Security ++ #414-
A company is performing an analysis of which corporate units are most likely to cause revenue loss in the event the unit is unable to operate. Which of the following is an element of the BIA that this action is addressing?
Critical system inventory
If two employees are encrypting traffic between them using a single encryption key, which of the following algorithms are they using?
3DES
A network technician identified a web server that has high network utilization and crashes during peak business hours. After making a duplicate of the server. Which of the following should be installed to reduce the business impact caused by these outages?
A Load balancer
Which of the following BEST describes how a MITM attack differs from a spear phishing attack?
A MITM attack uses spyware to log user activity, while a spear phishing attack installs a rootkit on the client to forge the identity of the user.
Which of the following represents a multifactor authentication system?
A one-time password token combined with a proximity badge
Which of the following enables sniffing attacks against a switched network?
ARP poisoning
An organization has air gapped a critical system. Which of the following BEST describes the type of attacks that are prevented by this security measure?
Attacks from another local network segment
Which of the following BEST represents the difference between white-box and black-box penetration testing methodologies?
Authenticated vs. unauthenticated
Which of the following access management concepts is MOST closely associated with the use of a password or PIN??
Authentication
Which of the following BEST describes the purpose of authorization?
Authorization provides permissions to a resource and comes after authentication.
Which of the following provides PFS?
DHE
A salesperson often uses a USB drive to save and move files from a corporate laptop. The corporate laptop was recently updated, and now the files on the USB are read-only. Which of the following was recently added to the laptop?
DLP
An employee opens a web browser and types a URL into the address bar. Instead of reaching the requested site, the browser opens a completely different site. Which of the following types of attacks have MOST likely occurred? (Select TWO).
DNS hijacking Man-in-the-browser
Which of the following BEST distinguishes Agile development from other methodologies in terms of vulnerability management?
Daily standups
Two companies are enabling TLS on their respective email gateways to secure communications over the Internet. Which of the following cryptography concepts is being implemented?
Data in transit
A company is implementing a tool to mask all PII when moving data from a production server to a testing server. Which of the following security techniques is the company applying?
Data sanitization
A user is unable to obtain an IP address from the corporate DHCP server. Which of the following is MOST likely the cause?
Default configuration
A security technician has been assigned data destruction duties. The hard drives that are being disposed of contain highly sensitive information. Which of the following data destruction techniques is MOST appropriate?
Degaussing
A technician has discovered a crypto-virus infection on a workstation that has access to sensitive remote resources. Which of the following is the immediate NEXT step the technician should take?
Disable the network connections on the workstation.
A company recently installed fingerprint scanners at all entrances to increase the facility's security. The scanners were installed on Monday morning, and by the end of the week it was determined that 1.5% of valid users were denied entry. Which of the following measurements do these users fall under?
FRR
Fuzzing is used to reveal which of the following vulnerabilities in web applications?
Improper input handling
Which of the following command line tools would be BEST to identify the services running in a server?
Netstat
A security analyst is interested in setting up an IDS to monitor the company network. The analyst has been told there can be no network downtime to implement the solution, but the IDS must capture all of the network traffic. Which of the following should be used for the IDS implementation?
Network tap
A security administrator needs to conduct a full inventory of all encryption protocols and cipher suites. Which of the following tools will the security administrator use to conduct this inventory MOST efficiently?
Nmap
Which of the following is being used when a malicious actor searches various social media websites to find information about a company's system administrators and help desk staff?
Passive reconnaissance
An audit found that an organization needs to implement job rotation to be compliant with regulatory requirements. To prevent unauthorized access to systems after an individual changes roles or departments, which of the following should the organization implement?
Permission auditing and review
Which of the following BEST identifies repeated exploitation of different network hosts after mitigation has occurred?
Persistence
A technician is auditing network security by connecting a laptop to open hardwired jacks within the facility to verify they cannot connect. Which of the following is being tested?
Port security
A network administrator is trying to provide the most resilient hard drive configuration in a server. With five hard drives which of the following is the MOST fault-tolerant configuration?
RAID 6
Which of the following implements a stream cipher?
S/MIME encryption
Which of the following documents would provide specific guidance regarding ports and protocols that should be disabled on an operating system?
Secure configuration guide
Which of the following ready resources is a cold site MOST likely to have?
Servers
An administrator is disposing of media that contains sensitive information. Which of the following will provide the MOST effective method to dispose of the media while ensuring the data will be unrecoverable?
Shred the hard drive.
When used together, which of the following qualify as two-factor authentication?
Smart card and PIN
A developer wants to use a life-cycle model that utilizes a cascade model and has a definite beginning and end to each stage. Which of the following models BEST meets this need?
Spiral
Which of the following is the MAIN disadvantage of using SSO?
The architecture can introduce a single point of failure.
When considering IoT systems, which of the following represents the GREATEST ongoing risk after a vulnerability has been discovered?
Tight integration to existing systems
Which of the following is the proper use of a Faraday cage?
To block electronic signals sent to erase a cell phone
Which of the following is a technical preventive control?
Two-factor authentication
A developer wants to use a life-cycle model that utilizes a cascade model and has a definite beginning and end to each stage. Which of the following models BEST meets this need?
Waterfall
A service provider recently upgraded one of the storage clusters that houses non-confidential data for clients. The storage provider wants the hard drives back in working condition. Which of the following is the BEST method for sanitizing the data given the circumstances?
Wiping
A company has a backup site with equipment on site without any data. This is an example of:
a warm site
An organization is looking to build its second head office in another city, which has a history of flooding with an average of two floods every 100 years. The estimated building cost is $1 million, and the estimated damage due to flooding is half of the building's cost. Given this information, which of the following is the SLE?
$500,000
A security analyst is implementing PKI-based functionality to a web application that has the following requirements: - File contains certificate information - Certificate chains - Root authority certificates - Private key All of these components will be part of one file and cryptographically protected with a password. Given this scenario, which of the following certificate types should the analyst implement to BEST meet these requirements?
.pfx certificate
A network administrator is implementing multifactor authentication for employees who travel and use company devices remotely by using the company VPN. Which of the following would provide the required level of authentication?
802.1X and OTP
Which of the following is an example of resource exhaustion?
A penetration tester requests every available IP address from a DHCP server.
Which of the following concepts ensure ACL rules on a directory are functioning as expected? (Select TWO).
Accounting Auditing
Which of the following outcomes is a result of proper error-handling procedures in secure code?
All fault conditions are logged and do not result in a program crash.
A security analyst is performing a BIA. The analyst notes that In a disaster, failover systems must be up and running within 30 minutes. The failover systems must use backup data that Is no older than one hour. Which of the following should the analyst include In the business continuity plan?
An SLA guarantee of 60 minutes
A security administrator has replaced the firewall and notices a number of dropped connections. After looking at the data the security administrator sees the following information that was flagged as a possible issue: "SELECT * FROM" and `1'='1' Which of the following can the security administrator determine from this?
An SQL injection attack is being attempted
Given the following requirements: - Help to ensure non-repudiation - Capture motion in various formats Which of the following physical controls BEST matches the above descriptions?
Camera
A company needs to implement a system that only lets a visitor use the company's network infrastructure if the visitor accepts the AUP. Which of the following should the company use?
Captive portal
An organization is developing its mobile device management policies and procedures and is concerned about vulnerabilities associated with sensitive data being saved to a mobile device, as well as weak authentication when using a PIN As part or discussions on the topic several solutions are proposed Which of the following controls when required together, will address the protection of data at-rest as well as strong authentication? (Select TWO).
Containerization FDE
Joe, a user, reports to the help desk that he can no longer access any documents on his PC. He states that he saw a window appear on the screen earlier, but he closed it without reading it. Upon investigation, the technician sees high disk activity on Joe's PC. Which of the following types of malware is MOST likely indicated by these findings?
Crypto-malware
Which of the following types of attack takes advantage of OS buffer overflows?
Denial of service
Which of the following impacts are associated with vulnerabilities in embedded systems? Select TWO.
Denial of service due to an integrated legacy operating system Exhaustion of network resources resulting from poor NIC management
After discovering a security incident and removing the affected files, an administrator disabled an unneeded service that led to the breach.
Eradication
Which of the following are considered to be "something you do"? (Choose two.)
Handwriting Gait
A security administrator has completed a monthly review of DNS server query logs. The administrator notices continuous name resolution attempts from a large number of internal hosts to a single Internet addressable domain name. The security administrator then correlated those logs with the establishment of persistent TCP connections out to this domain. The connections seem to be carrying on the order of kilobytes of data per week. Which of the following is the MOST likely explanation for this company?
Internal hosts have become members of a botnet.
Which of the following BEST explains how the use of configuration templates reduces organization risk?
It ensures consistency of configuration for initial system implementation.
Which of the following is unique to a stream cipher?
It performs bit-level encryption
A company employee recently retired, and there was a schedule delay because no one was capable of filling the employee's position. Which of the following practices would BEST help to prevent this situation in the future?
Job rotation
A security administrator is configuring a RADIUS server for wireless authentication. The configuration must ensure client credentials are encrypted end-to-end between the client and the authenticator. Which of the following protocols should be configured on the RADIUS server? (Choose two.)
MSCHAP PEAP
A security administrator is configuring a RADIUS server for wireless authentication. The configuration must ensure client credentials are encrypted end-to-end between the client and the authenticator. Which of the following protocols should be configured on the RADIUS server? (Select TWO.)
MSCHAP PEAP
A technician has been asked to document which services are running on each of a collection of 200 servers. Which of the following tools BEST meets this need while minimizing the work required?
Netstat
The director of security at an organization has begun reviewing vulnerability scanner results and notices a wide range of vulnerabilities scattered across the company. Most systems appear to have OS patches applied on a consistent basis_ but there is a large variety of best practices that do not appear to be in place. Which of the following would be BEST to ensure all systems are adhering to common security standards?
Network vulnerability database
An administrator is beginning an authorized penetration test of a corporate network. Which of the following tools would BEST assist in identifying potential attacks?
Nmap
Which of the following algorithms would be used to provide non-repudiation of a file transmission?
RSA
Which of the following attackers generally possesses minimal technical knowledge to perform advanced attacks and uses widely available tools as well as publicly available information?
Script kiddle
A technician is required to configure updates on a quest operating system while maintaining the ability to quickly revert the changes that were made while testing the updates. Which of the following should the technician implement?
Snapshots
An attacker is able to capture the payload for the following packet: - IP 192.168.1.22:2020 10.10.10.5:443 - IP 192.168.1.10:1030 10.10.10.1:21 - IP 192.168.1.57:5217 10.10.10.1:3389 During an investigation. an analyst discovers that the attacker was able to capture the information above and use it to log on to other servers across the company. Which of the following is the MOST likely reason?
The attacker is picking off unencrypted credentials and using those to log in to the secure server
During a risk assessment, results show that a fire in one of the company's datacenters could cost up to $20 million in equipment damages and lost revenue. As a result. the company insures the datacenter for up to S20 million in damages for the cost of $30.000 a year. Which of the following risk response techniques has the company chosen?
Transference
A company has critical systems that are hosted on an end-of-life OS. To maintain operations and mitigate potential vulnerabilities, which of the following BEST accomplishes this objective?
Use application whitelisting.
An organization hosts a public-facing website that contains a login page for users who are registered and authorized to access a secure, non-public section of the site. That non-public site hosts information that requires multifactor authentication for access. Which of the following access management approaches would be the BEST practice for the organization?
Username/password with a CAPTCHA
Which of the following is an example of federated access management?
Using a popular website login to provide access to another website
A technician is recommending preventive physical security controls for a server room. Which of the following would the technician most likely recommend? (select two)
Video surveillance Authorized personnel signage
A security analyst is responsible for assessing the security posture of a new high-stakes application that is currently in the production environment but has not yet been made available to system users. Which of the following would provide the security analyst with the MOST comprehensive assessment of the application's ability to withstand unauthorized access attempts?
Vulnerability scanning
Which of the following attacks can be mitigated by proper data retention policies?
Watering hole
Hacktivists are most commonly motivated by:
political cause
After the integrity of a patch has been verified, but before being deployed to production, it is important to:
test it in a staging environment
A security analyst is running a credential-based vulnerability scanner on a Windows host. The vulnerability scanner is using the protocol NetBIOS over TCP/IP to connect to various systems. However, the scan does not return any results. To address the issue, the analyst should ensure that which of the following default ports is open on systems?
137
Which of the following encryption algorithms require one encryption key? (Select TWO).
3DES RC4
Which of the following BEST explains the difference between a credentialed scan and a non- credentialed scan?
A credentialed scan sees the system the way an authorized user sees the system, while a non- credentialed scan sees the system as a guest.
A security analyst wants to ensure the integrity of a file downloaded from the Internet. The name of the file is code.zip. The analyst uses the vendor website to determine the 160-bit fingerprint of the input, and then reviews the following output: 8532f8c0bcb335cf231ec09e02dagf77e921e4c0 code. zip Which of the following can be determined from this output?
A message digest of 160 bits should be a SHA-1 hash. The message digest listed is for SHA-1.
A sensitive manufacturing facility has recently noticed an abnormal number of assembly-line robot failures. Upon intensive investigation, the facility discovers many of the SCADA controllers have been infected by a new strain of malware that uses a zero-day flaw in the operating system. Which of the following types of malicious actors is MOST likely behind this attack?
A nation-state
A security administrator needs to configure remote access to a file share so it can only be accessed between the hours of 9:00 a.m. and 5:00 p.m. Files in the share can only be accessed by members of the same department as the data owner. Users should only be able to create files with approved extensions, which may differ by department. Which of the following access controls would be the MOST appropriate for this situation?
ABAC
A security administrator is choosing an algorithm to generate password hashes. Which of the following would offer the BEST protection against offline brute force attacks?
AES
A user needs to transmit confidential information to a third party. Which of the following should be used to encrypt the message?
AES
Which of the following encryption algorithms is used primarily to secure data at rest?
AES
Which of the following is used to encrypt web application data?
AES
Which of the following types of attack is being used when an attacker responds by sending the MAC address of the attacking machine to resolve the MAC to IP address of a valid server?
ARP poisoning
Which of the following differentiates ARP poisoning from a MAC spoofing attack?
ARP poisoning uses unsolicited ARP replies.
An organization's Chief Executive Officer (CEO) directs a newly hired computer technician to install an OS on the CEO's personal laptop. The technician performs the installation, and a software audit later in the month indicates a violation of the EULA occurred as a result. Which of the following would address this violation going forward?
AUP
Which of the following serves to warn users against downloading and installing pirated software on company devices?
AUP
A company posts a sign indicating its server room is under video surveillance. Which of the following control types is represented?
Administrative
A company has just completed a vulnerability scan of its servers. A legacy application that monitors the HVAC system in the datacenter presents several challenges, as the application vendor is no longer in business. Which of the following secure network architecture concepts would BEST protect the other company servers if the legacy server were to be exploited?
Air gap
A system in the network is used to store proprietary secrets and needs the highest level of security possible. Which of the following should a security administrator implement to ensure the system cannot be reached from the Internet?
Air gap
An analyst is part of a team that is investigating a potential breach of sensitive data at a large financial services organization. The organization suspects a breach occurred when proprietary data was disclosed to the public. The team finds servers were accessed using shared credentials that have been in place for some time. In addition, the team discovers undocumented firewall rules, which provided unauthorized external access to a server. Suspecting the activities of a malicious insider threat, which of the following was MOST likely to have been utilized to exfiltrate the proprietary data?
Backdoor
A security administrator is enhancing the security controls in an organization with respect to the allowed devices policy. The administrator wrote a . reg file with the code below: HKEY_LOCAL_MACHINE\System\Current control set\Services\USBSTOR "Start = dword :00000004 Which of the following BEST represents what the administrator is doing?
Blocking the use of USB devices
A developer has incorporated routines into the source code for controlling the length of the input passed to the program. Which of the following types of vulnerabilities is the developer protecting the code against?
Buffer overflow
A security analyst monitors the syslog server and notices the following pinging 10.25.27.31 with 65500 bytes of data: Reply from 10.25.27.31 bytes=65500 times<1ms TTL=128 Reply from 10.25.27.31 bytes=65500 times<1ms TTL=128 Reply from 10.25.27.31 bytes=65500 times<1ms TTL=128 Reply from 10.25.27.31 bytes=65500 times<1ms TTL=128 Reply from 10.25.27.31 bytes=65500 times<1ms TTL=128 Reply from 10.25.27.31 bytes=65500 times<1ms TTL=128 Which of the following attacks is occurring?
Buffer overflow
An application developer has neglected input validation checks in the design of the company's new web application. An employee discovers that repeatedly submitting large amounts of data, including custom code, to an application will allow the execution of the custom code at the administrator level. Which of the following BEST identifies this application attack?
Buffer overflow
An application developer has neglected to include input validation checks in the design of the company's new web application. An employee discovers that repeatedly submitting large amounts of data, including custom code, to an application will allow the execution of the custom code at the administrator level. Which of the following BEST identifies this application attack?
Buffer overflow
Which of the following could an attacker use to overwrite instruction pointers in order to execute malicious code?
Buffer overflow
An organization wishes to allow its users to select devices for business use but does not want to overwhelm the service desk with requests for too many different device types and models. Which of the following deployment models should the organization use to BEST meet these requirements?
CYOD model
A company is implementing an authentication system for its wireless network. The system will be for public use and must be able to track how long a person is connected to the WiFi system for billing purposes. Which of the following would be BEST to implement in this situation?
Captive portal
The Chief Information Security Officer (CISO) at a large company tasks a security administrator to provide additional validation for website customers. Which of the following should the security administrator implement?
Captive portal
A forensic analyst needs to collect physical evidence that may be used in legal proceedings. Which of the following should be used to ensure the evidence remains admissible in court?
Chain of custody
A systems administrator wants to disable the use of usernames and passwords for SSH authentication and enforce key-based authentication. Which of the following should the administrator do NEXT to enforce this new configuration?
Change the default SSH port. enable TCP tunneling. and provide a pre-configured SSH client.
Staff members from a call center frequently use a conference room for meetings in the secured SOC. While walking through the soc, the start members can view sensitive materials displayed for monitoring purposes. The call center staff was emailed the PIN needed to open the SOC door by human resources. Which of the following access controls would prevent this situation from occurring? (Select TWO).
Change the entry system to one that uses proximity cards assigned to individual security staff members. Install screen filters on all devices within the SOC and position monitors so they are not facing shared walkways.
Given the information below: MD5 HASH document.doc 049eab40 fd36caad1fab10b3cdf4a883 MD5 HASH image. jpg 049eab40fd36caad1fab0b3cdf4a883 Which of the following concepts are described above? (Select TWO
Collision Hashing
Which of the following needs to be performed during a forensics investigation to ensure the data contained in a drive image has not been compromised?
Compare the image hash to the original hash.
A security administrator wants to better prepare the incident response team for possible security events. The IRP has been updated and distributed to incident response team members. Which of the following is the BEST option to fulfill the administrator's objective?
Conduct a tabletop test.
An organization's research department uses workstations in an air-gapped network. A competitor released products based on files that originated in the research department. Which of the following should management do to improve the security and confidentiality of the research files?
Configure removable media controls on the workstations.
A security administrator is creating a risk assessment with regard to how to harden internal communications in transit between servers. Which of the following should the administrator recommend in the report?
Configure server-based PKI certificates.
A contracting company recently completed it's period of performance on a government contract and would like to destroy all information associated with contract performance Which of the following is the best NEXT step for the company to take?
Consult data disposition policies in the contract.
While investigating a virus infection, a security analyst discovered the following on an employee laptop: - Multiple folders containing a large number of newly released movies and music files - Proprietary company data - A large amount of PHI data - Unapproved FTP software - Documents that appear to belong to a competitor Which of the following should the analyst do FIRST?
Contact the legal and compliance department for guidance
Management wants to ensure any sensitive data on company-provided cell phones is isolated in a single location that can be remotely wiped if the phone is lost. Which of the following technologies BEST meets this need?
Containerization
During a lessons learned meeting regarding a previous incident, the security team receives a follow-up action item with the following requirements: - Allow authentication from within the United States anytime - Allow authentication if the user is accessing email or a shared file system - Do not allow authentication if the AV program is two days out of date - Do not allow authentication if the location of the device is in two specific countries Given the requirements, which of the following mobile deployment authentication types is being utilized ?
Context-aware authentication
A security engineer implements multiple technical measures to secure an enterprise network. The engineer also works with the Chief Information Officer (CIO) to implement policies to govern user behavior. Which of the following strategies is the security engineer executing?
Control diversity
Which of the following control types would a backup of server data provide in case of a system issue?
Corrective
A security professional wants to test a piece of malware that was isolated on a user's computer to document its effect on a system. Which of the following is the FIRST step the security professional should take?
Create a secure baseline of the system state.
Joe, a member of the sales team, recently logged into the company servers after midnight local time to download the daily lead from before his coworkers did. Management has asked the security team to provide a method for detecting this type of behavior without impacting the access for sales employees as the travel overseas. Which of the following would be the Best method to achieve this objective?
Create an automated alert on the SIEM for anomalous sales team activity
Joe, a member of the sales team, recently logged into the company servers after midnight local time to download the daily lead form before his coworkers did. Management has asked the security team to provide a method for detecting this type of behavior without impeding the access for sales employee as they travel overseas. Which of the following would be the BEST method to achieve this objective?
Create an automated alert on the SIEM for anomalous sales team activity.
A Chief Information Security Officer (CISO) for a school district wants to enable SSL to protect all of the public-facing servers in the domain. Which of the following is a secure solution that is the MOST cost effective?
Create and install a self-signed certificate on each of the servers in the domain.
A security administrator wants to determine if a company's web servers have the latest operating system and application patches installed. Which of the following types of vulnerability scans should be conducted?
Credentialed
A user is unable to open a file that has a grayed-out icon with a lock. The user receives a pop-up message indicating that payment must be sent in Bitcoin to unlock the file. Later in the day, other users in the organization lose the ability to open files on the server. Which of the following has MOST likely occurred? (Choose three.)
Crypto-malware Virus Ransomware
A security administrator has received multiple calls from the help desk about customers who are unable to access the organization's web server. Upon reviewing the log files. the security administrator determines multiple open requests have been made from multiple IP addresses, which is consuming system resources. Which of the following attack types does this BEST describe?
DDoS
Students at a residence hall are reporting Internet connectivity issues. The university's network administrator configured the residence hall's network to provide public IP addresses to all connected devices, but many student devices are receiving private IP addresses due to rogue devices. The network administrator verifies the residence hall's network is correctly configured and contacts the security administrator for help. Which of the following configurations should the security administrator suggest for implementation?
DHCP snooping
A salesperson often uses a USB drive to save and move files from a corporate laptop. The coprorate laptop was recently updated, and now the files on the USB are read-only. Which of the following was recently added to the laptop?
DLP
A security administrator wants to better prepare the incident response team for possible security events. The IRP has been updated and distributed to incident response team members. Which of the following is the BEST option to fulfill the administrator's objective?
Determine the order of restoration.
Which of the following controls is implemented in lieu of the primary security controls?
Deterrent
A forensic investigation discovered that accounts belonging to employees who were terminated numerous years ago were recently used to gain unauthorized access on a company's web servers. Which of the following controls would reduce the risk of this reoccurring? (Select TWO)
Disable inactive accounts on a timely basis. Set expiration dates for all temporary accounts.
An incident response analyst at a large corporation is reviewing proxy data log. The analyst believes a malware infection may have occurred. Upon further review, the analyst determines the computer responsible for the suspicious network traffic is used by the Chief Executive Officer (CEO). Which of the following is the best NEXT step for the analyst to take?
Disconnect the CEO's workstation from the network
Which of the following attacks is unique in that no data is collected from the victim?
DoS
The Chief Information Security Officer (CISO) in a company is working to maximize protection efforts of sensitive corporate data. The CISO implements a "100% shred" policy within the organization, with the intent to destroy any documentation that is not actively in use in a way that it cannot be recovered or reassembled. Which of the following attacks is this deterrent MOST likely to mitigate?
Dumpster diving
A security administrator successfully used a tool to guess a six-digit code and retrieve the WPA master password from a SOHO access point. Which of the following should the administrator configure to prevent this type of attack?
Enable WPA2.
A security administrator's review of network logs indicates unauthorized network access, the source of which appears to be wired data jacks in the lobby area. Which of the following represents the BEST course of action to prohibit this access?
Enabling port security
A security analyst is emailing PII in a spreadsheet file to an audit validator for after-actions related to a security assessment. The analyst must make sure the PII data is protected with the following minimum requirements: -Ensure confidentiality at rest. - Ensure the integrity of the original email message Which of the following controls would ensure these data security requirements are carried out?
Encrypt and sign the email using S/MIME.
A security administrator has generated an SSH key pair to authenticate to a new server. Which of the following should the security administrator do NEXT to use the keys securely for authentication? Choose 2
Encrypt the public key. Install both keys on the server.
A forensic analyst is creating a report of findings for litigation purposes. The analyst must ensure data is preserved using all elements of the CIA triad. Given this scenario, which of the following should the analyst use to BEST meet these requirements?
Encryption for confidentiality, hashing for integrity, and full backups for availability
A systems administrator is installing and configuring an application service that requires access to read and write to log and configuration files on a local hard disk partition. The service must run as an account with authorization to interact with the file system. Which of the following would reduce the attack surface added by the service and account? (Select TWO).
Enforce least possible privileges for the account. Add the account to the local administrator's group.
Which of the following is the BEST method of preventing buffer overflow?
Error handling
A security technician has identified an infected machine on a network. Which of the following should the technician do NEXT?
Escalate the issue to a senior security advisor.
Which of the following penetration testing concepts is an attacker MOST interested in when placing the path of a malicious file in the Windows/CurrentVersion/Run registry key?
Escalation of privilege
A company is deploying NAFDs in its office to improve employee productivity when dealing with paperwork. Which of the following concerns is MOST likely to be raised as a possible security issue in relation to these devices?
Excessive disk space consumption due to storing large documents
A company is planning to build an internal website that allows for access to outside contracts and partners. A majority of the content will only be to internal employees with the option to share. Which of the following concepts is MOST appropriate?
Extranet
Which of the following can occur when a scanning tool cannot authenticate to a server and has to rely on limited information obtained from service banners?
False positive
An organization has decided to implement biometric controls for improved access management. However, a significant number of authorized users are being denied access to networked resources. Which of the following is the main biometric factor that requires attention?
False rejection
Which of the following should a technician use to protect a cellular phone that is needed for an investigation, to ensure the data will not be removed remotely?
Faraday cage
A manager makes an unannounced visit to the marketing department and performs a walk-through of the office. The manager observes unclaimed documents on printers. A closer look at these documents reveals employee names, addresses, ages, birth dates, marital/dependent statuses, and favorite ice cream flavors. The manager brings this to the attention of the marketing department head. The manager believes this information to be PII, but the marketing head does not agree. Having reached a stalemate, which of the following is the MOST appropriate action to take NEXT?
Find the privacy officer in the organization and let the officer act as the arbiter.
A company moved into a new building next to a sugar mill. Cracks have been discovered in the walls of the server room, which is located on the same side as the sugar mill loading docks. The cracks are believed to have been caused by heavy trucks. Moisture has begun to seep into the server room, causing extreme humidification problems and equipment failure. Which of the following BEST describes the type of threat the organization faces?
Foundational
A company wants to ensure users are only logging into the system from their laptops when they are on site. Which of the following would assist with this?
Geofencing
A company hired a firm to test the security posture of its database servers and determine if any vulnerabilities can be exploited. The company provided limited information pertaining to the infrastructure and database server. Which of the following forms of testing does this BEST describe?
Gray box
Joe, a contractor, is hired by a firm to perform a penetration test against the firm's infrastructure. When conducting the scan, he receives only the network diagram and the network list to scan against the network. Which of the following scan types is Joe performing?
Gray box
Joe, a contractor, is hired to try by a firm to perform a penetration test against the firm's infrastructure. When conducting the scan, he receives only the network diagram and the network list to scan against the network. Which of the following scan types Is Joe performing?
Gray box
An organization has hired a new remote workforce. Many new employees are reporting that they are unable to access the shared network resources while traveling. They need to be able to travel to and from different locations on a weekly basis. Shared offices are retained at the headquarters location. The remote workforce will have identical file and system access requirements, and must also be able to log in to the headquarters location remotely. Which of the following BEST represent how the remote employees should have been set up initially? (Choose two.)
Group-based access control Individual accounts
An organization electronically processes sensitive data within a controlled facility. The Chief Information Security Officer (CISO) wants to limit emissions from emanating from the facility. Which of the following mitigates this risk?
Hardening the facility with a Faraday cage to contain emissions produced from data processing
Users in an organization access the network, systems, and all resources through multifactor, PIV-enabled SSO. Those logins are monitored and audited for unusual activity. This organization has a reputation for practicing good security hygiene disabling default and guest accounts. and enforcing temporary privilege escalation when administrative functions are necessary. A recent security audit has uncovered suspicious privileged activity that cannot be attributed to any user. Which of the following is the BEST place to start investigating the source of the activity?
Hidden guest accounts with default privileged access that can be accessed by outsiders
A company network is currently under attack. Although security controls are in place to stop the attack, the security administrator needs more information about the types of attacks being used. Which of the following network types would BEST help the administrator gather this information?
Honeynet
A state-sponsored threat actor has launched several successful attacks against a corporate network. Although the target has a robust patch management program in place, the attacks continue in depth and scope, and the security department has no idea how the attacks are able to gain access. Given that patch management and vulnerability scanners are being used, which of the following would be used to analyze the attack methodology?
Honeypots
An organization wants to host an externally accessible web server that will not contain sensitive user information. Any sensitive information will be hosted on file servers. Which of the following is the BEST architecture configuration for this organization?
Host the web server in a DMZ and the file servers behind a firewall
In order to prevent the possibility of a thermal shutdown. which of the following physical controls should be implemented in a datacenter?
Hot and cold aisles
An organization wants to ensure network access is granted only after a user or device has been authenticated. Which of the following should be used to achieve this objective for both wired and wireless networks?
IEEE 802.1X
Which of the following is a major disadvantage of ECB?
Identical plaintext values will yield the same ciphertext values.
A Chief Information Security Officer (CISO) has instructed the information assurance staff to act upon a fast-spreading virus. Which of the following steps in the incident response process should be taken NEXT?
Identification
A company is performing an analysis of the corporate enterprise network with the intent of identifying any one system, person, function, or service that, when neutralized, will cause or cascade disproportionate damage to the company's revenue, referrals, and reputation. Which of the following an element of the BIA that this action is addressing?
Identification of critical systems
A company is deploying a file-sharing protocol across a network and needs to select a protocol for authenticating clients, Management requests that the service be configured in the most secure way possible. The protocol must also be capable of mutual authentication, and support SSO and smart card logons. Which of the following would BEST accomplish this task?
Implement Kerberos
A company is deploying a file-sharing protocol to access a network and needs to select a protocol for authenticating clients. Management requests that the service be configured in the most secure way possible. The protocol must also be capable of mutual authentication, and support SSO and smart card logons. Which of the following would BEST accomplish this task?
Implement Kerberos
A security administrator is performing a risk assessment on a legacy WAP with a WEP-enabled wireless infrastructure. Which of the following should be implemented to harden the infrastructure without upgrading the WAP?
Implement WPA2 Enterprise
A small contracting company's IT infrastructure enables the processing of various levels of sensitive data for which not all employees have access. However, the employees share physical office space. Which of the following controls would help reduce the risk of accidental spillage of sensitive, data?
Implement a DLP solution
The Chief Information Officer (CIO) has determined the company's new PKI will not use OCSP. The purpose of OCSP still needs to be addressed. Which of the following should be implemented?
Implement a key escrow.
An accountant is attempting to log in to the internal accounting system and receives a message that the website's certificate is fraudulent. The accountant finds instructions for manually installing the new trusted root onto the local machine. Which of the following would be the company's BEST option for this situation in the future?
Implement certificate management
A security analyst identified an SQL injection attack. Which of the following is the FIRST step in remediating the vulnerability?
Implement input validations.
A network technician needs to monitor and view the websites that are visited by an employee. The employee is connected to a network switch. Which of the following would allow the technician to monitor the employee's web traffic?
Implement promiscuous mode on the NIC of the employee's computer.
A systems administrator has been assigned to create accounts for summer interns. The interns are only authorized to be in the facility and operate computers under close supervision. They must also leave the facility at designated times each day. However, the interns can access intern file folders without supervision. Which of the following represents the BEST way to configure the accounts? (Select TWO.)
Implement time-of-day restrictions. Create privileged accounts.
A network technician is designing a network for a small company. The network technician needs to implement an email server and web server that will be accessed by both internal employees and external customers. Which of the following would BEST secure the internal network and allow access to the needed servers?
Implementing a DMZ segment for the server.
Confidential corporate data was recently stolen by an attacker who exploited data transport protections. Which of the following vulnerabilities is the MOST likely cause of this data breach?
Improper input handling on FTP site
An attacker has obtained the user ID and password of a data center's backup operator and has gained access to a production system. Which of the following would be the attacker's NEXT action?
Initiate a confidential data exfiltration process
A corporation is concerned that, if a mobile device is lost, any sensitive information on the device could be accessed by third parties. Which of the following would BEST prevent this from happening?
Initiate remote wiping on lost mobile devices
A corporation is concerned that, if a mobile device is lost, any sensitive information on the device could be accessed by third parties. Which of the following would BEST prevent this from happening? (Select TWO). Initiate remote wiping on lost mobile devices. Use FDE and require PINs on all mobile devices. Use geolocation to track lost devices Require biometric logins on all mobile devices. Install antivirus on mobile endpoints. Patch critical vulnerabilities at least daily. A corporation is concerned that, if a mobile device is lost, any sensitive information on the device could be accessed by third parties. Which of the following would BEST prevent this from happening? (Select TWO).
Initiate remote wiping on lost mobile devices. Use FDE and require PINs on all mobile devices.
After successfully breaking into several networks and infecting multiple machines with malware. hackers contact the network owners. demanding payment to remove the infection and decrypt files. The hackers threaten to publicly release information about the breach if they are not paid. Which of the following BEST describes these attackers?
Insiders
A security administrator is investigating a possible account compromise. The administrator logs onto a desktop computer, executes the command notepad.exe c:\Temp\qkakforlkgfkja.log, and reviews the following: Lee,\rI have completed the task that was assigned to me\rrespectfully\rJohn\r https://www.portal.com\rjohnuser\https://www.portal.com\rjohnuser\rilovemycat2 Given the above output, which of the following is the MOST likely cause of this compromise?
Keylogger
After a systems administrator installed and configured Kerberos services, several users experienced authentication issues. Which of the following should be installed to resolve these issues?
LDAP service
Which of the following BEST explains why a development environment should have the same database server secure baseline that exist in production even if there is no PII in the database?
Laws stipulate that databases with the ability to store personal information must be secured regardless of the environment or if they actually have PIL.
A systems administrator has created network file shares for each department with associated security groups for each role within the organization. Which of the following security concepts is the systems administrator implementing?
Least privilege
A security technician has been given the task of preserving emails that are potentially involved in a dispute between a company and a contractor. Which of the following BEST describes this forensic concept?
Legal hold
A company is examining possible locations for a hot site. Which of the following considerations is of MOST concern if the replication technology being used is highly sensitive to network latency?
Location proximity to the production site
A company is experiencing an increasing number of systems that are locking up on Windows startup. The security analyst clones a machine, enters into safe mode, and discovers a file in the startup process that runs Wstart.bat. @echo off :asdhbawdhbasdhbawdhb start notepad.exe start notepad.exe start calculator.exe start calculator.exe goto asdhbawdhbasdhbawdhb Given the file contents and the system's issues, which of the following types of malware is present?
Logic bomb
A company notices that at 10 a.m. every Thursday, three users' computers become inoperable. The security analyst team discovers a file called where.pdf.exe that runs on system startup. The contents of where.pdf.exe are shown below: @echo off if [c:\file.txt] deltree C:\ Based on the above information, which of the following types of malware was discovered?
Logic bomb
A security engineer is looking to purchase a fingerprint scanner to improve the security of a datacenter. Which of the following scanner characteristics is the MOST critical to successful implementation?
Low crossover error rate
A computer forensics analyst collected a flash drive that contained a single file with 500 pages of text. Which of the following algorithms should the analyst use to validate the integrity of the file?
MD5
A security analyst is hardening access to a company portal and must ensure that when the username and password combinations are used, an OTP is utilized to complete authentication and provide access to resources. Which of the following should the analyst configure on the company portal to BEST meet this requirement?
MFA
After patching computers with the latest application security patches/updates, users are unable to open certain applications. Which of the following will correct the issue?
Modifying the security policy for patch management tools
A security analyst is specifying requirements for a wireless network. The analyst must explain the security features provided by various architecture choices. Which of the following is provided by PEAP, EAP-TLS, and EAP-TTLS?
Mutual authentication
A security administrator is implementing a SIEM and needs to ensure events can be compared against each other based on when the events occurred and were collected. Which of the following does the administrator need to implement to ensure this can be accomplished?
NTP
In a lessons learned report, it is suspected that a well-organized, well-funded, and extremely sophisticated group of attackers may have been responsible for a breach at a nuclear facility. Which of the following describes the type of actors that may have been implicated?
Nation state
A company has a team of penetration testers, This team has located a file on the company file server that they believe contains clear text usernames ** by a hash. Which of the following tools should the penetration testers use to learn more about the content of this file?
Netcat
Which of the following strategies helps reduce risk if a rollback is needed when upgrading a critical system platform?
Non-persistent configuration
Which of the following is the MOST likely motivation for a script kiddie threat actor?
Notoriety
Which of the following uses tokens between the identity provider and the service provider to authenticate and authorize users to resources?
OAuth
A systems administrator wants to replace the process of using a CRL to verify certificate validity. Frequent downloads are becoming problematic. Which of the following would BEST suit the administrator's needs?
OCSP
A security specialist is notified about a certificate warning that users receive when using a new internal website. After being given the URL from one of the users and seeing the warning, the security specialist inspects the certificate and realizes it has been issued to the IP address, which is how the developers reach the site. Which of the following would BEST resolve the issue?
OSCP
Which of the following is a valid multifactor authentication combination?
OTP token combined with password
An attachment that was emailed to finance employees contained an embedded message. The security administrator investigates and finds the intent was to conceal the embedded information from public view. Which of the following BEST describes this type of message?
Obfuscation
Using an ROT13 cipher to protocol confidential information for unauthorized access is known as:
Obfuscation
Which of the following is the MOST significant difference between intrusive a non-intrusive vulnerability scanning?
One has a higher potential for disrupting system operations
A security technician must prevent unauthorized external access from stolen passwords. Which of the following authentication methods would allow users to use their current passwords while enhancing security?
One-time password
A security administrator wants to implement least privilege access for a network share that stores sensitive company data. The organization is particularly concerned with the integrity of data and implementing discretionary access control. The following controls are available: - Read = A user can read the content of an existing file. - White = A user can modify the content of an existing file and delete an existing file. - Create = A user can create a new file and place data within the file. A missing control means the user does not have that access. Which of the following configurations provides the appropriate control to support the organization/s requirements?
Owners: Read, Write, Create Group Members: Read, Write Others: Read, Create
A company wants to implement a wireless network with the following requirements: - All wireless users will have a unique credential. - User certificates will not be required for authentication. - The company's AAA infrastructure must be utilized. - Local hosts should not store authentication tokens. Which of the following should be used in the design to meet the requirements?
PEAP
A user wants to send a confidential message to a customer to ensure unauthorized users cannot access the information. Which of the following can be used to ensure the security of the document while in transit and at rest?
PGP
Ann, a security analyst, wants to implement a secure exchange of email. Which of the following is the BEST option for Ann to implement?
PGP
A company has migrated to two-factor authentication for accessing the corporate network, VPN, and SSO. Several legacy applications cannot support multifactor authentication and must continue to use usernames and passwords. Which of the following should be implemented to ensure the legacy applications are as secure as possible while ensuring functionality? (Choose two.)
Password complexity requirements Account disablement
A security team has downloaded a public database of the largest collection of password dumps on the Internet. This collection contains the cleartext credentials of every major breach for the last four years. The security team pulls and compares users' credentials to the database and discovers that more than 30% of the users were still using passwords discovered in this list. Which of the following would be the BEST combination to reduce the risks discovered?
Password length, password encryption, password complexity
To get the most accurate results on the security posture of a system, which of the following actions should the security analyst do prior to scanning?
Patch the scanner
A company has won an important government contract. Several employees have been transferred from their existing projects to support a new contract. Some of the employees who have transferred will be working long hours and still need access to their project information to transition work to their replacements. Which of the following should be implemented to validate that the appropriate offboarding process has been followed?
Permission auditing
An organization is drafting an IRP and needs to determine which employees have the authority to take systems offline during an emergency situation. Which of the following is being outlined?
Permission auditing
A mobile application developer wants to secure an application that transmits sensitive information. Which of the following should the developer implement to prevent SSL MITM attacks?
Pinning
A security administrator is researching ways to improve the security of a manufacturing company's systems within the next three to six months. Which of the following would provide the security administer with the most diverse perspective?
Platform-specific security benchmark for the company's specific systems
After a security assessment was performed on the enterprise network, it was discovered that: 1. Configuration changes have been made by users without the consent of IT. 2. Network congestion has increased due to the use of social media. 3. Users are accessing file folders and network shares that are beyond the scope of their need to know Which of the following BEST describe the vulnerabilities that exist in this environment? (Choose two.)
Poorly trained users Improperly configured accounts
A penetration testing team deploys a specifically crafted payload to a web server, which results in opening a new session as the web server daemon. This session has full read/write access to the file system and the admin console. Which of the following BEST describes the attack?
Privilege escalation
After discovering the /etc/shadow file had been rewritten, a security administrator noticed an application insecurely creating files in / tmp. Which of the following vulnerabilities has MOST likely been exploited?
Privilege escalation
Which of the following would MOST likely be a result of improperly configured user accounts?
Privilege escalation
An organization has an account management policy that defines parameters around each type of account. The policy specifies different security attributes, such as longevity, usage auditing, password complexity, and identity proofing. The goal of the account management policy is to ensure the highest level of security while providing the greatest availability without compromising data integrity for users. Which of the following account types should the policy specify for service technicians from corporate partners?
Privileged user account
An incident responder is preparing to acquire images and files from a workstation that has been compromised. The workstation is still powered on and running. Which of the following should be acquired LAST?
Processor cache
Which of the following reduces data integrity risk from an authorized user mistakenly entering the wrong data format or type on a web form?
Proper input handling
An organization employee resigns without giving adequate notice. The following day, it is determined that the employees is still in possession of several company-owned mobile devices. Which of the following could have reduced the risk of this occurring? (Choose two.)
Proper offboarding procedures Exit interviews
An organization requires employees to insert their identification cards into a reader so chips embedded in the cards can be read to verify their identities prior to accessing computing resources. Which of the following BEST describes this authentication control?
Proximity card
A healthcare company is revamping its IT strategy in light of recent regulations. The company is concerned about compliance and wants to use a pay-per-use model. Which of the following is the BEST solution?
Public SaaS
An office recently completed digitizing all its paper records. Joe, the data custodian, has been tasked with the disposal of the paper files, which include: - Intellectual property - Payroll records - Financial information - Drug screening results Which of the following is the BEST way to dispose of these items?
Pulping
Joe recently assumed the role of data custodian for this organization. While cleaning out an unused storage safe, he discovers several hard drives that are labeled "unclassified" and awaiting destruction. The hard drives are obsolete and cannot be installed in any of his current computing equipment. Which of the following is the BEST method for disposing of the hard drives?
Pulverizing
A company wants to provide centralized authentication for its wireless system. The wireless authentication system must integrate with the directory back end. Which of the following is a AAA solution that will provide the required wireless authentication?
RADIUS
A junior systems administrator noticed that one of two hard drives in a server room had a red error notification. The administrator removed the hard drive to replace it but was unaware that the server was configured in an array. Which of the following configurations would ensure no data is lost?
RAID 1
A security auditor is performing a vulnerability scan to find out if mobile applications used in the organization are secure. The auditor discovers that one application has been accessed remotely with no legitimate account credentials. After investigating, it seems the application has allowed some users to bypass the authentication of that application. Which of the following types of malware allow such a compromise to take place? (Choose two.
RAT Backdoor
During an audit, the auditor requests to see a copy of the identified mission-critical applications as well as their disaster recovery plans. The company being audited has an SLA around the applications it hosts With which of the following is the auditor MOST likely concerned?
RTO/RPO
A user receives a security alert pop-up from the host-based IDS, and a few minutes later notices a document on the desktop has disappeared and in its place is an odd filename with no icon image. When clicking on this icon, the user receives a system notification that it cannot find the correct program to use to open this file. Which of the following types of malware has MOST likely targeted this workstation?
Ransomware
A company recently implemented a new security system. In the course of configuration, the security administrator adds the following entry: #Whitelist USB\VID13FE&PID_4127&REV_0100 Which of the following security technologies is MOST likely being configured?
Removable media control
A technician has installed a new AAA server, which will be used by the network team to control access to a company's routers and switches. The technician completes the configuration by adding the network team members to the NETWORK_TEAM group, and then adding the NETWORK_TEAM group to the appropriate ALLOW_ACCESS access list. Only members of the team should hace access to the company's routers and switches. NETWORK_TEAM Lee Andrea Pete ALLOW_ACCESS DOMAIN_USERS AUTHENTICATED_USERS NETWORK_TEAM Members of the network team successfully test their ability to log n to various network devices configured to use the AAA server. Weeks late, an auditor asks to review the following access log sample. 5/26/2017 10:20 PERMITS: Lee 5/27/2017 13:45 PERMITS: Andrea 5/27/2017 09:12 PERMITS: Lee 5/28/2017 16:37 PERMITS: John 5/29/2017 08:53 PERMITS: Lee Which of the following should the auditor recommend based on the above information?
Remove the DOMAIN_USERS group from the ALLOW_ACCESSgroup
A company's IT staff is given the task of securely disposing of 100 server HDDs. The security team informs the IT staff that the data must not be accessible by a third party after disposal. Which of the following is the MOST time-efficient method to achieve this goal?
Remove the platters from the HDDs and shred them.
Which of the following attacks is used to capture the WPA2 handshake?
Replay
A security administrator is developing a methodology for tracking staff access to patient data. Which of the following would be the BEST method of creating audit trails for usage reports?
Restrict access to the database by following the principle of least privilege
A system uses an application server and database server. Employing the principle of at least privilege, only database administrators are given administrative privileges on the database server, and only application team members are given administrative privileges on the application server. Audit and log file reviews are performed by the business unit (a separate group from the database and application teams). The organization wants to optimize operational efficiency when application or database changes are needed, but it also wants to enforce least privilege, prevent modification of log files, and facilitate the audit and log review performed by the business unit. Which of the following approaches would BEST meet the organization's goal?
Restrict privileges on the log file directory to "read only" and use a service account to send a copy of these files to the business unit.
A security analyst is assessing a small company's internal servers against recommended security practices. Which of the following should the analyst do to conduct the assessment? (Choose two.)
Review the company's current security baseline Run an exploitation framework to confirm vulnerabilities
A security administrator is analyzing a user report in which the computer exhibits odd network-related outages. The administrator, however, does not see any suspicious process running. A prior technician's notes indicate the machine has been remediated twice, but the system still exhibits odd behavior. Files were deleted from the system recently. Which of the following is the MOST likely cause of this behavior?
Rootkit
A security administrator is analyzing a user report in which the computer exhibits odd network-related outages. The administrator, however, does not see any suspicious processes running. A prior technician's notes indicate the machines has been remediated twice, but the system still exhibits odd behavior. Files were deleted from the system recently. Which of the following is the MOST likely cause of this behavior?
Rootkit
A company utilizes 802.11 for all client connectivity within a facility. Users in one part of the building are reporting they are unable to access company resources when connected to the company SSID. Which of the following should the security administrator use to assess connectivity?
Routing tables
An administrator is implementing a secure server and wants to ensure that if the server application is compromised, the application does not have access to other parts of the server or network. Which of the following should the administrator implement? (Select TWO.)
Rule-based access control Role-based access control
During a recent audit, several undocumented and unpatched devices were discovered on the internal network. Which of the following can be done to prevent similar occurrences?
Run weekly vulnerability scans and remediate any missing patches on all company devices
A security consultant is setting up a new electronic messaging platform and wants to ensure the platform supports message integrity validation. Which of the following protocols should the consultant recommend?
S/MIME
A company is executing a strategy to encrypt and sign all proprietary data in transit. The company recently deployed PKI services to support this strategy. Which of the following protocols supports the strategy and employs certificates generated by the PKI? (Choose three.)
S/MIME TLS SFTP
A water utility company has seen a dramatic increase in the number of water pumps burning out. A malicious actor was attacking the company and is responsible for the increase. Which of the following systems has the attacker compromised?
SCADA
As part of a corporate merger, two companies are combining resources. As a result, they must transfer files through the Internet in a secure manner. Which of the following protocols would BEST meet this objective? (Choose two.)
SFTP HTTPS
The Chief Executive Officer (CEO) received an email from the Chief Financial Officer (CFO), asking the CEO to send financial details. The CEO thought it was strange that the CFO would ask for the financial details via email. The email address was correct in the "From" section of the email. The CEO clicked the form and sent the financial information as requested. Which of the following caused the incident?
SPF not enabled
An organization wants to deliver streaming audio and video from its home office to remote locations all over the world. It wants the stream to be delivered securely and protected from intercept and replay attacks. Which of the following protocols is BEST suited for this purpose?
SRTP
A customer calls a technician and needs to remotely connect to a web server to change some code manually. The technician needs to configure the user's machine with protocols to connect to the Unix web server, which is behind a firewall. Which of the following protocols does the technician MOST likely need to configure?
SSH
A systems administrator is implementing a remote access method for the system that will utilize GUI. Which of the following protocols would be BEST suited for this?
SSH
While monitoring the SIEM, a security analyst observes traffic from an external IP to an IP address of the business network on port 443. Which of the following protocols would MOST likely cause this traffic?
SSL
A company wishes to move all of its services and applications to a cloud provider but wants to maintain full control of the deployment, access, and provisions of its services to its users. Which of the following BEST represents the required cloud deployment model?
SaaS
Which of the following is a random value appended to a credential that makes the credential less susceptible to compromise when hashed?
Salt
Which of the following would provide a safe environment for an application to access only the resources needed to function while not having access to run at the system level?
Sandbox
An organization is concerned about video emissions from users' desktops. Which of the following is the BEST solution to implement?
Screen filters
A systems administrator is configuring a new network switch for TACACS + management and authentication. Which of the following must be configured to provide authentication between the switch and the TACACS + server?
Shared secret
A systems administrator is configuring a new network switch for TACACS+ management and authentication. Which of the following must be configured to provide authentication between the switch and the TACACS+ server?
Shared secret
Which of the following must be configured to provide authentication between the switch and the TACACS+ server? A systems administrator is configuring a new network switch for TACACS+ management and authentication. Which of the following must be configured to provide authentication between the switch and the TACACS+ server?
Shared secret
Which of the following identity access methods creates a cookie on the first login to a central authority to allow logins to subsequent applications without re-entering credentials?
Single sign-on
A law office has been leasing dark fiber from a local telecommunications company to connect a remote office to company headquarters. The telecommunications company has decided to discontinue its dark fiber product and is offering an MPLS connection, which the law office feels is too expensive. Which of the following is the BEST solution for the law office?
Site-to-site VPN
A network technician is setting up a new branch for a company. The users at the new branch will need to access resources securely as if they were at the main location. Which of the following networking concepts would BEST accomplish this?
Site-to-site VPN
Joe, an employee, asks a coworker how long ago Ann started working at the help desk. The coworker expresses surprise since nobody named Ann works at the help desk. Joe mentions that Ann called several people in the customer service department to help reset their passwords over the phone due to unspecified "server issues". Which of the following has occurred?
Social engineering
The president of a company that specializes in military contracts receives a request for an interview. During the interview, the reporter seems more interested in discussing the president's family life and personal history than the details of a recent company success. Which of the following security concerns is this MOST likely an example of?
Social engineering
An organization discovers that unauthorized applications have been installed on company- provided mobile phones. The organization issues these devices, but some users have managed to bypass the security controls. Which of the following is the MOST likely issue, and how can the organization BEST prevent this from happening?
Some advanced users are jailbreaking the OS and bypassing the controls. Implement an MDM solution to control access to company resources.
A government organization recently contacted three different vendors to obtain cost quotes for a desktop PC refresh. The quote from one of the vendors was significantly lower than the other two and was selected for the purchase. When the PCs arrived, a technician determined some NICs had been tampered with. Which of the following MOST accurately describes the security risk presented in this situation?
Supply chain
During a security audit of a company's network, unsecure protocols were found to be in use. A network administrator wants to ensure browser-based access to company switches is using the most secure protocol. Which of the following protocols should be implemented?
TLS1.2
A member of the human resources department received the following email message after sending an email containing benefit and tax information to a candidate: "Your message has been quarantined for the following policy violation: external potential_PII. Please contact the IT security administrator for further details". Which of the following BEST describes why this message was received?
The DLP system flagged the message.
A security administrator is investigating many recent incident of credential theft for users accessing the company's website, despite the hosting web server requiring HTTPS for access. The server's logs show the website leverages the HTTO POST method for carrying user authentication details. Which of the following is the MOST likely reason for compromise?
The HTTP POST method is not protected by HTTPS.
A security administrator is investigating many recent incidents of credential theft for users accessing the company's website, despite the hosting web server requiring HTTPS for access. The server's logs show the website leverages the HTTP POST method for carrying user authentication details. Which of the following is the MOST likely reason for compromise?
The HTTP POST method is not protected by HTTPS.
An organization's policy requires users to create passwords with an uppercase letter, lowercase letter, number, and symbol. This policy is enforced with technical controls, which also prevents users from using any of their previous 12 passwords. The quantization does not use single sign-on, nor does it centralize storage of passwords. The incident response team recently discovered that passwords for one system were compromised. Passwords for a completely separate system have NOT been compromised, but unusual login activity has been detected fc that separate system. Account login has been detected for users who are on vacation. Which of the following BEST describes what is happening?
The compromised password file has been brute-force hacked, and the complexity requirements are not adequate to mitigate this risk.
A staff member contacts the help desk because the staff member's device is currently experiencing the following symptoms: - Long delays when launching applications - Timeout errors when loading some websites - Errors when attempting to open local Word documents and photo files - Pop-up messages in the task bar stating that antivirus is out-of-date - VPN connection that keeps timing out, causing the device to lose connectivity Which of the following BEST describes the root cause of these symptoms?
The device is infected with crypto-malware, and the files on the device are being encrypted.
A technician receives a device with the following anomalies: Frequent pop-up ads Show response-time switching between active programs Unresponsive peripherals The technician reviews the following log file entries: File Name Source MD5 Target MD5 Status antivirus.exe F794F21CD33E4F57890DDEA5CF267ED2 F794F21CD33E4F57890DDEA5CF267ED2 Automatic iexplore.exe 7FAAF21CD33E4F57890DDEA5CF29CCEA AA87F21CD33E4F57890DDEAEE2197333 Automatic service.exe 77FF390CD33E4F57890DDEA5CF28881F 77FF390CD33E4F57890DDEA5CF28881F Manual USB.exe E289F21CD33E4F57890DDEA5CF28EDC0 E289F21CD33E4F57890DDEA5CF28EDC0 Stopped Based on the above output, which of the following should be reviewed?
The file integrity check
Which of the following may indicate a configuration item has reached end-of-life?
The object has been removed from the Active Directory.
During routine maintenance, a security engineer discovers many photos on a company-issued laptop. Several of the photos appear to be the same, except the file sizes are noticeably different and the image resolution is lower. The security engineer confiscates the user's laptop. Which of the following threats is the security engineer MOST likely concerned about?
The security engineer suspects the photos contain viruses.
Which of the following explains why a vulnerability scan might return a false positive?
The signature matches the product but not the version information
When accessing a popular website, a user receives a warming that the certificate for the website is not valid. Upon investigation, it was noted that the certificate is not revoked and the website is working fine for other users. Which of the following is the MOST likely cause for this?
The system date on the user's device is out of sync.
An organization has the following password policies: -Passwords must be at least 16 characters long. - A password cannot be the same as any previous 20 passwords. - Three failed login attempts will lock the account for 5 minutes. - Passwords must have one uppercase letter, one lowercase letter, and one non-alphanumeric symbol
The trust relationship between the two servers has been compromised: the organization should place each server on a separate VLAN.
An organization uses application whitelisting to help prevent zero-day attacks. Malware was recently identified on one client, which was able to run despite the organization's application whitelisting approach. The forensics team has identified the malicious file, conducted a post- incident analysis, and compared this with the original system baseline. The team sees the following output: filename hash (SHA-1) original: winSCP.exe 2d da b1 4a 98 fc f1 98 06 b1 e5 26 b2 df e5 f5 3e cb 83 el latest: winSCP.exe a3 4a c2 4b 85 fa f2 dd 0b ba f4 16 b2 df f2 4b 3f ac 4a e1 Which of the following identifies the flaw in the team's application whitelisting approach?
Their approach uses executable names and not hashes for the whitelist.
A small organization has implemented a rogue system detection solution. Which of the following BEST explains the organization's intent?
To identify assets that are not authorized for use on the network
During a penetration test, the tester performs a preliminary scan for any responsive hosts. Which of the following BEST explains why the tester is doing this?
To identify servers for subsequent scans and further investigation
Which of the following is the BEST use of a WAF?
To protect sites on web servers that are publicly accessible
A systems administrator is installing a new server in a large datacenter. Which of the following BEST describes the importance of properly positioning servers in the rack to maintain availability?
To provide consistent air flow
Which of the following is the purpose of an industry-standard framework?
To provide guidance across common system implementations
A company has just experienced a malware attack affecting a large number of desktop users. The antivirus solution was not able to block the malware, but the HIDS alerted to C2 calls as 'Troj.Generic'. Once the security team found a solution to remove the malware, they were able to remove the malware files successfully, and the HIDS stopped alerting. The next morning, however, the HIDS once again started alerting on the same desktops, and the security team discovered the files were back. Which of the following BEST describes the type of malware infecting this company's network?
Trojan
Some call center representatives' workstations were recently updated by a contractor, who was able to collect customer information from the call center workstations. Which of the following types of malware was installed on the call center users' systems?
Trojan
A technician is designing a solution that will be required to process sensitive information, including classified government data. The system needs to be common criteria certified. Which of the following should the technician select?
Trusted operating system
A recent penetration test revealed several issues with a public-facing website used by customers. The testers were able to: -Enter long lines of code and special characters - Crash the system - Gain unauthorized access to the internal application server - Map the internal network The development team has stated they will need to rewrite a significant portion of the code used, and it will take more than a year to deliver the finished product. Which of the following would be the BEST solution to introduce in the interim?
UTM
A security analyst is performing a manual audit of captured data from a packet analyzer. The analyst looks forbase64 encoded strings and applies the filter http.authbasic. Which of the following describes what the analysts looking for?
Unencrypted credentials
An employee in the finance department receives an email, which appears to come from the Chief Financial Officer (CFO), instructing the employee to immediately wire a large sum of money to a vendor. Which of the following BEST describes the principles of social engineering used? (Choose two.)
Urgency Authority
A network technician discovered the usernames and passwords used for network device configuration have been compromised by a user with a packet sniffer. Which of the following would secure the credentials from sniffing?
Use SSH for remote access
A systems developer needs to provide machine-to-machine interface between an application and a database server in the production environment. This interface will exchange data once per day. Which of the following access control account practices would BEST be used in this situation?
Use a service account and prohibit users from accessing this account for development work.
A security administrator is adding a NAC requirement for all VPN users to ensure the devices connecting are compliant with company policy. Which of the following items provides the HIGHEST assurance to meet this requirement?
Use an agentless implementation.
Datacenter employees have been battling alarms in a datacenter that has been experiencing hotter than normal temperatures. The server racks are designed so all 48 rack units are in use, and servers are installed in any manner in which the technician can get them installed. Which of the following practices would BEST alleviate the heat issues and keep costs low?
Use hot and cold aisles.
An organization is providing employees on the shop floor with computers that will log their time based on when they sign on and off the network. Which of the following account types should the employees receive?
User account
Which of the following implements two-factor authentication on a VPN?
Username, password. and source IP
A company is planning to utilize its legacy desktop systems by converting them into dummy terminals and moving all heavy applications and storage to a centralized server that hosts all of the company's required desktop applications. Which of the following describes the BEST deployment method to meet these requirements?
VDI
A system in the network is used to store proprietary secrets and needs the highest level of security possible. Which of the following should a security administrator implement to ensure the system cannot be reached from the Internet?
VLAN
A systems administrator is increasing the security settings on a virtual host to ensure users on one VM cannot access information from another VM. Which of the following is the administrator protecting against?
VM escape
A Chief Information Security Officer (CISO) asks the security architect to design a method for contractors to access the company's internal network securely without allowing access to systems beyond the scope of their project. Which of the following methods would BEST fit the needs of the CISO?
VPN
A systems administrator needs to integrate multiple IoT and small embedded devices into the company's wireless network securely. Which of the following should the administrator implement to ensure low-power and legacy devices can connect to the wireless network?
WPS
A security administrator is investigating a report that a user is receiving suspicious emails. The user's machine has an old functioning modem installed. Which of the following security concerns need to be identified and mitigated? (Select TWO).
War dialing Hoaxing
An organization wants to implement a method to correct risks at the system/application layer. Which of the following is the BEST method to accomplish this goal?
Web application firewall
Which of the following types of security testing is the MOST cost-effective approach used to analyze existing code and identity areas that require patching?
White box
Which of the following methods is used by internal security teams to assess the security of internally developed applications?
White box testing
An authorized user is conducting a penetration scan of a system, for an organization. The tester has a set of network diagrams, source code, version numbers of applications, and other information about the system, including hostnames and network addresses. Which of the following BEST describes this type of penetration test?
White-box testing
Which of the following terms BEST describes an exploitable vulnerability that exists but has not been publicly disclosed yet?
Zero-day
The exploitation of a buffer-overrun vulnerability in an application will MOST likely lead to:
arbitrary code execution.
A Chief Information Security Officer (CISO) is performing a BIA for the organization in case of a natural disaster. Which of the following should be at the top of the CISO's list?
identify mission-critical applications and systems
A transitive trust:
is automatically established between a parent and a child.
A threat actor motivated by political goals that is active for a short period of time but has virtually unlimited resources is BEST categorized as a:
nation-state
A penetration tester is checking to see if an internal system is vulnerable to an attack using a remote listener. Which of the following commands should the penetration tester use to verify if this vulnerability exists? (Choose two.)
nc nmap
An organization is considering utilizing a third-party web-hosting service for a human resources application. The organization's Chief Information Officer (CIO) is concerned the web-hosting service may not have a sufficient level of security. The sales representative for the web-hosting service suggests that the CIO use banner grabbing to test the security levels of an existing website hosted by the company (www.example.com). Which of the following commands should the CIO use? (Select TWO).
nc telnet
A systems administrator wants to determine if two DNS servers are configured to have the same record for IP address 192.168.1.10. The systems administrator has verified the record on Server1 and now needs to verify the record on Server2. Which of the following commands should the systems administrator run?
nslookup server2 192.168.1.10
Moving laterally within a network once an initial exploit is used to gain persistent access for the purpose of establishing further control of a system is known as:
persistence
A credentialed vulnerability scan is often preferred over a non-credentialed scan because credentialed scans:
provide more accurate data.
A preventive control differs from a compensating control in that a preventive control is:
relied on to address gaps in the existing control structure.
A security administrator is implementing a secure method that allows developers to place files or objects onto a Linux Server. Developers are required to log in using a username, password, and asymmetirc key. Which of the following protocols should be implemented?
sftp
Using a one-time code that has been texted to a smartphone is an example of:
something you have
An organization recently implemented an account lockout policy on its portal. The portal was configured to display a banner instructing locked out users to contact the help desk. Which of the following tools should the security administrator use to test whether the account lockout policy is working correctly?
A banner grabbing tool.
A security administrator receives a malware alert from the antivirus software on a server and, after investigation, proceeds to remove the malware. Once the cleanup procedure is complete, the administrator runs another scan, and the malware is no longer detected. However, a week later, after the server is patched and rebooted, the security administrator once again receives a malware alert. Which of the following types of malware has MOST likely infected this server?
A worm
An application developer is working on a new calendar and scheduling application. The developer wants to test new functionality that is time/date dependent and set the local system time to one year in the future. The application also has a feature that uses SHA-256 hashing and AES encryption for data exchange. The application attempts to connect to a separate remote server using SSL, but the connection fails. Which of the following is the MOST likely cause and next step?
AES is date/time dependent; either reset the system time to the correct time or try a different encryption approach.
A security technician is reviewing packet captures. The technician is aware that there is unencrypted traffic on the network. so sensitive information may be present. Which of the following physical security controls should the technician use?
Air gap
An incident response team has been working on a high- impact incident response case for the past three days. The incident response team has finally identified and removed impacted systems from the network, but has not yet reimaged the infected computers from a known good baseline image. Which of the following should the incident response team do NEXT?
Begin the containment phase
A technician, who is managing a secure B2B connection, noticed the connection broke last night. All networking equipment and media are functioning as expected, which leads the technician to question certain PKI components. Which of the following should the technician use to validate this assumption? (Choose two.)
CRL OCSP
An organization needs to integrate with a third-party cloud application. The organization has 15000 users and does not want to allow the cloud provider to query its LDAP authentication server directly. Which of the following is the BEST way for the organization to integrate with the cloud application?
Configure a RADIUS federation between the organization and the cloud provider.
A security analyst was requested to perform a vulnerability scan against a web application. The analyst has been given a single user account to use in the scan. Which of the following techniques should be used in this scenario?
Credentialed scan
An organization is developing its mobile device management policies and is concerned about vulnerabilities that are associated with sensitive data being saved to a mobile device, as well as weak authentication when using a PIN. As part of some discussion on the topic, several solutions are proposed. Which of the following controls, when required together, will address the protection of data at rest as well as strong authentication? (Select TWO)
FDE MFA
A hospital has received reports from multiple patients that their PHI was stolen after completing forms on the hospital's website. Upon investigation. the hospital finds a packet analyzer was used to steal data. Which of the following protocols would prevent this attack from reoccurring?
FTPS
A number of security settings need to be applied on each workstation prior to deployment. However, an administrator struggles to keep up with all the deployments each year. An audit finds that many of the workstations have missing settings. Which of the following should the administrator implement?
Group Policy
Which of the following can be used to obfuscate malicious code without the need to use a key to reverse the encryption process?
HMAC
A Chief Information Officer (CIO) is concerned that encryption keys might be exfiltrated by a contractor. The CIO wants to keep control over key visibility and management. Which of the following would be the BEST solution for the CIO to implement?
HSM
An organization utilizes network devices that only support a remote administration protocol that sends credentials in cleartext over the network. Which of the following should the organization do to improve the security of the remote administration sessions?
Implement TACACS on the organization's network.
An organization is building a new customer services team, and the manager needs to keep the team focused on customer issues and minimize distractions. The users have a specific set of tools installed, which they must use to perform their duties. Other tools are not permitted for compliance and tracking purposes. Team members have access to the Internet for product lookups and to research customer issues. Which of the following should a security engineer employ to fulfill the requirements for the manager?
Implement containerization on the workstations.
During a company-sponsored phishing exercise, more than 25% of the employees clicked on the link embedded in the message. Of the employees who clicked the link, 75% then entered their user credentials on the website provided. Which of the following would be the BEST way to improve the metrics for the next exercise?
Implement stringent mail filters and controls at the mail gateway to prevent phishing messages from reaching employees
A security analyst is securing smartphones and laptops for a highly mobile workforce. Priorities include: Remote wipe capabilities Geolocation services Patch management and reporting Mandatory screen locks Ability to require passcodes and pins Ability to require encryption Which of the following would BEST meet these requirements?
Implementing MDM software
An administrator wants to implement two-factor authentication. Which of the following methods would provide two-factor authentication when used with a user's fingerprint?
Iris scan
Which of the following is MOST likely caused by improper input handling?
Loss of database tables
A network administrator is creating a new network for an office. For security purposes, each department should have its resources isolated from every other department but be able to communicate back to central servers. Which of the following architecture concepts would BEST accomplish this?
Network segmentation
Which of the following strategies helps reduce risk if a rollback is needed when upgrading a critical system platform?
Non-persistent configuration
A coffee company has hired an IT consultant to set up a WiFi network that will provide Internet access to customers who visit the company's chain of caf閟 The coffee company has provided no requirements other than that customers should be granted access after registering via a web form and accepting the terms of service. Which of the following is the minimum acceptable configuration to meet this single requirement?
Open WiFi
A security administrator receives a request from a customer for certificates to access servers securely. The customer would like a single encrypted file that supports PKCS and contains the private key. Which of the following formats should the technician use?
P12
A company has a web server that uses encrypted TLS sessions to transmit passwords between clients and the server. Despite this, the company has determined that user credentials were intercepted and decrypted. Which of the following attack types was MOST likely used?
Pass-the-hash attack
An attacker has gathered information about a company employee by obtaining publicly available information from the Internet and social networks. Which of the following types of activity is the attacker performing?
Passive reconnaissance
A company has a team of penetration testers. This team has located a file on the company file server that they believe contains cleartext usernames followed by a hash. Which of the following tools should the penetration testers use to learn more about the content of this file?
Password cracker
A security analyst wishes to scan the network to view potentially vulnerable systems the way an attacker would. Which of the following would BEST enable the analyst to complete the objective?
Perform a non-credentialed scan.
A buffer overflow occurs when a program attempts to write more data to a fixed length block of memory, or buffer, than the buffer, is allocated to hold. Buffer overflow exploits may enable remote execution of malicious code or denial of service attacks. A security technician is configuring a new firewall appliance for a production environment. The firewall must support secure web services for client workstations on the 10.10.10.0/24 network. The same client workstations are configured to contact a server at 192.168.1.15/24 for domain name resolution. Which of the following rules should the technician add to the firewall to allow this connectivity for the client workstations? (Select TWO).
Permit 10.10.10.0/24 0.0.0.0 -p tcp --dport 443 Permit 10.10.10.0/24 192.168.1.15124 -p udp --dport 53
Which of the following vulnerabilities can lead to unexpected system behavior, including the bypassing of security controls, due to differences between the time of commitment and the time of execution?
Pointer Dereference
A company recently purchased a new application and wants to enable LDAP-based authentication for all employees using the application. Which of the following should be set to connect the application to the company LDAP server in a secure manner? (Select TWO).
Port 636 Search filter: (cn=JoeAdmin)(ou=admins)(dc=company)(dc=com)
Which of the following BEST describes the concept of perfect forward secrecy?
Preventing cryptographic reuse so a compromise of one operation does not affect other operations
Which of the following control types are alerts sent from a SIEM fulfilling based on vulnerability signatures?
Preventive
Which of the following BEST describes the staging environment where sandbox coding and proof of concept are deployed?
Quality assurance
A company has purchased a new SaaS application and is in the process of configuring it to meet the company's needs. The director of security has requested that the SaaS application be integrated into the company's IAM processes. Which of the following configurations should the security administrator set up in order to complete this request?
RADIUS
A technician wants to add wireless guest capabilities to an enterprise wireless network that is currently implementing 802.1X EAP-TLS. The guest network must: - Support client isolation. - Issue a unique encryption key to each client. - Allow guests to register using their personal email addresses. Which of the following should the technician implement? (Select TWO).
RADIUS Federation WPA2-PSK
During a forensic investigation, which of the following must be addressed FIRST according to the order of volatility?
RAM
In the event of a breach. intrusion into which of the following systems is MOST likely to cause damage to critical infrastructure?
RTOS
A company recently experienced a security incident in which its domain controllers were the target of a DoS attack. In which of the following steps should technicians connect domain controllers to the network and begin authenticating users again?
Recovery
The Chief Information Officer (CIO) has informed the network administrator that company policy will allow BYOD to be configured to the network. The policy also requires the capability to control users' devices. Which of the following is the BEST security control to ensure the network administrator has the ability to mitigate risk in the event a device is lost or stolen?
Remotely wipe proprietary data on the device.
A technician has installed a new AAA server, which will be used by the network team to control access to a company's routers and switches. The technician completes the configuration by adding the network team members to the NETWORK_TEAM group, and then adding the NETWORK_TEAM group to the appropriate ALLOW_ACCESS access list. Only members of the network team should have access to the company's routers and switches. NETWORK_TEAM Joe Anne Joanna ALLOW_ACCESS DOMAIN_USERS AUTHENTICATED_USERS NETWORK TEAM Members of the network team successfully test their ability to log on to various network devices that are configured to use the AAA server. Weeks later, an auditor asks to review the following access log sample: 5/26/2017 10:20 PERMIT: JOE 5/27/2017 13:45 PERMIT: ANNE 5/27/2017 09:12 PERMIT: JOE 5/28/2017 16:37 PERMIT: JOHN 5/29/2017 08:53 PERMIT: JOE Which of the following should the auditor recommend based on the above information?
Remove the DOMAIN_ADMINS group from the ALLOW_ACCESS group.
A fire that occurred after-hours created significant damage to a company's server room. The Chief Information Officer (CIO) was notified of the fire the next morning and was instructed to relocate the computer center to the corporate hot site. Which of the following should the CIO activate?
Reporting requirements/escalation
A security analyst is trying to improve the security posture of an organization. The analyst has determined there is a significant risk of pass-the-hash attacks on the desktop computers within the company. Which of the following would help to reduce the risk of this type of attack?
Require that passwords meet high length and complexity requirements
An organization's IRP prioritizes containment over eradication. An incident has been discovered where an attacker outside of the organization has installed cryptocurrency mining software on the organization's web servers. Given the organization's stated priorities, which of the following would be the NEXT step?
Review firewall and IDS logs to identify possible source IPs.
A security analyst is writing views for the SIEM. Some of the views are focused on activities of service accounts and shared accounts. Which of the following account management practices would BEST aid the analyst's efforts?
Role-based access control
A company is executing a strategy to encrypt and sign all proprietary data in transit. The company recently deployed PKI services to support this strategy. Which of the following protocols supports the strategy and employs certificates generated by the PKI? (Select THREE).
S/MIME TLS IPSec
A security administrator is configuring parameters on a device. The administrator fills out the following information: username uauser auth SHA1 Y3SoR0i3&1xM priv AES128 *@IOtx43qK Which of the following protocols is being configured?
SNMPv3
A network administrator is selecting a remote access solution. The company employees often access the network from client sites that only allow for web traffic. Which of the following remote access solutions BEST meets this need?
SSL VPN
Which of the following BEST explains the difference between SaaS. PaaS, and laaS?
SaaS solutions offer users a complete computing solution that encompasses the software and underlying infrastructure, while the other cloud approaches offer a partial computing solution.
All account executives are being provided with COPE devices for their use. Which of the following mobile device security practices should be enabled for these devices to protect company data? (Select TWO)
Screen locks Containerization
A new company is doing business outside of its national area. Company policy requires: All email must be retrieved in a manner that does not expose credentials or sessions for extended periods. -No part of the authentication should be sent in cleartext. -The email itself should be encrypted Which of the following is the BEST protocol to use?
Secure POP
While reviewing system logs, a security analyst notices that a large number of end users are changing their passwords four times on the day the passwords are set to expire. The analyst suspects they are cycling their passwords to circumvent current password controls. Which of the following would provide a technical control to prevent this activity from occurring?
Set password aging requirements.
A law office has been leasing dark fiber from a local telecommunications company to connect a remote office to company headquarters. The telecommunications company has decided to discontinue its dark fiber product and is offering an MPLS connection, which the law office feels is too expensive. Which of the following is the BEST solution for the law office?
Site-to-site VPN
A first responder needs to collect digital evidence from a compromised headless virtual host. Which of the following should the first responder collect FIRST?
Snapshot
During routine maintenance. a security engineer discovers many photos on a company-issued laptop. Several of the photos appear to be the same. except the file sizes are noticeably different and the image resolution is lower. The security engineer confiscates the user's laptop. Which of the following threats is the security engineer MOST likely concerned about?
The security engineer suspects the photos contain viruses.
An email recipient is unable to open a message encrypted through PKI that was sent from another organization. Which of the following does the recipient need to decrypt the message?
The sender's public key
Which of the following is a benefit of credentialed vulnerability scans?
The vulnerability scanner is able to inventory software on the target.
A systems administrator has installed a new UTM that is capable of inspecting SSL/TLS traffic for malicious payloads. All inbound network traffic coming from the Internet and terminating on the company's secure web servers must be inspected. Which of the following configurations would BEST support this requirement? '
The web servers' CA full certificate chain must be installed on the UTM.
In highly secure environments where the risk of malicious actors attempting to steal data is high, which of the following is the BEST reason to deploy Faraday cages?
To minimize external RF interference with embedded processors
An organization wants to set up a wireless network in the most secure way. Budget is not a major consideration, and the organization is willing to accept some complexity when clients are connecting. It is also willing to deny wireless connectivity for clients who cannot be connected in the most secure manner. Which of the following would be the MOST secure setup that conforms to the organization's requirements?
Use WPA2-Enterprise with RADIUS and disable pre-shared keys.
Which of the following is used during the identification phase when a user is trying to access a resource?
Username
A security administrator is defining security requirements for a new wireless network. The director has instructed the administrator to meet the following requirements: - Maximum security without a shared secret - Client-based authentication - Centralized auditing of access Which of the following protocols would BEST meet these requirements?
WPA2-PSK
A security technician is evaluating a new application-vulnerability-scanning service in the cloud. This service can only be configured to scan external URLs. and this is the only information the technician has. Which of the following tests can the security technician perform?
White box
Which of the following BEST explains why a development environment should have the same database server secure baseline that exists in production even if there is not PII in the database?
Without the same configuration in both development and production, there are no assurances that changed made in development will have the same effect as production.
During an OpenVAS scan, it was noted that the RDP port was open. Upon further investigation, the port was verified as being open. This is an example of:
a true positive.
Which of the following is a security consideration for lot devices?
lot devices have built-in accounts that users rarely access.
A systems administrator suspects that a MITM attack is underway on the local LAN. Which of the following commands should the administrator use to confirm this hypothesis and determine which workstation is launching the attack?
nmap
An organization has established the following account management practices with respect to naming conventions: -User accounts must have firstname.lastname -Privileged user accounts must be name kfirstname.lastname -Service accounts must be named sv.applicationname_environment There is an application called "Unicycle Inventory" running in the development (dev), staging (stg), and production (prod) environments. Mary Smith, the systems administrator, is checking account permissions on the application servers in the development environment. Which of the following accounts should she expect to see? (Select TWO)
x.mary.smith 7 sv. unicycleinventory_dev