Security+ Set 2
A network engineer is troubleshooting wireless network connectivity issues that were reported by users. The issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return to their desks after using their devices in other areas of the building. There have also been reports of users being required to enter their credentials on web pages in order to gain access to them. Which of the following is the MOST likely cause of this issue? l:i)A An external access point is engaging in an evil-twin attack. B. The signal on the WAP needs to be increased in that section of the building. C. The certificates have expired on the devices and need to be reinstalled. D. The users in that section of the building are on a VLAN that is being blocked by the firewall.
A An external access point is engaging in an evil-twin attack
A security administrator replaced the firewall and then noticed a number of dropped connections. After looking at the data, the administrator sees the following information as a possible issue: 'SELECT * FROM'' and '1'='1' Which of the following can the security administrator determine from this? A. A SQL injection attack is being attempted B. Legitimate connections are being dropped C. A network scan is being done on the system D. AN XSS attack is being attempted
A. A SQL injection attack is being attempted
A software vulnerability that can be avoided by using input validation? A. Buffer overflow B. Application fuzzing C. Incorrect input D. Error handling
A. Buffer overflow
A major clothing company recently lost a large amount of proprietary information. The security officer must find a solution to ensure this never happens again. Which of the following is the BEST technical implementation to prevent this from happening again? A. Configure OLP solutions. B. Disable peer-to-peer sharing. C. Enable role-based access controls. D. Mandate job rotation. E. Implement content filters.
A. Configure OLP solutions.
A security analyst is configuring a large number of new company-issued laptops. The analyst received the following requirements • The devices will be used internationally by staff who travel extensively. • Occasional personal use is acceptable due to the travel requirements. • Users must be able to install and configure sanctioned programs and productivity suites. • The devices must be encrypted. • The devices must be capable of operating in low-bandwidth environments. Which of the following would provide the GREATEST benefit to the security posture of the devices? A. Configuring an always-on VPN B. Implementing application whitelisting C. Requiring web traffic to pass through the on-premises content filter D. Setting the antivirus DAT update schedule to weekly
A. Configuring an always-on VPN
A university with remote campuses, which all use different service providers, loses Internet connectivity across all locations. After a few minutes, Internet and VoIP services are restored, only to go offline again at random intervals, typically within four minutes of services being restored. Outages continue throughout the day, impacting all inbound and outbound connections and services. Services that are limited to the local LAN or WiFi network are not impacted, but all WAN and VoIP services are affected. Later that day, the edge-router manufacturer releases a CVE outlining the ability of an attacker to exploit the SIP protocol handling on devices, leading to resource exhaustion and system reloads. Which of the following BEST describe this type of attack? (Select TWO). A. Dos B. SSL stripping C. Memory leak D. Race condition E. Shimming F. Refactoring
A. Dos C. Memory leak
A security analyst reviews the datacenter access logs for a fingerprint scanner and notices an abundance of errors that correlate with users' reports of issues accessing the facility. Which of the following MOST likely indicates the cause of the access issues? A. False rejection B. Cross-over error rate C. Efficacy rate D. Attestation
A. False rejection
Which of the following would a European company interested in implementing a technical, hands-on set of security standards MOST likely choose? A. GDPR B. CIS controls C. 15027001 D. 15031000
A. GDPR
A company's Chief Information Security Officer (CISO) recently warned the security manager that the company's Chief Executive Officer (CEO) is planning to publish a controversial opinion article in a national newspaper, which may result in new cyberattacks. Which of the following would be BEST for the security manager to use in a threat model? A. Hacktivists B. White-hat hackers C. Script kiddies D. Insider threats
A. Hacktivists
In order to prevent the possibility of a thermal shutdown, which of the following physical controls should be implemented in a datacenter? A. Hot and cold aisles B. Air-gapped servers C. Infrared detection D. Halon suppression
A. Hot and cold aisles
A security engineer needs to implement the following requirements: • All Layer 2 switches should leverage Active Directory for authentication. •All Layer 2 switches should use local tailback authentication if Active Directory is offline. • All Layer 2 switches are not the same and are manufactured by several vendors. Which of the following actions should the engineer take to meet these requirements? (Select TWO). A. Implement RADIUS . B. Configure AAA on the switch with local login as secondary. C. Configure port security on the switch with the secondary login method. D. Implement TACACS+. E. Enable the local firewall on the Active Directory server. F. Implement a DHCP server.
A. Implement RADIUS B. Configure AAA on the switch with local login as secondary.
A security analyst needs to make a recommendation for restricting access to certain segments of the network using only data-link layer security. Which of the following controls will the analyst MOST likely recommend? A. MAC B. ACL C. BPDU D. ARP
A. MAC
A security administrator checks the table of a network switch, which shows the following output: VLAN Physical address Type Port 1 001a:~2ff:5113 Dynamic GE:0/5 1 Ofaa:abcf:ddee Dynamic GE:0/5 1 c6a9:6bl6:758e Dynamic GE:0/5 1 a3aa:b6a3:1212 Dynamic GE:0/5 1 8025:2ad8:bfac Dynamic GE:0/5 1 b839::!:995:a00a Dynamic GE:0/5 Which of the following is happening to this switch? A. MAC flooding B. DNS poisoning C. MAC doning D. ARP poisoning
A. MAC flooding
A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would BEST support the policy? A. Mobile device management B. Full-device encryption C. Remote wipe D. Biometrics
A. Mobile device management
A worldwide manufacturing company has been experiencing email account compromises. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would BEST prevent this type of attack? A. Network location B. Impossible travel time C. Geolocation D. Geofencing
A. Network location
A company has discovered unauthorized devices are using its WiFi network, and it wants to harden the access point to improve security. Which of the following configurations should an analyst enable to improve security? (Select TWO). A. RADIUS B. PEAP C. WPS 0. WEP-TKIP E. SSL F. WPA2-PSK A company's Chief Information Security Officer (CISO) recently warned the security manager that the company's Chief Executive Officer (CEO) is planning to publish a controversial opinion article in a national ne
A. RADIUS B. PEAP
Passwords must be stored using one-way encryption, credit card information must be stored using reversible encryption (Select TWO) A. SHA for passwords B. 3DES for passwords C. RC4 for passwords D. AES for credit cards E. MOS for credit cards F. HMAC for credit cards
A. SHA for passwords D. AES for credit cards
A technician is required to configure updates on a guest operating system while maintaining the ability to quickly revert the changes that were made while testing the updates. Which of the following should the technician implement? A. Snapshots B. Revert to known state C. Rollback to known configuration D. Shadow copy
A. Snapshots
Which of the following environments minimizes end-user disruption and is MOST likely to be used to assess the impacts of any database migrations or major system changes by using the final version of the code? A. Staging B. Test C. Production D. Development
A. Staging
A security analyst discovers several .jpg photos from a cellular phone during a forensics investigation involving a compromised system. The analyst runs a forensics tool to gather file metadata. Which of the following would be part of the images if all the metadata is still intact? A. The GPS location B. When the file was deleted C. The total number of print jobs D. The number of copies made
A. The GPS location
A forensics examiner is attempting to dump passwords cached in the physical memory of a live system but keeps receiving an error message. Which of the following BEST describes the cause of the error? A. The examiner does not have administrative privileges to the system. 8. The system must be taken offline before a snapshot can be created. C. Checksum mismatches are invalidating the disk image. D. The swap file needs to be unlocked before it can be accessed.
A. The examiner does not have administrative privileges to the system.
Which of the following is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization? A. To provide data to quantify risk based on the organization's systems B. To keep all software and hardware fully patched for known vulnerabilities C. To only allow approved, organization-owned devices onto the business network D. To standardize by selecting one laptop model for all users in the organization
A. To provide data to quantify risk based on the organization's systems
Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company's final software releases? (Select TWO). A. Unsecure protocols B. Use of penetration-testing utilities C. Weak passwords D. Included third-party libraries E. Vendors/supply chain F. Outdated anti-malware software
A. Unsecure protocols D. Included third-party libraries
Confirming that system patches are up to date, application hot fixes are current, and unneeded ports and services have been disabled? A. Vulnerability assessment B. White box test C. Penetration test D. Peer review
A. Vulnerability assessment
A security analyst is performing a packet capture on a series of SOAP HTTP requests for a security assessment. The analyst redirects the output to a file. After the capture is complete, the analyst needs to review the first transactions quickly and then search the entire series of requests for a particular string. Which of the following would be BEST to use to accomplish the task? (Select TWO). A. head B. tcpdump C. grep D. tail E. curl F. openssl G. dd
A. head C. grep
Many passwords are cracked using rainbow tables. Which of the following actions could have helped prevent the use of rainbow tables on the password hashes? A. use salting when computing MOS hashes of the user passwords B. Use SHA as a hashing algorithm instead of MOS C. Require SSL for all user logins to secure the password hashes in transit 0. Prevent users from using a dictionary word in their password
A. use salting when computing MOS hashes of the user passwords
A network engineer needs to create a plan for upgrading the wireless infrastructure in a large office. Priority must be given to areas that are currently experiencing latency and connection issues. Which of the following would be the BEST resource for determining the order of priority? A. Nmap B. Heat maps C. Network diagrams D. Wireshark
B. Heat maps
A security analyst sees the following log output while reviewing web logs: (02/Feb/2019:03:39:21 -00001 23.35.212.99 12.59.34.88 - "GET /uri/inpue.action? query=%2f .. %2£ .. %2£ .. %2fetc%2fpa99wd HTTP/l. 0" 80 200 200 [02/Feb/2019:03:39:85 -00001 23.35.212.99 12.59.34.88 - "GET /uri/input.action?query=/ .. / .. / .. /etc/pa99wd HTTP/1.0" 80 200 200 Which of the following mitigation strategies would be BEST to prevent this attack from being successful? A. Secure cookies B. Input validation C. Code signing D. Stored procedures
B. Input validation
A security analyst needs to complete an assessment. The analyst is logged into a server and must use native tools to map services running on it to the server's listening ports. Which of the following tools can BEST accomplish this task? A. Netcat B. Netstat C. Nmap D. Nessus
B. Netstat
All information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer map the existing controls? (Select TWO). A. SSO "B. PCIDSS C. soc g]D. GDPR E. CSA F. NIST
B. PCIDSS D. GDPR
An analyst needs to identify the applications a user was running and the files that were open before the user's computer was shut off by holding down the power button. Which of the following would MOST likely contain that information? A. NGFW B. Pagefile C. NetFlow D. RAM
B. Pagefile
Which of the following is the BEST document that the company should prepare to negotiate with an ISP? A. ISA B. SLA C.MOU D. PBJ
B. SLA
An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan, the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them? (Select THREE). A. SFTP, FTPS B. SNMPv2, SNMPv3 C. HTTP, HTTPS D. TFTP, FTP E. SNMPv1, SNMPv2 F. Telnet, SSH G. TLS,SSL H. POP, IMAP I. Login, rlogin
B. SNMPv2, SNMPv3 C. HTTP, HTTPS F. Telnet, SSH
An organization has decided to host its web application and database in the cloud. Which of the following BEST describes the security concerns for this decision? A. Access to the organization's servers could be exposed to other cloud-provider clients. B. The cloud vendor is a new attack vector within the supply chain. An organization has decided to host its web application and database C. Outsourcing the code development adds risk to the cloud provider. D. Vendor support will cease when the hosting platforms reach EOL.
B. The cloud vendor is a new attack vector within the supply chain
A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident. The systems administrator has just informed investigators that other log files are available for review. Which of the following did the administrator MOST likely configure that will assist the investigators? A. Memory dumps B. The syslog server C. The application logs D. The log retention policy
B. The syslog server
An attacker is attempting to exploit users by creating a fake website with the URL w1.Yw.validwebstje.com. The attacker's intent is to imitate the look and feel of a legitimate website to obtain personal information from unsuspecting users. Which of the following social-engineering attacks does this describe? A. Information elicitation B. Typo squatting C. Impersonation D. Watering-hole attack
B. Typo squatting
A systems administrator is increasing the security settings on a virtual host to ensure users on one VM cannot access information from another VM. What of the following is the administrator protecting against? A. VM Sprawl B. VM Escape C. VM Migration D. VM Sandboxing
B. VM Escape
Which of the following describes the ability of code to target a hypervisor from inside a guest OS? A. Fog computing B. VMescape C. Software-defined networking D. Image forgery E. Container breakout
B. VMescape
An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer's documentation about the internal architecture. Which of the following BEST represents the type of testing that will occur? A. Bug bounty B. White-box C. Black-box D. Gray-box
B. White-box
A security analyst is investigating a vulnerability in which a default file permission was set incorrectly. The company uses non-credentialed scanning for vulnerability management. Which of the following tools can the analyst use to verify the permissions? A. ssh B. chmod C. LS D. getuid E. nessu.s F. nc
B. chmod
A symmetric encryption algorithm is BEST suited for: A. key-exchange scalability. B. protecting large amounts of data. C. providing hashing capabilities. D. implementing non-repudiation.
B. protecting large amounts of data
Which of the following BEST describes the MFA attribute that requires a callback on a predefined landline? A Something you exhibit 8. Something you can do (CAN?) C. Someone you know D. Somewhere you are
D. Somewhere you are
S security analyst is responsible for assessing the security posture of a new high-stakes application that is currently in the production environment but has not yet been made available to system users. Which of the following would provide the security analyst with the MOST comprehensive assessment of the application's ability to withstand unauthorized attempts? A Dynamic analysis B. Vulnerability scanning C. Static code scanning D. Stress testing
D. Stress testing
Control access based on MAC addresses? A. Implicit deny B. Private VLANS C. Flood guard D. Switchport port security
D. Switchport port security
Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud-based services? A. Data encryption 8. Data masking C. Anonymization D. Tokenization
D. Tokenization
A company deployed a WiFi access point in a public area and wants to harden the configuration to make it more secure. After performing an assessment, an analyst identifies that the access point is configured to use WPA3, AES, WPS, and RADIUS. Which of the following should the analyst disable to enhance the access point security? A. WPA3 B. AES C. RADIUS D. WPS
D. WPS
The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of a: A. data controller. B. data owner. C. data custodian. D. data processor.
D. data processor.
A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use? A. openssl B. hping C. netcat D. tcpdump
D. tcpdump
Several employees return to work the day after attending an industry trade show. That same day, the security manager notices several malware alerts coming from each of the employee's workstations. The security manager investigates but finds no evidence of attack by reviewing network based sources like the perimeter firewall or the NIDS. Which of the following is MOST likely causing the malware alerts? A. A worm that has propagated itself across the intranet, which was initiated by presentation media B. A malicious PowerShell script that was attached to an email and transmitted to multiple employees C. A Trojan that has passed through the gateway router and executed malicious code on the hosts D. A USB flash drive that is trying to run malicious code but is being blocked by the host firewall
C. A Trojan that has passed through the gateway router and executed malicious code on the hosts
A security analyst is reviewing logs on a server and observes the following output: 01/01/2020 03:33:23 admin attempted login \11.i.th password sneak 01/01/2020 03:33:32 admin attempted login v1ith password sneaked 01/01/2020 03:33:41 admin attempted login with password sneaker 01/01/2020 03:33:50 admin attempted login with password sneer 01/01/2020 03:33:59 admin attempted login with password sneeze 01/01/2020 03:34:08 admin attempted login with password sneezy Which of the following is the security analyst observing? A. A rainbow table attack B. A password-spraying attack C. A dictionary attack D. A keylogger attack
C. A dictionary attack
An organization's Chief Security Officer (CSO) wants to validate the business's involvement in the incident response plan to ensure its validity and thoroughness. Which of the following will the CSO MOST likely use? A. An external security assessment B. A bug bounty program C. A tabletop exercise D. A red-team engagement
C. A tabletop exercise
Which of the following are requirements that must be configured for PCI DSS compliance? (Select TWO). A. Testing security systems and processes regularly B Installing and maintaining a web proxy to protect cardholder data C. Assigning a unique ID to each person with computer access D. Encrypting transmission of cardholder data across private networks E. Benchmar1
C. Assigning a unique ID to each person with computer access D. Encrypting transmission of cardholder data across private networks
A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked. Which of the following would BEST meet these requirements? A. RA B. OCSP C. CRL D. CSR
C. CRL
A root cause analysis reveals that a web application outage was caused by one of the company's developers uploading a newer version of the third. party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent this issue from reoccurring? A. CASS B. SWG C. Containerization D. Automated failover
C. Containerization
Which of the following will MOST likely cause machine-learning and Al-enabled systems to operate with unintended consequences? A. Stored procedures B. Buffer overflows C. Data bias D. Code reuse
C. Data bias
An organization blocks user access to command-line interpreters, but hackers still managed to invoke the interpreters using native administrative tools. Which of the following should the security team do to prevent this from happening in the future? A. Implement HIPS to block inbound and outbound SMB ports 139 and 445. B. Trigger a SIEM alert whenever the native OS tools are executed by the user. C. Disable the built-in OS utilities as long as they are not needed for functionality. D. Configure the AV to quarantine the native OS tools whenever they are executed.
C. Disable the built-in OS utilities as long as they are not needed for functionality
Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts? A. DLP B. HIDS C. EDR D. NIPS
C. EDR
An organization routes all of its traffic through a VPN. Most users are remote and connect into a corporate datacenter that houses confidential information. There is a firewall at the Internet border, followed by a OLP appliance, the VPN server, and the datacenter itself. Which of the following is the WEAKEST design element? A The OLP appliance should be integrated into a NGFW. B. Split-tunnel connections can negatively impact the OLP appliance's performance. C. Encrypted VPN traffic will not be inspected when entering or leaving the network. D. Adding two hops in the VPN tunnel may slow down remote connections
C. Encrypted VPN traffic will not be inspected when entering or leaving the network.
Attack against the legitimate AP causing users to drop their connections and then reconnect to hacker system with the same SSID? A. Bluejacking B. WPS attack C. Evil twin D. War driving E. Relay attack
C. Evil twin
A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The OSs are still supported by the vendor, but the industrial software is no longer supported. The Chief Information Security Officer (CISO) has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, while also creating backups of the systems for recovery. Which of the following resiliency techniques will provide these capabilities? A. Redundancy B. RAID 1+5 C. Virtual machines D. Full backups
C. Virtual machines
A company has identified a watering hole attack? A. Emails are being spoofed to look like they are internal emails B. A cloud storage site is attempting to harvest user IDs and passwords C. An online news site is hosting ads in frames from another site D. A local restaurant chains online menu is hosting malicious code
D. A local restaurant chains online menu is hosting malicious code
A company recently experienced several security breaches that resulted in confidential data being exfiltrated from the network? A. Web content filtering capable of inspe4cting and logging SSL traffic used by third party webmail providers B. Full disk encryption on all computers with centralized event logging and monitoring enabled C. Host based firewalls with real time monitoring and logging enabled D. Agent-based DLP software with correlations and logging enabled
D. Agent-based DLP software with correlations and logging enabled
An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the project include: • Check-in/checkout of credentials • The ability to use but not know the password • Automated password changes • Logging of access to credentials Which of the following solutions would meet the requirements? A. OAuth 2.0 B. Secure Enclave C. A privileged access management system D. An OpenlD Connect authentication system
D. An OpenlD Connect authentication system
A company is setting up a web server on the Internet that will utilize both encrypted and unencrypted web-browsing protocols. A security engineer runs a port scan against the server from the Internet and sees the following output: Port Protocol State Service 22 tcp open ssh 25 tcp filtered smtp 53 tcp filtered domain 80 tcp open http H3 tcp open https Which of the following steps would be best for the security engineer to take NEXT? A. Allow DNS access from the Internet. B. Block SMTP access from the Internet. C. Block HITPS access from the Internet. D. Block SSH access from the Internet.
D. Block SSH access from the Internet.
A security analyst is reviewing information regarding recent vulnerabilities Which of the following will the analyst MOST likely consult to validate which platforms have been affected? A. OSINT B SIEM C. CVSS D. CVE
D. CVE
An engineer wants to access sensitive data from a corporate-owned mobile device. Personal data is not allowed on the device. Which of the following MOM configurations must be considered when the engineer travels for business? A. Screen locks B. Application management C. Geofencing D. Containerization
D. Containerization
A security analyst needs to perform periodic vulnerability scans on production systems. Which of the following scan types would produce the BEST vulnerability scan report? A. Port B. Intrusive C. Host discovery D. Credentialed
D. Credentialed
Attacker runs software to make a laptop look like an access point and advertises the same network as the coffee shop normally does? A. IV B. Xmas C. Packet sniffing D. Evil twin E. Rouge AP
D. Evil twin
A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks. Which of the following methods would BEST prevent the exfiltration of data? (Select TWO) A. VPN B. Drive encryption C. Network firewall D. File-level encryption E. USB blocker F. MFA
D. File-level encryption E. USB blocker
A company has decided to move its operations to the cloud. It wants to utilize technology that will prevent users from downloading company applications for personal use, restrict data that is uploaded, and have visibility into which applications are being used across the company. Which of the following solutions will BEST meet these requirements? A NGFW B. CASB C. Application whitelisting D. NG-SWG
D. NG-SWG
A network administrator has been asked to design a solution to improve a company's security posture. The administrator is given the following requirements: Which of the following should the network administrator implement to BEST meet these requirements? A HIDS B. NIDS C. HIPS D. NIPS
D. NIPS
A company is upgrading its wireless infrastructure to WPA2-Enterprise using EAP-TLS. Which of the following must be part of the security architecture to achieve AAA? (Select TWO). A. DNSSEC B. Reverse proxy c. VPN concentrator D. PKI E. Active Directory F. RADIUS
D. PKI F. RADIUS
A critical file server is being upgraded, and the systems administrator must determine which RAID level the new server will need to achieve parity and handle two simultaneous disk failures. Which of the following RAID levels meets this requirement? A. RAID 0+1 B. RAlD2 C. RAID 5 D. RAlD 6
D. RAlD 6
A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output CPO 0 percent busy, =rom 300 sec ago 1 sec ave: 99 percent busy s sec ave: 97 percent busy 1 min ave: 83 percent. busy Which of the following is the router experiencing? A. DDoS attack B. Memory leak C. Buffer overflow D. Resource exhaustion
D. Resource exhaustion
Which of the following scenarios would make a DNS sinkhole effective in thwarting an attack? A. An attacker is sniffing traffic to port 53, and the server is managed using unencrypted usernames and passwords. B. An organization is experiencing excessive traffic on port 53 and suspects an attacker is trying to DoS the domain name server. C. Malware is trying to resolve an unregistered domain name to determine if it is running in an isolated sandbox. D. Routing tables have been compromised, and an attacker is rerouting traffic to malicious websites
D. Routing tables have been compromised, and an attacker is rerouting traffic to malicious websites.
An organization has decided to implement biometric controls for improved access management. However, a significant number of authorized users are being denied access to networked resources. Which of the following is the MAIN biometric factor that requires attention? A False acceptance B. False rejection C. True negative D. True Positive
B. False rejection
A server crashes at 6 pm. Data must be restored within two hours of a server crash. Additionally, a loss of more than one hour worth of data is detrimental to the company's financial well-being. Which of the following is the RTO? A. 7pm B. 8pm C. 9pm D. 10pm
B. 8pm
A company is designing the layout of a new datacenter so it will have an optimal environmental temperature. Which of the following must be included? (Select TWO). A. An air gap B. A cold aisle c. Removable doors D. A hot aisle E. An lo T thermostat F. A humidity monitor
B. A cold aisle D. A hot aisle
An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims. Which of the following is the attacker MOST likely attempting? A. A spear-phishing attack B. A watering-hole attack C. Typo squatting D. A phishing attack
B. A watering-hole attack
A system in the network is used to store proprietary secretes and needs the highest level of security possible. Which of the following should a security administrator implement to ensure the system cannot be reached from the internet? A. VLAN B. Air gap C. NAT D. Firewall
B. Air gap
A university is opening a facility in a location where there is an elevated risk of theft. The university wants to protect the desktops in its classrooms and labs. Which of the following should the university use to BEST protect these assets deployed in the facility? A. Visitor logs B. Cable locks C. Guards D. Disk encryption E. Motion detection
B. Cable locks
A security analyst is hardening a network infrastructure. The analyst is given the following requirements: • Preserve the use of public IP addresses assigned to equipment on the core router. • Enable "in transport" encryption protection to the web server with the strongest ciphers. Which of the following should the analyst implement to meet these requirements? (Select TWO). J A. Configure VLANs on the core router. B. Configure NAT on the core router. C. Configure BGP on the core router. D. Enable AES encryption on the web server. 1 E. Enable 3DES encryption on the web server. F. Enable TLSv2 encryption on the web server.
B. Configure NAT on the core router. F. Enable TLSv2 encryption on the web server.
Reducing the risk of sensitive information being shared with unauthorized entities? A. Host-based firewalls B. DLP C. URL filtering D. Pop-up blockers
B. DLP
Which of the following types of controls is a CCTV camera that is not being monitored? A. Detective B. Deterrent C. Physical D. Preventive
B. Deterrent
A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet. Which of the following should the analyst implement to authenticate the entire packet? A. AH B. ESP C. SRTP 0. LDAP
B. ESP
A user reports constant lag and performance issues with the wireless network when working at a local coffee shop. A security analyst walks the user through an installation of Wireshark and gets a five-minute pcap to analyze. The analyst observes the following output: No. Time Source Destination protocol Length Info 1234 9.1195665 Sagemcom_ 87:9f:a3 Broadcast 802.11 38 Deauthentication, SN=655, FN=O 1235 9.1265649 Sagemcom_ 87:9f:a3 Broadcast 802.11 39 Oeauthentication, SN=655, FN=O 1236 9.2223212 Sagecom_ 87:9f:a3 Broadcast 802.11 38 Oeauthentication, SN=657, FN=O Which of the following attacks does the analyst MOST likely see in this packet capture? A. Session replay B. Evil twin C. Bluejacking D. ARP poisoning
B. Evil twin
A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies? A. PCI OSS B. GDPR C. NIST 0. IS031000
B. GDPR
A security operations analyst is using the company's SIEM solution to correlate alerts. Which of the following stages of the incident response process is this an example of? A. Eradication B. Recovery [ C. Identification D. Preparation
C. Identification
A security analyst is preparing a threat brief for an upcoming internal penetration test. The analyst needs to identify a method for determining the tactics, techniques, and procedures of a threat actor against the organization's network. Which of the following will the analyst MOST likely use to accomplish the objective? A. A tabletop exercise B. NISTCSF C. MITRE ATT&CK D. OWASP
C. MITRE ATT&CK
When used at the design stage, which of the following improves the efficiency, accuracy, and speed of a database? A. Tokenization B. Data masking C. Normalization D. Obfuscation
C. Normalization
A company is concerned about its security after a red-team exercise. The report shows the team was able to reach the critical servers due to the SMB being exposed to the Internet and running NTLMv1. Which of the following BEST explains the findings? A. Default settings on the servers B. Unsecured administrator accounts C. Open ports and services D. Weak data encryption
C. Open ports and services
A small retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing. The business owner now needs to ensure two things: • Protection from power outages • Always-available connectivity in case of an outage The owner has decided to implement battery backups for the computer equipment. Which of the following would BEST fulfill the owner's second need? A. Lease a point-to-point circuit to provide dedicated access. B. Connect the business router to its own dedicated UPS. C. Purchase services from a cloud provider for high availability. D. Replace the business's wired network with a wireless network.
C. Purchase services from a cloud provider for high availability
A company has determined that if its computer-based manufacturing machinery is not functioning for 12 consecutive hours, it will lose more money than it costs to maintain the equipment. Which of the following must be less than 12 hours to maintain a positive total cost of ownership? A. MTBF B. RPO C. RTO D. MTTR
C. RTO
After consulting with the Chief Risk Officer (CRO), a manager decides to acquire cybersecurity insurance for the company. Which of the following risk management strategies is the manager adopting? A. Risk acceptance B. Risk avoidance C. Risk transference D. Risk mitigation
C. Risk transference
A security administrator currently spends a large amount of time on common security tasks, such as report generation, phishing investigations, and user provisioning and deprovisioning. This prevents the administrator from spending time on other security projects. The business does not have the budget to add more staff members. Which of the following should the administrator implement? A. DAC B. ABAC C. SCAP D. SOAR
C. SCAP
To reduce costs and overhead, an organization wants to move from an on-premises email solution to a cloud-based email solution. At this time, no other services will be moving. Which of the following cloud models would BEST meet the needs of the organization? A. Maas B. laaS C. Saas D. PaaS
C. Saas
A database administrator needs to ensure all passwords are stored in a secure manner, so the administrator adds randomly generated data to each password before storing. Which of the following techniques BEST explains this action? A Predictability B. Key stretching C. Salting D. Hashing
C. Salting
A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money: GET heep://yourbank.com/transfer.do?accenum=087646958&amoune=500000 HTTP/l.1 GET heep://yourbank.com/transfer.do?accenum=087646958&amount=5000000 HTTP/1.1 GET heep://yourbank.com/transfer.do?acctnum=087646958&amount=1000000 HTTP/1.1 GET heep://yourbank.co.~/transfer.do?acctnum=087646958&amount=500 HTTP/1.1 Which of the following types of attack is MOST likely being conducted? A. SQLi B. CSRF C. Session replay D. API
C. Session replay
Risk assessment is concerned about hosting data with a cloud service provider (CSP), which of the following findings would justify this concern? A. The CPS utilizes encryption for data at rest and in motion B. The CSP takes into account multinational privacy concerns C. The financial review indicates the company is a startup D. SLA state service tickets will be resolved in less than 15 minutes
C. The financial review indicates the company is a startup
A cybersecurity department purchased a new PAM solution. The team is planning to randomize the service account credentials of the Windows servers first Which of the following would be the BEST method to increase the security on the Linux servers? A. Randomize the shared credentials. B. Use only guest accounts to connect. C. Use SSH keys and remove generic passwords. D. Remove all user accounts.
C. Use SSH keys and remove generic passwords.
