100 Security Plus Questions (514-625)
Q568: Which of the following are used to substantially increase the computation time required to crack a password? (Choose two.) A. BCRYPT B. Substitution cipher C. ECDHE D. PBKDF2 E. Diffie-Hellman
A. BCRYPT D. PBKDF2
Q607: A security administrator has replaced the firewall and notices a number of dropped connections. After looking at the data the security administrator sees the following information that was flagged as a possible issue: (PIC) Which of the following can the security administrator determine from this? A. An SQL injection attack is being attempted B. Legitimate connections are being dropped C. A network scan is being done on the system D. An XSS attack is being attempted
A. An SQL injection attack is being attempted
Q544: A security analyst receives a notification from the IDS after working hours, indicating a spike in network traffic. Which of the following BEST describes this type of IDS? A. Anomaly-based B. Stateful C. Host-based D. Signature-based
A. Anomaly-based
Q593: A security analyst is implementing PKI-based functionality to a web application that has the following requirements: File contains certificate information Certificate chains Root authority certificates Private key All of these components will be part of one file and cryptographically protected with a password. Given this scenario, which of the following certificate types should the analyst implement to BEST meet these requirements? A. .pfx certificate B. .cer certificate C. .der certificate D. .crt certificate
A. .pfx certificate
Q546: A security analyst is hardening a large-scale wireless network. The primary requirements are the following: Must use authentication through EAP-TLS certificates Must use an AAA server Must use the most secure encryption protocol Given these requirements, which of the following should the analyst implement and recommend? (Select TWO.) A. 802.1X B. 802.3 C. LDAP D. TKIP E. CCMP F. WPA2-PSK
A. 802.1X F. WPA2-PSK
Q594: Which of the following encryption algorithms is used primarily to secure data at rest? A. AES B. SSL C. TLS D. RSA
A. AES
Q618: A company recently updated its website to increase sales. The new website uses PHP forms for leads and provides a directory with sales staff and their phone numbers. A systems administrator is concerned with the new website and provides the following log to support the concern: (PIC) Which of the following is the systems administrator MOST likely to suggest to the Chief Information Security Officer (CISO) based on the above? A. Changing the account standard naming convention B. Implementing account lockouts C. Discontinuing the use of privileged accounts D. Increasing the minimum password length from eight to ten characters
A. Changing the account standard naming convention
Q590: While investigating a virus infection, a security analyst discovered the following on an employee laptop: Multiple folders containing a large number of newly released movies and music files Proprietary company data A large amount of PHI data Unapproved FTP software Documents that appear to belong to a competitor Which of the following should the analyst do FIRST? A. Contact the legal and compliance department for guidance B. Delete the files, remove the FTP software, and notify management C. Back up the files and return the device to the user D. Wipe and reimage the device
A. Contact the legal and compliance department for guidance
Q560: Users are attempting to access a company's website but are transparently redirected to another websites. The users confirm the URL is correct. Which of the following would BEST prevent this issue in the futue? A. DNSSEC B. HTTPS C. IPSec D. TLS/SSL
A. DNSSEC
Q552: Which of the following methods minimizes the system interaction when gathering information to conduct a vulnerability assessment of a router? A. Download the configuration B. Run a credentialed scan. C. Conduct the assessmenet during downtime D. Change the routing to bypass the router.
A. Download the configuration
Q522: A company stores highly sensitive data files used by the accounting system on a server file share. The accounting system uses a service account named accounting-svc to access the file share. The data is protected will a full disk encryption, and the permissions are set as follows: File system permissions: Users = Read Only Share permission: accounting-svc = Read Only Given the listed protections are in place and unchanged, to which of the following risks is the data still subject? A. Exploitation of local console access and removal of data B. Theft of physical hard drives and a breach of confidentiality C. Remote exfiltration of data using domain credentials D. Disclosure of sensitive data to third parties due to excessive share permissions
A. Exploitation of local console access and removal of data
Q521: Which of the following is the proper order for logging a user into a system from the first step to the last step? A. Identification, authentication, authorization B. Identification, authorization, authentication C. Authentication, identification, authorization D. Authentication, identification, authorization E. Authorization, identification, authentication
A. Identification, authentication, authorization
Q621: A systems administrator has been assigned to create accounts for summer interns. The interns are only authorized to be in the facility and operate computers under close supervision. They must also leave the facility at designated times each day. However, the interns can access intern file folders without supervision. Which of the following represents the BEST way to configure the accounts? (Select TWO.) A. Implement time-of-day restrictions. B. Modify archived data. C. Access executive shared portals. D. Create privileged accounts. E. Enforce least privilege.
A. Implement time-of-day restrictions. D. Create privileged accounts.
Q609: A corporation is concerned that, if a mobile device is lost, any sensitive information on the device could be accessed by third parties. Which of the following would BEST prevent this from happening? A. Initiate remote wiping on lost mobile devices B. Use FDE and require PINs on all mobile devices C. Use geolocation to track lost devices D. Require biometric logins on all mobile devices
A. Initiate remote wiping on lost mobile devices
Q556: Corporations choose to exceed regulatory framework standards because of which of the following incentives? A. It improves the legal defensibility of the company. B. It gives a social defense that the company is not violating customer privacy laws. C. It proves to investors that the company takes APT cyber actors seriously D. It results in overall industrial security standards being raised voluntarily.
A. It improves the legal defensibility of the company.
Q548: An organization wants to implement a solution that allows for automated logical controls for network defense. An engineer plans to select an appropriate network security component, which automates response actions based on security threats to the network. Which of the following would be MOST appropriate based on the engineer's requirements? A. NIPS B. HIDS C. Web proxy D. Elastic load balancer E. NAC
A. NIPS
Q622: An attachment that was emailed to finance employees contained an embedded message. The security administrator investigates and finds the intent was to conceal the embedded information from public view. Which of the following BEST describes this type of message? A. Obfuscation B. Stenography C. Diffusion D. BCRYPT
A. Obfuscation
Q610: Ann, a security analyst, wants to implement a secure exchange of email. Which of the following is the BEST option for Ann to implement? A. PGP B. HTTPS C. WPA D. TLS
A. PGP
Q549: A highly complex password policy has made it nearly impossible to crack account passwords. Which of the following might a hacker still be able to perform? A. Pass-the-hash attack B. ARP poisoning attack C. Birthday attack D. Brute force attack
A. Pass-the-hash attack
Q611: After a security assessment was performed on the enterprise network, it was discovered that: Configuration changes have been made by users without the consent of IT. Network congestion has increased due to the use of social media. Users are accessing file folders and network shares that are beyond the scope of their need to know. Which of the following BEST describe the vulnerabilities that exist in this environment? (Choose two.) A. Poorly trained users B. Misconfigured WAP settings C. Undocumented assets D. Improperly configured accounts E. Vulnerable business processes
A. Poorly trained users D. Improperly configured accounts
Q595: A security auditor is performing a vulnerability scan to find out if mobile applications used in the organization are secure. The auditor discovers that one application has been accessed remotely with no legitimate account credentials. After investigating, it seems the application has allowed some users to bypass authentication of that application. Which of the following types of malware allow such a compromise to take place? (Choose two.) A. RAT B. Ransomware C. Worm D. Trojan E. Backdoor
A. RAT E. Backdoor
Q561: Which of the following is a compensating control that will BEST reduce the risk of weak passwords? A. Requiring the use of one-time tokens B. Increasing password history retention count C. Disabling user accounts after exceeding maximum attempts D. Setting expiration of user passwords to a shorter time
A. Requiring the use of one-time tokens
Q613: During a recent audit, several undocumented and unpatched devices were discovered on the internal network. Which of the following can be done to prevent similar occurrences? A. Run weekly vulnerability scans and remediate any missing patches on all company devices B. Implement rogue system detection and configure automated alerts for new devices C. Install DLP controls and prevent the use of USB drives on devices D. Configure the WAPs to use NAC and refuse connections that do not pass the health check
A. Run weekly vulnerability scans and remediate any missing patches on all company devices
Q580: A customer calls a technician and needs to remotely connect to a web server to change some code manually. The technician needs to configure the user's machine with protocols to connect to the Unix web server, which is behind a firewall. Which of the following protocols does the technician MOST likely need to configure? A. SSH B. SFTP C. HTTPS D. SNMP
A. SSH
Q574: A security analyst is doing a vulnerability assessment on a database server. A scanning tool returns the following information: (PIC) There have been several security breaches on the web server that accesses this database. The security team is instructed to mitigate the impact of any possible breaches. The security team is also instructed to improve the security on this database by making it less vulnerable to offline attacks. Which of the following would BEST accomplish these goals? (Choose two.) A. Start using salts to generate MD5 password hashes B. Generate password hashes using SHA-256 C. Force users to change passwords the next time they log on D. Limit users to five attempted logons before they are locked out E. Require the web server to only use TLS 1.2 encryption
A. Start using salts to generate MD5 password hashes C. Force users to change passwords the next time they log on
Q536: A user receives an email from ISP indicating malicious traffic coming from the user's home network is detected. The traffic appears to be Linux-based, and it is targeting a website that was recently featured on the news as being taken offline by an Internet attack. The only Linux device on the network is a home surveillance camera system. Which of the following BEST describes what is happening? A. The camera system is infected with a bot. B. The camera system is infected with a RAT. C. The camera system is infected with a Trojan. D. The camera system is infected with a backdoor.
A. The camera system is infected with a bot.
Q515: An analyst is using a vulnerability scanner to look for common security misconfigurations on devices. Which of the following might be identified by the scanner? (Select TWO). A. The firewall is disabled on workstations. B. SSH is enabled on servers. C. Browser homepages have not been customized. D. Default administrator credentials exist on networking hardware. E. The OS is only set to check for updates once a day.
A. The firewall is disabled on workstations. B. SSH is enabled on servers.
Q573: An employee workstation with an IP address of 204.211.38.211/24 reports it is unable to submit print jobs to a network printer at 204.211.38.52/24 after a firewall upgrade. The active firewall rules are as follows: (PIC) Assuming port numbers have not been changed from their defaults, which of the following should be modified to allow printing to the network printer? A. The permit statement for 204.211.38.52/24 should be changed to TCP port 631 instead of UDP B. The deny statement for 204.211.38.52/24 should be changed to a permit statement C. The permit statement for 204.211.38.52/24 should be changed to UDP port 443 instead of 631 D. The permit statement for 204.211.38.211/24 should be changed to TCP port 631 only instead of ALL
A. The permit statement for 204.211.38.52/24 should be changed to TCP port 631 instead of UDP
Q539: An organization has implemented an IPSec VPN access for remote users. Which of the following IPSec modes would be the MOST secure for this organization to implement? A. Tunnel mode B. Transport mode C. AH-only mode D. ESP-only mode
A. Tunnel mode
Q585: Which of the following is a technical preventive control? A. Two-factor authentication B. DVR-supported cameras C. Acceptable-use MOTD D. Syslog server
A. Two-factor authentication
Q588: A Chief Information Security Officer (CISO) asks the security architect to design a method for contractors to access the company's internal network securely without allowing access to systems beyond the scope of their project. Which of the following methods would BEST fit the needs of the CISO? A. VPN B. PaaS C. IaaS D. VDI
A. VPN
Q572: Which of the following is a major difference between XSS attacks and remote code exploits? A. XSS attacks use machine language, while remote exploits use interpreted language B. XSS attacks target servers, while remote code exploits target clients C. Remote code exploits aim to escalate attackers' privileges, while XSS attacks aim to gain access only D. Remote code exploits allow writing code at the client side and executing it, while XSS attacks require no code to work
A. XSS attacks use machine language, while remote exploits use interpreted language
Q529: Which of the following metrics are used to calculate the SLE? (Select TWO) A. ROI B. ARO C. ALE D. MTBF E. MTTF F. TCO
B. ARO C. ALE
Q570: A network administrator is brute forcing accounts through a web interface. Which of the following would provide the BEST defense from an account password being discovered? A. Password history B. Account lockout C. Account expiration D. Password complexity
B. Account lockout
Q604: A member of the human resources department is searching for candidate resumes and encounters the following error message when attempting to access popular job search websites: (PIC) Which of the following would resolve this issue without compromising the company's security policies? A. Renew the DNS settings and IP address on the employee's computer B. Add the employee to a less restrictive group on the content filter C. Remove the proxy settings from the employee's web browser D. Create an exception for the job search sites in the host-based firewall on the employee's computer
B. Add the employee to a less restrictive group on the content filter
Q554: A small- to medium-sized company wants to block the use of USB devices on its network. Which of the following is the MOST cost-effective way for the security analyst to prevent this? A. Implement a DLP system B. Apply a GPO C. Conduct user awareness training D. Enforce the AUP.
B. Apply a GPO
Q619: A company hired a firm to test the security posture of its database servers and determine if any vulnerabilities can be exploited. The company provided limited information pertaining to the infrastructure and database server. Which of the following forms of testing does this BEST describe? A. Black box B. Gray box C. White box D. Vulnerability scanning
B. Gray box
Q615: An analyst is currently looking at the following output: (PIC) Which of the following security issues has been discovered based on the output? A. Insider threat B. License compliance violation C. Unauthorized software D. Misconfigured admin permissions
B. License compliance violation
Q514: A systems administrator is configuring a system that uses data classification labels. Which of the following will the administrator need to implement to enforce access control? A. Discretionary access control B. Mandatory access control C. Role-based access control D. Rule-based access control
B. Mandatory access control
Q589: To get the most accurate results on the security posture of a system, which of the following actions should the security analyst do prior to scanning? A. Log all users out of the system B. Patch the scanner C. Reboot the target host D. Update the web plugins
B. Patch the scanner
Q616: A company has purchased a new SaaS application and is in the process of configuring it to meet the company's needs. The director of security has requested that the SaaS application be integrated into the company's IAM processes. Which of the following configurations should the security administrator set up in order to complete this request? A. LDAP B. RADIUS C. SAML D. NTLM
B. RADIUS
Q583: A security administrator is reviewing the following firewall configuration after receiving reports that users are unable to connect to remote websites: (PIC) Which of the following is the MOST secure solution the security administrator can implement to fix this issue? A. Add the following rule to the firewall: 5 PERMIT FROM:ANY TO:ANY PORT:53 B. Replace rule number 10 with the following rule: 10 PERMIT FROM:ANY TO:ANY PORT:22 C. Insert the following rule in the firewall: 25 PERMIT FROM:ANY TO:ANY PORTS:ANY D. Remove the following rule from the firewall: 30 DENY FROM:ANY TO:ANY PORT:ANY
B. Replace rule number 10 with the following rule: 10 PERMIT FROM:ANY TO:ANY PORT:22
Q597: As part of a corporate merger, two companies are combining resources. As a result, they must transfer files through the Internet in a secure manner. Which of the following protocols would BEST meet this objective? (Choose two.) A. LDAPS B. SFTP C. HTTPS D. DNSSEC E. SRTP
B. SFTP C. HTTPS
Q526: A company wants to implement an access management solution that allows employees to use the same usernames and passwords for multiple applications without having to keep multiple credentials synchronized. Which of the following solutions would BEST meet these requirements? A. Multifactor authentication B. SSO C. Biometrics D. PKI E. Federation
B. SSO
Q562: A consumer purchases an exploit from the dark web. The exploit targets the online shopping cart of a popular website, allowing the shopper to modify the price of an item as checkout. Which of the following BEST describes this type of user? A. Insider B. Script kiddie C. Competitor D. Hacktivist E. APT
B. Script kiddie
Q605: A security analyst is reviewing the password policy for a service account that is used for a critical network service. The password policy for this account is as follows: (PIC) Which of the following adjustments would be the MOST appropriate for the service account? A. Disable account lockouts B. Set the maximum password age to 15 days C. Set the minimum password age to seven days D. Increase password length to 18 characters
B. Set the maximum password age to 15 days
Q575: A systems administrator has implemented multiple websites using host headers on the same server. The server hosts two websites that require encryption and other websites where encryption is optional. Which of the following should the administrator implement to encrypt web traffic for the required websites? A. Extended domain validation B. TLS host certificate C. OCSP stapling D. Wildcard certificate
B. TLS host certificate
Q530: Due to regulatory requirements, server in a global organization must use time synchronization. Which of the following represents the MOST secure method of time synchronization? A. The server should connect to external Stratum 0 NTP servers for synchronization B. The server should connect to internal Stratum 0 NTP servers for synchronization C. The server should connect to external Stratum 1 NTP servers for synchronization D. The server should connect to external Stratum 1 NTP servers for synchronization
B. The server should connect to internal Stratum 0 NTP servers for synchronization
Q620: When considering IoT systems, which of the following represents the GREATEST ongoing risk after a vulnerability has been discovered? A. Difficult-to-update firmware B. Tight integration to existing systems C. IP address exhaustion D. Not using industry standards
B. Tight integration to existing systems
Q550: Which of the following is the main difference an XSS vulnerability and a CSRF vulnerability? A. XSS needs the attacker to be authenticated to the trusted server. B. XSS does not need the victim to be authenticated to the trusted server. C. CSRF needs the victim to be authenticated to the trusted server. D. CSRF does not need the victim to be authenticated to the trusted server. E. CSRF does not need the attacker to be authenticated to the trusted server.
B. XSS does not need the victim to be authenticated to the trusted server. C. CSRF needs the victim to be authenticated to the trusted server.
Q538: An organization wants to upgrade its enterprise-wide desktop computer solution. The organization currently has 500 PCs active on the network. The Chief Information Security Officer (CISO) suggests that the organization employ desktop imaging technology for such a large scale upgrade. Which of the following is a security benefit of implementing an imaging solution? A. it allows for faster deployment B. it provides a consistent baseline C. It reduces the number of vulnerabilities D. It decreases the boot time
B. it provides a consistent baseline
Q559: A buffer overflow can result in: A. loss of data caused by unauthorized command execution. B. privilege escalation caused by TPN override. C. reduced key strength due to salt manipulation. D. repeated use of one-time keys.
B. privilege escalation caused by TPN override.
Q532: Which of the following scenarios BEST describes an implementation of non-repudiation? A. A user logs into a domain workstation and access network file shares for another department B. A user remotely logs into the mail server with another user's credentials C. A user sends a digitally signed email to the entire finance department about an upcoming meeting D. A user access the workstation registry to make unauthorized changes to enable functionality within an application
C. A user sends a digitally signed email to the entire finance department about an upcoming meeting
Q625: A security administrator needs to configure remote access to a file share so it can only be accessed between the hours of 9:00 a.m. and 5:00 p.m. Files in the share can only be accessed by members of the same department as the data owner. Users should only be able to create files with approved extensions, which may differ by department. Which of the following access controls would be the MOST appropriate for this situation? A. RBAC B. MAC C. ABAC D. DAC
C. ABAC
Q542: A security administrator has configured a RADIUS and a TACACS+ server on the company's network. Network devices will be required to connect to the TACACS+ server for authentication and send accounting information to the RADIUS server. Given the following information: RADIUS IP: 192.168.20.45 TACACS+ IP: 10.23.65.7 Which of the following should be configured on the network clients? (Select two.) A. Accounting port: TCP 389 B. Accounting port: UDP 1812 C. Accounting port: UDP 1813 D. Authentication port: TCP 49 E. Authentication port: TCP 88 F. Authentication port: UDP 636
C. Accounting port: UDP 1813 D. Authentication port: TCP 49
Q567: Which of the following development models entails several iterative and incremental software development methodologies such as Scrum? A. Spiral B. Waterfall C. Agile D. Rapid
C. Agile
Q531: When sending messages using symmetric encryption, which of the following must happen FIRST? A. Exchange encryption key B. Establish digital signatures C. Agree on an encryption method D. Install digital certificates
C. Agree on an encryption method
Q555: Which of the following is the BEST way for home users to mitigate vulnerabilities associated with IoT devices on their home networks? A. Power off the devices when they are not in use. B. Prevent IoT devices from contacting the Internet directly. C. Apply firmware and software updates upon availability. D. Deploy a bastion host on the home network.
C. Apply firmware and software updates upon availability.
Q614: A company needs to implement a system that only lets a visitor use the company's network infrastructure if the visitor accepts the AUP. Which of the following should the company use? A. WiFi-protected setup B. Password authentication protocol C. Captive portal D. RADIUS
C. Captive portal
Q578: During a lessons learned meeting regarding a previous incident, the security team receives a follow-up action item with the following requirements: Allow authentication from within the United States anytime Allow authentication if the user is accessing email or a shared file system Do not allow authentication if the AV program is two days out of date Do not allow authentication if the location of the device is in two specific countries Given the requirements, which of the following mobile deployment authentication types is being utilized? A. Geofencing authentication B. Two-factor authentication C. Context-aware authentication D. Biometric authentication
C. Context-aware authentication
Q534: Which of the following is an asymmetric function that generates a new and separate key every time it runs? A. RSA B. DSA C. DHE D. HMAC E. PBKDF2
C. DHE
Q523: A bank uses a wireless network to transmit credit card purchases to a billing system. Which of the following would be MOST appropriate to protect credit card information from being accessed by unauthorized individuals outside of the premises? A. Air gap B. Infrared detection C. Faraday cage D. Protected distributions
C. Faraday cage
Q566: Joe, a backup administrator, wants to implement a solution that will reduce the restoration time of physical servers. Which of the following is the BEST method for Joe to use? A. Differential B. Incremental C. Full D. Snapshots
C. Full
Q571: A security engineer wants to add SSL to the public web server. Which of the following would be the FIRST step to implement the SSL certificate? A. Download the web certificate B. Install the intermediate certificate C. Generate a CSR D. Encrypt the private key
C. Generate a CSR
Q596: An organization electronically processes sensitive data within a controlled facility. The Chief Information Security Officer (CISO) wants to limit emissions from emanating from the facility. Which of the following mitigates this risk? A. Upgrading facility cabling to a higher standard of protected cabling to reduce the likelihood of emission spillage B. Hardening the facility through the use of secure cabinetry to block emissions C. Hardening the facility with a Faraday cage to contain emissions produced from data processing D. Employing security guards to ensure unauthorized personnel remain outside of the facility
C. Hardening the facility with a Faraday cage to contain emissions produced from data processing
Q524: A help desk technician receives a phone call from an individual claiming to be an employee of the organization and requesting assistance to access a locked account. The help desk technician asks the individual to provide proof of identity before access can be granted. Which of the following types of attack is the caller performing? A. Phishing B. Shoulder surfing C. Impersonation D. Dumpster diving
C. Impersonation
Q598: A company is deploying a file-sharing protocol access a network and needs to select a protocol for authenticating clients. Management requests that the service be configured in the most secure way possible. The protocol must also be capable of mutual authentication, and support SSO and smart card logons. Which of the following would BEST accomplish this task? A. Store credentials in LDAP B. Use NTLM authentication C. Implement Kerberos D. Use MSCHAP authentication
C. Implement Kerberos
Q517: A security administrator is reviewing the following PowerShell script referenced in the Task Scheduler on a database server:(PIC) Which of the following did the security administrator discover? A. Ransomeware B. Backdoor C. Logic bomb D. Trojan
C. Logic bomb
Q576: Which of the following are considered among the BEST indicators that a received message is a hoax? (Choose two.) A. Minimal use of uppercase letters in the message B. Warnings of monetary loss to the receiver C. No valid digital signature from a known security organization D. Claims of possible damage to computer hardware E. Embedded URLs
C. No valid digital signature from a known security organization E. Embedded URLs
Q599: A company wants to provide centralized authentication for its wireless system. The wireless authentication system must integrate with the directory back end. Which of the following is a AAA solution that will provide the required wireless authentication? A. TACACS+ B. MSCHAPv2 C. RADIUS D. LDAP
C. RADIUS
Q569: Which of the following describes the maximum amount of time a mission essential function can operate without the systems it depends on before significantly impacting the organization? A. MTBF B. MTTR C. RTO D. RPO
C. RTO
Q581: A security analyst is assessing a small company's internal servers against recommended security practices. Which of the following should the analyst do to conduct the assessment? (Choose two.) A. Compare configurations against platform benchmarks B. Confirm adherence to the company's industry-specific regulations C. Review the company's current security baseline D. Verify alignment with policy related to regulatory compliance E. Run an exploitation framework to confirm vulnerabilities
C. Review the company's current security baseline E. Run an exploitation framework to confirm vulnerabilities
Q525: Confidential emails from an organization were posted to a website without the organization's knowledge. Upon investigation, it was determined that the emails were obtained from an internal actor who sniffed the emails in plain text. Which of the following protocols, if properly implemented, would have MOST likely prevented the emails from being sniffed? (Select TWO) A. Secure IMAP B. DNSSEC C. S/MIME D. SMTPS E. HTTPS
C. S/MIME D. SMTPS
Q528: Which of the following authentication concepts is a gait analysis MOST closely associated? A. Somewhere you are B. Something you are C. Something you do D. Something you know
C. Something you do
Q535: Which of the following would be considered multifactor authentication? A. Hardware token and smart card B. Voice recognition and retina scan C. Strong password and fingerprint D. PIN and security questions
C. Strong password and fingerprint
Q537: A security auditor is testing perimeter security in a building that is protected by badge readers. Which of the following types of attacks would MOST likely gain access? A. Phishing B. Man-in-the-middle C. Tailgating D. Watering hole E. Shoulder surfing
C. Tailgating
Q577: Management wishes to add another authentication factor in addition to fingerprints and passwords in order to have three-factor authentication. Which of the following would BEST satisfy this request? A. Retinal scan B. Passphrase C. Token fob D. Security question
C. Token fob
Q606: An employee in the finance department receives an email, which appears to come from the Chief Financial Officer (CFO), instructing the employee to immediately wire a large sum of money to a vendor. Which of the following BEST describes the principles of social engineering used? (Choose two.) A. Familiarity B. Scarcity C. Urgency D. Authority E. Consensus
C. Urgency D. Authority
Q603: An organization is providing employees on the shop floor with computers that will log their time based on when they sign on and off the network. Which of the following account types should the employees receive? A. Shared account B. Privileged account C. User account D. Service account
C. User account
Q617: An organization wants to implement a method to correct risks at the system/application layer. Which of the following is the BEST method to accomplish this goal? A. IDS/IPS B. IP tunneling C. Web application firewall D. Patch management
C. Web application firewall
Q543: A number of employees report that parts of an ERP application are not working. The systems administrator reviews the following information from one of the employee workstations: Execute permission denied: financemodule.dll Execute permission denied: generalledger.dll Which of the following should the administrator implement to BEST resolve this issue while minimizing risk and attack exposure? A. Update the application blacklist B. Verify the DLL's file integrity C. Whitelist the affected libraries D. Place the affected employees in the local administrator's group
C. Whitelist the affected libraries
Q541: A security administrator suspects that a DDoS attack is affecting the DNS server. The administrator accesses a workstation with the hostname of workstation01 on the network and obtains the following output from the ipconfig command: (PIC) The administrator successfully pings the DNS server from the workstation. Which of the following commands should be issued from the workstation to verify the DDoS attack is no longer occuring? A. dig www.google.com B. dig 192.168.1.254 C. dig workstation01.com D. dig 192.168.1.26
C. dig workstation01.com
Q602: An analyst is part of a team that is investigating a potential breach of sensitive data at a large financial services organization. The organization suspects a breach occurred when proprietary data was disclosed to the public. The team finds servers were accessed using shared credentials that have been in place for some time. In addition, the team discovers undocumented firewall rules, which provided unauthorized external access to a server. Suspecting the activities of a malicious insider threat, which of the following was MOST likely to have been utilized to exfiltrate the proprietary data? A. Keylogger B. Botnet C. Crypto-malware D. Backdoor E. Ransomware F. DLP
D. Backdoor
Q557: A security administrator is implementing a new WAF solution and has placed some of the web servers behind the WAF, with the WAF set to audit mode. When reviewing the audit logs of external requests and posts to the web servers, the administrator finds the following entry: (PIC) Based on this data, which of the following actions should the administrator take? A. Alert the web server administrators to a misconfiguration. B. Create a blocking policy based on the parameter values. C. Change the parameter name 'Account_Name' identified in the log. D. Create an alert to generate emails for abnormally high activity.
D. Create an alert to generate emails for abnormally high activity.
Q612: A security administrator wants to determine if a company's web servers have the latest operating system and application patches installed. Which of the following types of vulnerability scans should be conducted? A. Non-credentialed B. Passive C. Port D. Credentialed E. Red team F. Active
D. Credentialed
Students at a residence hall are reporting Internet connectivity issues. The university's network administrator configured the residence hall's network to provide public IP addresses to all connected devices, but many student devices are receiving private IP addresses due to rogue devices. The network administrator verifies the residence hall's network is correctly configured and contacts the security administrator for help. Which of the following configurations should the security administrator suggest for implementation? A. Router ACLs B. BPDU guard C. Flood guard D. DHCP snooping
D. DHCP snooping
Q520: A systems administrator is deploying a new mission essential server into a virtual environment. Which of the following is BEST mitigated by the environment's rapid elasticity characteristic? A. Data confidentiality breaches B. VM escape attacks C. Lack of redundancy D. Denial of service
D. Denial of service
Q600: An incident response analyst at a large corporation is reviewing proxy log data. The analyst believes a malware infection may have occurred. Upon further review, the analyst determines the computer responsible for the suspicious network traffic is used by the Chief Executive Officer (CEO). Which of the following is the best NEXT step for the analyst to take? A. Call the CEO directly to ensure awareness of the event B. Run a malware scan on the CEO's workstation C. Reimage the CEO's workstation D. Disconnect the CEO's workstation from the network
D. Disconnect the CEO's workstation from the network
Q551: A group of developers is collaborating to write software for a company. The developers need to work in subgroups and control who has access to their modules. Which of the following access control methods is considered user-centric? A. Time-based B. Mandatory C. Rule-based D. Discretionary
D. Discretionary
Q591: Which of the following penetration testing concepts is an attacker MOST interested in when placing the path of a malicious file in the Windows/CurrentVersion/Run registry key? A. Persistence B. Pivoting C. Active reconnaissance D. Escalation of privilege
D. Escalation of privilege
Q586: A security administrator is performing a risk assessment on a legacy WAP with a WEP-enabled wireless infrastructure. Which of the following should be implemented to harden the infrastructure without upgrading the WAP? A. Implement WPA and TKIP B. Implement WPS and an eight-digit pin C. Implement WEP and RC4 D. Implement WPA2 Enterprise
D. Implement WPA2 Enterprise
Q540: Several workstations on a network are found to be on OS versions that are vulnerable to a specific attack. Which of the following is considered to be a corrective action to combat this vulnerability? A. Install an antivirus definition patch B. Educate the workstation users C. Leverage server isolation D. Install a vendor-supplied patch E. Install an intrusion detection system
D. Install a vendor-supplied patch
Q553: Which of the following BEST explains why sandboxing is a best practice for testing software from an untrusted vendor prior to an enterprise deployment? A. It allows the software to run in an unconstrained environment with full network access. B. It eliminates the possibility of privilege escalation attacks against the local VM host. C. It facilitates the analysis of possible malware by allowing it to run until resources are exhausted. D. It restricts the access of the software to a contained logical space and limits possible damage.
D. It restricts the access of the software to a contained logical space and limits possible damage.
Q579: A network administrator is creating a new network for an office. For security purposes, each department should have its resources isolated from every other department but be able to communicate back to central servers. Which of the following architecture concepts would BEST accomplish this? A. Air gapped network B. Load balanced network C. Network address translation D. Network segmentation
D. Network segmentation
Q533: An office manager found a folder that included documents with various types of data relating to corporate clients. The office manager notified the data included dates of birth, addresses, and phone numbers for the clients. The office manager then reported this finding to the security compliance officer. Which of the following portions of the policy would the security officer need to consult to determine if a breach has occurred? A. Public B. Private C. PHI D. PII
D. PII
Q547: A company recently experienced data exfiltration via the corporate network. In response to the breach, a security analyst recommends deploying an out-of-band IDS solution. The analyst says the solution can be implemented without purchasing any additional network hardware. Which of the following solutions will be used to deploy the IDS? A. Network tap B. Network proxy C. Honeypot D. Port mirroring
D. Port mirroring
Q608: A penetration testing team deploys a specifically crafted payload to a web server, which results in opening a new session as the web server daemon. This session has full read/write access to the file system and the admin console. Which of the following BEST describes the attack? A. Domain hijacking B. Injection C. Buffer overflow D. Privilege escalation
D. Privilege escalation
Q592: An organization has an account management policy that defines parameters around each type of account. The policy specifies different security attributes, such as longevity, usage auditing, password complexity, and identity proofing. The goal of the account management policy is to ensure the highest level of security while providing the greatest availability without compromising data integrity for users. Which of the following account types should the policy specify for service technicians from corporate partners? A. Guest account B. User account C. Shared account D. Privileged user account E. Default account F. Service account
D. Privileged user account
Q582: Joe recently assumed the role of data custodian for this organization. While cleaning out an unused storage safe, he discovers several hard drives that are labeled "unclassified" and awaiting destruction. The hard drives are obsolete and cannot be installed in any of his current computing equipment. Which of the following is the BEST method for disposing of the hard drives? A. Burning B. Wiping C. Purging D. Pulverizing
D. Pulverizing
Q527: An external auditor visits the human resources department and performs a physical security assessment. The auditor observed documents on printers that are unclaimed. A closer look at these documents reveals employee names, addresses, ages, and types of medical and dental coverage options each employee has selected. Which of the following is the MOST appropriate actions to take? A. Flip the documents face down so no one knows these documents are PII sensitive B. Shred the documents and let the owner print the new set C. Retrieve the documents, label them with a PII cover sheet, and return them to the printer D. Report to the human resources manager that their personnel are violating a privacy policy
D. Report to the human resources manager that their personnel are violating a privacy policy
Q623: If two employees are encrypting traffic between them using a single encryption key, which of the following agorithms are they using? A. RSA B. 3DES C. DSA D. SHA-2
D. SHA-2
Q601: A law office has been leasing dark fiber from a local telecommunications company to connect a remote office to company headquarters. The telecommunications company has decided to discontinue its dark fiber product and is offering an MPLS connection, which the law office feels is too expensive. Which of the following is the BEST solution for the law office? A. Remote access VPN B. VLAN C. VPN concentrator D. Site-to-site VPN
D. Site-to-site VPN
Q516: A security analyst is reviewing patches on servers. One of the servers is reporting the following error message in the WSUS management console: The computer has not reported status in 30 days. Given this scenario, which of the following statements BEST represents the issue with the output above? A. The computer in question has not pulled the latest ACL policies for the firewall. B. The computer in question has not pulled the latest GPO policies from the management server. C. The computer in question has not pulled the latest antivirus definitions from the antivirus program. D. The computer in question has not pulled the latest application software updates.
D. The computer in question has not pulled the latest application software updates.
Q519: A malicious system continuously sends an extremely large number of SYN packets to a server. Which of the following BEST describes the resulting effect? A. The server will be unable to server clients due to lack of bandwidth B. The server's firewall will be unable to effectively filter traffic due to the amount of data transmitted C. The server will crash when trying to reassemble all the fragmented packets D. The server will exhaust its memory maintaining half-open connections
D. The server will exhaust its memory maintaining half-open connections
Q558: A call center company wants to implement a domain policy primarily for its shift workers. The call center has large groups with different user roles. Management wants to monitor group performance. Which of the following is the BEST solution for the company to implement? A. Reduced failed logon attempts B. Mandatory password changes C. Increased account lockout time D. Time-of-day restrictions
D. Time-of-day restrictions
Q587: A systems administrator is installing a new server in a large datacenter. Which of the following BEST describes the importance of properly positioning servers in the rack to maintain availability? A. To allow for visibility of the servers' status indicators B. To adhere to cable management standards C. To maximize the fire suppression system's efficiency D. To provide consistent air flow
D. To provide consistent air flow
Q518: A bank is experiencing a DoS attack against an application designed to handle 500 IP-based sessions. in addition, the perimeter router can only handle 1Gbps of traffic. Which of the following should be implemented to prevent a DoS attacks in the future? A. Deploy multiple web servers and implement a load balancer B. Increase the capacity of the perimeter router to 10 Gbps C. Install a firewall at the network to prevent all attacks D. Use redundancy across all network devices and services
D. Use redundancy across all network devices and services
Q624: An organization hosts a public-facing website that contains a login page for users who are registered and authorized to access a secure, non-public section of the site. That non-public site hosts information that requires multifactor authentication for access. Which of the following access management approaches would be the BEST practice for the organization? A. Username/password with TOTP B. Username/password with pattern matching C. Username/password with a PIN D. Username/password with a CAPTCHA
D. Username/password with a CAPTCHA
Q545: An instructor is teaching a hands-on wireless security class and needs to configure a test access point to show students an attack on a weak protocol. Which of the following configurations should the instructor implement? A. WPA2 B. WPA C. EAP D. WEP
D. WEP