domain1
An attacker installs Trojan malware that can execute remote backdoor commands, such as the ability to upload files and install software to a victim PC. What type of Trojan malware is this?
A Remote Access Trojan (RAT)
A security engineer must install an X.509 certificate to a computer system, but it is not accepted. The system requires a Base64 encoded format. What must the security engineer execute to properly install this certificate?
Convert to a .pem file.
A security engineer examined some suspicious error logs on a Windows server that showed attempts to run shellcode to a web application. The shellcode showed multiple lines beginning with Invoke-Command. What type of script is the suspicious code trying to run?
PowerShell script
Which of the following can be consequences of a data breach? (Select all that apply.)
Reputation damage || Identity theft || fines
An attacker passes data that deliberately overfills an area of memory that the application reserves to store the expected data. Which vulnerability exploit resulted from the attacker's actions?
A buffer overflow
An organization moves its data to the cloud. Engineers utilize regional replication to protect data. Review the descriptions and conclude which ones apply to this configuration. (Select all that apply.)
Access is available if a single data center is destroyed && A solution that is known as zone-redundant storage
The marketing department at a local organization has detected malicious activity on several computers. In response, IT personnel have disconnected the marketing switch from the network. Identify which incident response lifecycle step IT has enacted.
Containment
A Transport Layer Security (TLS) Virtual Private Network (VPN) requires a remote access server listening on port 443 to encrypt traffic with a client machine. An IPSec (Internet Protocol Security) VPN can deliver traffic in two modes. One mode encrypts only the payload of the IP packet. The other mode encrypts the whole IP packet (header and payload). What are these two modes? (Select all that apply.)
Transport && Tunnel
What are the differences between WPA and WPA2? (Select all that apply.)
Unlike WPA, WPA2 supports an encryption algorithm based on the Advanced Encryption Standard (AES) instead of the version of RC4 "patched" with the Temporal Key Integrity Protocol (TKIP). && Unlike WPA, WPA2 uses the Advanced Encryption Standard (AES) cipher with 128-bit keys.
A cloud customer prefers separating storage resources that hold different sets of data in virtual private clouds (VPCs). One of those data sets must comply with Health Insurance Portability and Accountability Act (HIPAA) guidelines for patient data. How should the customer configure these VPCs to ensure the highest degree of network security?
Use separate VPCs for each network segment.
A forensics analyst is attempting a live acquisition of the contents of the memory of a running Linux device. In order to copy the blocked /dev/mem file with memdump or dd, the analyst must install a kernel driver. Recommend a framework that will enable the analyst to install a kernel driver.
Volatility
An attacker can exploit a weakness in a password protocol to calculate the hash of a password. To which of the following methods can an attacker match a hash to obtain authentication? (Select all that apply.)
Dictionary attack Rainbow table
When implementing a native-cloud firewall, which layer of the Open Systems Interconnection (OSI) model will require the most processing capacity to filter traffic based on content?
Layer 7
A system engineer can monitor and control voltage factors in a data center. The engineer can make critical decisions on the center's energy consumption and load balancing. Which device is the engineer likely using to make these decisions?
Managed PDUs
Determine a solution that can combine with a cloud access security broker (CASB) to provide a wholly cloud-hosted platform for client access.
Next-generation secure web gateway
There are several ways to check on the status of an online certificate, but some introduce privacy concerns. Consider how each of the following is structured, and select the option with the best ability to hide the identity of the certificate status requestor.
OCSP stapling
A hacker is trying to gain remote access to a company computer by trying brute force password attacks using a few common passwords in conjunction with multiple usernames. What specific type of password attack is the hacker most likely performing?
Password spraying attack
A small organization operates several virtual servers in a single host environment. The physical network utilizes a physical firewall with NIDS for security. What would be the benefits of installing a Host Intrusion Prevention System (HIPS) at the end points? (Select all that apply.)
Protection from zero day attacks && Prevent malicious traffic between VMs
Management has set up a feed or subscription service to inform users on regular updates to the network and its various systems and services. The feed is only accessible from the internal network. What else can systems administrators do to limit the service to internal access?
Provision SSO access.
What type of attack is occurring when a counterfeit card reader is in use?
Skimming
A cloud service provider (CSP) dashboard provides a view of all applicable logs for cloud resources and services. When examining the application programming interface (API) logs, the cloud engineer sees some odd metrics. Which of the following are examples that the engineer would have concerns for? (Select all that apply.)
Spike in API calls && 78% average error rate
Which aspect of certificate and key management should an administrator practice when trying to prevent the loss of private keys?
Storage
A company recently implemented a Secure Sockets Layer/Transport Layer Security (SSL/TLS) version that supports Secure Hashing Algorithm-256 (SHA-256) cipher. Which SSL/TLS version was deployed?
TLS 1.2
An authoritative Domain Name System (DNS) server for a zone creates a Resource Records Set (RRSet) signed with a zone signing key. What is the result of this action?
DNS Security Extensions
An administrator deploys a basic network intrusion detection system (NIDS) device to identify known attacks. What detection method does this device use?
Signature-based
A cyber forensic investigator is analyzing a disk image acquired from a suspect in a major network breach and wants to generate a timeline of events from the image. Predict the tool the investigator will use to piece together a timeline of events so that they can tie the hacker's disk to the breach in question.
Autopsy
Select the methods of containment based on the concept of isolation. (Select all that apply.)
Blackhole && Physical disconnection/air gapping && Sandboxing
A hacker corrupted the name:IP records held on the HOSTS file on a client, to divert traffic for a legitimate domain to a malicious IP address. What type of attack did the hacker perform?
Domain Name System (DNS) client cache poisoning
A company with archived and encrypted data looks to archive the associated private keys needed for decryption. The keys should be externally archived and heavily guarded. Which option should the company use?
Key escrow
Which of the following provides attestation and is signed by a trusted platform module (TPM)?
Measured boot
A network administrator is installing a device that uses Redundant Array of Independent Disks (RAID) technologies for redundancy and provides employees remote access so that files can be accessed anywhere. The device does not require licensing and stores data at the file level. Which device is the employee likely installing in the infrastructure?
NAS
What is a jump server commonly used for?
Provide secure access to DMZ servers.
A resident cybersecurity expert is putting together a playbook. Evaluate the elements that the security expert should include in the playbook. (Select all that apply.)
Query strings to identify incident types && When to report compliance incidents && Incident categories and definitions
Which Redundant Array of Independent Disks (RAID) combines mirroring and striping and improves performance or redundancy?
RAID-10
Developers found a "time of check to time of use" (TOCTTOU) vulnerability in their application. The vulnerability made it possible to change temporary data created within the app before the app uses the data later. This vulnerability is taking advantage of what process in the application?
Race condition
A system engineer has tested a new application in the lab, and wants to deploy the application on a production server. The server is a virtual machine that processes and stores live data for company employees. Which of the following is the BEST approach for deploying the new application on the server?
Take a snapshot of the server before installing on the server.
In a Public Key Infrastructure (PKI), which option best describes how users and multiple Certificate Authorities (CA) interact with each other in a large environment?
Trust model
Identify the command that will output the last 15 lines in the log file called hostnames.
tail -n 15 /var/log/hostnames
How can the lack of logic statement tests on memory location variables be detrimental to software in development?
An incorrectly coded process can alter the execution environment to create a null pointer, and crash the program.
An attacker is preparing to perform what type of attack when the target vulnerabilities include headers and payloads of specific application protocols?
Application attack
A network administrator set up a basic packet filtering firewall using an open-source application running on a Linux virtual machine. The immediate benefit to this deployment is the quick configuration of basic firewall rules. What other functionality would influence a decision to deploy a stateless, rather than stateful, firewall? (Select all that apply.)
Block TCP ports && Allow network protocols
A company would like to deploy a software service to monitor traffic and enforce security policies in their cloud environment. What tool should the company consider using?
CASB
A large firm requires better control over mobile users' access to business applications in the cloud. This will require single-sign on and support for different device types. What solution should the company consider using?
CASB
What does an attacker need to do to use acquired user and account details from a user's smart card?
Clone it.
An employee is responsible for protecting the privacy and rights of data used and transmitted by an organization. The employee dictates the procedures and purpose of data usage. A role is created at an organization to protect the privacy and rights of any data that is used and transmitted. Which role governs and dictates the procedures and purpose of data usage?
Data controller
A staff member at a medical research company is creating a query of patient data that is archived at a Health Maintenance Organization (HMO). The query includes patient's social security numbers (SSN), which are querying as XXX-XX-1234, and dates of births (DOB), which are showing as XX-XX-1974. While the staff member would like to obtain the entire SSN and DOB, they are unable to reverse the queried data to view the entire data fields. Which de-identification method is being used by the HMO to protect the patient data?
Data masking
A third-party vendor collects and analyzes data for a paint supply retailer website. The retailer specifically asks for information, such as what colors customers are searching for regularly and what quantity customers request the most. Which of the following best describes the third-party vendor?
Data processor
Following a secure deployment methodology for custom applications, early code testing would run in which type of environment?
Development
A company plans on expanding its operations and needs the capability to increase and decrease services based on demand. Which feature is most important for the company?
Elasticity
While reviewing an audit log, a financial institution employee notices that several attempts were made by a user to bypass the authentication process. The user attempted to log in ten times in twenty minutes using various methods, though the user never gained visible access. Which of the following describes what the employee should do next?
Escalate the information to a security manager.
A security event popped up, alerting security of a suspicious user gaining access to, and copying files from, the %SystemRoot%\NTDS\ file path on a server. What is the user trying to do?
Gather employee login credentials.
Systems administrators want to set up a way to perform remote administration from home. Rather than installing a software agent, the solution should use an underlying technology that is available to an application, such as a web browser. Which option would best support these requirements?
HTML5 VPN
Wi-Fi Protected Access (WPA) fixes critical vulnerabilities in the earlier wired equivalent privacy (WEP) standard. Understanding that WPA uses a combination of an RC4 stream cipher and Temporal Key Integrity Protocol (TKIP), this makes a wireless access point NOT vulnerable to which of the following attacks when related to encrypted wireless packets?
IV attacks
The system administrator is installing a web server certificate and receives an error indicating the server does not accept wildcard certificates. After examining the certificate, the system admin notices the problem. Determine the specific location where the admin found the problem.
In the Subject Alternative Name (SAN)
A hacker, wanting to gain data on organizational ideas and inventions, uses a spear-phishing attack by creating a believable email containing malware and sending it to an executive, who thinks the email is legitimate and opens it, activating the malware. What is the hacker's goal?
Intellectual Property (IP) theft
Which of the following protocols would secure a tunnel for credential exchange using port 636?
LDAPS
A company is renovating a new office space and is updating all of its routers. The up-to-date Internetwork Operating System (IOS) will provide the best protection from zero-day exploits. What other options could a network administrator configure for route security? (Select all that apply.)
Message authentication && Block source routed packets
Which of the following reduces the risk of data exposure between containers on a cloud platform?(Select all that apply.)
Namespaces && Control groups
After a security breach, a cybersecurity analyst decides to cross-check the services and software installed on the breached network against lists of known vulnerabilities. Prescribe a software tool best suited for the analyst's purpose.
Nessus
A low level distributed denial of service (DDoS) attack that involves SYN or SYN/ACK flooding describes what type of attack?
Network
An aviation tracking system maintains flight records for equipment and personnel. The system is a command and control system that must maintain global availability. The entire system is on a cloud platform that guarantees a failover to multiple zones within a region. In addition to the multi-zonal cloud failover, what other solution would provide the best option to restoring data and rebuilding systems if the primary cloud service becomes unavailable?
Offsite backup and storage
Which of the following conditions are results of a SYN (synchronize) flood attack? (Select all that apply.)
Open connections && Resource exhaustion && Denial of service (DoS)
Which certificate format allows the transfer of private keys and is password protected?
PFX
A user purchased a laptop from a local computer shop. After powering on the laptop for the first time, the user noticed a few programs like Norton Antivirus asking for permission to install. How would an IT security specialist classify these programs?
PUP
An incident involving a data breach is under investigation at a major video game software company. The incident involves the unauthorized transfer of a sensitive file to an outside source (a leak). During the investigation, employees find that they cannot access the original file at all. Verify the data loss prevention (DLP) terminology that describes what has been done to the file in question.
Quarantine
Through what method can malware evade antivirus software detection, so that the software no longer identifies the malware by its signature?
Refactoring
An intruder monitors an admin's unsecure connection to a server and finds some required data, like a cookie file, that legitimately establishes a session with a web server. What type of attack can the intruder perform with the cookie file?
Replay attack
If managed improperly, which of the following would be most detrimental to access management of cloud-based storage resources?
Resource policies
A web application's code prevents the output of any type of information when an error occurs during a request. The development team cited security reasons as to why they developed the application in this way. What sort of security issues did the team have concerns about in this case?
Revealing database server configuration
A network administrator for a large oil company has discovered that a host on the company network has been compromised by an attacker spoofing digital certificates. Recommend an immediate response to prevent further spoofing of the host.
Revoke the certificates
A network administrator is importing a list of certificates from an online source, so that employees can use a chain of trust and communicate securely with public websites. Which type of certificates are the network administrator currently importing?
Root
A company requires a means of managing storage centrally and the ability to share the storage with multiple hosts where users can access data quickly, with little to no latency. They need to use Fibre Channel to connect the storage media. Which of the following storage architectures would best meet the company's needs?
SAN
An organization uses a Session Initiation Protocol (SIP) endpoint for establishing communications with remote branch offices. Which of the following protocols will provide encryption for streaming data during the call?
SRTP
Select the methods of incident containment based on the concept of segmentation. (Select all that apply.)
Sinkhole && Honeynet
Which of the following is used to review application code for signatures of known issues before it is packaged as an executable?
Static code analysis
A system engineer enhances the security of a network by adding firewalls to both the external network and the internal company network. The firewalls are products of two separate companies. This is an example of what type of security control practice?
Vendor diversity
Identify the command that will output the first 15 lines in a log file called hostnames where the system writes in chronological order starting from the top of the file.
head -n 15 /var/log/hostnames
A public key infrastructure (PKI) is being set up for a logistics company, utilizing OpenSSL hosted on Red Hat Enterprise Linux. Which of the following commands can the team use, when setting up the PKI, to create an encrypted RSA private key?
openssl genrsa -aes256 -out server.key 2048
A cybersecurity investigator is investigating a breach, and the method of entry is not yet known. The investigator decides to begin by checking for suspicious entries in the routing table. Select the command-line tool that will enable the investigator to directly access the table.
route
A white-hat penetration tester is simulating an attack to check for vulnerabilities. The first step is to determine if the pen tester can scan for ports or services that have been left open, without being detected by the Intrusion Prevention System (IPS). Recommend a tool that fits the pen tester's requirements.
scanless
A security engineer implemented once-only tokens and timestamping sessions. What type of attacks can this type of security prevent? (Select all that apply.)
A replay attack pass-the-hash attack
A security analyst's scans and network logs show that unauthorized devices are connecting to the network. The analyst discovers a tethered smartphone acting as a connection point to the network. Which behavior describes the smartphone's role?
A rogue access point (AP)
A security specialist discovers a malicious script on a computer. The script is set to execute if the administrator's account becomes disabled. What type of malware did the specialist discover?
A logic bomb
Which of the following attacks do security professionals expose themselves to, if they do not salt passwords with a random value?
A rainbow table attack
An attacker used an exploit to steal information from a mobile device, which allowed the attacker to circumvent the authentication process. Which of the following attacks was used to exploit the mobile device?
Bluesnarfing
An attacker is planning to set up a backdoor that will infect a set of specific computers at an organization, to inflict a set of other intrusion attacks remotely. Which of the following will support the attackers' plan? (Select all that apply.)
Computer Bots && Command & Control
Employees have the ability to download certain applications onto their workstations to complete work functions. The CIO enacted a policy to ensure that no modifications to the application have occurred. What method of validation did the CIO implement?
Code signing
An attacker escalated privileges to a local administrator and used code refactoring to evade antivirus detection. The attacker then allowed one process to attach to another and forced the operating system to load a malicious binary package. What did the attacker successfully perform?
DLL injection
The IT team has purchased a few devices that are compatible with the Trusted Computing Group Security Subsystem Class called Opal. Which of these device specifications will take advantage of Opal's security features?
Disk encryption
During the functional testing phase of application development, an application tests for vulnerabilities against the running code. What type of code testing is this?
Dynamic code analysis
Which of the following makes it possible for cloud service providers (CSP) to create a virtual instance and container simultaneously?
Dynamic resource allocation
A network technician working for a three-letter intelligence organization has to troubleshoot a specialized, air-gapped Linux device without asking any questions. The technician only has access to the CLI and needs to read a log file, without a GUI, and without network access. Outline the command that will easily enable the technician to view the file from the command line.
cat security.log
A cybersecurity student has been using dig and WHOIS to query hosting records and check external DNS services when a fellow student recommends a tool that packages similar functions and tests into a single query. Conclude what tool the student recommended.
dnsenum
A penetration tester is testing a network's vulnerability. One of the tests the penetration tester is checking is the ability to inject packets. Which of the following tools allow for packet injection? (Select all that apply.)
hping && tcpreplay
By compromising a Windows XP application that ran on a Windows 10 machine, an attacker installed persistent malware on a victim computer with local administrator privileges. What should the attacker add to the registry, along with its files added to the system folder, to execute this malware?
A shim
Question A security operations center (SOC) analyst investigates the propagation of a memory-resident virus across the network and notices a rapid consumption of network bandwidth, causing a Denial of Service (DoS). What type of virus is this?
A worm
An attacker modified the HTML code of a legitimate password-change web form, then hosted the .html file on the attacker's web server. The attacker then emailed a URL link of the hosted file to a real user of the web page. Once the user clicked the link, it changed the user's password to a value the attacker set. Based on this information, what type of attack is the website vulnerable to?
Cross-site Request Forgery (XSRF)
A malware expert wants to examine a new worm that is infecting Windows devices. Verify the sandbox tool that will enable the expert to contain the worm and study it in its active state.
Cuckoo
The latest web application, using default settings, is currently accepting application programming interface (API) calls over HyperText Transfer Protocol (HTTP). The environment has a moderate key management system. Even with basic server security, the API connection is vulnerable to which of the following? (Select all that apply.)
Improper error handling && Key discovery
What can a system administrator configure on two load balanced servers to achieve a round robin configuration?
Configure scheduling.
A web administrator notices a few security vulnerabilities that need to be addressed on the company Intranet site. The portal must force a secure browsing connection, mitigate script injection, and prevent caching on shared client devices. Determine the secure options to set on the web server's response headers. (Select all that apply.)
Content Security Policy (CSP) && HTTP Strict Transport Security (HSTS) && Cache-Control
A web server will utilize a directory protocol to enable users to authenticate with domain credentials. A certificate will be issued to the server to set up a secure tunnel. Which protocol is ideal for this situation?
LDAPS
End-users at an organization contact the cybersecurity department and report that, after downloading a file, they are being redirected to shopping websites to which they did not intend to navigate, and built-in webcams turn on. The security team confirms the issue as malicious, and notes modified DNS (Domain Name System) queries that go to nefarious websites hosting malware. What most likely happened to the users' computers?
Spyware infected the computers.
Using an open connection to a small company's network, an attacker submitted arbitrary queries on port 389 to the domain controllers. The attacker initiated the query from a client computer. What type of injection attack did the attacker perform?
LDAP injection
An administrator navigates to the Windows Firewall with Advanced Security. The inbound rules show a custom rule, which assigned the action, "Allow the connection" to all programs, all protocols, and all ports with a scope of 192.168.0.0/24. This is an example of what type of security setting?
ACL
A company set up controls to allow only a specific set of software and tools to install on workstations. A user navigates to a software library to make a selection. What type of method prevents installation of software that is not a part of a library?
Allow list
A company has a two-level certificate authority (CA) hierarchy. One of the CA servers is offline, while the others are online. Which statements are TRUE of online and offline CAs? (Select all that apply.)
An online root is required to add an intermediate CA. && An online CA is needed in order to publish a CRL.
An attacker discovered an input validation vulnerability on a website, crafted a URL with additional HTML code, and emailed the link to a victim. The victim unknowingly defaced (vandalized) the web site after clicking on the malicious URL. No other malicious operations occurred outside of the web application's root directory. This scenario is describing which type of attack?
Cross-site scripting (XSS)
What are the benefits of using Wi-Fi heat maps for wireless networks? (Select all that apply.)
Determine where to place access points && Survey a site for signal strength
Implementing Lightweight Directory Access Protocol Secure (LDAPS) on a web server secures direct queries to which of the following?
Directory services
An application requires continuity of operations to be maintained. If there is an outage, it needs to be restored within a 24 hour period due to the command and control capabilities it maintains. The failover site must be physically separated from the program office and be available within the required timeframe with live data. Which of the following solutions best describes the physical implementation?
Geographical dispersal
A laptop arrives at the company technology lab with a private key embedded, providing full disk encryption. When matched with a public key, what does this system provide?
Hardware root of trust
If a user's device becomes infected with crypto-malware, which of the following would have been the best way to mitigate this compromise?
Have up-to-date backups.
A logistics detail facility must maintain transportation data up to 365 days after transaction closeout. At the creation of the transaction, the logistics planner tags the information contained in the file according to classification. The transaction data is protected until disposal. Which data model does this best represent?
Information life cycle
A developer writes code for a new application, and wants to ensure protective countermeasures against the execution of SQL injection attacks. What secure coding technique will provide this?
Input validation
If a user's computer becomes infected with malware and used as part of a botnet, which of the following actions can be initiated by the attacker? (Select all that apply.)
Launch a mass-mail spam attack && Establish a connection with a Command and Control server && Launch a Distributed Denial of Service (DDoS) attack
A support technician reviews a computer's boot integrity capabilities and discovers that the system supports a measured boot process. Which statement accurately describes this process?
Measured boot will record the presence of unsigned kernel-level code.
A website allows a user to apply for a home loan with multiple vendors so that the user can compare lenders' rates. The process requires personal data entered to verify creditworthiness. The website states that the data entered can only obtain loan estimates and shall not be shared with outside agencies or used for any other purpose. Which of the following describes the intent of the statement?
Privacy notice
A new cloud service provider (CSP) leases resources to multiple organizations (or customers) around the world. Each customer is independent and does not share the same logical cloud storage resource. The customers use an on-demand payment plan. Which cloud model is the CSP most likely providing to its customers?
Public cloud
A Linux systems admin reported a suspicious .py file that ran on a daily schedule after business hours. The file includes shellcode that would automate Application Programming Interface (API) calls to a web application to get information. What type of script is executing this shellcode?
Python script
Hackers infiltrated a home furnishings store's network six months ago. The hackers obtained customer information to include account and payment data. Since the breach, sales have gone down, and customers have closed accounts with the store. Which of the following consequences is a direct result of the breach?
Reputation damage
A company hosts internal web servers between two firewalls: one firewall at the edge network and another near the internal gateways. A recent security audit advised the company to utilize filtering rules for connections between remote clients and these internal web servers. Which of the following will satisfy the security advice?
Reverse Proxy
A company has implemented a Virtual Desktop Infrastructure (VDI) where the user's desktop operates as a Virtual Machine (VM) on a centralized server. When users log off the machine, any changes made at the VM level are not saved. Which means of non-persistence has been implemented?
Revert to known state
A cyber analyst is drafting a memorandum on the impacts of exposures tied to successful attacks and route security. What are the vulnerabilities associated with route security? (Select all that apply.)
Route injection && Source routing && Software exploits
The administrator of an Exchange Server needs to send digitally signed and encrypted messages. What should the administrator use?
S/MIME
Which wireless configurations provide the most up-to-date and secure way of connecting wireless devices to an office or home network? (Select all that apply.)
SAE && WPA3
An attacker submitted a modified uniform resource locator (URL) link to a website that eventually established connections to back-end databases and exposed internal service configurations. The attacker did not hijack a user to perform this attack. This describes which of the following types of attacks?
Server-side request forgery
Engineers are considering network options that will maintain data transfers between systems within the same cloud-based data center. They also look to configure security on these systems. Which of the following would ensure this type of implementation? (Select all that apply.)
Set up zero trust. && Set up efficient east-west traffic.
A new cybersecurity analyst is working at their first job. The analyst requires a penetration test reporting and evidence gathering framework that can run automated tests through integration with Metasploit. Recommend a framework that will fulfill the analyst's needs.
Sn1per
A system engineer is researching backup solutions that are inexpensive and can store large amounts of data offline. The backup solution must be portable and maintainable for a certain length of time defined in the company's backup recovery plan. Which of the following is the best backup solution?
Tape
A company is looking into integrating on-premises services and cloud services with a cloud service provider (CSP) under an Infrastructure as a Service (IaaS) plan. Which of the following statements would NOT apply in this case?
The provider is responsible for the availability of any application software.
A user used an administrator account to download and install a software application. After the user launched the .exe extension installer file, the user experienced frequent crashes, slow computer performance, and strange new services running when turning on the computer. It seems like there are more and more services running over time. What most likely happened to cause these issues?
The user installed Trojan horse malware.
A data center needs to ensure that data is not lost at the system level in the event of a blackout. Servers must stay operable for at least an eight-hour window as part of the response and recovery controls implemented. Which redundancy effort should be put in place to ensure the data remains available?
UPS
External hackers have some access to a company's website and made some changes. Customers have submitted multiple complaints via email for wrong orders and inappropriate images on the website. The Chief Information Officer (CIO) is now worried about the distribution of malware. The company should prepare for which of the following other issues or concerns? (Select all that apply.)
URL redirections and Domain reputation
A government agency is getting rid of older workstations. The agency will donate these workstations, along with other excess computer systems, to nearby schools. Management reminds the systems administrators about data sanitization and security concerns. What actions secure the systems prior to donating to the schools? (Select all that apply.)
Use a data sanitization tool && Replace hard drive with blank drive
An independent penetration testing company is invited to test a company's legacy banking application developed for Android phones. It uses Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates. Penetration tests reveal the connections with clients were vulnerable to a Man-in-the-Middle (MITM) attack. How does the company prevent this from happening in the public Internet?
Use certificate pinning
A company has two web servers using a load-balance configuration. Users report having periodic trust errors connecting to the website. Both servers are using web-server certificates and show the same path. Which of the following actions would most likely resolve the issue?
Use correct certificate path.
A fileless malicious software can replicate between processes in memory on a local host or over network shares. What other behaviors and techniques would classify malware as fileless rather than a normal virus? (Select all that apply.)
Uses lightweight shellcode && B.Uses low observable characteristic attacks
An administrator of a Linux network is writing a script to transfer a list of local host names, contained in a file called hostnames, directly into the syslog file. Predict the CLI command the admin is likely to use to accomplish this.
logger -f hostnames
A malicious user sniffed credentials exchanged between two computers by intercepting communications between them. What type of attack did the attacker execute?
man in the middle
A penetration tester is experimenting with Network Mapper (Nmap) on a test network as a privileged user. The tester would like to know the operating system of a target device and scan for commonly used ports. Select the nmap commands that will be useful in this case. (Select all that apply.)
nmap xxx.xxx.x.x -O && nmap xxx.xxx.x.x -A
A systems administrator recently hardened two servers (Linux and Windows), disabling unused ports and setting up a software firewall to block specific port connections and protocols. These servers support employees at an external branch that operates on wireless network connections and laptops. Which of the following tools will help audit the servers' security settings with the least amount of effort? (Select all that apply.)
tcpdump && Wireshark
An attacker used an illegal access point (AP) with a very strong signal near a wireless network. If the attacker performed a jamming attack, which of the following would mitigate this type of network disruption? (Select all that apply.)
Boost the signal of the legitimate equipment && Disable the offending radio source.
A network engineer is plugging in new patch cables and wants to prevent inadvertent disruptions to the network while doing so. What will the engineer prevent if Spanning Tree Protocol (STP) is configured on the switches?
Broadcast storms
A malicious actor is preparing a script to run with an Excel spreadsheet as soon as the target opens the file. The script includes a few macros designed to secretly gather and send information to a remote server. How is the malicious actor accomplishing this task?
By using VBA code
A startup company adds a firewall, an IDS, and a HIPS to its infrastructure. At the end of the week, they will install HVAC in the server room. The company has scheduled penetration testing every month. Which type of layered security does this represent?
Control diversity
Users are reporting jittery video communication during routine video conferences. What can a system administrator implement to improve video quality and overall use of the network bandwidth?
Use 802.1p header
Consider the principles of web server hardening and determine which actions a system administrator should take when deploying a new web server in a demilitarized zone (DMZ). (Select all that apply.)
Use configuration templates && Manage the system using SSH && Establish a guest zone
Cloud service providers make services available around the world through a variety of methods. The concept of a zone assumes what type of service level? (Select all that apply.)
Regional replication && High availability
A cloud administrator deploys two cloud servers on the Amazon Web Services (AWS) platform, each in a separately defined virtual network. How does the administrator get both servers to communicate with each other without using an Internet gateway?
Configure VPC endpoint interface.
