Sec_Rev15
A company has users and printers in multiple geographic locations, and the printers are located in common areas of the offices. To preserve the confidentiality of PII, a security administrator needs to implement the appropriate controls. Which of the following would BEST meet the confidentiality requirements of the data? Enforcing location-based policy restrictions Adding location to the standard naming convention Implementing time-of-day restrictions based on location Conducting regular account maintenance at each location
A
A company is implementing a remote access portal so employees can work remotely from home. The company wants to implement a solution that would securely integrate with a third party. Which of the following is the BEST solution? SAML RADIUS Secure token TACACS+
A
A company wants to ensure confidential data from storage media is sanitized in such a way that the drive cannot be reused. Which of the following methods should the technician use? Shredding Wiping Low-level formatting Repartitioning Overwriting
A
A developer has just finished coding a custom web application and would like to test it for bugs by automatically injecting malformed data into it. Which of the following is the developer looking to perform? Fuzzing Stress testing Sandboxing Normalization
A
A developer is creating a new web application on a public cloud platform and wants to ensure the application can respond to increases in load while minimizing costs during periods of low usage. Which of the following strategies is MOST relevant to the use-case? Elasticity Redundancy High availability Non-persistence
A
A network administrator needs to prevent users from acessing the accounting department records. All users are connected to the same Layer 2 device and access the Internet through the same router. Which of the following should be implemented to segment the accounting department from the rest of the users? Implement VLANs and an ACL Install a firewall and create a DMZ Create a site-to-site VPN Enable MAC address filtering
A
A network administrator needs to restrict the users of the company's WAPs to the sales department. The network administrator changes and hides the SSID and then discovers several employees had connected their personal devices to the wireless network. Which of the following would limit access to the wireless network to only organization-owned devices in the sales department? Implementing MAC filtering Reducing the signal strength to encompass only the sales department Replacing the APs and sales department wireless cards to support 802.11b Issuing a BYOD policy
A
A network administrator wants to gather information on the security of the network servers in the DMZ. The administrator runs the following command: Telnet www.example.com 80 Which of the following actions is the administrator performing? Grabbing the web server banner Logging into the web server Harvesting cleartext credentials Accessing the web server management console
A
A penetration tester was able to connect to a company's internal network and perform scans and staged attacks for the duration of the testing period without being noticed. The SIEM did not alert the security team to the presence of the penetration tester's devices on the network. Which of the following would provide the security team with notification in a timely manner? Implement rogue system detection and sensors Create a trigger on the IPS and alert the security team when unsuccessful logins occur Decrease the correlation threshold for alerts on the SEIM Run a credentialed vulnerability scan
A
A security administrator has created a new group policy object that utilizes the trusted platform module to compute a hash of system files and compare the value to a known-good value. Which of the following security conceps is this an example of? Integrity measurement Secure basline Sandboxing Immutable systems
A
A security administrator is reviewing the following information from a file that was found on a compromised host: cat suspiciousfile.txt www.CompTIA.org\njohn\miloveyou\n$200\nWorking Late\nJohn\nI%20will%20be%20in%20the%20office%20till%206pm%20to%20finish%20the%20report\n Which of the following types of malware is MOST likely installed on the compromised item? Keylogger Spyware Trojan Backdoor Rootkit
A
A security analyst is asked to check the configuration of the company's DNS service on the server. Which of the following command line tools should the analyst use to perform the initial assessment? nslookup/dig tracert ipconfig/ifconfig tcpdump
A
Ann, a user, reports she is receiving emails that appear to be from organizations to which she belongs, but the emails contain links to websites that do not belong to those organizations. Which of the following security scenarios does this describe? A hacker is using Ann's social media information to create a spear phishing attack The DNS servers for the organizations have been hacked and are pointing to malicious sites The company's mail system has changed the organization's links to point to a proxy server for security Ann's computer is infected with adware that has changed the email links
A
During certain vulnerability scanning scenarios, it is possible for target system to react in unexpected ways. This type of scenario is MOST commonly known as: intrusive testing a buffer overflow a race condition active reconnaissance
A
During incident response procedures, technicians capture a unique identifier for a piece of malware running in memory. This captured information is referred to as: a hash value the SSID the GUID a system image
A
During the penetration testing of an organization, the tester was provided with th names of a few key servers, along with their IP address. Which of the following is the organization conducting? Gray box testing White box testing Black box testing Isolated container testing Vulnerability testing
A
Exercising various programming responses for the purpose of gaining insight into a system's security posture without exploiting the system is BEST described as: passive security control testing control gap analysis peer-conducted code review non-intrusive scanning
A
A security administrator is working with the human resources department to classify data held by the company. The administator has determined the data contains a variety of data types, including health information, employee names and addresses, trade secrets, and confidential customer information. Which of the following should the security administrator do NEXT? = Apply a predefined set of labels from government sources to all data within the company = Create a custom set of data labels to group the data by sensitivity and protection requirements = Label sensitive data according to age to comply with retention policies = Destroy company information that is not labeled in compliance with government regulations and laws
B
A security analyst has identified malware that is propagating automatically to multiple systems on the network. Which of the following types of malware is MOST likely impacting the network? Virus Worm Logic bomb Backdoor
B
A security analyst is investigating a security breach involving the loss of sensitive data. A user pased the information through social media as vacation photos. Which of the following methods was used to encode their data? Obfuscation Steganography Hashing Elliptic curve
B
A security consultant is analyzing data from a recent compromise. The following data points are documented: -Access to data on share drives and certain network hosts was lost after an employee logged in to an interactive session as a privileged user -The data was unreadable by any known commercial software -The issue spread through the enterprise via SMB only when certain users accessed data -Removal instructions were not available from any major antivirus vendor Which of the following types of malware is this an example of? RAT Ransomware Backdoor Keylogger Worm
B
A security engineer wants to further secure a sensitive VLAN on the network by introducing MFA. Which of the following is the BEST example of this? PSK and PIN RSA token and password Fingerprint scanner and voice recognition Secret question and CAPTCHA
B
A systems administrator wants to secure a backup environment so backups are less prone to ransomware attacks. The administrator would like to have a fully isolated set of backups. Which of the following would be the MOST secure option for the administrator to implement? A DMZ An air gap A honeypot A VLAN
B
A tester was able to leverage a pass-the-hash attack during a recent penetration test. the tester gained a foothold and moved laterally through the network. Which of the fllowing would prevent this type of attack from reoccurring? = Renaming all active service accounts and disabling all inactive service accounts = Creating separate accounts for privileged access that are not used to log on to local machines = Enabling full-disk encryption on all workstations that are used by administrators and disabling RDP = Increasing the password complexity requirements and setting account expiration dates
B
An engineer is configuring a wireless network using PEAP for the authentication protocol. Which of the following is required? 802.11n support on the WAP X 509 certificate on the server CCMP support on the network switch TLS 1.0 support on the client
B
An organization has the following written policies: -Users must request approval for non-standard software installation -Administrators will perform all software installations -Software must be installed from a trusted repository A recent security audit identified crypto-currency software installed on one user's machine. Which of the following is the MOST likely cause of this policy violation and the BEST remediation to prevent a reoccurrence? = The user's machine was infected with malware; implement the organization's incident response = The user installed the software on the machine; implement technical controls to enforce the written policies = The crypto-currency software was misidentified and is authorized; add the software to the organization's approved list = Administrators downloaded the software from an untrusted repository; add a policy that requires integrity checking for all software
B
An organization prefers to apply account permissions to groups and not individual users, but allows for exceptions that are justified. Some systems require a machine-to-machine data exchange and an associated account to perform this data exchange. One particular system has data in a folder that must be modified by another system. No user requires access to this folder, only the other system needs access to this folder. Which of the following is the BEST account management practice? = Create a service account and apply the necessary permissions directly to the service account itself = Create a service account group, place the service account in the group, and apply the permissions on the group = Create a guest account and restrict the permissions to only the folder with the data = Create a generic account that will only be used for accessing the folder, but disable the account until it is needed for the data exchange = Create a shared account that administrators can use to exchange the data, but audit the shared account activity
B
Exploitation of a system using widely known credentials and network addresses that results in DoS is an example of: improper error handling default configurations untrained users lack of vendor support
B
In the event of a security incident, which of the following should be captured FIRST? An external hard drive System memory An internal hard drive Network interface data
B
Joe, a security analyst, needs to determine why the wireless network appears to be randomly connecting and disconnecting. Joe notes that only the expected SSID appears, and the WAP.MAC address matches. Given that he WAP connection has to be confirmed, which of the following is MOST likely the type of wireless attack being seen? Evil twin Disassociation Rogue AP Brute force
B
Penetration testing is distinct from vulnerability scaning primarily because penetration testing: leverages credentialed scanning to obtain persistence involves multiple active exploitation techniques relies exclusively on passive exploitation attempts for pivoting relies on misconfiguration of security controls
B
A Chief Information Officer (CIO) wants to eliminate the number of calls the help desk is receiving for password resets when users log on to internal portals. Which of the following is the BEST solution? Increase password length Implement a self-service portal Decrease lockout threshold Deploy mandatory access control
B
A company has forbidden the use of external media within its headquarters location. a security analyst is working on adding additional repositories to a server in the environment when the analyst notices some odd procedures running on the system. The analyst runs a command and sees the following: $ history ifconfig -a netstat -n pskill 1788 pskill 914 mkdir /tmp/1 mount -u ada101 /tmp/1 cp /tmp/1/+ ~/1/ umount /tmp/1 ls -al 1/1/ apt-get update apt-get upgrade clear Given this output, which of the following security issues has been discovered? A misconfigured HIDS A malware installation A policy violation The activation of a Trojan
B
A company uses WPA2-PSK, and it appears there are multiple unauthorized devices connected to the wireless network. A technician suspects this is because the wireless password has been shared with unauthorized individuals. Which of the following should the technician implement to BEST reduce the risk of this happening in the future? Wireless guest isolation 802.1X WPS MAC address blacklist
B
A malicious actor compromises a legitimate website, configuring it to deliver malware to visitors of the website. Which of the following attacks does this describe? Whaling Watering hole Impersonation Spoofing
B
A network administrator is configuring a honeypot in a company's DMZ. To provide a method for hackers to access the system easily, the company needs to configure a plaintext authentication method that will send only the username and password to a service in the honeypot. Which of the following protocols should the company use? OAuth PAP RADIUS Shibboleth
B
A new PKI is being built at a company, but the network administrator has concerns about spikes of traffic occurring twice a day due to clients chcking the status of the certificates. Which of the following should be implemented to reduce the spikes in traffic? CRL OCSP SAN OID
B
A newly hired Chief Security Officer (CSO) is reviewing the company's IRP and notices the procedures for zero-day malware attacks are being poorly executed, resulting in the CSIRT failing to address and coordinate malware removal from the system. Which of the following phases would BEST address these shortcomings? Identification Lessons learned Recovery Preparation Eradication
B
A penetration tester has uccessfully accessed a web server using an exploit in the user-agent string for Apache Struts. The tester then brute forces a credential that provides access to the back-end database server in a different subnet. This is an example of: persistence pivoting escalation of privilege a remote access Trojan
B
The website of a bank that an organization does business with is being reported as untrusted by the organization's web browser. A security analyst has been assigned to investigate. The analyst discovers the bank recently merged with another local bank and combined names. Additionally, the user's bookmark automatically redirects to the website of the newly named bank. Which of the following is the MOST likely cause of the issue? The company's web browser is not up to date The website's certificate still has the old bank's name The website was created too recentlly to be trusted The website's certificate has expired
B
When choosing a hashing algorithm for storing passwords in a web server database, which of the following is the BEST explanation for choosing HMAC-MD5 over simple MD5? HMAC provides hardware acceleration, thus speeding up authentication HMAC adds a transport layer handshake, which improves authentication HMAC-MD5 can be decrypted faster, speeding up performance HMAC-MD5 is more resistant to brute forcing
B
Which of the following involves the use of targeted and highly crafted custom attacks against a population of users who may have access to a particular service or program? Hoaxing Spear phishing Vishing Phishing
B
Which of the following is MOST likely the security impact of continuing to operate end-of-life systems? Higher total cost of ownership due to support costs Denial of service due to patch availability Lack of vendor support for decommissioning Support for legacy protocols
B
Which of the following should be implemented to stop an attacker from interacting with the hypervisor through another guest? Containers VM escape protection Security broker Virtual desktop
B
Which of the following systems, if compromised, may cause great danger to the integrity of water supplies and their chemical levels? UAV SCADA HVAC MFD
B
A NIPS administrator needs to install a new signature to observe the behavior of a worm that may be spreading over SMB. Which of the following signatures should be installed on the NIPS? PERMIT from ANY:ANY to ANY:445 regex '.*SMB.*' DROP from ANY:445 to ANY:445 regex '.*SMB.*' DENY from ANY:ANY to ANY:445 regex '.*SMB.*' RESET from ANY:ANY to ANY:445 regex '.*SMB.*'
C
A company is determining where to host a hot site, and one of the locations being considered is in another country. Which of the following should be considered when evaluating this option? Mean RTO Mean RPO Data sovereignty Data destructions laws Backup media recycling policies
C
A company notices that at 10 am every Thursday, three users' computers become inoperable. The security analyst team discovers a file called where.pdf.exe that runs on system startup. The contents of where.pdf.exe are shown below: @echo off if (c:\file.txt) deltree C:\ Based on the above information, which of the following types of malware was discovered? Rootkit Backdoor Logic bomb RAT
C
A company recently experienced a security breach. The security staff determined that the intrusion was due to an out-of-date proprietary software program running on an non-compliant server. The server was imaged and copied onto a hardened VM, with the previous connections re-established. Which of the following is the NEXT step in the incident response process? Recovery Eradication Lessons learned Containment Identification
C
A company recently experienced a significant malware attack that caused all business operations to stop. After an investigation, a single PC was identified as the root cause, and a security analyst on the IR team disconnected the machine from the corporate network, both the wired and wireless connections. Which of the following incident response phases was just completed? Preparation Identification Containment Eradication Recovery Lessons learned
C
A network engineer needs to allow an organization's users to connect their laptops to wired and wireless networks from multiple locations and facilities, while preventing unauthorized connections to the corporate networks. Which of the following should be implemented to fulfill the engineer's requirements? Configure VLANs Install a honeypot Implement a VPN concentrator Enable MAC filtering
C
A red team initiated a DoS attack on the management interface of a switch using a known vulnerability. The monitoring solution then raised an alert, prompting a network engineer to log in to the switch to diagnose the issue. When the engineer logged in, the red team was able to capture the credentials and subsequently log in to the switch. Which of the following actions should the network team take to prevent this type of breach from reoccurring? Encrypt all communications with TLS 1.3 Transition from SNMPv2c to SNMPv3 with AES-256 Enable Secure Shell and disable Telnet Use a password manager with complex passwords
C
A security administrator recently discovered the AAA server is receiving cleartext credentials from network infrastructure devices. Which of the following should the administrator configure to enable encryption? PAP TACACS+ attributes IPSec Kerberos
C
A security analyst discovers one of the business processes, which generates 75% of the annual revenue, uses a legacy system. This creates a risk that can contribute to a 2% drop in revenue generation every quarter. Which of the following would be the BEST response to this risk? Mitigation Avoidance Insurance Acceptance
C
Which of the following is the BEST example of a reputation impact identified during a risk assessment? A bad software patch taking down the production systems A misconfigured firewall exposing intellectual property to the internet An attacker defacing the e-commerce portal Malware collecting credentials for company bank accounts
C
Which of the following is the main difference between symmetric and asymmetric cryptographic algorithms? The use of PKI in symmetric algorithms HSM-based key generation Only one key used in symmetric algorithms Random vs pseudo-random key generation
C
Which of the following types of vulnerability scans typically returns more detailed and thorough insights into actual system vulnerabilities? Non-credentialed Intrusive Credentialed Non-intrusive
C
proprietary information was sent by an employee to a distribution list that included external email addresses. Which of the following BEST describes the incident that occurred and the threat actor in this scenario? Social engineering by a hacktivist MITM attack by a script kiddie Unintentional disclosure by an insider Corporate espionage by a competitor
C
A company is looking for an all-in-one solution to provide identification, authentication, authorization, and accounting services. Which of the following technologies should the company use? Diameter SAML Kerberos CHAP
D
A company recently contracted a penetration testing firm to conduct an assessment. During the assessment, the penetration testers were able to capture unencrypted communication between the directory servers. The penetration testers recommend encrypting this communication to fix the vulnerability. Which of the following protocols should the company implement to close this finding? DNSSEC SFTP Kerberos LDAPS
D
A critical enterprise component whose loss or destruction would significantly impede business operations or have an outsized impact on corporate revenue is known as: a single point of failure critical system infrastructure proprietary information a mission-essential function
D
A pass-the-hash attack is commonly used to: modify DNS records to point to a different domain modify the IP address of the targeted computer execute java script to capture user credentials laterally move across the network
D
A security administrator begins assessing a network with software that checks for available exploits against a known database, using both credentials and external scripts A report will be compiled and used to confirm patching levels. This is an example of: penetration testing fuzzing static code analysis vulnerability scaning
D
A security administrator has been conducting an account permissions review that has identified several users who belong to functional groups and groups responsible for audiing the functional groups' actions. Several recent outages have not been able to be traced to any user. Which of the following should the security administrator recommend to preserve future audit log integrity? Enforcing stricter onboarding workflow policies Applying least privilege to user group membership Following standard naming conventions for audit group users Restricting audit group membership to service accounts
D
A security analyst performs a vulnerability scan on the local network. Several items are flagged on the report as being critical issues. The security analyst researches each of the vulnerabilities and discovers that one of the critical issues on the report was mitigated in a previous scan. Which of the following MOST likely happened? A patch was removed A false positive occurred The tool has a high crossover error rate A necessary service was not running
D
A software development company needs to augment staff by hiring consultants for a high-stakes project. The project has the following requirements: -Consultants will have access to highly confidential, proprietary data -Consultants will not be provided with company-owned assets -Work needs to start immediately -Consultants will be provided with internal email addresses for communications Which of the following solutions is the BEST method for controlling data exfiltration during this project? = Require the consultants to sign an agreement stating they will only use the company-provided email address for communications during the project = Require updated antivirus, USB blocking, and a host-based firewall on all consultant devices = Require the consultants to connect to the company VPN when accessing confidential resources = Require that all consultant activity be restricted to a secure VDI environment
D
Given the following output: NMAP -P 80 --script hostmap-bfk.nse company.com starting NMAP 6.46 NMAP scan report for company.com (172.255.240.169) Port State Service 80/TCP open http Host script results hostmap-bfk hosts: 172.255.240.169 web1.company.com swebdb1.company.com web3.company.com swebdb2.company.com NMAP done: scanned in 2.10 seconds Which of the following BEST describes the scanned environment? A host was identified as a web server that is hosting multiple domains A host was scanned, and web-based vulnerabilities were found A connection was established to a domain, and several redirect connections were identified A web shell was planted in company.com's content management system
A
Given the following: > md5.exe file1.txt >AD1FAB103773DC6A1E6021B7F503A210 > md5.exe file2.txt >AD1FAB103773DC6A1E6021B7F503A210 Which of the following concepts of cryptography is shown? Collision Salting Steganography Stream cipher
A
Joe, a new employee, discovered a thumb drive with the company's logo on it while walking in the parking lot. Joe was curious as to the contents of the drive and placed it into his work computer. Shortly after accessing the contents, he noticed the machine was running slower, started to reboot, and displayed new icons on the screen. Which of the following types of attacks occurred? Social engineering Brute force attack MITM DoS
A
Smart home devices that are always on or connected, such as HVAC system components, introduce SOHO networks to risks because of: default factory settings and constant communication channels to cloud servers strong passwords, which are not known by SOHO administrators, preventing security patching loT devices requiring constant Internet access for license validation automatic firmware updates constantly shifting the threat landscape
A
The following ports are open for a production Internet web server: 22, 23, 80, 443, 3389, and 8080. Which of the following mitigation strategies should a penetration tester recommend? System hardening Secure developer training User input sanitization Multifactor authentication
A
When conducting a penetration test, a pivot is used to describe a scenario in which: = The penetration tester uses pass-the-hash to gain access to a server via SMB, and then uses this server to SSH to another server = A penetration tester is able to download the Active Directory database after exploiting an unpatched vulnerability on the domain = The vulnerability scanner reveals a flaw in SMB signing, which can be used to send a netcat recon tool to one of the servers on the network = The penetration tester is able to access the datacenter or network closet by using a lockpick
A
Which of the following BEST describes why an air gap is a useful security control? = It physically isolates two or more networks, therefore helping prevent cross contamination or accidental data spillage = It requires that files be transferred via USB instead of networks that are potentially vulnerable to hacking, therefore preventing virus infections = It requires multiple systems administrators with different credentials, therefore providing separation of duties = It provides physical space between two interlocking doors, therefore providing additional control from unauthorized entry
A
Which of the following can be used to increase the time needed to brute force a hashed password? BCRYPT ECDHE Elliptic curve Diffie-Hellman
A
Which of the following has the potential to create a DoS attack on a system? A server room WiFi thermostat with default credentials A surveillance camera that has been replaced and is not plugged in A disabled user account that has not been deleted A wireless access point with WPA2 connected to the network
A
Which of the following is considered passive reconnaissance? Utilizing WHOIS Running a port scan Performing enumeration of services Using OS fingerprinting Employing social engineering
A
Which of the following models is considered an iterative approach with frequent testing? Agile Waterfall DevOps Sandboxing
A
Which of the following should a company require prior to performing a penetration test? NDA CVE score Data classification List of threats
A
While testing a new application, a developer discovers that the inclusion of an apostrophe in a username causes the application to crash. Which of the following secure coding techniques would be MOST useful to avoid this problem? Input validation Code signing Obfuscation Encryption
A
Which of the following cloud models is used to share resources and information with business partners and like businesses without allowing everyone else access? Public Hybrid Community Private
C
Which of the following controls does a mantrap BEST represent? Deterrent Detective Physical Corrective
C
Which of the following generates reports that show the number of systems that are associated with POODLE, 3DES, and SMBv1 listings? A protocol analyzer A UTM appliance A vulnerability scanner A honeypot
C
Which of the following helps find current and future gaps in an existing COOP? Vulnerability assessment Lessons learned Tabletop exercise After-action report
C
Which of the following impacts MOST likely results from poor exception handling? Widespread loss of confidential data Network-wide resource exhaustion Privilege escalation Local disruption of services
C
Which of the following is a resiliency strategy that allows a system to automatically adapt to workload changes? Fault tolerance Redundancy Elasticity High availability
C
Which of the following is a symmetric encryption algorithm that applies to the encryption over multiple iterations? RC4 RSA 3DES SHA
C
A security analyst is investigating a report from an employee in the human resources (HR) department who is having sporadic issues with Internet access. When the security analyst pulls the UTM logs for the IP addresses in the HR group, the following activity is shown: 10.1.13.45 165.35.23.129 8080 News/Journalism General Block 10.1.13.45 89.23.45.11 443 Banking General Allow 10.1.13.46 76.4.3.19 8080 Business HR Users Allow 10.1.13.45 145.29.173 8080 Business General Block 10.1.13.45 10.1.29 443 Internal General Allow 10.1.13.46 19.34.1.189 443 Banking HR Users Allow 10.1.13.45 45.1.39.118 8080 Job Search General Block 10.1.13.46 45.1.39.118 8080 Job Search HR Users Allow Which of the following actions should the security analyst take? Ensure the HR employee is in the appropriate user group Allow port 8080 on the UTM for all outgoing traffic Disable the proxy settings on the HR employee's device Edit the last line of the ACL on the UTM to allow any any
A
A security analyst needs a solution that can execute potential malware in a restricted and isolated environment for analysis. In which of the following technologies is the analyst interested? Sandboxing Staging DMZ Honeypot
A
A security engineer deploys a certificate from a commercial CA to the RADIuS server for use wiht the EAP-TLS wireless network. Authentication is failing, so the engineer examines the certificate's properties: Issuer: (A commercial CA) Valid from: (yesterday's date) Subject: CN=smithco.com Public key: RSA (2048 bits) Enhanced key usage: Client authentication (1.3.6.1.5.5.7.3.2) Key usage: Digital signature, key encipherment (a0) Which of the following is the MOST likely cause of the failure? The certificate is missing the proper OID The certificate is missing wireless authentication in key usage The certificate is self-signed The certificate has expired
A
A security team has completed the installation of a new server. The OS and applications have been patched and tested, and the server is ready to be deployed. Which of the following actions should be taken before deploying the new server? Disable the default accounts Run a penetration test on the network Create a DMZ in which to place the server Validate the integrity of the patches
A
A systems administrator just issued the ssh-keygen -t rsa command on a Linux terminal. Which of the following BEST describes what the rsa portion of the command represents? A key generation algorithm A hashing algorithm A public key infrastructure type A certificate authority type
A
A systems administrator wants to enforce the use of HTTPS on a new website. Which of the following should the systems administrator do NEXT after generating the CSR? Install the certificate on the server Provide the public key to the CA Password protect the public key Ensure the new key is not on the CRL
A
A user attempts to send an email to an external domain and quickly receives a bounce-back message. The user then contacts the help desk stating the message is important and needs to be delivered immediately. While digging through the email logs, a system administrator finds the email and bounce-back details: Your email has been rejected because it appears to contain SSN information. Sending SSN information via email to external recipients violates company policy. Which of the following technologise successfully stopped the emai lfrom being sent? DLP UTM WAF DEP
A
All employees of an organization received an email message from the Chief Executive Oficer (CEO) asking them for an urgent meeting in the main conference room. When the employees assembled, they learned the message received was not actually from the CEO. Which of the following BEST represents what happened? Spear phishing attack Whaling attack Phishing attack Vishing attack
A
An administrator needs to protect five websites with SSL certificates. Three of the websites have different domain names, and two of the websites share the domain name but have different subdomain prefixes. Which of the following SSL certificates should the administrator purchase to protect all of the websites and be able to administer them easily at a later time? One SAN certificate One Unified Communications Certificate and one wildcare certificate One wildcared certificate and two standard certificates Five standard certificates
A
An analysis of a threat actor, which has been active for several years, reveals the threat actor has high levels of funding, motivation, and sophistication. Which of the following types of threat actors does this BEST describe? Advanced persistent threat Hacktivist Organized crime Insider
A
An audit revealed that a privileged account accessed a large number of systems multiple times in a short period. The account was promptly deactivated. The unexpected changes stopped happening, but some systems ceased to perform their scheduled tasks. Which of the following was incorrectly performed? Use and documentation of service accounts Restriction of shared privileged accounts Proper training prior to granting privileged accounts Deployment of time-of-day restrictions
A
An auditor is requiring an organzation to perform realtime validation of SSL certificates. Whch of the following should the organization implement? OCSP CRL CSR KDC
A
An organization wants to use a ticket-based approach to access management for an internal network. The organization would like the solution to be vendor-imdependent and use a widely supported protocol, but it does not want to use an XML-based approach. Which of the following access protocols should the organization choose? Kerberos OAuth MSCHAPv2 SAML
A
An organization's Chief Information Offcer (CIO) read an article that identified leading hacker trends and attacks, one of which is the alteration of URLs to IP addresses resulting in users being redirected to malicious websites. To reduce the changes of this happening in the organization, which of the following secure protocols should be implemented? DNSSEC IPSec LDAPS HTTPS
A
Ann, a new employee, received an email from an unkonwn source indicating she needed to click on the provided link to update her company's profile. Once Ann clicked the link, a command prompt appeared with the following output: C:\Users\Ann\Documents\File1.pgp C:\Users\Ann\Documents\AdvertisingReport.pgp C:\Users\Ann\Documents\FinancialReport.pgp Which of the following types of malware was executed? Ransomware Adware Spyware Virus
A
A coffee company, which operates a chain of stores across a large geographical area, is deploying tablets to use as point-of-sale devices. A security consultant has been given the following requirements: -The cashiers must be able to log in to the devices quickly -The devices must be compliant with applicable regulations for credit card usage -The risk of loss or theft on the devices must be minimized -If devices are lost or stolen, all data must be removed from the device -The devices must be capable of being managed from a centralized location Which of the following should the security consultan configure in the MDM policies for the tablets? (Select TWO) Remote wipe Cable locks Screen locks Geofencing GPS tagging Carrier unlocking
A,B
Which of the following are disadvantages of full backups (Select THREE) They rely on other backups for recovery They require the most storage They demand the most bandwidth They have the slowest recovery time They are impossible in virtual environments They require on-site storage They are time-consuming to complete
B,D,G
Which of the following agreement types is a non-contractual agreement between two or more parties and outlines each party's requirements and responsibilities? BPA SLA MOU ISA
C
A security analyst received an after-hours alert indicating tha a large number of accounts with the suffix "admin" were locked out. The accounts were all locked out after five unsuccessful login attempts, and no other accounts on the network triggered the same alert. Which of the following is the BEST explanation for these alerts? = The administrator accounts do not have rigid password complexity rules, and this made them easier to crack = The company has implemented time-of-day restrictions, and this triggered a false positive alert when the administrators tried to log in = The standard naming convention makes administrator accounts easy to identify, and they were targeted for an attack = The threshold for locking out administrator accounts is too high, and it should be changed from five to three to prevent unauthorized access attempts
C
A security analyst receives the following output: Time: 12/15/2017 Action: Policy: Endpoint USB Transfer - Blocked Host: Host1 File Name: Q3-Financials.PDF User: User1 Which of the following MOST likely occurred to produce his output? The host-based firewall prevented an attack from a Trojan horse USB-OTG prevented a file from being uploaded to a mobile device The host DLP prevented a file from being moved off a computer The firewall prevented an incoming malware-infected file
C
A technician is implementing 802.1X with dynamic VLAN assignment based on a user Active Directory group membership. Which of the following configurations supports the VLAN definitions? RADIUS attribute SAML tag LDAP path Shibboleth IdP
C
A technician wants to configure a wireless router at a small office that manages a family-owned dry cleaning business. The router will support five laptops, personal smartphones, a wireless printer and occasional guests. Which of the following wireless configurations is BEST implemented in this scenario? Single SSID with WPA2-Enterprise 802.1X with a guest VLAN Dual SSID with WPA2-PSK Captive portal with two-factor authentication
C
A technician wants to implement PKI-based authentication on an enterprise wireless network. Which of the following should the technician configure to enforce the use of client-side certificates? 802.1X with PEAP WPA2-PSK EAP-TLS RADIUS Federation
C
After a breach, a company has decided to implement a solution to better understand the technique used by the attackers. Which of the following is the BEST solution to be deployed? Network analyzer Protocol analyzer Honeypot network Configuration compliance scanner
C
An analyst is trying to obtain a signed certiicate from a CA by pasting a public key into the CA's web request form; however, it does not work, and an error is generated. Which of the following does the analyst need to paste into the web request form? A private key A CSR The OID A certificate chain
C
An internal intranet site is required to authenticate users and restrict access to content to only those who are authorized to view it. The site administrator previously encountered issues with credential spoofing when using the default NTLM setting and wants to move to a system that will be more resilient to replay attacks. Which of the following should the administrator implement? NTLMv2 TACACS+ Kerberos Shibboleth
C
An organization handling highly confidential information needs to update its systems. Which of the following is the BEST method to prevent data compromise? Wiping Degaussing Shredding Purging
C
An organization has created a review process to determine how to best handle data with different sensitivity levels. The process includes the following requirements: -Soft copy PII must be encrypted -Hard copy PII must be placed in a locked container -Soft copy PHI must be encrypted and audited monthly -Hard copy PHI must be placed in a locked container and inventoried monthly Locked containers must be approved and designated for document storage. Any violations must be reported to the Chief Security Officer (CSO). While searching for coffee in the kitchen, an employee unlocks a cabinet and discovers a list of customer names and phone numbers. Which of the following actions should the employee take? = Put the document back in the cabinet, lock the cabinet, and report the incident to the CSO = Take custody of the document, secure it at a desk, and report the incident to the CSO = Take custody of the document and immediately report the incident to the CSO = Put the document back in the cabinet, inventory the contents, lock the cabinet, and report the incident to the CSO
C
An organization is setting up a satellite office and wishes to extend the corporate network to the new site. Which of the following is the BEST solution to allow the users to access corporate resources while focusing on usability and security? Federated services Single sign-on Site-to-site VPN SSL accelerators
C
An organization uses an antivirus scanner from Company A on its firewall, an email system antivirus scanner from Company B, and an endpoint antivirus scanner from Company C. This is an example of: unified threat management an OVAL system vendor diversity alternate processing sites
C
Ann, a security analyst from a large organization, has been instructed to use another, more effective scanning tool. After installing the tool on her desktop, she started a full vulnerability scan. After running the scan for eight hours, Ann finds that there were no vulnerabilities identified. Which of the following is the MOST likely cause of not receiving any vulnerabilities on the network? The organization has a zero tolerance policy against not applying cybersecurity best practices The organization had a proactive approach to patch management principles and practices The security analyst credentials did not allow full administrative rights for the scanning tool The security analyst just recently applied operating system level patches
C
Buffer overflow can be avoided using proper: memory leak prevention memory reuse input validation implementation of ASLR
C
Two companies need to exchange a large number of confidential files. Both companies run high availability UTM devices. They do not want to use email systems to exchange the data. Since the data needs to be exchanged in both directions, which of the following solutions should a security analyst recommend? Configuring the remote access feature on both UTMs Configuring an FTP server in one company Establishing a site-to-site VPN between the two companies Exchanging data by using a free cloud-storage product
C
When building a hosted datacenter, which of the following is the MOST important consideration for physical security within the datacenter? Security guards Cameras Secure enclosures Biometrics
C
A security analyst is determining the point of compromise after a company was hacked. The analyst checks the server logs and sees that a user account was logged in at night, and several large compressed files were exfiltrated. The analyst then discovers the user last logged in four years ago and was terminated. Which of the following should the security analyst recommend to prevent this type of attack in the future? (Select TWO) Review and update the firewall settings Restrict the compromised user account Disable all user accounts that are not logged in to for 180 days Enable a login banner prohibiting unauthorized use Perform an audit of all company user accounts Create a honeypot to catch the hacker
C,E
After deploying an antivirus solution on some network-isolated industrial computers, the service disk team received a trouble ticket about the following message being displayed on the computers' screen: Your AV protection has blocked an unknown application while performing suspicious activities. The application was put in quarantine. Which of the following would be the SAFEST next step to address the issue? = Immediately delete the detected file from the quarantine to secure the environment and clear the alert from the antivirus console = Perform a manual antivirus signature update directly from the antivirus vendor's cloud = Centrally activate a full scan for the entire set of industrial computers, looking for new threats = Check the antivirus vendor's documentation about the security modules, incompatibilities, and software whitelisting
D
An attacker has gained control of several systems on the internet and is using them to attack a website, causing it to stop responding to legitimate traffic. Which of the following BEST describes the attack? MITM DNS poisoning Buffer overflow DDoS
D
An employee on the Internet-facing part of a company's website submits a 20-character phrase in a small textbox on a web form. The website returs a message back to the browser stating: Error: Table 'advprofile'entry into column 'lname' has exceeded number of allowed characters. Error saving database information. Of which of the following is this an example? Resource exhaustion Buffer overflow improperly configured account Improper error handling
D
As a security measure, an organization has disabled all external media from accessing the network. Since some use may have data that needs to be transferred to the network, which of the following would BEST assist a security administrator with transferring the data while keeping the internal network secure? Upload the media in the DMZ Upload the data in a separate VLAN Contact the data custodian Use a standalone scanning system
D
During a routine check, a security analyst discovered the script responsible for the backup of the corporate file server had been changed to the following: date = get_currentdate() if date = $userA.Birthdate then exec ' rm -rf /' end if Which of the following BEST describes the type of malware the analyst discovered? Keylogger Rootkit RAT Logic bomb
D
During a routine check, a security nalyst discovered the script responsible for the backup of the corporate file server had been changed to the following: date = get_currentdate() if date = $userA.Birthdate then exec ' rm -rf /' end if Which of the following BEST descries the type of malware the analyst discovered? Keylogger Rootkit RAT Logic bomb
D
Joe, a user, visited a banking website from a saved bookmark and logged in with his credentials. After logging in, Joe discovered that he could not access any resources, and none of his account information would display. The next day, the bank called to report his account had been compromised. Which of the following MOST likely would have prevented this from occurring? SSH TLS LDAPS DNSSEC
D
The phones at a business are being replaced with VoIP phones that get plugged in-line between the switch and PC. The voice and data networks still need to be kept separate. Which of the following would allow for this? NAT Intranet Subnetting VLAN
D
The use of a unique attribute inherent to a user as part of an MFA system is BEST described as: something you do something you have something you know something you are
D
When an initialization vector is added to each encryption cycle, it is using the: ECB cipher mode MD5 cipher mode XOR cipher mode CBC cipher mode
D
Which of the following BEST explains "likelihood of occurrence"? = The chance that an event will happen regardless of how much damage it may cause = The overall impact to the organization once all factors have been considered = The potential for a system to have a weakness or flaw that might be exploited = The probability that a threat actor will target and attempt to exploit an organization's systems
D
Which of the following is a component of multifactor authentication? RADIUS SSO Transitive trust OTP
D
Which of the following is an example of the second A in the AAA model? = The encryption protocol successfully completes the handshake and establishes a connection = The one-time password is keyed in, and the login system grants access = The event log records a successful login with a type code that indicates an interactive login = A domain controller confirms membership in the appropriate group
D
A security analyst has been asked to implement secure protocols to prevent cleartext credentials from being transmitted over the internal network. Which of the following protocols is the security analyst MOST likely to implement? (Select TWO) SNMPv3 S/MIME DNSSEC SSH SFTP
D,E
A company help desk has received several reports that employees have experienced identity theft and compromised accounts. This occurred several days after receiving an email asking them to update their personal bank information. Which of the following is a vulnerability that has been exploited? Trojan horses Phishing Improperly configured accounts Forged certificates Untrained users
E
A penetration tester is testing passively for vulnerabilities on a company's network. Which of the following tools should the penetration tester use? Zenmap Wireshark Nmap tcpdump nikto Snort
E