Set 3
D
A Chief Information Security Officer (CISO) is developing a new BIA for the organization. The CISO wants to gather requirements to determine the appropriate RTO and RPO for the organization's ERP. Which of the following should the CISO interview as MOST qualified to provide RTO/RPO metrics? A. Data custodian B. Data owner C. Security analyst D. Business unit director E. Chief Executive Officer (CEO)
D
A Chief Information Security Officer (CISO) is reviewing technical documentation from various regional offices and notices some key differences between these groups. The CISO has not discovered any governance documentation. The CISO creates the following chart to visualize the differences among the networking used: Which of the following would be the CISO's MOST immediate concern? A. There are open standards in use on the network. B. Network engineers have ignored defacto standards. C. Network engineers are not following SOPs. D. The network has competing standards in use.
D
A Chief Information Security Officer (CISO) is reviewing the controls in place to support the organization's vulnerability management program. The CISO finds patching and vulnerability scanning policies and procedures are in place. However, the CISO is concerned the organization is siloed and is not maintaining awareness of new risks to the organization. The CISO determines systems administrators need to participate in industry security events. Which of the following is the CISO looking to improve? A. Vendor diversification B. System hardening standards C. Bounty programs D. Threat awareness E. Vulnerability signatures
B
A Chief Information Security Officer (CISO) requests the following external hosted services be scanned for malware, unsecured PII, and healthcare data: Corporate intranet site Online storage application Email and collaboration suite Security policy also is updated to allow the security team to scan and detect any bulk downloads of corporate data from the company's intranet and online storage site. Which of the following is needed to comply with the corporate security policy and the CISO's request? A. Port scanner B. CASB C. DLP agent D. Application sandbox E. SCAP scanner
A
A Chief Security Officer (CSO) is reviewing the organization's incident response report from a recent incident. The details of the event indicate: A user received a phishing email that appeared to be a report from the organization's CRM tool. The user attempted to access the CRM tool via a fraudulent web page but was unable to access the tool. The user, unaware of the compromised account, did not report the incident and continued to use the CRM tool with the original credentials. Several weeks later, the user reported anomalous activity within the CRM tool. Following an investigation, it was determined the account was compromised and an attacker in another country has gained access to the CRM tool. Following identification of corrupted data and successful recovery from the incident, a lessons learned activity was to be led by the CSO. Which of the following would MOST likely have allowed the user to more quickly identify the unauthorized use of credentials by the attacker? A. Security awareness training B. Last login verification C. Log correlation D. Time-of-check controls E. Time-of-use controls F. WAYF-based authentication
D
A bank is initiating the process of acquiring another smaller bank. Before negotiations happen between the organizations, which of the following business documents would be used as the FIRST step in the process? A. MOU B. OLA C. BPA D. NDA
A,D
A company has adopted and established a continuous-monitoring capability, which has proven to be effective in vulnerability management, diagnostics, and mitigation. The company wants to increase the likelihood that it is able to discover and therefore respond to emerging threats earlier in the life cycle. Which of the following methodologies would BEST help the company to meet this objective? (Choose two.) A. Install and configure an IPS. B. Enforce routine GPO reviews. C. Form and deploy a hunt team. D. Institute heuristic anomaly detection. E. Use a protocol analyzer with appropriate connectors.
A
A company has created a policy to allow employees to use their personally owned devices. The Chief Information Security Officer (CISO) is getting reports of company data appearing on unapproved forums and an increase in theft of personal electronic devices. Which of the following security controls would BEST reduce the risk of exposure? A. Disk encryption on the local drive B. Group policy to enforce failed login lockout C. Multifactor authentication D. Implementation of email digital signatures
A,C
A company has decided to lower costs by conducting an internal assessment on specific devices and various internal and external subnets. The assessment will be done during regular office hours, but it must not affect any production servers. Which of the following would MOST likely be used to complete the assessment? (Choose two.) A. Agent-based vulnerability scan B. Black-box penetration testing C. Configuration review D. Social engineering E. Malware sandboxing F. Tabletop exercise
D,E
A company is not familiar with the risks associated with IPv6. The systems administrator wants to isolate IPv4 from IPv6 traffic between two different network segments. Which of the following should the company implement? (Choose two.) A. Use an internal firewall to block UDP port 3544. B. Disable network discovery protocol on all company routers. C. Block IP protocol 41 using Layer 3 switches. D. Disable the DHCPv6 service from all routers. E. Drop traffic for ::/0 at the edge firewall. F. Implement a 6in4 proxy server.
A
A company is transitioning to a new VDI environment, and a system engineer is responsible for developing a sustainable security strategy for the VDIs. Which of the following is the MOST appropriate order of steps to be taken? A. Firmware update, OS patching, HIDS, antivirus, baseline, monitoring agent B. OS patching, baseline, HIDS, antivirus, monitoring agent, firmware update C. Firmware update, OS patching, HIDS, antivirus, monitoring agent, baseline D. Baseline, antivirus, OS patching, monitoring agent, HIDS, firmware update
B,E
A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior. The company must deploy a host solution to meet the following requirements: Which of the following solutions would BEST meet these requirements? (Choose two.) A. AV B. EDR C. HIDS D. DLP E. HIPS F. EFS
B
A company wants to confirm sufficient executable space protection is in place for scenarios in which malware may be attempting buffer overflow attacks. Which of the following should the security engineer check? A. NX/XN B. ASLR C. strcpy D. ECC
C
A company's chief cybersecurity architect wants to configure mutual authentication to access an internal payroll website. The architect has asked the administration team to determine the configuration that would provide the best defense against MITM attacks. Which of the following implementation approaches would BEST support the architect's goals? A. Utilize a challenge-response prompt as required input at username/password entry. B. Implement TLS and require the client to use its own certificate during handshake. C. Configure a web application proxy and institute monitoring of HTTPS transactions. D. Install a reverse proxy in the corporate DMZ configured to decrypt TLS sessions.
C
A consulting firm was hired to conduct assessment for a company. During the first stage, a penetration tester used a tool that provided the following output: TCP 80 open TCP 443 open TCP 1434 filtered The penetration tester then used a different tool to make the following requests: GET / script/login.php?token=45$MHT000MND876 GET / script/login.php?token=@#984DCSPQ%091DF Which of the following tools did the penetration tester use? A. Protocol analyzer B. Port scanner C. Fuzzer D. Brute forcer E. Log analyzer F. HTTP interceptor
D
A development team is testing an in-house-developed application for bugs. During the test, the application crashes several times due to null pointer exceptions. Which of the following tools, if integrated into an IDE during coding, would identify these bugs routinely? A. Issue tracker B. Static code analyzer C. Source code repository D. Fuzzing utility
C
A forensic analyst suspects that a buffer overflow exists in a kernel module. The analyst executes the following command: However, the analyst is unable to find any evidence of the running shell. Which of the following of the MOST likely reason the analyst cannot find a process ID for the shell? A. The NX bit is enabled B. The system uses ASLR C. The shell is obfuscated D. The code uses dynamic libraries
B
A large company with a very complex IT environment is considering a move from an on-premises, internally managed proxy to a cloud-based proxy solution managed by an external vendor. The current proxy provides caching, content filtering, malware analysis, and URL categorization for all staff connected behind the proxy. Staff members connect directly to the Internet outside of the corporate network. The cloud-based version of the solution would provide content filtering, TLS decryption, malware analysis, and URL categorization. After migrating to the cloud solution, all internal proxies would be decommissioned. Which of the following would MOST likely change the company's risk profile? A. 1. There would be a loss of internal intellectual knowledge regarding proxy configurations and application data flows. 2. There would be a greater likelihood of Internet access outages due to lower resilience of cloud gateways. 3. There would be data sovereignty concerns due to changes required in routing and proxy PAC files. B. 1. The external vendor would have access to inbound and outbound gateway traffic. 2. The service would provide some level of protection for staff working from home. 3. Outages would be likely to occur for systems or applications with hard-coded proxy information. C. 1. The loss of local caching would dramatically increase ISP charges and impact existing bandwidth. 2. There would be a greater likelihood of Internet access outages due to lower resilience of cloud gateways. 3. There would be a loss of internal intellectual knowledge regarding proxy configurations and application data flows. D. 1. Outages would be likely to occur for systems or applications with hard-coded proxy information. 2. The service would provide some level of protection for staff members working from home. 3. Malware detection times would decrease due to third-party management of the service.
A,D
A legacy web application, which is being used by a hospital, cannot be upgraded for 12 months. A new vulnerability is found in the legacy application, and the networking team is tasked with mitigation. Middleware for mitigation will cost $100,000 per year. Which of the following must be calculated to determine ROI? (Choose two.) A. ALE B. RTO C. MTBF D. ARO E. RPO
B
A network engineer is upgrading the network perimeter and installing a new firewall, IDS, and external edge router. The IDS is reporting elevated UDP traffic, and the internal routers are reporting high utilization. Which of the following is the BEST solution? A. Reconfigure the firewall to block external UDP traffic. B. Establish a security baseline on the IDS. C. Block echo reply traffic at the firewall. D. Modify the edge router to not forward broadcast traffic.
B,E
A penetration test is being scoped for a set of web services with API endpoints. The APIs will be hosted on existing web application servers. Some of the new APIs will be available to unauthenticated users, but some will only be available to authenticated users. Which of the following tools or activities would the penetration tester MOST likely use or do during the engagement? (Choose two.) A. Static code analyzer B. Intercepting proxy C. Port scanner D. Reverse engineering E. Reconnaissance gathering F. User acceptance testing
B
A project manager is working with a team that is tasked to develop software applications in a structured environment and host them in a vendor's cloud-based infrastructure. The organization will maintain responsibility for the software but will not manage the underlying server applications. Which of the following does the organization plan to leverage? A. SaaS B. PaaS C. IaaS D. Hybrid cloud E. Network virtualization
B,F
A recent overview of the network's security and storage applications reveals a large amount of data that needs to be isolated for security reasons. Below are the critical applications and devices configured on the network: Firewall Core switches RM server Virtual environment NAC solution The security manager also wants data from all critical applications to be aggregated to correlate events from multiple sources. Which of the following must be configured in certain applications to help ensure data aggregation and data isolation are implemented on the critical applications and devices? (Choose two.) A. Routing tables B. Log forwarding C. Data remanants D. Port aggregation E. NIC teaming F. Zones
A,C
A security administrator is troubleshooting RADIUS authentication issues from a newly implemented controller-based wireless deployment. The RADIUS server contains the following information in its logs: Based on this information, the administrator reconfigures the RADIUS server, which results in the following log data: To correct this error message, the administrator makes an additional change to the RADIUS server. Which of the following did the administrator reconfigure on the RADIUS server? (Choose two.) A. Added the controller address as an authorized client B. Registered the RADIUS server to the wireless controller C. Corrected a mismatched shared secret D. Renewed the expired client certificate E. Reassigned the RADIUS policy to the controller F. Modified the client authentication method
D
A security analyst has been asked to create a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external actors, their attack vectors, and the types of vulnerabilities that would cause business impact. The Chief Information Security Officer (CISO) will then present this list to the board to request funding for controls in areas that have insufficient coverage. Which of the following exercise types should the analyst perform? A. Summarize the most recently disclosed vulnerabilities. B. Research industry best practices and the latest RFCs. C. Undertake an external vulnerability scan and penetration test. D. Conduct a threat modeling exercise.
C
A security analyst is reviewing the following company requirements prior to selecting the appropriate technical control configuration and parameter: RTO:2 days RPO:36 hours MTTR:24 hours MTBF:60 days Which of the following solutions will address the RPO requirements? A. Remote Syslog facility collecting real-time events B. Server farm behind a load balancer delivering five-nines uptime C. Backup solution that implements daily snapshots D. Cloud environment distributed across geographic regions
B
A security analyst is reviewing the following packet capture of communication between a host and a company's router: Which of the following actions should the security analyst take to remove this vulnerability? A. Update the router code B. Implement a router ACL C. Disconnect the host from the network D. Install the latest antivirus definitions E. Deploy a network-based IPS
D
A security analyst who is concerned about sensitive data exfiltration reviews the following: Which of the following tools would allow the analyst to confirm if data exfiltration is occuring? A. Port scanner B. SCAP tool C. File integrity monitor D. Protocol analyzer
C
A security analyst, who is working in a Windows environment, has noticed a significant amount of IPv6 traffic originating from a client, even though IPv6 is not currently in use. The client is a standalone device, not connected to the AD that manages a series of SCADA devices used for manufacturing. Which of the following is the appropriate command to disable the client's IPv6 stack?
A
A security architect has been assigned to a new digital transformation program. The objectives are to provide better capabilities to customers and reduce costs. The program has highlighted the following requirements: Long-lived sessions are required, as users do not log in very often. The solution has multiple SPs, which include mobile and web applications. A centralized IdP is utilized for all customer digital channels. The applications provide different functionality types such as forums and customer portals. The user experience needs to be the same across both mobile and web-based applications. Which of the following would BEST improve security while meeting these requirements? A. Social login to IdP, securely store the session cookies, and implement one-time passwords sent to the mobile device B. Certificate-based authentication to IdP, securely store access tokens, and implement secure push notifications. C. Username and password authentication to IdP, securely store refresh tokens, and implement context-aware authentication. D. Username and password authentication to SP, securely store Java web tokens, and implement SMS OTPs.
C
A security consultant is improving the physical security of a sensitive site and takes pictures of the unbranded building to include in the report. Two weeks later, the security consultant misplaces the phone, which only has one hour of charge left on it. The person who finds the phone removes the MicroSD card in an attempt to discover the owner to return it. The person extracts the following data from the phone and EXIF data from some files: DCIM Images folder Audio books folder Torrentz My TAX.xls Consultancy HR Manual.doc Camera: SM-G950F Exposure time: 1/60s Location: 3500 Lacey Road USA Which of the following BEST describes the security problem? A. MicroSD in not encrypted and also contains personal data. B. MicroSD contains a mixture of personal and work data. C. MicroSD in not encrypted and contains geotagging information. D. MicroSD contains pirated software and is not encrypted.
D
A security engineer has been hired to design a device that will enable the exfiltration of data from within a well-defended network perimeter during an authorized test. The device must bypass all firewalls and NIDS in place, as well as allow for the upload of commands from a centralized command and control server. The total cost of the device must be kept to a minimum in case the device is discovered during an assessment. Which of the following tools should the engineer load onto the device being designed? A. Custom firmware with rotating key generation B. Automatic MITM proxy C. TCP beacon broadcast software D. Reverse shell endpoint listener
C
A security engineer is assisting a developer with input validation, and they are studying the following code block: The security engineer wants to ensure strong input validation is in place for customer-provided account identifiers. These identifiers are ten-digit numbers. The developer wants to ensure input validation is fast because a large number of people use the system. Which of the following would be the BEST advice for the security engineer to give to the developer? A. Replace code with Java-based type checks B. Parse input into an array C. Use regular expressions D. Canonicalize input into string objects before validation
A
A security engineer is attempting to convey the importance of including job rotation in a company's standard security policies. Which of the following would be the BEST justification? A. Making employees rotate through jobs ensures succession plans can be implemented and prevents single points of failure. B. Forcing different people to perform the same job minimizes the amount of time malicious actions go undetected by forcing malicious actors to attempt collusion between two or more people. C. Administrators and engineers who perform multiple job functions throughout the day benefit from being cross-trained in new job areas. D. It eliminates the need to share administrative account passwords because employees gain administrative rights as they rotate into a new job area.
A
A security engineer is attempting to increase the randomness of numbers used in key generation in a system. The goal of the effort is to strengthen the keys against predictive analysis attacks. Which of the following is the BEST solution? A. Use an entropy-as-a-service vendor to leverage larger entropy pools. B. Loop multiple pseudo-random number generators in a series to produce larger numbers. C. Increase key length by two orders of magnitude to detect brute forcing. D. Shift key generation algorithms to ECC algorithms.
A
A security engineer is deploying an IdP to broker authentication between applications. These applications all utilize SAML 2.0 for authentication. Users log into the IdP with their credentials and are given a list of applications they may access. One of the application's authentications is not functional when a user initiates an authentication attempt from the IdP. The engineer modifies the configuration so users browse to the application first, which corrects the issue. Which of the following BEST describes the root cause? A. The application only supports SP-initiated authentication. B. The IdP only supports SAML 1.0 C. There is an SSL certificate mismatch between the IdP and the SaaS application. D. The user is not provisioned correctly on the IdP.
C
A security engineer is employed by a hospital that was recently purchased by a corporation. Throughout the acquisition process, all data on the virtualized file servers must be shared by departments within both organizations. The security engineer considers data ownership to determine: A. the amount of data to be moved. B. the frequency of data backups. C. which users will have access to which data D. when the file server will be decommissioned
A,D
A security manager recently categorized an information system. During the categorization effort, the manager determined the loss of integrity of a specific information type would impact business significantly. Based on this, the security manager recommends the implementation of several solutions. Which of the following, when combined, would BEST mitigate this risk? (Choose two.) A. Access control B. Whitelisting C. Signing D. Validation E. Boot attestation
A
A security technician receives a copy of a report that was originally sent to the board of directors by the Chief Information Security Officer (CISO). The report outlines the following KPI/KRI data for the last 12 months: Which of the following BEST describes what could be interpreted from the above data? A. 1. AV coverage across the fleet improved 2. There is no correlation between infected systems and AV coverage 3. There is no correlation between detected phishing attempts and infected systems 4. A correlation between threat landscape rating and infected systems appears to exist 5. Effectiveness and performance of the security team appears to be degrading B. 1. AV signature coverage has remained consistently high 2. AV coverage across the fleet improved 3. A correlation between phishing attempts and infected systems appears to exist 4. There is a correlation between the threat landscape rating and the security team's performance 5. There is no correlation between detected phishing attempts and infected systems C. 1. There is no correlation between infected systems and AV coverage 2. AV coverage across the fleet improved 3. A correlation between phishing attempts and infected systems appears to exist 4. There is no correlation between the threat landscape rating and the security team's performance 5. There is a correlation between detected phishing attempts and infected systems D. 1. AV coverage across the fleet declined 2. There is no correlation between infected systems and AV coverage 3. A correlation between phishing attempts and infected systems appears to exist 4. There is no correlation between the threat landscape rating and the security team's performance 5. Effectiveness and performance of the security team appears to be degrading
A,B
A software company is releasing a new mobile application to a broad set of external customers. Because the software company is rapidly releasing new features, it has built in an over-the-air software update process that can automatically update the application at launch time. Which of the following security controls should be recommended by the company's security architect to protect the integrity of the update process? (Choose two.) A. Validate cryptographic signatures applied to software updates B. Perform certificate pinning of the associated code signing key C. Require HTTPS connections for downloads of software updates D. Ensure there are multiple download mirrors for availability E. Enforce a click-through process with user opt-in for new features
C
A system owner has requested support from data owners to evaluate options for the disposal of equipment containing sensitive data. Regulatory requirements state the data must be rendered unrecoverable via logical means or physically destroyed. Which of the following factors is the regulation intended to address? A. Sovereignty B. E-waste C. Remanence D. Deduplication
B
A technician is validating compliance with organizational policies. The user and machine accounts in the AD are not set to expire, which is non-compliant. Which of the following network tools would provide this type of information? A. SIEM server B. IDS appliance C. SCAP scanner D. HTTP interceptor
D
After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employees' devices to the network. Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employees' devices into the network securely? A. Distribute a NAC client and use the client to push the company's private key to all the new devices. B. Distribute the device connection policy and a unique public/private key pair to each new employee's device. C. Install a self-signed SSL certificate on the company's RADIUS server and distribute the certificate's public key to all new client devices. D. Install an 802.1X supplicant on all new devices and let each device generate a self-signed certificate to use for network access.
D
After several industry competitors suffered data loss as a result of cyberattacks, the Chief Operating Officer (COO) of a company reached out to the information security manager to review the organization's security stance. As a result of the discussion, the COO wants the organization to meet the following criteria: Blocking of suspicious websites Prevention of attacks based on threat intelligence Reduction in spam Identity-based reporting to meet regulatory compliance Prevention of viruses based on signature Protect applications from web-based threats Which of the following would be the BEST recommendation the information security manager could make? A. Reconfigure existing IPS resources B. Implement a WAF C. Deploy a SIEM solution D. Deploy a UTM solution E. Implement an EDR platform
A
After the departure of a developer under unpleasant circumstances, the company is concerned about the security of the software to which the developer has access. Which of the following is the BEST way to ensure security of the code following the incident? A. Hire an external red team to conduct black box testing B. Conduct a peer review and cross reference the SRTM C. Perform white-box testing on all impacted finished products D. Perform regression testing and search for suspicious code
D
An administrator has noticed mobile devices from an adjacent company on the corporate wireless network. Malicious activity is being reported from those devices. To add another layer of security in an enterprise environment, an administrator wants to add contextual authentication to allow users to access enterprise resources only while present in corporate buildings. Which of the following technologies would accomplish this? A. Port security B. Rogue device detection C. Bluetooth D. GPS
A
An administrator is working with management to develop policies related to the use of the cloudbased resources that contain corporate data. Management plans to require some control over organizational data stored on personal devices, such as tablets. Which of the following controls would BEST support management's policy? A. MDM B. Sandboxing C. Mobile tokenization D. FDE E. MFA
D,E
An engineer needs to provide access to company resources for several offshore contractors. The contractors require: Access to a number of applications, including internal websites Access to database data and the ability to manipulate it The ability to log into Linux and Windows servers remotely Which of the following remote access technologies are the BEST choices to provide all of this access securely? (Choose two.) A. VTC B. VRRP C. VLAN D. VDI E. VPN F. Telnet
C
An information security manager conducted a gap analysis, which revealed a 75% implementation of security controls for high-risk vulnerabilities, 90% for medium vulnerabilities, and 10% for lowrisk vulnerabilities. To create a road map to close the identified gaps, the assurance team reviewed the likelihood of exploitation of each vulnerability and the business impact of each associated control. To determine which controls to implement, which of the following is the MOST important to consider? A. KPI B. KRI C. GRC D. BIA
A,F
An organization has recently deployed an EDR solution across its laptops, desktops, and server infrastructure. The organization's server infrastructure is deployed in an IaaS environment. A database within the non-production environment has been misconfigured with a routable IP and is communicating with a command and control server. Which of the following procedures should the security responder apply to the situation? (Choose two.) A. Contain the server. B. Initiate a legal hold. C. Perform a risk assessment. D. Determine the data handling standard. E. Disclose the breach to customers. F. Perform an IOC sweep to determine the impact.
C,D
An organization is currently performing a market scan for managed security services and EDR capability. Which of the following business documents should be released to the prospective vendors in the first step of the process? (Choose two.) A. MSA B. RFP C. NDA D. RFI E. MOU F. RFQ
A,F
An organization is improving its web services to enable better customer engagement and selfservice. The organization has a native mobile application and a rewards portal provided by a third party. The business wants to provide customers with the ability to log in once and have SSO between each of the applications. The integrity of the identity is important so it can be propagated through to back-end systems to maintain a consistent audit trail. Which of the following authentication and authorization types BEST meet the requirements? (Choose two.) A. SAML B. Social login C. OpenID connect D. XACML E. SPML F. OAuth
D
An organization just merged with an organization in another legal jurisdiction and must improve its network security posture in ways that do not require additional resources to implement data isolation. One recommendation is to block communication between endpoint PCs. Which of the following would be the BEST solution? A. Installing HIDS B. Configuring a host-based firewall C. Configuring EDR D. Implementing network segmentation
A
An organization's Chief Financial Officer (CFO) was the target of several different social engineering attacks recently. The CFO has subsequently worked closely with the Chief Information Security Officer (CISO) to increase awareness of what attacks may look like. An unexpected email arrives in the CFO's inbox from a familiar name with an attachment. Which of the following should the CISO task a security analyst with to determine whether or not the attachment is safe? A. Place it in a malware sandbox. B. Perform a code review of the attachment. C. Conduct a memory dump of the CFO's PC. D. Run a vulnerability scan on the email server.
A
An organization, which handles large volumes of PII, allows mobile devices that can process, store, and transmit PII and other sensitive data to be issued to employees. Security assessors can demonstrate recovery and decryption of remnant sensitive data from device storage after MDM issues a successful wipe command. Assuming availability of the controls, which of the following would BEST protect against the loss of sensitive data in the future? A. Implement a container that wraps PII data and stores keying material directly in the container's encrypted application space. B. Use encryption keys for sensitive data stored in an eFuse-backed memory space that is blown during remote wipe. C. Issue devices that employ a stronger algorithm for the authentication of sensitive data stored on them. D. Procure devices that remove the bootloader binaries upon receipt of an MDM-issued remote wipe command.
D
Ann, a terminated employee, left personal photos on a company-issued laptop and no longer has access to them. Ann emails her previous manager and asks to get her personal photos back. Which of the following BEST describes how the manager should respond? A. Determine if the data still exists by inspecting to ascertain if the laptop has already been wiped and if the storage team has recent backups. B. Inform Ann that the laptop was for company data only and she should not have stored personal photos on a company asset. C. Report the email because it may have been a spoofed request coming from an attacker who is trying to exfiltrate data from the company laptop. D. Consult with the legal and/or human resources department and check company policies around employment and termination procedures.
A
As part of an organization's compliance program, administrators must complete a hardening checklist and note any potential improvements. The process of noting improvements in the checklist is MOST likely driven by: A. the collection of data as part of the continuous monitoring program. B. adherence to policies associated with incident response. C. the organization's software development life cycle. D. changes in operating systems or industry trends.
B
As part of the development process for a new system, the organization plans to perform requirements analysis and risk assessment. The new system will replace a legacy system, which the organization has used to perform data analytics. Which of the following is MOST likely to be part of the activities conducted by management during this phase of the project? A. Static code analysis and peer review of all application code B. Validation of expectations relating to system performance and security C. Load testing the system to ensure response times is acceptable to stakeholders D. Design reviews and user acceptance testing to ensure the system has been deployed properly E. Regression testing to evaluate interoperability with the legacy system during the deployment
C
Developers are working on a new feature to add to a social media platform. The new feature involves users uploading pictures of what they are currently doing. The data privacy officer (DPO) is concerned about various types of abuse that might occur due to this new feature. The DPO states the new feature cannot be released without addressing the physical safety concerns of the platform's users. Which of the following controls would BEST address the DPO's concerns? A. Increasing blocking options available to the uploader B. Adding a one-hour delay of all uploaded photos C. Removing all metadata in the uploaded photo file D. Not displaying to the public who uploaded the photo E. Forcing TLS for all connections on the platform
A,B
During a criminal investigation, the prosecutor submitted the original hard drive from the suspect's computer as evidence. The defense objected during the trial proceedings, and the evidence was rejected. Which of the following practices should the prosecutor's forensics team have used to ensure the suspect's data would be admissible as evidence? (Choose two.) A. Follow chain of custody best practices B. Create an identical image of the original hard drive, store the original securely, and then perform forensics only on the imaged drive. C. Use forensics software on the original hard drive and present generated reports as evidence D. Create a tape backup of the original hard drive and present the backup as evidence E. Create an exact image of the original hard drive for forensics purposes, and then place the original back in service
C
During the decommissioning phase of a hardware project, a security administrator is tasked with ensuring no sensitive data is released inadvertently. All paper records are scheduled to be shredded in a crosscut shredder, and the waste will be burned. The system drives and removable media have been removed prior to e-cycling the hardware. Which of the following would ensure no data is recovered from the system drives once they are disposed of? A. Overwriting all HDD blocks with an alternating series of data. B. Physically disabling the HDDs by removing the drive head. C. Demagnetizing the hard drive using a degausser. D. Deleting the UEFI boot loaders from each HDD.
E
During the deployment of a new system, the implementation team determines that APIs used to integrate the new system with a legacy system are not functioning properly. Further investigation shows there is a misconfigured encryption algorithm used to secure data transfers between systems. Which of the following should the project manager use to determine the source of the defined algorithm in use? A. Code repositories B. Security requirements traceability matrix C. Software development lifecycle D. Roles matrix E. Implementation guide
C
Following a recent data breach, a company has hired a new Chief Information Security Officer (CISO). The CISO is very concerned about the response time to the previous breach and wishes to know how the security team expects to react to a future attack. Which of the following is the BEST method to achieve this goal while minimizing disruption? A. Perform a black box assessment B. Hire an external red team audit C. Conduct a tabletop exercise. D. Recreate the previous breach. E. Conduct an external vulnerability assessment.
C
Given the following: Which of the following vulnerabilities is present in the above code snippet? A. Disclosure of database credential B. SQL-based string concatenation C. DOM-based injection D. Information disclosure in comments
B
In the past, the risk committee at Company A has shown an aversion to even minimal amounts of risk acceptance. A security engineer is preparing recommendations regarding the risk of a proposed introducing legacy ICS equipment. The project will introduce a minor vulnerability into the enterprise. This vulnerability does not significantly expose the enterprise to risk and would be expensive against. Which of the following strategies should the engineer recommended be approved FIRST? A. Avoid B. Mitigate C. Transfer D. Accept
177
Q. 177
C
Several recent ransomware outbreaks at a company have cost a significant amount of lost revenue. The security team needs to find a technical control mechanism that will meet the following requirements and aid in preventing these outbreaks: Stop malicious software that does not match a signature Report on instances of suspicious behavior Protect from previously unknown threats Augment existing security capabilities Which of the following tools would BEST meet these requirements? A. Host-based firewall B. EDR C. HIPS D. Patch management
C
The Chief Executive Officer (CEO) of a small startup company has an urgent need for a security policy and assessment to address governance, risk management, and compliance. The company has a resource-constrained IT department, but has no information security staff. The CEO has asked for this to be completed in three months. Which of the following would be the MOST cost-effective solution to meet the company's needs? A. Select one of the IT personnel to obtain information security training, and then develop all necessary policies and documents in-house. B. Accept all risks associated with information security, and then bring up the issue again at next year's annual board meeting. C. Release an RFP to consultancy firms, and then select the most appropriate consultant who can fulfill the requirements. D. Hire an experienced, full-time information security team to run the startup company's information security department.
C
The Chief Executive Officers (CEOs) from two different companies are discussing the highly sensitive prospect of merging their respective companies together. Both have invited their Chief Information Officers (CIOs) to discern how they can securely and digitally communicate, and the following criteria are collectively determined: Must be encrypted on the email servers and clients Must be OK to transmit over unsecure Internet connections Which of the following communication methods would be BEST to recommend? A. Force TLS between domains. B. Enable STARTTLS on both domains. C. Use PGP-encrypted emails. D. Switch both domains to utilize DNSSEC.
A
The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics. The board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO produces a basic report containing both KPI and KRI data in two separate sections for the board to review. Which of the following BEST meets the needs of the board? A. KRI: - Compliance with regulations - Backlog of unresolved security investigations - Severity of threats and vulnerabilities reported by sensors - Time to patch critical issues on a monthly basis KPI: - Time to resolve open security items - % of suppliers with approved security control frameworks - EDR coverage across the fleet - Threat landscape rating B. KRI: - EDR coverage across the fleet - Backlog of unresolved security investigations - Time to patch critical issues on a monthly basis - Threat landscape rating KPI: - Time to resolve open security items - Compliance with regulations - % of suppliers with approved security control frameworks - Severity of threats and vulnerabilities reported by sensors C. KRI: - EDR coverage across the fleet - % of suppliers with approved security control framework - Backlog of unresolved security investigations - Threat landscape rating KPI: - Time to resolve open security items - Compliance with regulations - Time to patch critical issues on a monthly basis - Severity of threats and vulnerabilities reported by sensors D. KPI: - Compliance with regulations - % of suppliers with approved security control frameworks - Severity of threats and vulnerabilities reported by sensors - Threat landscape rating KRI: - Time to resolve open security items - Backlog of unresolved security investigations - EDR coverage across the fleet - Time to patch critical issues on a monthly basis
B
Users have been reporting unusual automated phone calls, including names and phone numbers, that appear to come from devices internal to the company. Which of the following should the systems administrator do to BEST address this problem? A. Add an ACL to the firewall to block VoIP. B. Change the settings on the phone system to use SIP-TLS. C. Have the phones download new configurations over TFTP. D. Enable QoS configuration on the phone VLAN.
C
When reviewing KRIs of the email security appliance with the Chief Information Security Officer (CISO) of an insurance company, the security engineer notices the following: Which of the following measures should the security engineer take to ensure PII is not intercepted in transit while also preventing interruption to business? A. Quarantine emails sent to external domains containing PII and release after inspection. B. Prevent PII from being sent to domains that allow users to sign up for free webmail. C. Enable transport layer security on all outbound email communications and attachments. D. Provide security awareness training regarding transmission of PII.
D
Which of the following describes a contract that is used to define the various levels of maintenance to be provided by an external business vendor in a secure environment? A. NDA B. MOU C. BIA D. SLA
D
With which of the following departments should an engineer for a consulting firm coordinate when determining the control and reporting requirements for storage of sensitive, proprietary customer information? A. Human resources B. Financial C. Sales D. Legal counsel
B,E
Within the past six months, a company has experienced a series of attacks directed at various collaboration tools. Additionally, sensitive information was compromised during a recent security breach of a remote access session from an unsecure site. As a result, the company is requiring all collaboration tools to comply with the following: Secure messaging between internal users using digital signatures Secure sites for video-conferencing sessions Presence information for all office employees Restriction of certain types of messages to be allowed into the network. Which of the following applications must be configured to meet the new requirements? (Choose two.) A. Remote desktop B. VoIP C. Remote assistance D. Email E. Instant messaging F. Social media websites
