sec+
Bart' s supervisor told him to clean his desk to comply with the organization' s clean desk space policy. While doing so, he threw several papers containing PII into the recycle bin. Which type of attack can exploit this action?
Dumpster diving
A help-desk professional has begun to receive several calls from employees related to malware. Using common incident response procedures, which of the following should be her FIRST response to these calls?
Identification
Users normally log on using a smart card, a username, and a password. Management wants administrators to use a third factor of authentication. Which of the following will meet this need?
Fingerprints
A top Multinational organization has faced several unauthorized logins due to credential theft and account lockouts caused by dictionary attacks and brute-force attacks. This oranization is seriously considering implementing a third-party identity provider to help mitigate and deal with these attacks. Which of the following would be the BEST control for the company to require from prospective vendors?
Multifactor authentication
PixSoft is an animation studio dealing with lots of copyrighted content. They recently had an incident of copyright infringement and intellectual property was stolen. The incident report listed lots of details such as the exact time stamp for the incident as well as the name and other details of the of the copyrighted file and patents. The incident responder is trying to figure out the infringing source machine and all the details associated with it and would like to implement measures to prevent such incidents from occuring again. In this scenario, which of the following could he use to accomplish both the objectives?
NGFW
A large city is using a SCADA system to manage a water treatment plant. City managers have asked IT personnel to implement security controls to reduce the risk of cybersecurity attacks against ICSs controlled by the SCADA system. Which of the following security controls would be MOST relevant to protect this system?
NIPS
During the SDLC process, your goal is to create an environment that will minimize end user disruption and usually used in for assessing the impact of database migrations and major system changes and uses the final ready version of the software programming code. What would be the BEST option ?
Staging
Management wants to increase security for any users accessing the network with a VPN. They plan to implement a method that will require users to install an application on their smartphones. This application will generate a key that they'll have to enter in addition to their username and password. What is the BEST description of this added authentication method?
Something you have
IT administrators created a VPN for employees to use while working from home. The VPN is configured to provide AAA services. Which of the following would be presented to the AAA system for identification?
Username identification
ACME corporation is in the process of moving workloads to the cloud. The CISO of the company wants to make sure they can use controls that will restrict users from downloading corporate applications for personal use, restrict data that is uploaded, and have transparency and visibility into which applications are being used across the organization. Which of the following solutions will BEST meet these requirements?
A CASB
John is a security analyst investigating a data breach. Endpoint Detection and Control system detects and alerts an increase in the number of encrypted outbound connections from multiple hosts. Concurrently, a NGFW is also reporting an increase in outbound connections that use random variety of ports. John is starting to review the correlated logs with a goal to find the root cause and source of the incident. From the list of tools provided below, which of the following would be BEST suited to assist John?
A SIEM
Security personnel confiscated Bart' s workstation after a security incident. Administrators removed the hard drive for forensic analysis but were called away to troubleshoot an outage before capturing an image of the drive. They left it unattended for several hours before returning to begin their analysis. Later, legal personnel stated that the analysis results would not be admissible in a court of law. What is the MOST likely reason for the lack of admissibility?
A chain of custody was not maintained.
Maria is a SOC analyst working for MicroPoint Corp. She has been tasked to scan and disable all listening unencrypted services. She finds the following scan using Nmap. Which of the following ports should Maria go ahead and disable right away?
23/tcp
Your organization hired a cybersecurity expert to perform a security assessment. After running a vulnerability scan, she sees the following error on a web server: - Host IP 192.168.1.10 OS Apache httpd 2.433 Vulnerable to mod_ auth exploit However, she verified that the mod_auth module has not been installed or enabled on the server. Which of the following BEST explains this scenario?
A false positive
Several employees return to work the day after attending an industry trade show. That same day, the security manager notices several malware alerts coming from each of the employee's workstations. The security manager investigates but finds no signs of an attack on the perimeter firewall or the NIDS. Which of the following is MOST likely causing the malware alerts?
A fileless virus that is contained on a vCard that is attempting to execute an attack
Developers are planning to develop an application using role-based access control. Which of the following would they MOST likely include in their planning?
A matrix of functions matched with required privileges
Your organization regularly performs training in the form of a game mimicking an exercise. One team oversees the exercise, sets the rules, and identifies the rules of engagement. Another team uses known TTPs to exploit vulnerabilities within the rules of engagement. You are on a team dedicated to defending resources. Which of the following BEST describes your role?
A member of the blue team
IT auditors have found several unmanaged VMs in a network. They discovered that these were created by administrators for testing but were not removed after testing was completed. Which of the following should be implemented to prevent this in the future?
A policy related to VM sprawl
A company wants to monitor ongoing security maturity of a new vendor and partner. What are the important elements that should be included in the contract?
A right-to-audit clause following for annual security audits.
James, a security consultant is sent a SIEM alert that someone logged in to the appadmin test account, which is only used for the early detection of attacks. James then spends time reviewing some of the application logs. Which of the following could James conclude?
A service account password may have been changed, resulting in continuous failed logins within the application.
Your SIEM system sent an alert related to multiple failed logins. Reviewing the logs, you notice login failures for about 100 different accounts. The logs then show the same accounts indicate login failures starting about three hours after the first login failure. Which of the following BEST describes this activity?
A spraying attack
You are comparing different types of authentication. Of the following choices, which one uses multifactor authentication?
A system that requires users to have a smart card and a PIN
A SIEM system is sending several alerts indicating malware has infected several employee computers. After examining the border firewall and NIDS logs, IT personnel cannot identify malicious traffic entering the network from the Internet. Additionally, they discover that all these employees attended a trade show during the past two days. Which of the following is the MOST likely source of this malware?
A fileless virus embedded in a vCard
Your organization is implementing an SDN. Management wants to use an access control scheme that controls access based on attributes. Which of the following is the BEST solution?
ABAC
Maggie is performing a risk assessment for an organization. She identifies the loss for the previous year due to a specific risk as $ 5,000. What does this represent?
ALE
Martin is performing a risk assessment. He is trying to identify the number of times a specific type of incident occurred in the previous year. Which of the following BEST identifies this?
ARO
A NOC analyst at AppMost Inc. discovered the following information on the network host that was recently compromised.The analysis leads to a hypothesis that network traffic was intercepted before being transmitted to the internet.
ARP poisoning
Your organization' s security policy states that administrators should follow the principle of least privilege. Which of the following tools can ensure that administrators are following the policy?
Account audits
Starburst Inc. is setting up a solid pentest team. They have brought in a top red team to simulate attacks on its security posture. They also have a very capable blue team. In this scenario, which of the following will the blue team do after detecting an IoC related to a potential breach?
Activate runbooks for incident response based on the IOCs.
John is a security engineer who has been tasked to build a web server with the below needs:- Only one web server can service requests at any given time.- The services should failover to the secondary web server as soon as the primary server fails.Which of the following load-balancing options BEST fits the requirements?
Active-passive
The Mapple organization is creating a help-desk team to assist employees with account issues. Members of this team need to create and modify user accounts and occasionally reset user passwords. Which of the following is the BEST way to accomplish this goal?
Add members of the help-desk team to a security group that has the appropriate privileges
A company runs two separate applications in their data center. The security administrator has been tasked with preventing all communication between these applications. Which of the following would be the BEST way to implement this security requirement?
Air gap
Developers recently configured a new service on a server called GCGA1. GCGA1 is in a screened subnet and accessed by employees in the internal network, and by others via the Internet. Network administrators modified firewall rules to access the service. Testing shows the service works when accessed from internal systems. However, it does not work when accessed from the Internet. Which of the following is MOST likely configured incorrectly?
An ACL
Which of the following is an example of a detective control?
An IPS reconfigured to monitor traffic instead of blocking it
There are various types of controls. Microsmesh Networks Inc. wants to implement a strong control against physical intrusions. From the choices listed below, which is both a detective and detterent control against physical intrusions?
An alarm
A user's account is constantly being locked out. Upon further review, a security analyst found the following in the SIEM Which of the following describes what is occurring?
An attacker is utilizing a password spraying attack against the account.
Your organization is planning to implement a wireless network using WPA2 Enterprise. Of the following choices, what is required?
An authentication server with a digital certificate installed on the authentication server
Attackers have recently launched several attacks against servers in your organization' s DMZ. You are tasked with identifying a solution that will have the best chance at preventing these attacks in the future. Which of the following is the BEST choice?
An inline IPS
MicroNest Corp. is creating an information security policy for their organization. One of the policy states that separation of duties is essential for all highly sensitive database changes that involve their client's financial and audit data. This policy would be ideal to prevent which of the following attack?
An insider threat
Brandon, a security analyst, is looking to incorporate security features across many devices including smartphones, laptops, and tablets. Please choose from the option below something that would be the MOST effective control across heterogeneous and diverse mobile platforms?
Applying MDM software
Your organization' s CFO recently received an email indicating the organization is being sued. More, the email names her specifically as a defendant in the lawsuit. It includes an attachment described as a subpoena and encourages her to open it for more information. Which of the following BEST describes the social engineering principle used by the sender in this scenario?
Authority
There are many ways to measure the accuracy of a biometric system. Which of the following represents a biometric FRR?
Authorized users being denied access
A security analyst is creating a document that includes the expected monetary loss from a major outage. She is calculating the potential impact on life, property, finances, and the organization' s reputation. Which of the following documents is she MOST likely creating?
BIA
Lisa completed an antivirus scan on a server and detected a Trojan. She removed the Trojan but was concerned that unauthorized personnel might still be able to access data on the server and decided to check the server further. Of the following choices, what is she MOST likely looking for on this server?
Backdoor
Your organization is involved in a lawsuit, and a judge issued a court order requiring your organization to keep all emails from the last three years. Your data retention policy states that email should only be maintained from the previous 12 months. After investigating, administrators realize that backups contain emails from the last three years. What should they do with these backups?
Backups for the last three years should be protected to comply with the legal hold.
Out of several physical security controls, which of the following could a company deploy that will hold hold the staff accountable while escorting unauthorized visitors and guests?
Badges
Bart was in a coffee shop going through emails and messages on his smartphone. He then started receiving several text messages promoting a political party and encouraging him to visit websites. After he left the coffee shop, he didn' t receive any more messages. What does this describe?
Bluejacking
Before personnel can enter a secure area, they must first place their smartphones in one of several conductive metal lockboxes. The company implemented this policy because management is concerned about risks related to intellectual property. Which of the following represents the GREATEST risk to intellectual property that this policy will mitigate?
Bluesnarfing
Thieves recently rammed a truck through the entrance of one of your organization' s buildings in the middle of the night. They then proceeded to steal a significant amount of IT equipment. Which of the following choices can prevent this from happening again?
Bollards
Logs on a web server show that it is receiving a significant number of SYN packets from multiple sources on the Internet, but it isn' t receiving the corresponding ACK packets. Of the following choices, what is the MOST likely source of these packets?
Bots
You are reviewing security controls and their usefulness. You notice that account lockout policies are in place. Which of the following attacks will these policies thwart? (Select TWO.)
Brute force, Dictionary
An application on one of your database servers has crashed several times recently. Examining detailed debugging logs, you discover that just prior to crashing, the database application is receiving a long series of x90 characters. What is MOST likely occurring?
Buffer overflow
You are reviewing the logs for a web server and see several suspicious entries. You suspect that an attacker is attempting to write more data into a web application's memory than it can handle. What does this describe?
Buffer overflow attack
Lisa and Bart need to exchange emails over the Internet using an unsecured channel. These emails need to provide non-repudiation. They decide to use certificates on each of their computers. What would they use to sign their certificates?
CA
A company is hosting an e-commerce site that uses certificates for HTTPS. Management wants to ensure that users can verify the validity of these certificates even if elements of the Internet suffer an extended outage. Which of the following provides the BEST solution?
CRL
Management at the Goody New Shoes retail chain decided to allow employees to connect to the internal network using their personal mobile devices. However, the organization is having problems with these devices, including the following: Employees do not keep their devices updated. There is no standardization among the devices. The organization does not have adequate control over the devices. Management wants to implement a mobile device deployment model to overcome these problems while still allowing employees to use their own devices. Which of the following is the BEST choice?
CYOD
A forensic expert is preparing to analyze a hard drive. Which of the following should the expert do FIRST?
Capture an image of the disk with dd.
A SQL database server was recently attacked. Cybersecurity investigators discovered the attack was self- propagating through the network. When it found the database server, it used well-known credentials to access the database. Which of the following would be the BEST action to prevent this from occurring again?
Change the default application password.
Pentasoft Corp. is worried about data loss and is implementing a DLP solution on the Sharepoint server. The Sharepoint server has PII, financial information, audit data and health information stored on it. Depending on what type of data that is hosted on the Sharepoint server, the company wants different DLP rules assigned to the data. What is the best option for the company to accomplish this goal?
Classify the data
Your organization recently experienced a significant data breach. After an investigation, cybersecurity professionals found that the initial attack originated from an internally developed application. Normally users can only access the application by logging on. However, the application allowed the attacker access to the application without requiring the attacker to log on. Which of the following would have the BEST chance of preventing this attack?
Code review
The Springfield school system stores some data in the cloud using its own resources. The Shelbyville Nuclear Power Plant also stores some data in the cloud using its own resources. Later, the two organizations decide to share some data in both clouds for educational purposes. Which of the following BEST describes the cloud created by these two organizations?
Community
A company's security engineer is working on a project to simplify the employee onboarding and offboarding process. One of the project goals is to allow individuals to use their personal phones for work purposes. If the user leaves the company, the company data will be removed but the user's data would remain intact. Which of these technologies would meet this requirement?
Containerization
Homer reported suspicious activity on his computer. After investigating, you verify that his computer is infected with malware. Which of the following steps should you take NEXT?
Containment
Management within your company wants to implement a method that will authorize employee access to the network based on several elements. These elements include the employee' s identity, location, the time of day, and the type of device used by the employee. Which of the following will BEST meet this need?
Context-aware authentication
A software development process merges code changes from developers working on a project several times a day. It uses automation to validate the code and tracks changes using version control processes. Which of the following BEST describes this process?
Continuous integration
Your organization recently landed a contract with the federal government. Developers are fine-tuning an application that will process sensitive data. The contract mandates that all computers using this application must be isolated. Which of the following would BEST meet this need?
Create an air-gapped network.
One of the government agencies recently implemented several crosscut shredders as part of increased information security practices targeting data leakage challenges. This measure is going to help reduce which of the following?
Credential harvesting
You are running a vulnerability scanner with an access level that gives it the best chance of detecting vulnerabilities. Which of the following BEST describes the type of scan you are running?
Credentialed scan
The Marvin Monroe Memorial Hospital recently suffered a serious attack preventing employees from accessing any computer data. The attackers scattered ReadMe files throughout the network that appeared on user screens. They indicated that the attackers encrypted all the data, and it would remain encrypted until the attackers received a hefty sum as payment. Which of the following identifies the MOST likely threat actor in this attack?
Criminal syndicate
Hacker Harry has an account on a website that he uses when posting comments. When he visits, he enters his username and password to log on, and the site displays his username with any comments he makes. Today, he noticed that he could enter JavaScript code as part of his username. After entering the code, other users experienced unexpected results when hovering over his username. What does this describe?
Cross-site scripting
Users are complaining about intermittent connectivity with a web server. After examining the logs, you identify a large volume of connection attempts from public IP addresses. You realize these connection attempts are overloading the server, preventing it from responding to other connections. Which of the following is MOST likely occurring?
DDoS attack
Your organization has a segmented network used to process highly classified material. Management wants to prevent users from copying documents to USB flash drives from any computer in this network. Which of the following can be used to meet this goal?
DLP
Your organization has added a hot site as shown in the following graphic. All firewalls should enforce the following requirements:Use only secure protocols for remote management Block cleartext web trafficUsers in the hot site are unable to access websites in the Internet. The following graphic shows the current rules configured in Firewall 3. You' re asked to verify the rules are configured correctly. Which rule, if any, should be changed in Firewall 3?
DNS
Your organization plans to deploy a server in the screened subnet that will perform the following functions:Identify mail servers Provide data integrity Prevent poisoning attacksRespond to requests for A and AAAA records Which of the following will BEST meet these requirements?
DNSSEC
Lisa and Bart need to exchange emails over the Internet using a nonsecure channel. These emails need to provide non-repudiation. They decide to use certificates on each of their computers. What would they use to sign their emails?
DSA
John is the security administrator. He wants to protect the real production data that is used in the functional test data in the newly developed system for testing and training purposes. Which of the following would you recommend to him?
Data masking
Your organization hosts an e-commerce website using a back-end database. The database stores product data and customer data, including credit card numbers. Which of the following is the BEST way to protect the credit card data?
Database column encryption
The CISO of SOHO office is interested in having the visitors to use the office's WiFi but is looking to correlate potential malicious activities to specific individual. How can the CISO accomplish this objective?
Deploying a captive portal to capture office visitor's MAC addresses as well as their names
The CISO of SOHO office is interested in having the visitors to use the office's WiFi but is looking to correlate potential malicious activities to specific individual. How can the CISO accomplish this objective?
Deploying a captive portal to capture office visitor's MAC addresses as well as their names.
An administrator recently installed an IDS to help reduce the impact of security incidents. Which of the following BEST identifies the control type of an IDS?
Detective
Maggie works in the security section of the IT department. Her primary responsibilities are to monitor security logs, analyze trends reported by the SIEM, and validate alerts. Which of the following choices BEST identifies the primary security control she's implementing?
Detective control
There are several types of controls to choose from when it comes to limiting unauthorized access to a physical site. The company is under financial stress and wants to utilize the lowest possible budget to implement control that will not cost too much. Which of the following would BEST meet the requirements?
Deterrent controls
There are many different ways that data can be backed up and restored in an organization. AppSoft Corp. is trying to find out a backup method that offers the fastest recovery time while also saving the most amount of storage used to maintain the backups. Out of many different choices, which of the following recovery solutions would be ideal in this scenario?
Differential
An organization requested bids for a contract and asked companies to submit their bids via email. After winning the bid, Bizzfad realized it could not meet the requirements of the contract. Bizzfad instead stated that it never submitted the bid. Which of the following would provide proof to the organization that Bizzfad did submit the bid, if it was used?
Digital signature
Employees in your organization recently received an email that appeared to come from your organization' s CEO. The email mentioned that IT personnel were troubleshooting an authentication issue and needed employees to reply to the email with their credentials. Several employees responded with their credentials. This was a phishing campaign created for user training, and it spoofed the CEO' s email. Executives want to ensure that employees have proof that any emails that appear to be coming from the executives, did come from them. Which of the following should be implemented?
Digital signatures
You are tasked with improving the overall security of several servers in your data center. Which of the following are preventive controls that will assist with this goal? (Choose TWO.)
Disabling unnecessary services, Closing unneeded ports
Cybersecurity experts in your organization are creating a detailed plan identifying how to recover critical systems if these systems suffer a complete loss. What type of plan are they MOST likely creating?
Disaster recovery plan
A network technician at a bank has noticed a significant decrease in traffic to the bank's public website. After additional investigation, the technician finds that users are being directed to a web site that looks similar to the bank's site but is not under the bank's control. Flushing the local DNS cache and changing the DNS entry does not have any effect. Which of the following has most likely occurred?
Domain hijacking
Which of the following control would you recommend to a CISO of a company from the perspective of detection and prevention of buffer overflow on the hosts?
EDR
Your organization hired a third-party security professional to assess vulnerabilities. The security professional discovered a server was running an application that hasn' t been updated for eight years. Management decided to keep the application online because there isn' t a newer version from the vendor. Which of the following BEST describes why the application doesn' t have a newer version?
EOL
Your organization hosts an e-commerce web server selling digital products. The server randomly experiences a high volume of sales and usage, which causes spikes in resource usage. These spikes occasionally take the server down. Which of the following should be implemented to prevent these outages?
Elasticity
Lisa needs to transmit PII via email and she wants to maintain its confidentiality. Which of the following choices is the BEST solution?
Encrypt it before sending.
Bart needs to send an email to his supervisor with an attachment that includes sensitive information. He wants to maintain the confidentiality of this information. Which of the following choices is the BEST choice to meet his needs?
Encryption
Management within your organization has defined a use case to support the confidentiality of data stored in a database. Which of the following solutions will BEST meet this need?
Encryption
You are helping a risk management team update the business impact analysis for your organization. For one system, the plan requires an RTO of five hours and an RPO of one day. Which of the following would meet this requirement?
Ensure the system can be restored within five hours and ensure it does not lose more than one day of data.
A coffee shop recently stopped broadcasting the SSID (coffeewifi) for its wireless network. Instead, paying customers can view it on their receipt and use it to connect to the coffee shop's wireless network. Today, Lisa turned on her laptop computer, saw the SSID coffewifi, and connected to it. Which of the following attacks is MOST likely occurring?
Evil twin
Occasionally an AV and EDR products are flagging Pentasoft Corporation's critical software products as suspicious. CISO is not happy about this and has asked the Security consultant to figure out a method to create a trust model betweeen the software and the popular AV/EDR products that customers are using. Based on this scenario, what should the security consultant recommend as the BEST solution to meet the CISO's needs ?
Extended validation
StarSoft Inc. is worried about intrusions and is looking to implement a biometric system with the highest likelihood that an unauthorized user will be denied access. Based on the scenario above, what type of characteristics of biometric systems should be considered to BEST meeds the needs of Starsoft Inc.?
FAR
Your organization wants to identify biometric methods used for identification. The requirements are: Collect the data passively. Bypass a formal enrollment process. Avoid obvious methods that let the subject know data is being collected. Which of the following biometric methods BEST meet these requirements? (Select TWO.)
Facial, Gait analysis
You recently completed a vulnerability scan on your network. It reported that several servers are missing key operating system patches. However, after checking the servers, you' ve verified that the servers have these patches installed. Which of the following BEST describes this?
False positive
Maggie is a sales representative for a software company. While in a coffee shop, she uses her laptop to connect to the public Wi-Fi, check her work emails, and upload details of a recent sale. Which of the following would she use to prevent other devices on the public network from accessing her laptop? (Choose the BEST two choices.)
Firewall, VPN
Your organization' s backup policy for a file server dictates that the amount of time needed to restore backups should be minimized. Which of the following backup plans would BEST meet this need?
Full backups on Sunday and differential backups on the other six days of the week
The backup policy for a database server states that the amount of time needed to perform backups should be minimized. Which of the following backup plans would BEST meet this need?
Full backups on Sunday and incremental backups on the other six days of the week
Your organization hosts a web application selling digital products. Customers can also post comments related to their purchases. Management suspects that attackers are looking for vulnerabilities that they can exploit. Which of the following will BEST test the cybersecurity resilience of this application?
Fuzzing
Network administrators are considering adding an HSM to a server in your network. What functions will this add to the server?
Generate and store keys used with servers
George has been appointed as the new CISO and asked to implement a new user based authentication solution. This solution includes granting logical access based on physical location and proximity. Which of the following is the BEST autentication solution for George to implement?
Geofencing
Personnel should be able to run the BizzFadd app from their mobile devices. However, certain features should only be operational when employees are within the company' s property. When an employee leaves the property, access to these features should be blocked. Which of the following answers provides the BEST solution to meet this goal?
Geofencing
There are various types of penetration tests that can be conducted by a third party firm. The organization has only been given the documentation available to the customers of the applications. Out of the following options, which type of penetration testing are we talking about?
Gray-box
Your company wants to control access to a restricted area of the building by adding an additional physical security control that includes facial recognition. Which of the following provides the BEST solution?
Guards
Your organization houses a server room, and management wants to increase the server room security. You are tasked with identifying some deterrent controls that can be implemented to protect it. Which of the following choices would BEST meet this objective?
Hardware locks
Alice is uploading a file to a website for Bob to download. Which of the following is the BEST technique that Alice can deploy to confirm a file that is downloaded from a trusted security website is not modified or changed in transit or corrupted using a verified checksum?
Hashing
StatMost Inc. recently experienced a cyber breach. Which of the following BEST helps to demonstrate integrity during a forensic investigation?
Hashing
Your organization maintains a data center to store data. Management has decided to move a large amount of financial data into cloud storage to reduce costs with the data center. This data is regularly accessed and sometimes manipulated by employees, customers, and vendors around the world. Management has mandated that the data always needs to be encrypted while in the cloud. Which of the following is the BEST choice to meet these requirements?
Homomorphic encryption
The Ninth National Bank of Springfield is considering an alternate location as part of its continuity of operations plan. It wants to identify a site resiliency solution that provides the shortest recovery time. Which of the following is the BEST choice?
Hot site
Pentaflop Corp. is in the process of migrating their workloads to the cloud. The company has a global footprint across many different countries. The company is not ready to add to its on-premise infrastructure footprint and is only willing to pay for the additional compute power necessary. Out of the following cloud models, which of the following be best suited to meet the requirements of Pentaflop Corp. ?
Hybrid environment
Administrators are designing a site-to-site VPN between offices in two different cities. Management mandated the use of certificates for mutual authentication. Additionally, they want to ensure that internal IP addresses are not revealed. Which of the following is the BEST choice to meet these requirements?
IPsec VPN using Tunnel mode
Bart incorrectly wired a switch in your organization' s network. It effectively disabled the switch as though it was a victim of a denial-of-service attack. Which of the following should be done to prevent this situation in the future?
Implement STP or RSTP.
Security experts want to reduce risks associated with updating critical operating systems. Which of the following will BEST meet this goal?
Implement a change management policy.
An application requires users to log on with passwords. The application developers want to store the passwords in such a way that it will thwart rainbow table attacks. Which of the following is the BEST solution?
Implement salting.
The chief information officer (CIO) at your organization suspects someone is entering the data center after normal working hours and stealing sensitive data. Which of the following actions can prevent this?
Implement time-based logins
An attacker has launched several successful XSS attacks on a web application hosted by your organization. Which of the following are the BEST choices to protect the web application and prevent this attack? (Select TWO.)
Input validation, WAF
Which of the following BEST describes the purpose of a risk register?
It provides a listing of risks, the risk owner, and the mitigation measures.
Administrators are deploying a new Linux server in the screened subnet. After it is installed, they want to manage it from their desktop computers located within the organization' s private network. Which of the following would be the BEST choice to meet this need?
Jump server
A group of business partners is using blockchain technology to monitor and track raw materials and parts as they are transferred between companies. Where would a partner find these tracking details?
Ledger
WestSoft Corp. has too many issues within their organization. The company received a notification from the law enforcement officials that states the electronically stored information and paper documents cannot be destroyed or tempered with. What is this notification an example of ?
Legal hold
Compu-Global-Hyper-Mega-Net hosts a website selling digital products. Marketing personnel have launched several successful sales. The server has been overwhelmed, resulting in slow responses from the server, and lost sales. Management wants to implement a solution that will provide cybersecurity resilience. Which of the following is the BEST choice?
Load balancing
MicroPoint Corp. is worried about all kinds of attacks where the intruders could likely enter the company building and physically plug in a remotely accessible Kali Linux or Parrot Linux box. What should MicroPoint deploy to strongly defend themselves against such an attack?(SELECT TWO)
MAC filtering, Access control vestibules
Which of the following is a cryptographic algorithm that will create a fixed-length output from a data file but cannot be used to re-create the original data file?
MD5
Your organization has hired outside consultants to evaluate forensic processes used by internal security specialists. The consultants are evaluating the tools and processes used for digital forensics to identify any variations that may exist. Which of the following BEST describes what these consultants are performing?
MSA
A small business owner has asked you for advice. She wants to improve the company' s security posture, but she does not have any security staff. Which of the following is the BEST solution to meet her needs?
MSSP
The new chief technology officer (CTO) at your organization wants to ensure that critical business systems are protected from isolated outages. Which of the following would let her know how often these systems will experience outages?
MTBF
The reliability of the systems is quite important. MicroPoint Corp. requires a system that can provide an operational availability of 99.99% and has an annual maintenance window available to patching and fixes. To accomplish this, which of the following metric needs to be the highest value?
MTBF
Marge is updating the business impact analysis (BIA) for your organization. She needs to document the time needed to return a database server to an operational state after a failure. Which of the following terms would she use?
MTTR
Your IT department includes a subgroup of employees dedicated to cybersecurity testing. Each member of this group has knowledge of known TTPs and how to use them. Additionally, each member of this group has knowledge of security controls that would be implemented to protect network resources. Which of the following BEST describes members of this team?
Members of the purple team
Brandon, a CISO, has been tasked for implementing a new financial accounting system at PentaSoft Corp. Brandon categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system. In this particular scenario, what is the framework that Brandon is using to evaluate the environment for the new financial accounting system?
NIST Risk Management Framework
Which of the following would be ideal to improve the efficiency, accuracy, and speed of a database while designing a database?
Normalization
Starsoft Inc. is a risk averse organization and wants to avoid risks. They have tried transfering the risk but it proved to be very expensive. Which of the following is an example of risk avoidance?
Not installing new software to prevent compatability errors and application crashes.
Organizations are tired of Layer 7 Web Application vulnerabilities such as Buffer Overflow, XSS, SQL Injection etc. Which of the following do organizations prefer to use to find the MOST common web application vulnerabilities?
OWASP
Your organization recently updated an online application that employees use to log on when working from home. Employees enter their username and password into the application from their smartphone and the application logs their location using GPS. Which type of authentication is being used?
One-factor
Bart recently resigned and left your organization. Later, IT personnel determined that he deleted several files and folders on a server share after he left the organization. Further, they determined that he did so during the weekend while the organization was closed. Which of the following account management practices would have prevented his actions?
Offboarding
An administrator is installing a certificate with a private key on a server. Which of the following certificate types is he MOST likely installing?
P12
Which of the following would satisfy two-factor authentication?
Password and Gait
James is a security analyst. He comes across the following logs in the process of threat hunting.[DATA] attacking service ftp on port 20 Which of the following controls would be BEST to use to prevent such a breach in future?
Password complexity
It is important to use multi factor authentication to thwart unauthorized access. Which of the following would satisfy three-factor authentication?
Password, Retina Scanner, NFC card
Homer received an email letting him know he won the lottery. To claim the prize, he needs to confirm his identity by providing his name, phone number, address, and birth date. The email states he will receive the prize after providing this information. What does this describe?
Phishing
Your organization recently developed an incident response policy and is beginning to implement an incident response plan. Which of the following items is the FIRST step in an incident response process?
Preparation
After a recent attack, security investigators discovered that attackers logged on with an administrator account. They recommend implementing a solution that will thwart this type of attack in the future. The solution must support the following requirements: Allow authorized users to access the administrator account without knowing the password. Allow authorized users to check out the credentials when needed.Log each time the credentials are used. Automatically change the password. Which of the following answers would meet these requirements?
Privileged access management
AppSoft Corporation is worried about cyber attacks. AppSoft came up with a new policy that states that IT staff members are required to have separate credentials to perform administrative functions using on-demand and just-in-time permissions. To accomplish this objective, what should the company implement?
Privileged access management (PAM)
A company was compromised, and a security analyst discovered the attacker was able to get access to the service account. The following logs were discovered during the investigation.
Proper Error Handling
You suspect servers in your screened subnet are being attacked by an Internet-based attacker. You want to view IPv4 packet data reaching these servers from the Internet. Which of the following would be the BEST choice to meet this need?
Protocol analyzer
ADPL Inc. was recently hit with a malware. The SOC anlayst received an alert from the the Splunk SIEM tool. The alert that was sent indicates that the malware was located on a host and was not automatically quarantined or isolated to prevent infecting the other machines. The SIEM tool only detects and alerts. What would be the IDEAL next step for the SOC analyst to perform in this particular case?
Quarantine and isolate the infected host quickly from other parts of the network
Fileserver1 hosts several files accessed by users in your organization, and it' s important that they can always access these files. Management wants to implement a solution to increase cybersecurity resilience. Which of the following is the LOWEST cost solution to meet this requirement?
RAID
There are various RAID types to deal with hard drive failure. Which of the following would you recommend that is best for high read speeds and fault tolerance. Assume that multiple drives will not fail at the same time.
RAID 10
Administrators at your organization want to increase cybersecurity resilience of key servers by adding fault tolerance capabilities. However, they have a limited budget. Which of the following is the BEST choice to meet these needs?
RAID-10
Bart recently hooked up a switch incorrectly causing a switching loop problem, which took down part of an organization' s network. Management wants to implement a solution that will prevent this from occurring in the future. Which of the following is the BEST choice to meet this need?
RSTP
A security analyst recently completed a BIA and defined the maximum acceptable outage time for a critical system. What does this identify?
RTO
Employees at the Marvin Monroe Memorial Hospital are unable to access any computer data. Instead, they occasionally see a message indicating that attackers encrypted all the data and it would remain encrypted until the attackers received a hefty sum as payment. Which of the following BEST describes this attack?
Ransomware
A receptionist at a manufacturing company recently received an email from the CEO asking for a copy of the internal corporate employee directory. The receptionist replied to the email and attached a copy of the directory. It was later determined that the email address was not sent from the CEO and the domain associated with the email address was not a corporate domain name. What type of training could help prevent this type of situation in the future?
Recognizing social engineering
Management recently mandated that computer monitors be repositioned to ensure they cannot be viewed from outside any windows. Additionally, users are directed to place screen filters over their monitors. What is the purpose of this policy?
Reduce success of shoulder surfing
Some protocols include sequence numbers and timestamps. Which of the following attacks are thwarted by using these components?
Replay
In a recent whaling attack, the script kiddies got into a CFOs laptop and seized several unfavorable pictures. The script kiddies are now threatening the CFO to send the images to the press if a ransom is not paid. In this scenario, what is going to have the MOST impact?
Reputation
In one of the recent incidents, a large hospital network was breached and this news was published on many reputable public websites. The PHI data was safe and none of the intellectual property was touched by the hackers. The hospital lost revenues due to drop in the number of patients post breach. What could be the MOST likely reason for this particular problem the hospital is facing ?
Reputation damage
The security consultant at Pentasoft Inc. inadvertently uploaded a company's code-signing certificate private key to public web server. Pentasoft is now worried about malicious use of its certificate. In this particular scneario, what should the organization do FIRST?
Revoke the code-signing certificate.
John is conducting a wireless spectrum analysis for MicroPoint Corp. During the process, he finds an unknown wireless signal in his spectrum analysis. He does forensic investigation and finds an unknown Raspberry Pi and Arduino devices connected to an Ethernet port using a single connection. What is the function of Raspberry Pi device in this scenario?
Rogue access point
You are using a Linux computer to monitor network traffic. After connecting your computer to the mirror port of a switch, you started logging software on the computer. However, you discover that the only traffic being collected is traffic to or from the Linux computer. You want to collect all traffic going through the switch. Which of the following actions should you take?
Run the command ifconfig eth0 promisc
Lisa wants to implement a secure authentication system on a website. However, instead of collecting and storing user passwords, she wants to use a third-party system. Which of the following is the BEST choice to meet this goal?
SAML
Your network includes dozens of servers. Administrators in your organization are having problems aggregating and correlating the logs from these servers. Which of the following provides the BEST solution for these problems
SIEM
Your organization hosts a web server accessed from employees within the network, and via the Internet. Management wants to increase its security. You are tasked with separating all web-facing traffic from internal network traffic. Which of the following provides the BEST solution?
Screened subnet
Bart recently launched an attack on a company website using scripts he found on the Internet. Which of the following BEST describes Bart as a threat actor?
Script kiddie
Your organization is negotiating with an outside vendor to host cloud-based resources. Management wants to ensure the vendor commits to returning the systems to full operation after an outage within a certain time frame. Which of the following is the organization MOST likely negotiating?
SLA
Lisa is responsible for managing and monitoring network devices, such as routers and switches, in your network. Which of the following protocols is she MOST likely to use?
SNMPv3
Duke Corp. is updating their incident response playbook. They are in the process of merging their incident response processes into a workflow with automated decision points and actions based on predefined Python based playbooks. What is the best way for this company to achieve the automation?
SOAR
Security administrators have been responding to an increasing number of incident alerts, making it harder for them to respond to each promptly. Management wants to implement a solution that will automate the response of some of these incidents without requiring real-time involvement by security administrators. Which of the following will BEST meet this need?
SOAR
Your organization has decided to move some data to a cloud provider, and management has narrowed their search down to three possible choices. Management wants to ensure that the cloud provider they choose has strong cybersecurity controls in place. Which of the following reports would they MOST likely want the cloud provider to give to them?
SOC 2 Type II
Your organization wants to increase security for VoIP and video teleconferencing applications used within the network. Which of the following protocols will BEST support this goal?
SRTP
MicroMesh Inc. is looking to obtain seamless and convinient authentication to its applications. Which of the following should MicroMesh Inc. use that will BEST fulfill this requirement?
SSO
Your organization has implemented a system that stores user credentials in a central database. Users log on once with their credentials. They can then access other systems in the organization without logging on again. Which of the following does this describe?
SSO
The Springfield Nuclear Power Plant has created and maintains an online application used to teach the basics of nuclear physics. Only students and teachers in Springfield Elementary School can access this application via the cloud. What type of cloud service model is this?
SaaS
John, the CISO of a big organization has requested the engineers to design a solution that can detect unauthorized execution privileges from the OS in both executable and data files, and can function hand in hand with proxy servers and UTM. Out of the following controls, which one would best meet the CISO's requirements?
Sandboxing
Your organization hosts an e-commerce web server. The server randomly experiences a high volume of sales and usage from mid-November to the end of December, causing spikes in resource usage. These spikes have resulted in outages during the past year. Which of the following should be implemented to prevent these outages?
Scalability
Your organization has implemented a CYOD security policy. The policy mandates the use of security controls to protect the devices, and any data on them if they are lost or stolen. Which of the following would BEST meet this goal?
Screen locks and device encryption
A security auditor discovered that several employees in the Accounting department can print and sign checks. In her final report, she recommended restricting the number of people who can print checks and the number of people who can sign them. She also recommended that no one should be authorized to both print and sign checks. Which security policy does this describe?
Separation of duties
You need to identify and mitigate potential single points of failure in your organization' s security operations. Which of the following policies would be the BEST choice to help you find them?
Separation of duties
You need to identify and mitigate potential single points of failure in your organization' s security operations. Which of the following policies would help you?
Separation of duties
During a vulnerability scan, you discover some new systems in the network. After investigating this, you verify that these systems are not authorized because someone installed them without going through a standard approval process. What does this describe?
Shadow IT
There are many stages in SDLC. During which of the following stages the end user disruption is minimized and is MOST likely to be used to assess the impacts of any database migrations or major system changes by using the final version of the code that is a true representation of the production / operational environment?
Staging
Administrators have noticed a significant amount of OCSP traffic sent to an intermediate CA. They want to reduce this traffic. Which of the following is the BEST choice to meet this need?
Stapling
StarMesh Inc is a forward thinking organization and promptly scans its infrastructure for missing security patches. However the company is worried about hackers gaining access to the scanners account. In this scenario, which of the below would you recommend as the BEST way to minimize the risk while making sure that the scans are useful?
StarMesh should starting using a complex, eight-character password that is updated frequently on the scanners account.
Your organization is planning to implement a CYOD deployment model. You' re asked to provide input for the new policy. Which of the following concepts are appropriate for this policy?
Storage segmentation
Apu manages network devices in his store and maintains copies of the configuration files for all the managed routers and switches. On a weekly basis, he creates hashes for these files and compares them with hashes he created on the same files the previous week. Which of the following use cases is he MOST likely supporting?
Supporting integrity
ServiceSoft Inc. is worried about cyber attacks and is modernizing its SOC. The company wants to bring in a method to share cyberthreat intelligence data with third party security partners and customers. Which of the following would you recommend as the BEST option for the company to implement?
TAXII
Management within your organization wants to add 2FA security for users working from home. Additionally, management wants to ensure that 2FA passwords expire after 30 seconds. Which of the following choices BEST meets this requirement?
TOTP
There are numerous authentication types out there. There is one very popular authentication types that sends out a unique password to be used within a specific number of seconds. What kind of authentication method is being described in this scenario?
TOTP
Which of the following disaster recovery tests is the LEAST time consuming for the disaster recovery team?
Tabletop
A private sector company who is a contractor to the govt agency working on creating an advanced AI system. System builders are collecting and using data from third party providers and open sources. Consultants are noticing inconsistencies in the expected progress of the AI learning and pinpoint the outcome to a recent malicious attack on one of the OEM suppliers. What can you attribute the reason of inaccuracies in the system?
Tainted Training Data
You suspect that an attacker has been sending specially crafted TCP packets to a server trying to exploit a vulnerability. You decide to capture TCP packets being sent to this server for later analysis and you want to use a command-line tool to do so. Which of the following tools will BEST meet your need?
Tcpdump
Your organization' s network looks like the following graphic and you' ve been asked to verify that Firewall 2 has the correct settings. All firewalls should enforce the following requirements: Use only secure protocols for remote management. Block cleartext web traffic.The following graphic shows the current rules configured in Firewall 2. Which rule, if any, should be changed in Firewall 2?
Telnet
Your organization' s network looks like the following graphic and you've been asked to verify that Firewall 2 has the correct settings. All firewalls should enforce the following requirements: Use only secure protocols for remote management. Block cleartext web traffic. The following graphic shows the current rules configured in Firewall 2. Which rule, if any, should be changed in Firewall 2?
Telnet
Which of the following would cause a Chief Information Security Officer (CISO) the MOST concern regarding newly installed internet-accessible 4k surveillance cameras?
The cameras could be compromised if not patched in a timely manner.
AppMost Inc. has started using container technology. Recently they discovered a backdoor and trojans on the containerized application environment. It turns out that the zero-day vulnerability was introduced when the latest container image version was downloaded from a public registry. What would you recommend AppSoft do to prevent this type of incident from re-occuring in future?
The company should use controlled trusted source of container images
A government contractor is dealing with a ton of sensitive classified information and PII data that they cannot afford to get compromised. What would be the BEST encryption method to implement for the sensitive data that needs to remain confidential for a specific length of time so the contractor is in compliance?
The encryption algorithm's longevity.
Gil Gunderson, a salesperson in your organization, received an email on his work computer that included a malicious link. After clicking the link, his computer was infected with malware. The malware was not detected by antivirus software installed on his computer, the organization' s email server, or the organization' s UTM appliance. After infecting his computer, the malware then searched the network and encrypted data in all the network shares that Gil could access. Which of the following BEST describes how this occurred?
The malware represents a zero-day exploit.
John's workstation was recently infected by a nasty malware. It turns out that John has a legacy printer without vendor support. His workstation OS is fully patched and updated. However, John recently downloaded a driver package for the printer randomly from the internet. The AV software was unable to find any threats in the downloaded file, but during the file installation, a malicious runtime threat was detected. Based on the scenario, what could have caused this infection by a malware?
The printer driver that John downloaded had malware installed and was refactored upon download to avoid detection.
You are reviewing a report created after a recent vulnerability scan. However, it is not clear if the scan was run as a credentialed scan or a non-credentialed scan. Which of the following would give you the BEST indication that the scan was a credentialed scan?
The report shows software versions of installed applications.
Homer is complaining that he frequently has trouble accessing files on a server in the network. You determine the server's IP address is 172.16.17.11, but ping doesn't show any problem. You decide to use pathping and see the following results:
The segment between 192.168.7.1 and 192.168.5.1
Homer is complaining that he frequently has trouble accessing files on a server in the network. You determine the server's IP address is 172.16.17.11, but ping doesn't show any problem. You decide to use pathping and see the following results:C:\>pathping 172.16.17.11Tracing route to 172.16.17.11over a maximum of 30 hops:0 192.168.7.341 192.168.7.12 192.168.5.13 10.5.48.14 10.80.73.1505 172.16.17.11Computing statistics for 125 seconds...Source to Here This Node/Link Hop RTT Lost/Sent=PctLost/Sent=Pct Address 0 192.168.7.340/100 = 0% |1 45 ms 0 / 100 = 0% 0/100 = 0% 192.168.7.114/100 = 14% |2 25 ms 15 / 100 = 15% 0/100 = 0% 192.168.5.10/100 = 0% |3 22 ms 16 / 100 = 16% 0/100 = 0% 10.5.48.10/100 = 0% |4 --- 100 / 100 = 100% 100/100 = 100% 10.80.73.1500/100 = 0% |5 23 ms 16 / 100 = 16% 0/100 = 0% 172.16.17.11Which of the following is the MOST likely problem?
The segment between 192.168.7.1 and 192.168.5.1
A penetration tester has been hired to perform an assessment on the greatadministrator.com site. He used the nslookup command to perform some reconnaissance and received the following output: C:\ > nslookup -querytype= mx greatadministrator.comServer: UnKnown Address: 192.168.1.1Non-authoritative answer:gcgapremium.com MX preference = 20, mail exchanger = mx1.emailsrvr.com gcgapremium.com MX preference = 90, mail exchanger = mx2.emailsrvr.com Which of the following choices, what BEST describes this output?
The server named mx1.emailsrvr.com is the primary email server for this domain.
John is a teleworker who works remotely from home and he took a long vacation and travelled outside the country abroad and carried along a corporate-owned laptop. Once he came back from his long vacation, the user has been unable to connect the laptop to the VPN. In your opinion, what is the BEST reason as to why John is unable to connect the laptop to the VPN?
The user's laptop was quarantined because it missed the latest patch update
John is a teleworker who works remotely from home and he took a long vacation and travelled outside the country abroad and carried along a corporate-owned laptop. Once he came back from his long vacation, the user has been unable to connect the laptop to the VPN. In your opinion, what is the BEST reason as to why John is unable to connect the laptop to the VPN?
The user's laptop was quarantined because it missed the latest patch update.
An external security auditor recently completed a security assessment. He discovered that a system has a vulnerability that two previous security assessments detected. Which of the following BEST explains this?
The vendor has not created a security patch.
As an administrator, you receive an antivirus alert from a server in your network indicating one of the files has a hash of known malware. The file was pushed to the server from the organization' s patch management system and is scheduled to be applied to the server early the next morning. The antivirus software indicates that the file and hash of the malware on the server are: File: gcga_ upgrade.exeHash: bd64571e26035d95e5e9232b4aff b915 Checking the logs of the patch management system, you see the following information: * * Status UpdateName Hash* *Pushed gcga_ upgrade.exe b815571e26035d95e5e9232b4aff48db Which of the following indicates what MOST likely occurred?
The file was infected after it was pushed out to the server.
As a security administrator, you receive an antivirus alert from a server in your network indicating one of the files has a hash of known malware. The file was pushed to the server from the organization' s patch management system and is scheduled to be applied to the server early the next morning. The antivirus software indicates that the file and hash of the malware are: File: gcga_ upgrade.exeHash: 518b571e26035d95e5e9232b4affbd84 Checking the logs of the patch management system, you see the following information: * * Status Update Name Hash* *Pushed gcga_ upgrade.exe 518b571e26035d95e5e9232b4affbd84 Which of the following indicates what MOST likely occurred?
The file was infected when the patch management system downloaded it.
A CISO of a big company is looking to find real-time data on the latest malware, zero day threats and IOCs. What should be the BEST solution the CISO should try to put in place?
Threat feeds
Lisa recently received a security advisory. She' s using it to review logs and looking for activity mentioned in the security advisory. Which of the following BEST describes what she is doing?
Threat hunting
Ziffcorp is developing a new technology that they expect to become a huge success when it is released. The CIO is concerned about someone stealing their company secrets related to this technology. Which of the following will help the CIO identify potential dangers related to the loss of this technology?
Threat hunting
Your organization is planning to expand its cloud-based services offered to the public. In preparation, they expanded the data center. It currently has one row of racks for servers, but they plan to add at least one more row of racks for servers. Engineers calculated the power and HVAC requirements and said the best way to reduce utility costs is by ensuring the two server rows are facing in the opposite direction. What is the primary reason for this configuration?
To create hot and cold aisles
There are several security controls that highly secure SCIFs can implement. Which of the following is the MOST likely reason for securing an air-gapped SCIF HVAC system?
To prevent data leakage
Tony hid several plaintext documents within an image file. He then sent the image file to Louie. Which of the following BEST describes the purpose of his actions?
To support obfuscation
Your company hosts an e-commerce site that sells renewable subscriptions for services. Customers can choose to renew their subscription monthly or annually automatically. However, management does not want to store customer credit card information on any database or system managed by the company. Which of the following can be used instead?
Tokenization
Stadia Corp. is migrating their workloads to a hybrid cloud environment. In this scenario, which of the following technology should the organization use to consolidate and forward inbound Internet traffic to multiple cloud environments through a single firewall?
Transit gateway
Your organization is planning to expand the data center to support more systems. Management wants the plan to focus on resiliency and uptime. Which of the following methods would best support these goals? (Select TWO.)
UPS, NIC teaming
Which of the following describes the proper format of log entries for Linux systems?
syslog
Your organization wants to combine some of the security controls used to control incoming and outgoing network traffic. At a minimum, the solution should include stateless inspection, malware inspection, and a content filter. Which of the following BEST meets this goal?
UTM
What is the best way to protect and manage the encryption keys in the hardware?
Use TPM
A big retail merchant is using locally attached disks to perform on-site backups which is obviously not so reliable. The merchant's main concerns are the physical security of the backup media and the durability and reliablity of the data stored on these devices. The merchant would like the backups to survive the disaster and be available for data restore. Which strategy below would be ideal and cost effective in this scnerio?
Use a cloud backup solution.
You suspect that attackers have been performing a password spraying attack against a Linux server. Which of the following would be the BEST method of confirming your suspicions?
Use the cat command to view the auth.log file
Some network appliances monitoring incoming data have recently started sending alerts on potentially malicious files. You discover that these are PE32 files with the tar.gz extension, and they are being downloaded to several user systems. After investigating further, you discover these users previously opened an email with an infected MHT file. Which of the following answers BEST describes this scenario?
Users installed a RAT, and it is downloading additional tools.
Management within your organization wants employees to be able to access internal network resources from remote locations, including from their homes. Which of the following is the BEST choice to meet this need?
VPN
Which of the following BEST describes a social-engineering attack that relies on an executive at a small business visiting a fake banking website where credit card and account details are harvested?
Whaling
Your organization plans to implement desktops via the cloud. Each desktop will include an operating system and a core group of applications needed by employees, and the cloud provider will manage the desktops. Employees with Internet access will be able to access these desktops from anywhere and almost any device. Which of the following BEST identifies this service?
XaaS
Homer recently received a phishing email with a malicious attachment. He was curious so he opened it to see what it was. It installed malware on his system, and quickly spread to other systems in the network. Security investigators discovered that the malware exploited a vulnerability that was not previously known by any trusted sources. Which of the following BEST describes this attack?
Zero-day
Maggie needs access to the project.doc file available on a Linux server. Lisa, a system administrator responsible for this server, sees the following permissions for the file:rwx rw- ---What should Lisa use to grant Maggie read access to the file?
chmod
Lisa uses a Linux system to regularly connect to a remote server named gcga with a secure ssh connection. However, the ssh account has a complex password, and she wants to avoid using it without sacrificing security. Which of the following commands would she use as a FIRST step when creating a passwordless login with the remote system?
ssh-keygen -t rsa
Lisa is installing an application named gcga.exe on a Linux server. The documentation indicates that the application should be installed with the following permissions: The owner of the application should have read, write, and execute permissions. The owner group of the application should have read and execute permissions. All other users should not have any permissions for the application. Which of the following commands should be used to meet these requirements?
chmod 750 gcga.exe
Security administrators have isolated a Linux server after a successful attack. A forensic analyst is tasked with creating an image of the hard drive of this system for analysis. Which of the following will the analyst MOST likely use to create the image?
dd
Lisa is manually searching through a large log file on a Linux system looking for brute force attack indicators. Which of the following commands will simplify this process for her?
grep
You want to verify that the syslog file is being rotated successfully on a Linux system. Which of the following commands is the BEST choice to use?
head
You're troubleshooting a connectivity issue with a server that has an IP address of 192.168.1.10 from your Linux system. The server does not respond to the ping command, but you suspect that a router is blocking the ping traffic. Which of the following choices would you use to verify the server is responding to traffic?
hping
Homer is not able to access any network resources from his Linux-based computer. Which of the following commands would he use to view the network configuration of his system?
ifconfig
You are writing a script that will perform backups on a Linux system and you plan to schedule the script to run after midnight daily. You want to ensure that the script records when the backup starts and when the backup ends. Which of the following is the BEST choice to meet this requirement?
logger
A server in your network's DMZ was recently attacked. The firewall logs show that the server was attacked from an external IP address with the following socket:72.52.230.233:6789.You want to see if the connection is still active. Which of the following tools would be BEST to use?
netstat
You need to reboot a database server. Before doing so, you need to verify it does not have any active network connections. Which of the following commands will BEST meet your needs?
netstat
You suspect that a Linux computer is establishing connections with a remote server on the Internet without any user interaction. You want to verify this by viewing a summary of protocol statistics on a Linux system. Which of the following commands would you use?
netstat
You have configured a firewall in your network to block ICMP traffic. You want to verify that it is working as expected. Which of the following commands would you use?
ping
You are troubleshooting an issue with the ycda application hosted on a Linux system. You suspect that the issue is caused when performing a specific function. You execute the function and see a generic error message. You now want to view the detailed error logged in the messages file. Which of the following commands would be the BEST choice to use?
tail
You suspect that traffic in your network is being rerouted to an unauthorized router within your network. Which of the following command-line tools would help you narrow down the problem?
tracert
A CEO of Pentamule Corp. receives an email stating their sharepoint files will be encrypted within 48 hours unless a payment of $100K is transferred in bitcoins to the account provided in the email. What would you call this type of attack?
whaling