates. Recently though the company made headlines when it was discovered that some of the media being openly shared on the internet contained hate language. This was problematic for the company's reputation and not something that the board takes lightly. The website has a privacy notice letting customers know that cookies and information may be tracked on the site. However, in reviewing with the legal team the site could potentially face lawsuits if they took down the unwanted content. What type of notice should the company provide to users? A. A letter sent via registered mail B. No notice is required C. A term of agreement/service with a requirement that it be accepted for continued acces
C. A term of agreement/service with a requirement that it be accepted for continued access to the website
A project to integrate a new financial service application has been undertaken by a large banking institution. The new application will allow users to report on their financial health in real-time. This new application requires several connections between different database servers and a reporting service. In managing the project, a risk register has been completed. One of the risks associated with the project is that the reporting service could create deadlocks on the database taking it down for other services that clients are using. The likelihood of the risk occurring has been put at medium, and the impact of the risk has been estimated to cost around $50,000 per occurrence. The cost to mitigate the risk by installing a new database server is $250,000 and installing a new database server comes with additional uncalculated risks. The company culture is to take risks in order to increase the bottom line for each quarter. What should you do as the project manager in this situation? A. Purchase insurance against the risk B. Mitigate the risk by spending the money C. Accept the risk and monitor the situation D. Hire a third-party company to manage the server and try to pass the risk of
C. Accept the risk and monitor the situation
You have been brought a computer from a network administrator to do a data recovery on. The computer was in use by the CFO of the organization. The network administrator tells you that the CFO got wind that the company was going to be letting them go so they deleted the upcoming quarterly report from their computer and left the organization without notice. You ask the administrator if anything has changed on the machine since the user left. He mentions that it may have done a Windows update. You take the disk from the computer and take an image of it using DD. The image is then loaded into Autopsy and scanned for deleted files. You don't find any file artifacts using autopsy that would be of interest. Why would you use an image and not the drive to conduct your investigation? A. The disk could accidentally boot into the users Windows Desktop B. This avoids disk cache issues C. Avoid accidentally writing to the drive could overwrite deleted files D. The image is quicker to load than the hard disk
C. Avoid accidentally writing to the drive could overwrite deleted files
You have been brought into a company that recently experienced a data breach of their customer data. The company had been using an MSP but has decided to create their own internal IT department after the breach. The MSP blamed an email that came from a bad actor for the breach and had done a cleanup on the local machine prior to handing operations over to you. You have reviewed all equipment and systems within the organization and have created a patch management strategy to help keep systems up to date. In doing so you have found several older systems and noticed that much of your network infrastructure looks dated. You have contacted the vendor for support, but they have indicated that these items were purchased without a service contract. What information should you look for to determine if these systems are maintainable? A. Update to the latest vendor patch and ignore the devices until they fail B. Replace any systems that look old immediately C. Check the model end of service life D. Find out from the vendor the cost of adding a service contract
C. Check the model end of service life
Your company has recently switched to a bring your own device policy. This was done to improve user adoption of mobile devices within the office. Many staff had spent time complaining that the chosen device was not running the operating system they wanted to use. As part of the BYOD policy, you will need to be able to setup a corporate VPN on the devices and allow access to the internal company SharePoint site. You want to make sure that if a device goes missing or an employee is terminated that you can remove the corporate data from the device through a remote wipe. What technical solution would accomplish this? A. Jailbreak/root the phones and install a software backdoor B. Enable SMS remote wipe C. Configure a mobile device management suite and enroll the mobile devices D. Use find my iPhone
C. Configure a mobile device management suite and enroll the mobile devices
A manufacturing company is running an Active Directory controlled network. They have localized service that operates as middleware between the industrial control system and the operator control software. To maintain operations, the computer always must remain on so that the machine is operational, otherwise the machine will error out and it will require maintenance staff to reset it prior to running again. Currently you have the computer configured using a shared account. The shared account is setup so that multiple operators can come and go during the run of the day without disrupting the machine. Your security policy has recently been updated to remove the use of shared credentials and force users to login as themselves. This will help enforce password complexity, password history, and auditing. You need to replace the shared account. What account configuration would you recommend be used? A. Configure guest account access on that local machine and segment it from the network B. Create a special OU for the operator account and remove the default domain policy from it C. Configure the software to run using service account and have it running on boot D. Let maintenance know that they
C. Configure the software to run using service account and have it running on boot
You are a member of the security forensics team reviewing an attack on your organization. In the latest attack users attempted to logon to the corporate intranet but found they had to put in their credentials twice. It was discovered that the first entry was being registered at a different IP address and then the second successful logon was at the correct portal IP. What type of network attack has your organization most likely suffered? A. Media access control (MAC) flooding B. DNS domain reputation C. DNS URL redirection D. Distributed denial-of-service (DDoS)
C. DNS URL redirection
You have been the systems admin for a small company for several years. The company has recently recovered from a ransomware attack. The overall cost and impact of the attack has led to a new managerial effort to increase the organizations IT security posture. To help modernize the IT environment and introduce appropriate security controls you recently finished your IT security training and have been tasked with safeguarding against future security events. You have put together a plan that helps protect customer data and hardens the network to protect against future attacks. The plan includes using an SSL VPN for remote access, using network segmentation and subnetting for each business function, using an appliance that conducts deep packet inspection, and running an updated antivirus platform across all systems in the organization. You want to make sure that any future ransomware attacks against the organization do as little damage as possible. What is one way you might accomplish this? A. Encrypt data at rest using bitlocker B. Disallow all traffic from countries known for conducting ransomware attacks C. Design your user access rights based on the principle of least privilege D. Ins
C. Design your user access rights based on the principle of least privilege
You are performing a threat assessment for a planned new hot site. The site location has had flood problems in the past. Which threat assessment category would best cover this kind of threat? A. Manmade B. External C. Environmental D. Internal
C. Environmental
Recently your team had to respond to a critical SAN failure that led to the loss of all running servers within your data center. To facilitate the restoration of services you had to restore backups from offsite tapes onto a new SAN that took 72 hours to arrive. The restoration process for each virtual machine that was lost took several hours to complete as the backup tapes took several hours to copy over your virtual disk files. It took a period of 15 days to fully restore services to the organization and several board members are upset about the length of the downtime of several critical services. In conducting a post-mortem review of activities to update procedures in the case that such an event took place again it has been brought up that several small services were restored prior to critical systems. What change should be made to the disaster recovery plan going forward? A. Replace your aging tape backup infrastructure with a faster solution B. Practice the disaster recovery plan more often C. Establish a restoration order based on business value D. Purchase a redundant san system
C. Establish a restoration order based on business value
The day you have dreaded for years has finally come. You have arrived on a Monday morning to find that during the evening on Sunday a cyber event has happened. Your core fileserver and several servers and desktops have been locked up with ransomware. The ransom has been set at 5 bitcoins to get your services back to operational. Your CIO has decided not to pay the ransom and has initiated the disaster recovery and business continuity plan. It is expected to take weeks to get all servers backup and operational. There is also the likelihood that it could happen again if the backdoor isn't closed. While you have been trying to find the root cause of the issue so that you can mitigate the risk of it happening again during the cleanup, you have been approached by several staff members and different area managers asking for updates.The frequent interruptions have made it difficult to manage the event. How could you best prevent this? A. Put up a sign telling people you are busy and to leave you alone B. Put on your headphones and ignore interruptions C. Have a communication plan for disaster/business continuity situations D. Tell all staff asking to call the CIO
C. Have a communication plan for disaster/business continuity situations
The company you work for has several mobile sales representatives that travel the country trying to drum up new business. Recently several members of the sales team were hired by another national company that has been rapidly expanding in a similar line of business. HR has initiated the employee termination process for each of the departing sales representatives. After termination several of the sales representatives sent back two laptops, a tablet, and a phone. Some sent back nothing. You have been asked to ensure all equipment is returned to the organization. You have asked each of the departing sales reps and they have indicated that they returned all company equipment. You unfortunately have no method of verifying that all equipment has been returned, and a competing company has approached your CFO to report that a former employee was trying to sell company secrets. What policy should your organization consider going forward? A. Implement a change control policy B. Implement a non-compete policy C. Implement an asset management policy D. Update the HR policy to include returning company equipment
C. Implement an asset management policy
You work for an oil and gas company as the IT security architect. You are reviewing the systems that are installed at one of your remote sites. The remote site is internet connected and many of the control systems are fed back to the head office for monitoring and control. One of the systems is a pump that is considered mission critical. The pump has been in use since the late 90's and has been out of manufacture support for several years. The pump costs around $5 million to replace. The replacement pump would take several weeks to install causing the company to lose millions more in revenue. The current pump control software runs on Windows NT. The operating system has several known exploits for it in the wild and it is considered a risk to the organizations network to run it. The CIO has asked that you bring any potential risks up for board approval. What type of risk would this be considered? A. Compliance risk B. Quantitative risk C. Legacy system risk D. Residual risk
C. Legacy system risk
Recently your organization has undergone a change at the board of directors and a new work from home initiative has been taken up by your organization. Staff are very excited for the new work from home initiative and many are making plans for how they will integrate a home office into their current living space. The organization currently has an Active Directory server running on-site to handle all authentication. You have been tasked with configuring the VPN so that staff can securely access their information. One of the main concerns that the CIO has is that user passwords are often showing up in passwords dumps on the dark web and he wants to help eliminate that risk. You have put in place a plan to move the Active Directory server to hybrid mode so that you can extend some features of Azure Directory Services. What function might you enable to help ensure that exposed user passwords don't lead to a potential breach? A. Enforce 14-character passwords and require users to change them every 14 days B. Force users to log-on locally to the domain twice per month to change their password C. Multi-factor authentication using a password and SMS or a secure Token D. Use daily static code
C. Multi-factor authentication using a password and SMS or a secure Token
Your SIEM dashboard has just thrown an alert indicating that a domain administrator account has accessed a server. Your security policy only allows this to happen under very certain circumstances, and it should be used sparingly. When this happens, it is your job to investigate it and ensure that the domain administrator account is being used properly and not by a third party. You called the local systems administrator and asked if they are doing any work on the server and they have indicated that they are not. You review the security log in the event viewer on the remote machine and can see that the domain administrator has authenticated using rdp. The application log shows that the IIS service on the machine was restarted. While you are investigating several other alerts start coming in from other servers on your network showing the same pattern of usage. What log should you review to determine the root source of the connections? A. DNS logs B. Authentication logs C. Network logs D. Netflow logs
C. Network logs
Which concept is based on determining how much data an organization can afford to lose? A. MTTR B. RTO C. RPO D. MTBF
C. RPO
A user reports that they have received a message on their computer saying the system was used for illegal activity. Which of the following is MOST likely the cause? A. Botnet B. Armored virus C. Ransomware D. Adware
C. Ransomware
You have installed a new firewall solution that allows for deep packet inspection. The firewall will allow remote VPN users to connect and work from home. The network you are running is currently configured with two subnets and a DMZ. The first subnet contains all production computers, server infrastructure, mobile devices, and industrial control systems. The second subnet contains your VoIP solution and the internal IP security camera solution. The DMZ is housing two web servers and an ftp that clients use to upload information. Operations has reported that one of their industrial control systems keeps faulting because of unknown network traffic. This keeps taking a boiler offline that is used in production and could potentially be a safety issue. What solution best secures the industrial control equipment? A. Update the industrial control system B. Isolate the device disconnecting it from the network C. Segment the industrial control network and use the firewall to filter unwanted traffic D. Purchase a new boiler
C. Segment the industrial control network and use the firewall to filter unwanted traffic
You have been hired by a medium sized business to upgrade their existing enterprise architecture. The company has one main office, and 4 branch office locations. Each site has a mixture of older and newer hardware from multiple vendors. The business has outlined several key factors that they want you to consider when upgrading the network. In addition to cost, the board wants you to ensure that site-to-site communications using encryption and that the architecture is designed to be resilient. What is likely be best place to start to build a plan of action? A. Begin by replacing network equipment first B. Reach out to vendor sales teams C. Site diagrams and documentation D. User interviews
C. Site diagrams and documentation
Your organization has configured a security information and event management solution. The SIEM solution uses a series of log collectors to manage incoming data. These log collectors are configured to be redundant and access to the storage has been limited. You currently have the SIEM solution alerting anytime an admin account logs in locally to a machine. Additionally, alerts are generated for any critical system events, or anytime 3 or more failed login attempts are made to a user account. Your CISO would like to see alerts generated when users operate outside of an established baseline. What type of SIEM analysis should be done to achieve this? A. End user analysis B. System analysis C. Trend analysis D. Sensor analysis
C. Trend analysis
The organization you are working for recently had a server failure during a power outage. This caused several pieces of manufacturing equipment to enter an errored state that had to be manually cleared by the vendor. This outage took several hours to repair and cost the organization several hundred thousand in lost production. In reviewing the issue, you logged the following series of events. The power went out and emergency lighting came on. The generator came online, and the transfer switch moved power over to the generator within 15 seconds. The power then was restored to the building. During this time the servers went down. What system would have prevented the outage from occurring? A. A smart surge protector B. A power conditioner C. An industrial transfer switch with 5 second latency D. An uninterruptable power supply
D. An uninterruptable power supply
You are working at the head office of an organization that runs multiple retail outlets. Your department has recently moved to a serverless based architecture model. The software team has re-deployed the main inventory management and point of sale software as microservices running in the cloud. The roll-out of the project has been a tremendous success. Recently during a maintenance window, it was noticed that several IT support staff had made changes to cloud-based instances through daily support of the architecture. These changes had inadvertently caused the software system to use double the compute resources than would typically be needed. This has cost the organization more money than anticipated. The IT support staff should not be making any changes to the underlying architecture. This type of change should go through the internal change management process. You have been tasked with restricting what IT support can do within the cloud-based environment. How might you best accomplish this task? A. Configure a security information and event management suite and monitor IT support staff closely B. Enforce identity based policies on the transit gateway disallowing IT support staff C. M
D. Assign resource-based policies that limit the access of IT support staff
Recently your organization was hit with a data breach that affected multiple customers. The data was found publicly on the dark web by law enforcement and reported directly to the board of directors. Your systems folks have verified through several red team and blue team exercises along with a third-party audit that the data breach must have been conducted by an internal party to the organization. The external audit believes that the data came from your internal accounting software as the data tables match internal reporting from that application. In investigating the internal application, you have discovered that it is using SSO with your internal directory service. However, the accounting department has two shared user accounts configured in the directory using an easily guessable password. The application can configure multi-factor authentication using SSO and a third-party authentication application that sends a one-time code through a push notification. You also noticed that user activity is not being monitored or logged internally. The logging feature was turned off during the installation to help save space on the SQL server. What framework should you consider implementing to en
D. Authentication, Authorization, and Accounting
Recently a staff member was terminated from your organization. HR did their job under the IT security policy and let IT staff know within 15 minutes of the termination. All user accounts and access internally has been disabled for the user and a backup of their system has been taken. Their mobile device has been wiped of organizational data and the user's VPN access has been shut off. Over the course of the next month, several users within that staff member's department have reported that there have been unwanted purchases being made using online services. A recent delivery of 2000 pounds of dogfood from Amazon highlighted that the shared account may have been breached. You suspect that the recently departed staff member has been using shared account to access third-party services and purchase unwanted items for the company. When you ask around no one knows exactly what shared accounts are out there or what might have been shared with the recently departed employee. What solution might you incorporate to ensure that shared passwords are tracked? A. Use Kerberos authentication B. Use role-based access controls C. Update policy to disallow shared accounts D. Configure a company passwo
D. Configure a company password vault
You have recently joined a new company in the role of a systems analyst. The company hosts several custom web facing applications for clients throughout the USA. You have been asked to take on a project to help harden the websites against possible intrusion. One of the websites runs a legacy application. This application is still in use by two customers. They access the website to place orders for new product. The website is hosted in the company DMZ, and the next-gen firewall traffic shows many SQL injection attempts against the website. You want to harden this server first. What option would best secure the website against attack? A. Discontinue offering the service B. Install an intrusion detection system on the server C. Move the website to the cloud and enable cloud-based security D. Configure an access control list and only allow connections from customer IP addresses
D. Configure an access control list and only allow connections from customer IP addresses
Recently the company you are working for has acquired a small development firm. As part of the acquisition, you have been asked to update their development practices to ensure they are adhering to the OWASP Application Security Verification Standard. The small development firm is running a git repository and managing it through a third-party communications platform. The development manager has integrated Agile development methods and the team practices continuous delivery and continuous deployments. During the morning standup meeting you have noticed that the team spends a good deal of time discussing bugs and issues that have made it through to their production environment. Several of these issues are re-occurring bugs that have come up previously but seem to be making it through the manual QA process. To ensure that the development team is adhering to security best practices and delivering fewer bugs to production, what might you want to consider implementing? A. Scheduled deployments B. Kaizen quality assurance C. Live code review D.Continuous Validation
D. Continuous Validation
You have arrived to work to find an alert email in your inbox from the previous night after hours. The alert indicates that a trojan was found and quarantined on a local user pc. The alert shows the time of the event, the website it was found on, and the variant of the trojan that was found. In reviewing the event you notice that the employee was searching for software that could be used to crack a piece of software that the user had installed on his machine. When discussing with the user, they have indicated that they were working on a project under a crunch and the license they had expired. The user said that they had no choice but to look for the crack and have been apologetic about the incident. You have educated the user about the situation, so it won't happen again. How might you have prevented the incident altogether? A. Disable quarantine and have the file deleted B. Update the user's endpoint security solution C. Configure login hours D. Implement a content filter
D. Implement a content filter
You work for a company that has recently been the victim of a virus attack. The virus was quickly detected when it tried to replicate to your server infrastructure, but it was able to infect several user computers. The local antivirus on the machine can detect the virus, but it was not able to stop it from infecting the local machines. The virus was initially downloaded by a staff member that was looking for a way to download YouTube clips. The website that the user used to download the unapproved application was infected with a virus. The user's machine executed the code on the website as it was loaded and became infected. The virus then attached itself to the user's saved documents on a network share and those documents were opened on other computers. A file-based scan picked up the virus activity on the file server almost immediately, but the damage has been done. The CIO for the company is concerned about how easily this outbreak happened and wants to change antivirus vendors. What antivirus feature would best prevent this outbreak in the future? A. Secure cookies B. Host-based firewall C. Input validation D. Sandboxing
D. Sandboxing
You are a member of the security forensics team for a financial organization using machine learning to analyze trading. What aspect of machine learning are you particularly vulnerable to as an attack? A. Potentially unwanted programs (PUPs) B. Adversarial artificial intelligence (AI) C. Security of machine learning algorithms D. Tainted training data for machine learning (ML)
D. Tainted training data for machine learning (ML)
The organization you work for has implemented a new security policy that governs the use and access of data at a much stricter level than before. The organization is requiring that a classification system be put in place that classifies data as public, private, sensitive, and confidential. Users have been trained internally on how to assign appropriate metadata to files to ensure classification is maintained. The security policy also requires that the data is secure and encrypted at rest. This includes any financial information that is contained within the internal database systems. These systems already have the values hashed in the database, but drive encryption is not turned on. Who in the organization would typically be responsible for implementing the security controls to protect the data? A. The data processor B. The data owner C. The data user D. The data custodian
D. The data custodian
What is a Type I error in a biometric system? A. The rate at which FRR equals FAR B. The percentage of invalid subjects that the system falsely accepts C. The rate at which the system scans and authenticates subjects D. The percentage of subjects that the system falsely rejects
D. The percentage of subjects that the system falsely rejects
You have recently started a position as a security architect for a local managed service provider. The managed service provider specializes in off-premises solutions. You have been given your first project to work on. This project is for a small manufacturing company looking to modernize their internal software and systems. The company has an internal web-based application and a small development team. The application runs all manufacturing equipment. The application uses several micro-services that are currently deployed within an on-premises virtual environment. The local operator machines are currently running Windows 7 and utilize a shared account for access. Several of the operator machines have uncontrolled software installed on them. The operator systems should only run the web-based application and have no need for local storage. The company has stressed that they would like to ideally upgrade the old operator workstations to a supported operating system. They want ease of management, and a method to help control against uncontrolled software being installed on them. What solution might you recommend achieving this goal? A. Move the web-based application to a serverless arc
D. Thin-clients with a centralized management platform
You are an IT administrator for a large financial institution. You wish to ensure that threats are discovered as soon as possible. You install a Security Information and event management (SIEM) system to aid this process. What aspect of this system will best help you discover theft of data by users illegally copying corporate files? A. Sentiment analysis B. packet capture C. log collectors D. User behavior analysis
D. User behavior analysis
You are a member of the security forensics team reviewing an attack on your organization. In the latest attack users could not login using their RFID badges at security. There was a huge backlog waiting to get in and security had to check IDs manually. It was determined that a person slipped past security at this time and gained access to an unattended system. What type of network attack has your organization most likely suffered? A. DNS domain reputation B. Malicious code execution C. Distributed denial-of-service (DDoS) D. Wireless DoS
D. Wireless DoS
You have been hired by a small organization to conduct a security audit of their network and server infrastructure. You have run a ping sweep of their subnet and a port scan using an IP scanner. You have run dnsenum on their DNS server, and enum4linux against the domain controller. At this point you are confident that you have an accurate map of their network and know what servers and infrastructure lie where. The company has asked that you provide them a list of all potential vulnerabilities on their network. What tool would you use to meet this requirement? A. NMAP B. Winscp C. Wireshark D.Nessus
D.Nessus