Cybersecurity

The project has been ongoing and has been developed in sprints using the Agile methodology. The current product backlog has several hundred items in it ranging from minor tweaks in the UI to major overhauls of key system functionality. In speaking with one of your senior developers they have been very keen to fill you in on the best practices they have been using in development. The team has been using the principle of least privilege and have been practicing live code reviews. What would be the best recommendation you could make to the development team at this time?

A. Adopt the CIS control set internally

You work for the company that received the contract to do the wireless installation across the northeast. You will be installing dedicated access points for every 4 rooms that will use WPA2 for security. The hotel chain wants to ensure that only gold elite status members can access the free wi-fi. Non gold elite status members will be forced to pay $4.99 for the privilege to use the network.What wireless configuration would best meet these requirements?

A. Configure a captive portal that gives the option to login or pay for the service

You have recently joined a new company in the role of a systems analyst. The company hosts several custom web facing applications for clients throughout the USA. You have been asked to take on a project to help harden the websites against possible intrusion.One of the websites runs a legacy application. This application is still in use by two customers. They access the website to place orders for new product. The website is hosted in the company DMZ, and the next-gen firewall traffic shows many SQL injection attempts against the website. You want to harden this server first.What option would best secure the website against attack?

A. Configure an access control list and only allow connections from customer IP addresses

Currently you have the computer configured using a shared account. The shared account is setup so that multiple operators can come and go during the run of the day without disrupting the machine. Your security policy has recently been updated to remove the use of shared credentials and force users to login as themselves. This will help enforce password complexity, password history, and auditing. You need to replace the shared account.What account configuration would you recommend be used?

A. Configure the software to run using service account and have it running on boot

Recently the company you are working for has acquired a small development firm. As part of the acquisition, you have been asked to update their development practices to ensure they are adhering to the OWASP Application Security Verification Standard.The small development firm is running a git repository and managing it through a third-party communications platform. The development manager has integrated. During the morning standup meeting you have noticed that the team spends a good deal of time discussing bugs and issues that have made it through to their production environment. Several of these issues are re-occurring bugs that have come up previously but seem to be making it through the manual QA process.To ensure that the development team is adhering to security best practices and delivering fewer bugs to production, what might you want to consider implementing?

A. Continuous Validation

You are a member of the security team for a future online social media platform. You have decided to outsource many elements of the software as much as possible.Due to the nature of your software what third-party related security risk should be your top priority?

A. Control and access to stored data

You are a member of the security forensics team reviewing an attack on your organization.In the latest attack your storage server stopped responding to requests by a virtualization service to create new containers on the fastest available disk.What type of application attack has your organization most likely suffered?

A. Driver manipulation

You are working for a mining company that operates several remote sites throughout the world. These remote sites are often difficult to get to in a timely fashion and the equipment on-site is considered mission critical. After a recent malware attack against the industrial controls systems at a remote mining camp took operations offline for several weeks, the organization has created a new IT security division and assigned you the task of securing operations.In reviewing systems, you have found several challenges. Additionally, these remote sites have inadequate network resources to do any active monitoring of the devices.In reviewing these constraints, what solution might you recommend for these remote mining sites?

A. During the next maintenance cycle, move the operational controllers to an isolated network and only allow local interface through a laptop

Recently your team had to respond to a critical SAN failure that led to the loss of all running servers within your data center. To facilitate the restoration of services you had to restore backups from offsite tapes onto a new SAN that took 72 hours to arrive. The restoration process for each virtual machine that was lost took several hours to complete as the backup tapes took several hours to copy over your virtual disk files. It took a period of 15 days to fully restore services to the organization and several board members are upset about the length of the downtime of several critical services.In conducting a post-mortem review of activities to update procedures in the case that such an event took place again it has been brought up that several small services were restored prior to critical systems.What change should be made to the disaster recovery plan going forward?

A. Establish a restoration order based on business value

Recently during a disastrous patch Tuesday, several key systems were taken offline for an extended period. The operating system patches had known compatibility issues with your antivirus software that caused your servers to no longer see the boot sector of the drive. This update requires you to restore all servers from backup. Operationally you have introduced a procedure for testing updates prior to implementation.This is not the first major issue that has happened in the environment lately. A recent configuration change to a firewall knocked a branch office offline for two days as they couldn't get the site-to-site VPN connection to reconnect. The CIO wants to implement a managerial control help ensure that these issues stop popping up.What managerial control would best be suited to help reduce these issues from happening?

A. Formalize a change control review process

Your organization has recently undergone a change at the board of directors. One of the incoming directors has cyber security experience and is really pushing that the organization move to utilizing a standards-based approach to security controls.You are putting together a list of security controls the organization currently has in place. You are using the CIS controls list as it pertains to a medium sized organization. Many of these security controls are in use currently, but some are on the IT roadmap for the next year. In reviewing your work, the board of directors has sent you back to come up with a standards-based approach.Where could you find a list of security controls that would allow you to take a standards-based approach?

A. ISO 27002

You are attending a concert for a local band. You wish to purchase some merchandise from a vender. The vender accepts cash, but also accepts credit cards. If you use your credit card, which of the following attacks should you be concerned with? (Choose two.)

A. NFC B. Replay Attack

During an active incident you have data to acquire from the machine hard drives, the active RAM, the log files and the USB device suspected to have brought the malicious payload inside the network. You decide to capture the RAM first based on what procedural principle?

A. Order of volatility

Your organization works with local Governments to provide taxation accounting services. The organization doesn't house any PII, but it does hold data that would be considered sensitive for each local Government. Recently the organization has had an email breach that may have led to the disclose of some of this sensitive client information.Under the law of the jurisdiction you are in, you are required to notify any parties that are subject to a potential breach directly in the case that one has occurred. The disclosure should include the information that may have potentially been breached. The CEO is worried that customers might not want to do business with the organization any longer.What kind of organizational consequence is the CEO concerned about?

A. Reputational damage

You are a member of the security team for a municipal electric utility. You have discovered that false negatives are relatively easy to create in your threat hunting penetration testing.What actions could you perform in order to best reduce the number of false negatives in your organization?

A. Require credentialed access

The virus was initially downloaded by a staff member that was looking for a way to download YouTube clips. The website that the user used to download the unapproved application was infected with a virus. The user's machine executed the code on the website as it was loaded and became infected. The virus then attached itself to the user's saved documents on a network share and those documents were opened on other computers. A file-based scan picked up the virus activity on the file server almost immediately, but the damage has been done. The CIO for the company is concerned about how easily this outbreak happened and wants to change antivirus vendors.What antivirus feature would best prevent this outbreak in the future?

A. Sandboxing

You are a member of the security team establishing the protocols and policies for a financial institution.You have ensured that employees are using password management software that creates complex passwords and that they are changed on a regular basis. You also ensure that multifactor authentication is in place within your organization using text verification.What type of attack are you still most vulnerable to when it comes to compromised credentials?

A. Spraying

You are a member of the security team for a mining operation. Your IoT devices monitor and manage many automated processes.You are concerned about unauthorized access being used in an attempt to create availability loss.What are the two most likely vectors for an advanced persistent threat (APT) against your organization?

A. Supply Chain C. Removable Media

You are a member of the security forensics team reviewing an attack on your organization.In the latest attack software you purchased for asset management has been revealed to be a distribution point for a known command and control software.What type of attack has your organization most likely suffered?

A. Supply-chain

You are a member of the IT team for a large investment firm. You have been asked to urgently investigate whether malicious code from a new malware campaign is running on executive desktops in your organization.What research source would best aid you in discovering this quickly?

A. TTP

The security policy also requires that the data is secure and encrypted at rest. This includes any financial information that is contained within the internal database systems. These systems already have the values hashed in the database, but drive encryption is not turned on.Who in the organization would typically be responsible for implementing the security controls to protect the data?

A. The data custodian

The company has an internal web-based application and a small development team. The application runs all manufacturing equipment. The application uses several micro-services that are currently deployed within an on-premises virtual environment. The local operator machines are currently running Windows 7 and utilize a shared account for access. Several of the operator machines have uncontrolled software installed on them. The operator systems should only run the web-based application and have no need for local storage.The company has stressed that they would like to ideally upgrade the old operator workstations to a supported operating system. They want ease of management, and a method to help control against uncontrolled software being installed on them.What solution might you recommend achieving this goal?

A. Thin-clients with a centralized management platform

Which non-persistent solution provides a fresh complete operating system environment with applications?

A. Use live boot media

You are an IT administrator for a large financial institution. You wish to ensure that threats are discovered as soon as possible. You install a Security Information and event management (SIEM) system to aid this process.What aspect of this system will best help you discover theft of data by users illegally copying corporate files?

A. User behavior analysis

You work for an organization that has several business units. Each business unit has specific requirements for access to servers and network infrastructure. Recently you attended a conference and the presenter spoke about zero-trust architecture. You found it fascinating and thought it might be applicable to your business.In reviewing zero-trust architecture with your network administrator, he brought to your attention that the organization currently has a flat network. He also pointed out that it would require significant time and effort to configure and maintain zero trust architecture and that the organization does not have that kind of budget. You have decided with the network administrator that something needed to be setup that would limit the visibility of computers and network assets to just those in certain business roles.What technical solution might you implement to achieve this?

A. VLANs for each business unit

The chain of custody record was updated when the item was received into inventory and you updated the chain of custody tag when you opened the secure storage. You took a backup of the disk using DD and ran the image through Autopsy. Returned it to the secure storage and updated the chain of custody tag. At this point you got stuck in your investigation as you have been unable to find anything that was tagged in autopsy as being potentially relevant. You spent hours reviewing the data with no luck. You feel like all you need is a hint or a push in the right direction to find what you are looking for.What digital forensics tool can you use to possibly get that hint?

A. View event logs on the hard disk

You are a member of the security forensics team reviewing an attack on your organization.In the latest attack users could not login using their RFID badges at security. There was a huge backlog waiting to get in and security had to check IDs manually. It was determined that a person slipped past security at this time and gained access to an unattended system.What type of network attack has your organization most likely suffered?

A. Wireless DoS

You are a member of the security forensics team for a financial organization using machine learning to analyze trading.What aspect of machine learning are you particularly vulnerable to as an attack?

A. Adversarial artificial intelligence (AI)

You have been brought in to handle the clean-up. You were able to restore from backup very easily and bring all servers back online. Local computers did lose some settings, but thanks to a OneDrive integration, you were able to restore all users documents to their pcs easily. The response to the incident took several weeks to complete, but overall, everyone is happy with how the security event was handled. Your organization is looking to update some hardware and software to prevent this specific scenario from happening again.What technical solution would you recommend be implemented?

B. A web application firewall configured as a forward proxy for all web traffic

An online retailer recently had a PCI compliance audit come back making several recommendations for changes to physical security at the head office. The retailer has a closed-circuit television monitoring system with cameras with motion detection sensors. The retailer also employs a full-time receptionist that maintains a visitor access log. During the evening, a security guard is employed that responds to noise alerts in the building triggered by noise detection sensors. What physical security control would you suggest being used to help meet this requirement?

B. An access control vestibule or mantrap be installed

You are on the security team for a large cloud-based software based company.One of your biggest regular security concerns is that the code could be exploited and infiltrated and data leakage of customer information could be recovered by threat actors.What penetration testing technique could best help mitigate this issue?

B. Bug bounty

Over the course of the next month, several users within that staff member's department have reported that there have been unwanted purchases being made using online services. A recent delivery of 2000 pounds of dogfood from Amazon highlighted that the shared account may have been breached. You suspect that the recently departed staff member has been using shared account to access third-party services and purchase unwanted items for the company. When you ask around no one knows exactly what shared accounts are out there or what might have been shared with the recently departed employee.What solution might you incorporate to ensure that shared passwords are tracked?

B. Configure a company password vault

After a recent network breach, your organization has made significant changes to the user account policy. This included implementing password complexity and disabling guest access to the network. User accounts have been configured to login only during business hours. The local firewall has been replaced with a next-gen security appliance and a security information and event management suite has been setup.Your organization has made significant strides in protecting the network in a short time period. After the implementation, in conducting the weekly audit of network access, your IT security team have notified you that they are seeing significant penetration attempts late at night from another country. You want to limit this as much as possible.What solution might you implement to decrease the attack surface of your network?

B. Configure geolocation and block access from other countries

You are a member of the security forensics team reviewing an attack on your organization.In the latest attack users attempted to logon to the corporate intranet but found they had to put in their credentials twice. It was discovered that the first entry was being registered at a different IP address and then the second successful logon was at the correct portal IP.What type of network attack has your organization most likely suffered?

B. DNS URL redirection

The company you work for has just replaced all their IT equipment with new products. The IT refresh was long overdue and has been implemented seamlessly by the IT team. The project was managed well and came in on budget.During the annual review of the disaster recovery plan, you noticed that several technical details referenced systems that were outdated. During the review you have made a note that the Disaster recovery plan should be updated to include new systems and services. Updating the policy going forward should become a function of change management internally. In reviewing this you realize that little documentation was updated during the IT refresh.In addition to updating the disaster recover plan, what is another document should you update?

B. Functional recovery plan

You are a member of the security team for a financial institution. You are educating your team on some of the common types of social engineering techniques that might be used by threat actors against the company.You have educated your company's users to watch for grammatical mistakes and email addresses coming from domains that are not owned by legitimate companies.What two types of social engineering will these techniques be most effective against?

B. Identity fraud D. Credential harvesting

You have arrived to work to find an alert email in your inbox from the previous night after hours. The alert indicates that a trojan was found and quarantined on a local user pc. The alert shows the time of the event, the website it was found on, and the variant of the trojan that was found.In reviewing the event you notice that the employee was searching for software that could be used to crack a piece of software that the user had installed on his machine. When discussing with the user, they have indicated that they were working on a project under a crunch and the license they had expired. The user said that they had no choice but to look for the crack and have been apologetic about the incident. You have educated the user about the situation, so it won't happen again.How might you have prevented the incident altogether?

B. Implement a content filter

The organization currently has an Active Directory server running on-site to handle all authentication. You have been tasked with configuring the VPN so that staff can securely access their information. One of the main concerns that the CIO has is that user passwords are often showing up in passwords dumps on the dark web and he wants to help eliminate that risk. You have put in place a plan to move the Active Directory server to hybrid mode so that you can extend some features of Azure Directory Services.What function might you enable to help ensure that exposed user passwords don't lead to a potential breach?

B. Multi-factor authentication using a password and SMS or a secure Token

You are on the security team for a large corporation. You are developing a security penetration testing exercise in order to discover weaknesses in your enterprise infrastructure.You have decided to create a team that will be challenging the plans, policies, and procedures of the company and performing penetration tests, ethical hacking, and social engineering.What type of security exercise team would best suit your needs?

B. Red-Team

You are a member of the security forensics team reviewing an attack on your organization.In the latest attack a threat actor was let into the backend server supporting a public facing web application.What type of application attack has your organization most likely suffered?

B. Server side request forgery

Preventing password crackers from accessing your password database is a key part of system security. What are some safeguards you can implement to mitigate password crackers? (Choose three.)

B. Setting a maximum number of login attempts D. Salting passwords E. Enforcing rules for creating strong passwords

A large retail organization has taken on a new project to update their enterprise resource planning software so that they can manage their supply chain on a national level. They want to implement a system that will allow them to track every item through the supply chain. The project sponsor wants to avoid having significant user overhead as the supply chain handles millions of transactions between their warehouses, vendors, and stores daily.To meet the needs the organization is willing to invest significant human resources and capital into the project. The new system must allow for each item in the supply chain to be tracked and audited at any time. It must also allow for vendors to conduct lookups of their supplies to verify their own sales numbers and ensure that they can meet supply demands for the retailer.What technical solution would best meet these requirements?

B. Use a distributed ledger and blockchain to record changes within the supply chain

You are a recent graduate from a server administration program at a local community college. Thankfully after a short search you have found an entry level position doing server installations for a financial firm. This financial firm spins up virtual machines for clients daily so that they can run analytics on daily transactions in the market.You have been assigned the task of reviewing all the server configurations to ensure that they are meeting security requirements. You start doing this manually, but it takes you hours to complete each individual server. You want to find a quicker way to conduct this audit so that you can impress your new boss and take on further responsibility.What might you do in order to accomplish this task faster?

B. Use security benchmarks provided by the operating system vendor

You are working for a security research firm that specializes in malware analysis. A new form of ransomware has been detected in the wild. This new form takes advantage of a zero-day exploit in a leading security gateway company to gain a foothold and then conducts local attacks through a remote command session.You intentionally infected a vulnerable security gateway with this malware and are dumping live data from the device through a promiscuous network port. You are capturing traffic on both sides of the security gateway and you want to find out how the command and control is functioning remotely.What tool would you use to analyse the captured network traffic?

B. Wireshark

An industrial control company has recently had a major vulnerability that has made their private key cryptographic methods easy to crack with any modern video card. This vulnerability has exposed sensitive communications between devices across many industrial settings that are considered critical infrastructure.The organization has significant limitations within the processing power that exists on the current controllers. The controllers still fall within the support lifecycle from the industrial control company, and they must find an alternate method of encrypting traffic that is secure without introducing significant computation overhead.What cryptographic solutions might the industrial control company want to consider?

C. A lightweight cryptographic stream cipher like Trivium

Recently a university has cracked a previously uncrackable encryption algorithm using quantum computing in a matter of seconds. This breakthrough in quantum computing has significant implications within the cyber security community. While a tremendous technical achievement, it has raised concerns about secure communications within military and different intelligence organizations.Your organization sells equipment to the military, and they have asked that you switch your encryption algorithm as they reviewed your IT security policy and deemed it to be easily cracked.What type of encryption algorithm should you investigate using?

C. A post-quantum encryption algorithm

In managing the project, a risk register has been completed. One of the risks associated with the project is that the reporting service could create deadlocks on the database taking it down for other services that clients are using. The likelihood of the risk occurring has been put at medium, and the impact of the risk has been estimated to cost around $50,000 per occurrence. The cost to mitigate the risk by installing a new database server is $250,000 and installing a new database server comes with additional uncalculated risks. The company culture is to take risks in order to increase the bottom line for each quarter.What should you do as the project manager in this situation?

C. Accept the risk and monitor the situation

In investigating the internal application, you have discovered that it is using SSO with your internal directory service. However, the accounting department has two shared user accounts configured in the directory using an easily guessable password. The application can configure multi-factor authentication using SSO and a third-party authentication application that sends a one-time code through a push notification. You also noticed that user activity is not being monitored or logged internally. The logging feature was turned off during the installation to help save space on the SQL server.What framework should you consider implementing to ensure that the internal actor can be caught in the future?

C. Audit logging

You ask the administrator if anything has changed on the machine since the user left. He mentions that it may have done a Windows update. You take the disk from the computer and take an image of it using DD. The image is then loaded into Autopsy and scanned for deleted files. You don't find any file artifacts using autopsy that would be of interest.Why would you use an image and not the drive to conduct your investigation?

C. Avoid accidentally writing to the drive could overwrite deleted files

You need to perform a risk assessment to determine the risk impact on your organization's IT infrastructure. What should you perform?

C. BIA

The shopping center in your town has free Wi-Fi access. Each time you try to use the Wi-Fi, you are first redirected to a web page where you need to agree to certain rules. Which technology is being described?

C. Captive portal

You are a member of the security team for a municipal electric utility. You are performing threat hunting in order to determine if you have any compromised systems. You are adopting a holistic approach that uses information from multiple sources to feed your SIEM. You receive an SIEM alert indicating a resource has a CVSS score of 9.What provides the basis of this score?

C. Common Vulnerabilities and Exposures

You have put together a plan that helps protect customer data and hardens the network to protect against future attacks. The plan includes using an SSL VPN for remote access, using network segmentation and subnetting for each business function, using an appliance that conducts deep packet inspection, and running an updated antivirus platform across all systems in the organization. You want to make sure that any future ransomware attacks against the organization do as little damage as possible.What is one way you might accomplish this?

C. Design your user access rights based on the principle of least privilege

A large corporate client has hired you to install new wireless access points at their head office. Their current configuration runs older hardware that supports WPA2 authentication. They want to move to a faster access point that will support WPA3 authentication.In reviewing the requirements, the customer has mentioned that they want to be as secure as possible with this installation. While they trust that WPA3 authentication is going to be secure, they want to limit the access that individuals have to the wireless network externally.What configuration would you recommend to the customer?

C. Disable access point advertisement

One of the main security flaws in the company's applications is data exposure. Developers from your company are working on a solution. To combat this problem which solution should be used?

C. Encapsulation

After a long weekend, staff arrived on a Tuesday morning to find that many computers within the organization had been stolen from the office. Many of these computers contained sensitive customer information and were not encrypted at rest. In reviewing the CCTV security camera footage, a box truck pulled up to the building late Saturday evening, and three individuals entered the building through force and physically stole several computers.The footage has been handed over to law enforcement, and many of the computers replaced. In conducting a post-mortem, the board has asked for recommendations to upgrade physical security so that this does not happen again. The organization already has a good CCTV system, and magnetic locks with access cards installed on the doors.What recommendation would you make that would improve physical security the most?

C. Hire security guards to provide 24x7 coverage

Your company is developing a new application that will modernize how your organizations customers interact with the business. Customers used to place orders and would wait for the product to arrive at their location. The new software will allow them to peer into production as see where their product is at. This will allow customers to better project how long before items are delivered.You are managing a small development team. The team is using secure coding practices and live code review to ensure that bugs are not being introduced into the final product. The CISO has made it clear he wants to limit the impact of any SQL injection attempt. To achieve this, you have implemented input validation and installed a next-gen firewall that does deep packet inspection.What other configuration item would you want to implement to lesson the impact of a SQL injection?

C. Implement a host-based intrusion detection system on the SQL server

You called the local systems administrator and asked if they are doing any work on the server and they have indicated that they are not. You review the security log in the event viewer on the remote machine and can see that the domain administrator has authenticated using rdp. The application log shows that the IIS service on the machine was restarted. While you are investigating several other alerts start coming in from other servers on your network showing the same pattern of usage.What log should you review to determine the root source of the connections?

C. Netflow logs

In response to an incident you capture a system image of the affected system, plan a review of network traffic and logs, capture video of the incident, record time offset, take hashes and screenshots, and schedule witness interviews. These are all examples of what?

C. Preservation

Sales representatives from a large US based company need access to secure resources at headquarters while out in the field. Which technology will BEST meet the needs of the sales representatives?

C. Remote-access VPN

You recently have joined a small start-up in the fintech industry. Your organization is developing an AI that can help high frequency traders maximize their investments. You already have VC backing and a few paying customers. The application is running microservices in containers on a cloud-based service to help ensure availability.The containers are configured to dynamically allocate resources depending upon their usage. They run in their own virtual subnet that you have a virtual private cloud endpoint to for troubleshooting. One of your clients recently mentioned in passing that a competing company they were using had their system hacked because of a vulnerability in one of their containers that allowed hackers to gain access to the full containerized environment. You are using a very similar method of container management.What solution might you implement to protect the environment?

C. Run containers as non-root and disallow containers from acquiring new privileges

The newly hired CIO within the small organization is looking for a method of transferring files between the Government and the company. These files will need to be encrypted in transit and at rest. The information being transferred will contain personally identifiable information and needs to be treated internally with the highest level of data security.What is the best file transfer method for the small organization to implement?

C. SFTP

A company running Azure directory services has several internally built applications that they use to conduct daily business. They have a customized CRM, an inventory management suite, a custom ERP, and several other web-based applications the development team has made to make life easier within the business.In conducting a user audit of these services, you have noticed that several users are frequently resetting their passwords and others are using shared accounts on several of the systems. The IT security policy does not allow for the use of shared accounts and the number of password reset being conducted is taking significant time away from daily operations. You have been tasked with fixing this in the most secure way possible.What technology might you implement to help users manage authentication better?

C. Single sign on

The board of directors at your company has recently updated the information security policy for your organization. The new policy requires that all data is encrypted at rest. Your desktop machines are older and running Windows 7. Many of the machines in your organization meet the minimum system requirements for Windows 10, and to save money you have decided to purchase licenses and update those computers.The Active Directory server has been encrypted and updated. With that update you have installed the administrative templates for Windows 10 to support enforcing BitLocker through group policy. When the group policy was pushed out, several of the older computers did not encrypt their drives.What might have caused those computers not to be able to encrypt their hard drives?

C. The computers did not have a TPM

Your organization has configured a security information and event management solution. The SIEM solution uses a series of log collectors to manage incoming data. These log collectors are configured to be redundant and access to the storage has been limited.You currently have the SIEM solution alerting anytime an admin account logs in locally to a machine. Additionally, alerts are generated for any critical system events, or anytime 3 or more failed login attempts are made to a user account. Your CISO would like to see alerts generated when users operate outside of an established baseline.What type of SIEM analysis should be done to achieve this?

C. Trend analysis

Your company has recently moved some of your server infrastructure to the cloud. This was done to extend some of the benefits of using the cloud to your enterprise sales portal. Users were complaining that the service only worked well when they were in the region, and when oversees it often struggled to keep a connection. By using the cloud, you have been able to use a geographic distribution model that ensures the portal is served from a closer location.When you moved the portal to the cloud, you configured container security for both the front end and back end. One of the challenges is that your organization loses visibility over network connectivity once the service is made cloud based.What would best increase visibility over the cloud-based network?

C. Use zero-trust architecture and segment each container

Recently your organization has implemented a smart warehousing system. The system using IoT sensors and Arduinos to track pallets through the warehouse. The system is integrated with the enterprise resource planning software and is used to facilitate the replacement of stock in inventory using just-in-time delivery.The system was provided by the manufacturer and installed by a third-party company using the default settings. The system works well, but recently news of a breach at a facility running the same system become national headlines as it cost the organization millions in lost revenue. You have been tasked with securing these devices. Your first course of action was to change the default passwords to something more secure and apply recent software patches from the vendor.What is another configuration item might you want to consider?

Changing the devices to an encrypted communications protocol

The CISO for your organization Is very happy with the IT security posture of the organization. The service has been launched with great user adoption rates. Recently though the company made headlines when it was discovered that some of the media being openly shared on the internet contained hate language. This was problematic for the company's reputation and not something that the board takes lightly. The website has a privacy notice letting customers know that cookies and information may be tracked on the site. However, in reviewing with the legal team the site could potentially face lawsuits if they took down the unwanted content.What type of notice should the company provide to users?

D. A term of agreement/service with a requirement that it be accepted for continued access to the website

During the most recent change review meeting, the discussion came up regarding a vulnerability to a frequently used piece of software. Several workarounds were discussed as a potential solution, but all required changes to infrastructure that would cause downtime in other areas of the business. One of the solutions put forward was to disallow the use of the software until a patch is released. The vendor has indicated that it will be several weeks before a patch is released.You have been asked to disallow the application. How might you achieve this?

D. Add the application to the block list in the endpoint security solution

In reviewing the issue, you logged the following series of events. The power went out and emergency lighting came on. The generator came online, and the transfer switch moved power over to the generator within 15 seconds. The power then was restored to the building. During this time the servers went down.What system would have prevented the outage from occurring?

D. An uninterruptable power supply

You have been brought into a company that recently experienced a data breach of their customer data. The company had been using an MSP but has decided to create their own internal IT department after the breach. The MSP blamed an email that came from a bad actor for the breach and had done a cleanup on the local machine prior to handing operations over to you.You have reviewed all equipment and systems within the organization and have created a patch management strategy to help keep systems up to date. In doing so you have found several older systems and noticed that much of your network infrastructure looks dated. You have contacted the vendor for support, but they have indicated that these items were purchased without a service contract.What information should you look for to determine if these systems are maintainable?

D. Check the model end of service life

You are a member of the IT team for an online service portal. A security analysis is going to be performed on your web applications and you want to make sure that there are no alerts due to things that can be changed without reconfiguring the web apps themselves.What action has the least risk of breaking any web services?

D. Closing unused open ports and services

Your organization is required to consolidate single-sign on and authorization by extending enterprise security policies to the cloud. What should be used?

D. Cloud access security brokers

Your company has recently switched to a bring your own device policy. This was done to improve user adoption of mobile devices within the office. Many staff had spent time complaining that the chosen device was not running the operating system they wanted to use.As part of the BYOD policy, you will need to be able to setup a corporate VPN on the devices and allow access to the internal company SharePoint site. You want to make sure that if a device goes missing or an employee is terminated that you can remove the corporate data from the device through a remote wipe.What technical solution would accomplish this?

D. Configure a mobile device management suite and enroll the mobile devices

The parent organization utilizes a server-less architecture that utilizes edge computing to ensure the best service is provided to each branch office. The smaller organization has an on-premises infrastructure using directory services in a virtualized environment. The movement of the smaller organization to the cloud will require planning and implementation over several months' timeframe. The board wants the small organization integrated immediately so their IT security team can gain visibility over their systems and the architecture team can start moving servers to the cloud.What would best give the parent company access to their systems to move them into the cloud?

D. Create a transit gateway to connect the on-premises network to the cloud.

You are conducting a security audit for a small construction company. The company has several servers running Linux that run internal web applications that are used for bid estimation. The network administrator is taking over for an employee that has retired. The retired individual was notorious for keeping information stored in his head, and not writing anything down.The new network admin wants to verify that the configuration of the webserver is secure. You have run a scan using sn1per and have found a few patchable vulnerabilities. You have terminal access to the server, and you want to now verify that the retired administrator didn't store any user credentials on the local machine.What Linux tool might you use to do this?

D. Grep

A network administrator recently had an internal security audit completed to ensure that the network configuration met the requirements outlined within the corporate security policy. The audit found several issues with the internal configuration.The audit returned showing that passwords in router and switch configuration files were shared across several devices and not encrypted within the stored backup. The audit also found that username and passwords transferred to a local web application were being transferred in plain text. The application itself is old, but it is important that users are unable to login as other users or see the traffic to the website.What technology would make it impossible to see plain text information being sent via HTTP requests?

D. HTTPS

The day you have dreaded for years has finally come. You have arrived on a Monday morning to find that during the evening on Sunday a cyber event has happened. Your core fileserver and several servers and desktops have been locked up with ransomware. The ransom has been set at 5 bitcoins to get your services back to operational.Your CIO has decided not to pay the ransom and has initiated the disaster recovery and business continuity plan. It is expected to take weeks to get all servers backup and operational. The frequent interruptions have made it difficult to manage the event. How could you best prevent this?

D. Have a communication plan for disaster/business continuity situations

Your organization has recently had thousands of dollars stolen during a phishing campaign. The phishing campaign faked an email from the CFO looking for account information to process an emergency payment as a vendor was threatening to cut off services. The victim of the attack thought they were responding to an actual email from the CFO and provided the account details in full to the attacker.It took several days before the access to the account was noticed and during that time the attackers accessed the account multiple times to make transactions. The banking company and your insurance company are refusing to provide support for this incident as your organization knowingly gave away the account details to a third party. The CFO has asked you to help solve this problem going forward.What solution would best help solve this issue going forward?

D. Install two-factor authentication on the financial account website

In the latest attack a user received an email on their Microsoft Windows workstation from what appeared to be the CEO of the company with a note to open an attached document. When they opened the document the system locked up and a ransomware notice was posted on the screen. Later other users encountered the same email.What type of network attack has your organization most likely suffered?

D. Macro virus

A small company has recently had to let one of their helpdesk technicians go. During a recent antivirus update, the helpdesk technician's PC was found to be full of illegal movies and music. These movies and music were being downloaded from a popular torrent site while at work. Some contained malware and backdoors that could have potentially opened access to the computer network.The desktop machine was cleaned, and the network was scanned for viruses and no other data was found. The firewall is configured to block bit torrent traffic, but the helpdesk technician was able to circumvent the block using a VPN provider.What solution could be implemented to detect this type of user behavior before it becomes problematic?

D. Monitor web metadata

You are on the security team for a large software company. You are concerned about how social engineering can be used against your organization when information about your employees can be used to create trust when performing spear phishing or vishing attacks.What area of penetration testing could you educate your users about to help them be aware of how information about them could be discovered?

D. OSINT

While testing one of your organization's applications, you have discovered that a developer has left a backdoor method to gain root access to the application. As a result, which of the following attacks is MOST likely to occur?

D. Privilege escalation

The web portal is configured using SSL to keep sessions secure. The front end is hosted on the corporate DMZ, and the data is stored on a SQL server located on the internal network. The Firewall only allows the front end to connect to the SQL server. Recently HR has reported a significant drop in usage of the website. You go to the website and you are greeted with a message saying your connection is not private with a back to safety button. You view the certificate for the website, and it appears that is has expired.What solution would best solve this problem?

D. Purchase a new certificate from a recognized certificate authority and issue it on the website

You work for the server administration team at a medium sized company. You oversee over 200 servers running locally within your data center. You have recently updated your retention policy and switch backup software providers.The backup solution allows you to move servers to the cloud in the interim in the case of a disaster. You have updated the disaster recovery policy and the backup configuration document to reflect changes to your infrastructure. The solution is working and has taken several weeks worth of backups to the cloud. What should you do next?

D. Simulate a downtime event and test your backups during a maintenance window

You have been hired by a medium sized business to upgrade their existing enterprise architecture. The company has one main office, and 4 branch office locations. Each site has a mixture of older and newer hardware from multiple vendors.The business has outlined several key factors that they want you to consider when upgrading the network. In addition to cost, the board wants you to ensure that site-to-site communications using encryption and that the architecture is designed to be resilient.What is likely be best place to start to build a plan of action?

D. Site diagrams and documentation

HR has initiated the employee termination process for each of the departing sales representatives.After termination several of the sales representatives sent back two laptops, a tablet, and a phone. Some sent back nothing. You have been asked to ensure all equipment is returned to the organization. You have asked each of the departing sales reps and they have indicated that they returned all company equipment. You unfortunately have no method of verifying that all equipment has been returned, and a competing company has approached your CFO to report that a former employee was trying to sell company secrets.What policy should your organization consider going forward?

D. Update the HR policy to include returning company equipment

An employee has recently reported that his cellular device has gone missing. The last known GPS co-ordinates in the MDM suite show that the phone was last seen when the employee was travelling. You verified that the device is not connected to the internal WIFI, so you cannot do WIFI triangulation. The employee says the last time he remembers having it was in the airport.You want to find the device or at least pinpoint the location, but it is not showing with a data connection on the MDM suite. When you call the device, it does ring through to the device and eventually goes to voicemail.How might you best pinpoint the location of the device?

D. Use cellular triangulation

Your organization is placing a greater focus on security awareness and training. Which personnel management policy would be used to help prevent the leaking of sensitive information?

F. NDA

Your supervisor mentions that they are implementing secure boot. Which technology includes Secure Boot?

Your supervisor mentions that they are implementing secure boot. Which technology includes Secure Boot?