Upgrade to remove ads

Only $35.99/year

Security+ 601 Practice

Terms in this set (396)

You've hired a third-party to gather information about your company's servers and data. The third-party will not have direct access to your internal network but can gather information from any other source. Which of the following would BEST describe this approach?

Passive foot printing

Which of these protocols use TLS to provide secure communication?

Which of these threat actors would be MOST likely to attack systems for direct financial gain?

Organized Crime

A security incident has occurred on a file server. Which of the following data sources should be gathered to address file storage volatility?

Partition data & Temporary file systems

An IPS at your company has found a sharp increase in traffic from all-in-one printers. After researching, your security team has found a vulnerability associated with these devices that allows the device to be remotely controlled by a third-party. Which category would BEST describe these devices?

Which of the following standards provides information on privacy and managing PII?

Elizabeth, a security administrator, is concerned about the potential for data exfiltration using external storage drives. Which of the following would be the BEST way to prevent this method of data exfiltration?

Create an operating system security policy to prevent the use of removable media

A CISO (Chief Information Security Officer) would like to decrease the response time when addressing security incidents. Unfortunately, the company does not have the budget to hire additional security engineers. Which of the following would assist the CISO with this requirement?

An insurance company has created a set of policies to handle data breaches. The security team has been given this set of requirements based on these policies:
• Access records from all devices must be saved and archived
• Any data access outside of normal working hours must be immediately reported
• Data access must only occur inside of the country
• Access logs and audit reports must be created from a single database Which of the following should be implemented by the security team to meet these requirements?

Restrict login access by IP address and GPS location, Consolidate all logs on a SIEM, Enable time-of-day restrictions on the authentication server

Rodney, a security engineer, is viewing this record from the firewall logs:
UTC 04/05/2018 03:09:15809 AV Gateway Alert 136.127.92.171 80 -> 10.16.10.14 60818 Gateway Anti-Virus Alert: XPACK.A_7854 (Trojan) blocked. Which of the following can be observed from this log information?

A download was blocked from a web server

A user connects to a third-party website and receives this message:

Your connection is not private.
NET::ERR_CERT_INVALID

Which of the following attacks would be the MOST likely reason for this message?

Which of the following would be the BEST way to provide a website login using existing credentials from a third-party site?

A system administrator, Daniel, is working on a contract that will specify a minimum required uptime for a set of Internet-facing firewalls. Daniel needs to know how often the firewall hardware is expected to fail between repairs. Which of the following would BEST describe this information?

An attacker calls into a company's help desk and pretends to be the director of the company's manufacturing department. The attacker states that they have forgotten their password and they need to have the password reset quickly for an important meeting. What kind of attack would BEST describe this phone call?

Social Engineering

A security administrator has been using EAP-FAST wireless authentication since the migration from WEP to WPA2. The company's network team now needs to support additional authentication protocols inside of an encrypted tunnel. Which of the following would meet the network team's requirements?

Which of the following would be commonly provided by a CASB?

List of applications in use, Verification of encrypted data transfers

The embedded OS in a company's time clock appliance is configured to reset the file system and reboot when a file system error occurs. On one of the time clocks, this file system error occurs during the startup process and causes the system to constantly reboot. Which of the following BEST describes this issue?

A recent audit has found that existing password policies do not include any restrictions on password attempts, and users are not required to periodically change their passwords. Which of the following would correct these policy issues?

Password expiration, Password lockout

What kind of security control is associated with a login banner?

A security team has been provided with a non-credentialed vulnerability scan report created by a third-party. Which of the following would they expect to see on this report?

The version of web server software in use

A business manager is documenting a set of steps for processing orders if the primary Internet connection fails. Which of these would BEST describe these steps?

Continuity of operations

A security administrator is concerned about data exfiltration resulting from the use of malicious phone charging stations. Which of the following would be the BEST way to protect against this threat?

USB data blocker

A company would like to protect the data stored on laptops used in the field. Which of the following would be the BEST choice for this requirement?

A file server has a full backup performed each Monday at 1 AM. Incremental backups are performed at 1 AM on Tuesday, Wednesday, Thursday, and Friday. The system administrator needs to perform a full recovery of the file server on Thursday afternoon. How many backup sets would be required to complete the recovery?

A company is creating a security policy that will protect all corporate mobile devices:
• All mobile devices must be automatically locked after a predefined time period.
• Some mobile devices will be used by the remote sales teams, so the location of each device needs to be traceable.
• All of the user's information should be completely separated from company data.

Which of the following would be the BEST way to establish these security policy rules?

A security engineer runs a monthly vulnerability scan. The scan doesn't list any vulnerabilities for Windows servers, but a significant vulnerability was announced last week and none of the servers are patched yet. Which of the following best describes this result?

A security administrator is adding additional authentication controls to the existing infrastructure. Which of the following should be added by the security administrator?

TOTP & Smart Card

A network administrator would like each user to authenticate with their personal username and password when connecting to the company's wireless network. Which of the following should the network administrator configure on the wireless access points?

A security administrator needs to identify all references to a Javascript file in the HTML of a web page. Which of the following tools should be used to view the source of the web page and search through the file for a specific filename?

A user has assigned individual rights and permissions to a file on their network drive. The user adds three additional individuals to have read-only access to the file. Which of the following would describe this access control model?

A remote user has received a text message requesting login details to the corporate VPN server. Which of the following would BEST describe this message?

A department store policy requires that a floor manager approves each transaction when a gift certificate is used for payment. The security team has found that some of these transactions have been processed without the approval of a manager. Which of the following would provide a separation of duties to enforce this store policy?

Require an approval PIN for the cashier and a separate approval PIN for the manager

Which of the following is true of a rainbow table?

Different tables are required for different hashing methods, A rainbow table won't be useful if the passwords are salted

A server administrator at a bank has noticed a decrease in the number of visitors to the bank's website. Additional research shows that users are being directed to a different IP address than the bank's web server. Which of the following would MOST likely describe this attack?

Which of these cloud deployment models would share resources between a private virtualized data center and externally available cloud services?

A company hires a large number of seasonal employees, and their system access should normally be disabled when the employee leaves the company. The security administrator would like to verify that their systems cannot be accessed by any of the former employees. Which of the following would be the BEST way to provide this verification?

Validate the processes and procedures for all outgoing employees

A network administrator has installed a new access point, but only a portion of the wireless devices are able to connect to the network. Other devices can see the access point, but they are not able to connect even when using the correct wireless settings. Which of the following security features was MOST likely enabled?

An attacker has discovered a way to disable a server by sending a specially crafted packet to the operating system. When the packet is received, the system crashes and must be rebooted to restore normal operations. Which of the following would BEST describe this situation?

A data breach has occurred in a large insurance company. A security administrator is building new servers and security systems to get all of the financial systems back online. Which part of the incident response process would BEST describe these actions?

A manufacturing company has moved an inventory application from their internal systems to a PaaS service. Which of the following would be the BEST way to manage security policies on this new service?

An organization has identified a significant vulnerability in a firewall used for Internet connectivity. The firewall company has stated there are no plans to create a patch for this vulnerability. Which of the following would BEST describe this issue?

Lack of vendor support

A company has decided to perform a disaster recovery exercise during an annual meeting with the IT directors and senior directors. A simulated disaster will be presented, and the participants will discuss the logistics and processes required to resolve the disaster. Which of the following would BEST describe this exercise?

Tabletop exercise

A security administrator needs to identify all computers on the company network infected with a specific malware variant. Which of the following would be the BEST way to identify these systems?

A system administrator has been called to a system that is suspected to have a malware infection. The administrator has removed the device from the network and has disconnected all USB flash drives. Which of these incident response steps is the administrator following?

How can a company ensure that all data on a mobile device is unrecoverable if the device is lost or stolen?

A security administrator is collecting information associated with a ransomware infection on the company's web servers. Which of the following log files would provide information regarding the memory contents of these servers?

Which part of the PC startup process verifies the digital signature of the OS kernel?

A security administrator has performed an audit of the organization's production web servers, and the results have identified banner information leakage, web services running from a privileged account, and inconsistencies with SSL certificates. Which of the following would be the BEST way to resolve these issues?

Server hardening

A shipping company stores information in small regional warehouses around the country. The company keeps an IPS online at each warehouse to watch for suspicious traffic patterns. Which of the following would BEST describe the security control used at the warehouse?

The Vice President of Sales has asked the IT team to create daily backups of the sales data. The Vice President is an example of a:

A security engineer is preparing to conduct a penetration test. Part of the preparation involves reading through social media posts for information about a third-party website. Which of the following describes this practice?

A company would like to automate their response when a virus is detected on company devices. Which of the following would be the BEST way to implement this function?

A user in the accounting department has received an email from the CEO requesting payment for a recently purchased tablet. However, there doesn't appear to be a purchase order associated with this request. Which of the following would be the MOST likely attack associated with this email?

A company has been informed of a hypervisor vulnerability that could allow users on one virtual machine to access resources on another virtual machine. Which of the following would BEST describe this vulnerability?

While working from home, users are attending a project meeting over a web conference. When typing in the meeting link, the browser is unexpectedly directed to a different website than the web conference. Users in the office do not have any issues accessing the conference site. Which of the following would be the MOST likely reason for this issue?

A company is launching a new internal application that will not start until a username and password is entered and a smart card is plugged into the computer. Which of the following BEST describes this process?

An online retailer is planning a penetration test as part of their PCI DSS validation. A third-party organization will be performing the test, and the online retailer has provided the Internet-facing IP addresses for their public web servers but no other details. What penetration testing methodology is the online retailer using?

Partially known environment

A manufacturing company makes radar used by commercial and military organizations. A recently proposed policy change would allow the use of mobile devices inside the facility. Which of the following would be the MOST significant security issue associated with this change in policy?

Photo and video use

A company is designing an application that will have a high demand and will require significant computing resources during the summer. During the winter, there will be little to no application use and resource use should be minimal. Which of these characteristics BEST describe this application requirement?

Vala, a security analyst, has received an alert from her IPS regarding active exploit attempts from the Internet. Which of the following would provide detailed information about these exploit attempts?

A user in the accounting department would like to send a spreadsheet with sensitive information to a list of third- party vendors. Which of the following could be used to transfer this spreadsheet to the vendors?

A system administrator would like to segment the network to give the marketing, accounting, and manufacturing departments their own private network. The network communication between departments would be restricted for additional security. Which of the following should be configured on this network?

A technician at an MSP has been asked to manage devices on third-party private network. The technician needs command line access to internal routers, switches, and firewalls. Which of the following would provide the necessary access?

A transportation company is installing new wireless access points in their corporate offices. The manufacturer estimates that the access points will operate an average of 100,000 hours before a hardware-related outage. Which of the following describes this estimate?

A security administrator has been asked to create a policy that would prevent access to a secure area of the network. All users who are not physically located in the corporate headquarters building would be prevented from accessing this area. Which of these should the administrator use?

Which of the following would be considered multi- factor authentication?

PIN and fingerprint

Sam, a security administrator, is configuring the authentication process used by technicians when logging into a router. Instead of using accounts that are local to the router, Sam would like to pass all login requests to a centralized database. Which of the following would be the BEST way to implement this requirement?

A recent audit has determined that many IT department accounts have been granted Administrator access. The audit recommends replacing these permissions with limited access rights. Which of the following would BEST describe this policy?

Least privilege

A recent security audit has discovered email addresses and passwords located in a packet capture. Which of the following did the audit identify?

Insecure protocols

A company has connected their wireless access points and have enabled WPS. Which of the following security issues would be associated with this configuration?

An organization has traditionally purchased insurance to cover a ransomware attack, but the costs of maintaining the policy have increased above the acceptable budget. The company has now decided to cancel the insurance policies and deal with ransomware issues internally. Which of the following would best describe this action?

Which of these threat actors would be the MOST likely to deface a website to promote a political agenda?

An IPS report shows a series of exploit attempts were made against externally facing web servers. The system administrator of the web servers has identified a number of unusual log entries on each system. Which of the following would be the NEXT step in the incident response process?

Disconnect the web servers from the network

A security administrator is viewing the logs on a laptop in the shipping and receiving department and identifies these events:

8:55:30 AM | D:\Downloads\ChangeLog-5.0.4.scr | Quarantine Success9:22:54 AM | C:\Program Files\Photo Viewer\ViewerBase.dll | Quarantine Failure 9:44:05 AM | C:\Sales\Sample32.dat | Quarantine Success

Which of the following would BEST describe the circumstances surrounding these events?

The antivirus application identified three viruses and quarantined two viruses

In the past, an organization has relied on the curated Apple App Store to avoid the issues associated with malware and insecure applications. However, the IT department has discovered an iPhone in the shipping department that includes applications that are not available on the Apple App Store. How did the shipping department user install these apps on their mobile device?

A security administrator is designing a storage array that would maintain an exact replica of all data without striping. The array needs to operate normally if a single drive was to fail. Which of the following would be the BEST choice for this storage system?

A transportation company has moved their reservation system to a cloud-based infrastructure. The security manager would like to monitor data transfers, identify potential threats, and ensure that all data transfers are encrypted. Which of the following would be the BEST choice for these requirements?

Which of the following control types is associated with a bollard?

Jack, a hacker, has identified a number of devices on a corporate network that use the username of "admin" and the password of "admin." Which vulnerability describes this situation?

Default configuration

A security administrator attends an annual industry convention with other security professionals from around the world. Which of the following attacks would be MOST likely in this situation?

A transportation company headquarters is located in an area with frequent power surges and outages. The security administrator is concerned about the potential for downtime and hardware failures. Which of the following would provide the most protection against
these issues? Select TWO.

UPS and Dual Power supplies

An organization has developed an in-house mobile device app for order processing. The developers would like the app to identify revoked server certificates without sending any traffic over the corporate Internet connection. Which of the following MUST be configured to allow this functionality?

Sam, a security administrator, is configuring an IPsec tunnel to a remote site. Which protocol should she enable to protect all of the data traversingthe VPN tunnel?

A Linux administrator has received a ticket complaining of response issues with a database server. After connecting to the server, the administrator views this information:

Filesystem Size Used Avail Use% Mounted on /dev/xvda1 158G 158G 0 100% /

Which of the following would BEST describe this information?

Resource exhaustion

Which of the following would limit the type of information a company can collect from their customers?

A security administrator has identified a DoS attack against the company's web server from an IPv4 address on the Internet. Which of the following security tools would provide additional details about the attacker's location? (Select TWO)

Tracert and netcat

A hacker is planning an attack on a large corporation. Which of the following would provide the attacker with details about the company's domain names andIP addresses?

Open-cource intelligence

A security administrator is designing a network to be PCI DSS compliant. Which of the following would be the BEST choice to provide this compliance?

Perform regular audits and vulnerability scans

A security administrator would like to test a server to see if a specific vulnerability exists. Which of the following would be the BEST choice for this task?

A company has rolled out a new application that requires the use of a hardware-based token generator. Which of the following would be the BEST description of this access feature?

Something you have

A company has signed an SLA with an Internet service provider. Which of the following would BEST describe the content of this SLA?

The service provider will provide 99.999% uptime

An attacker has created many social media accounts and is posting information in an attempt to get the attention of the media. Which of the following would BEST describe this attack?

Influence campaign

Which of the following would be the BEST way to protect credit card account information when performing real-time purchase authorizations?

The network design of an online women's apparel company includes a primary data center in the United States and secondary data centers in London and Tokyo. Customers place orders online via HTTPS to servers at the closest data center, and these orders and customer profiles are then centrally stored in the United States data center. The connections between all data centers use Internet links with IPsec tunnels. Fulfillment requests are sent from the United States data center to shipping locations in the customer's country. Which of the following should be the CIO's MOST significant security concern with this existing network design?

Customer information is transferred between countries

A government transport service has installed access points that support WPA3. Which of the following technologies would provide enhanced security for PSK while using WPA3?

A security administrator has found a keylogger installed alongside an update of accounting software. Which of the following would prevent the transmission of the collected logs?

Block all unknown outbound network traffic at the Internet firewall

A user in the marketing department is unable to connect to the wireless network. After authenticating with a username and password, the user receives this message: The AP is configured with WPA3 encryption and 802.1X authentication.

The connection attempt could not be completed.The Credentials provided by the server could not be validated. Radius Server: radius.example.comRoot CA: Example.com Internal CA Root Certificate-- -- --

Which of the following is the MOST likely reason for this login issue?

The client computer does not have the proper certificate installed

A security administrator has created a new policy that prohibits the use of MD5 hashes due to collision problems. Which of the following describes the reason for this new policy?

Two different messages share the same hash

Jack, a security administrator, has been tasked with hardening all of the internal web servers to prevent on-path attacks and to protect the application traffic from protocol analysis. These requirements should be implemented without changing the configuration on the client systems. Which of the following should Jack include in his project plan?
(Select TWO)

Use HTTPS over port 443 for all server communication

Create a web server certificate and sign it with the internal CA

A security administrator has identified the installation of a RAT on a database server and has quarantined the system. Which of the following should be followed to ensure that the integrity of the evidence is maintained?

Chain of custody

Which of the following would be the BEST option for application testing in an environment that is completely separated from the production network?

To process the company payroll, a manager logs into a third-party browser-based application and enters the hours worked for each employee. The financial transfers and physical check mailings are all provided by the third-party company. The manager does not maintain any servers or virtual machines within his company. Which of the following would BEST describe this application model?

Which of the following BEST describes the modification of application source code that removes white space, shortens variable names, and rearranges the text into a compact format?

Which of the following vulnerabilities would be the MOST significant security concern when protecting against a competitor?

Lack of patch updates on an Intrenet-facing database

A third-party vulnerability scan reports that a company's web server software version is susceptible to a memory leak vulnerability. Which of the following would be the expected result if this vulnerability was exploited?

Which of the following would be the BEST way to determine if files have been modified after the forensics data acquisition process has occurred?

create a hash of the data

A system administrator is implementing a password policy that would require letters, numbers, and special characters to be included in every password. Which of the following controls MUST be in place to enforce this password policy?

A system administrator is designing a data center for an insurance company's new public cloud and would like to restrict user access to sensitive data. Which of the following would provide ongoing visibility, data security, and control of cloud-based applications?

A security administrator has identified an internally developed application that allows users to modify SQL queries through a web-based front-end. To prevent this modification, the administrator has recommended that all queries be completely removed from the application front-end and placed onto the back-end of the application server. Which of the following would describe this implementation?

Stored Procedures

A system administrator is implementing a fingerprint scanner to provide access to the data center. Which of these metrics should be kept at a minimum in order to prevent unauthorized persons from accessing the data center?

The IT department of a transportation company maintains an on-site inventory of chassis-based network switch interface cards. If a failure occurs, the on-site technician can replace the interface card and have the system running again in sixty minutes. Which of the following BEST describes this recovery metric?

A company maintains a server farm in a large data center. These servers are for internal use only and are not accessible externally. The security team has discovered that a group of servers was breached before the latest updates were applied. Breach attempts were not logged on any other servers. Which of these threat actors would be MOST likely involved in this breach?

An organization has contracted with a third-party to perform a vulnerability scan of their Internet-facing web servers. The report shows that the web servers have multiple Sun Java Runtime Environment ( JRE) vulnerabilities, but the server administrator has verified that JRE is not installed. Which of the following would be the BEST way to handle this report?

Ignore the JRE vulnerability alert

A user downloaded and installed a utility for compressing and decompressing files. Immediately after installing the utility, the user's overall workstation performance degraded, and it now takes twice as much time to perform any tasks on the computer. Which of the following is the BEST description of this malware infection?

Which of the following is the process for replacing sensitive data with a non-sensitive and functional placeholder?

A security administrator has installed a new firewall to protect a web server VLAN. The application owner requires that all web server sessions communicate over an encrypted channel. Which of these rules should the security administrator include in the firewall rule base?

Source: ANY, Destination: ANY, Protocol: TCP, Port: 80, Deny

Source: ANY, Destination: ANY, Protocol: TCP, Port: 443, Allow

Which of these would be used to provide multi-factor authentication?

Smart card with picture ID

An IT manager is leading a project to implement a global standard for a privacy information management system. Which of these standards would BEST apply to this project?

A company's security cameras have identified an unknown person walking into a fenced disposal area in the back of the building and then leaving with a box containing printed documents. Which of the following attacks is this person attempting?

Dumpster Diving

A technology company is manufacturing a military grade radar tracking system that can instantly identify any nearby unmanned aerial vehicles (UAVs). The UAV detector must be able to instantly identify and react to a vehicle without delay. Which of the following would BEST describe this tracking system?

A private company uses an SSL proxy to examine the contents of an encrypted application during transmission. How could the application developers prevent the use of this proxy examination in the future?

Certificate Pinning

A security administrator is concerned that a user may have installed a rogue access point on the corporate network. Which of the following could be used to confirm this suspicion?

During a ransomware outbreak, an organization was forced to rebuild database servers from known good backup systems. In which of the following incident response phases were these database servers brought back online?

Which of the following cloud deployments would include CPU, storage, and networking, but not include any operating system or application?

A network IPS has created this log entry:

Frame 4: 937 bytes on wire (7496 bits), 937 bytes captured
Ethernet II, Src: HewlettP_82:d8:31, Dst: Cisco_a1:b0:d1
Internet Protocol Version 4, Src: 172.16.22.7, Dst: 10.8.122.244
Transmission Control Protocol, Src Port: 3863, Dst Port: 1433
Application Data: SELECT * FROM users WHERE username='x' or 'x'='x' AND password='x' or 'x'='x'

Which of the following would describe this log entry?

An incident response team would like to validate their disaster recovery plans without making any changes to the infrastructure. Which of the following would be the best course of action?

Tabletop exercise

A system administrator has installed a new firewall between the corporate user network and the data center network. When the firewall is turned on with the default settings, users complain that the application in the data center is no longer working. Which of the following would be the BEST way to correct this application issue?

Create firewall rules that match the application traffic flow

Which of these would be used to provide HA for a web-based database application?

Each year, a certain number of laptops are lost or stolen and must be replaced by the company. Which of the following would describe the total cost the company spends each year on laptop replacements?

A network administrator is viewing a log file from a web server:

https://www.example.com/?s=/Index/think/ app/invokefunction&function=call_user_ func_array&vars[0]=md5&vars[1][0]= __HelloThinkPHP

Which of the following would be the BEST way to prevent this attack?

Input Validation

Sam, a user in the purchasing department, would like to send an email to Jack. Which of these would allow Jack to verify the sender of the email?

Digitally sign it with Sam's private key

The contract of a long-term temporary employee is ending. Which of these would be the MOST important part of the off-boarding process?

Archive the decryption keys associated with the user account

Daniel, a cybersecurity analyst, has been asked to respond to a denial of service attack against a web server. Daniel first collects information in the ARP cache, then a copy of the server's temporary file system, and finally system logs from the web server. What part of the forensics gathering process did Daniel follow?

Order of volatility

An attacker was able to download ten thousand company employee login credentials containing usernames and hashed passwords. Less than an hour later, a list containing all ten thousand usernames and passwords in plain text were posted to an online file storage repository. Which of the following would BEST describe how this attacker was able to post this information?

Weak cipher suite

A security administrator is researching the methods used by attackers to gain access to web servers. Which of the following would provide additional information about these techniques?

A server administrator is building a new web server and needs to provide operating system access to the web server executable. Which of the following account types should be configured?

A company is implementing a series of automated processes when responding to a security event. Which of the following would provide a linear checklist of steps to perform?

A transportation company maintains a scheduling application and a database in a virtualized cloud-based environment. Which of the following would be the BEST way to backup these services?

In an environment using discretionary access controls, which of these would control the rights and permissions associated with a file or directory?

A security administrator has installed a network-based DLP solution to determine if file transfers contain PII. Which of the following describes the data during the file transfer?

A medical imaging company would like to connect all remote locations together with high speed network links. The network connections must maintain high throughput rates and must always be available during working hours. In which of the following should these requirements be enforced with the network provider?

Service level agreement

A security administrator would like to encrypt all telephone communication on the corporate network. Which of the following protocols would provide this functionality?

A security administrator is preparing a phishing email that will be sent to employees as part of a periodic security test. The email is spoofed to appear as an unknown third-party and asks employees to immediately click a link or their state licensing will be revoked. Which of these social engineering principles are used by this email?

A security administrator would like to minimize the number of certificate status checks made by web site clients to the certificate authority. Which of the following would be the BEST option for this requirement?

A company is concerned their EDR solution will not be able to stop more advanced ransomware variants. Technicians have created a backup and restore utility that will get most systems up and running less than an hour after an attack. What type of security control is associated with this restore process?

Which of the following applies scientific principles to provide a post-event analysis of an intrusion?

Which of the following would be the MOST likely result of plaintext application communication?

Daniel, a system administrator, believes that certain configuration files on a Linux server have been modified from their original state. Daniel has reverted the configurations to their original state, but he would like to be notified if they are changed again. Which of the following would be the BEST way to provide
Quick Answer: 163
The Details: 233
this functionality?

File integrity check

Last month, a finance company disposed of seven-year- old printed customer account summaries that were no longer required for auditing purposes. A recent online search has now found that images of these documents are available as downloadable torrents. Which of the following would MOST likely have prevented this information breach?

A security manager believes that an employee is using their laptop to circumvent the corporate Internet security controls through the use of a cellular hotspot. Which of the following could be used to validate this belief ? (Select TWO)

HIPS and Host-based firewall logs

An application developer is creating a mobile device app that will include extensive encryption and decryption. Which of the following technologies would be the BEST choice for this app?

Which of the following would be a common result of a successful vulnerability scan?

A list of Microsoft patches that have not been applied to a server

A security administrator is researching an issue with conference room users at a remote site. When connected to the wireless network, users receive an IP address that is not part of the corporate addressing scheme. Communication over this network also appears to have slower performance than the wireless connections elsewhere in the building. Which of the following would be the MOST likely reason for these issues?

Rouge access point

A company has identified a compromised server, and the security team would like to know if an attacker has used this device to move between systems. Which of the following would be the BEST way to provide this information?

A system administrator has protected a set of system backups with an encryption key. The system administrator used the same key when restoring files from this backup. Which of the following would BEST describe this encryption type?

A new malware variant takes advantage of a vulnerability in a popular email client. Once installed, the malware forwards all email attachments containing credit card information to an external email address. Which of the following would limit the scope of this attack?

Scan outgoing traffic with DLP

An organization has identified a security breach and has removed the affected servers from the network. Which of the following is the NEXT step in the IR process?

A manager of the accounting department would like to minimize the opportunity for embezzlement and fraud from any of the current accounting team employees. Which of these policies should the manager use to avoid these issues?

Mandatory vacations

Which of the following would be the MAIN reasons why a system administrator would use a TPM when configuring full disk encryption? (Select TWO)

Uses burned-in cryptographic keys

Includes built-in protections against brute-force attacks

A security administrator would like to create an access control where each file or folder is assigned a security clearance level, such as "confidential" or "secret." The security administrator would then assign a maximum security level to each user. What type of access control would be used in this network?

Cameron, a security administrator, is reviewing a report that shows a number of devices on internal networks attempting to connect with servers in the data center network. Which of the following security controls should Cameron add to prevent internal systems from accessing data center devices?

A financial services company is headquartered in an area with a high occurrence of tropical storms and hurricanes. Which of the following would be MOST important when restoring services disabled by a storm?

Disaster recovery plan

A user in the mail room has reported an overall slowdown of his shipping management software. An anti-virus scan did not identify any issues, but a more thorough malware scan identified a kernel driver that was not part of the original operating system installation. Which of the following malware was installed on this system?

A virus scanner has identified a macro virus in a word processing file attached to an email. Which of the following information could be obtained from the metadata of this file?

Date and time when the file was created

If a person is entering a data center facility, they must check-in before they are allowed to move further into the building. People who are leaving must be formally checked-out before they are able to exit the building. Which of the following would BEST facilitate
this process?

Access control vestibule

A security administrator has discovered that an employee has been exfiltrating confidential company information by embedding the data within image files and emailing the images to a third-party. Which of the following would best describe this activity?

A security engineer is running a vulnerability scan on their own workstation. The scanning software is using the engineers account access to perform all scans. What type of scan is running?

Which of the following would be the best way to describe the estimated number of laptops that might be stolen in a fiscal year

Your company owns a purpose-built appliance that doesn't provide any access to the operating system and doesn't provide a method to upgrade the firmware. Which of the following describes this appliance?

Embedded system

A security administrator is updating the network infrastructure to support 802.1X authentication. Which of the following would be the BEST choice for this configuration?

Which of these best describes two-factor authentication?

A Windows Domain requires a username, password, and smart card

A company is deploying a new mobile application to all of its employees in the field. Some of the problems associated with this rollout include:

• The company does not have a way to manage the mobile devices in the field • Company data on mobile devices in the field introduces additional risk
• Team members have many different kinds of mobile devices

Which of the following deployment models would address these concerns?

A manufacturing company would like to track the progress of parts as they are used on an assembly line. Which of the following technologies would be the BEST choice for this task?

A finance company is legally required to maintain seven years of tax records for all of their customers. Which of the following would be the BEST way to implement this requirement?

Create a separate daily backup archive for all applicable tax records

A Linux administrator is downloading an updated version of her Linux distribution. The download site shows a link to the ISO and a SHA256 hash value. Which of these would describe the use of this hash value?

Verifies that the file was not corrupted during the file transfer

A company's security policy requires that login access should only be available if a person is physically within the same building as the server. Which of the following would be the BEST way to provide this requirement?

Biometric scanner

Your development team has installed a new application and database to a cloud service. After running a vulnerability scanner on the application instance, you find that the database is available for anyone to query without providing any authentication. Which of these vulnerabilities is MOST associated with this issue?

Open Permissions

Employees of an organization have received an email offering a cash bonus for completing an internal training course. The link in the email requires users to login with their Windows Domain credentials, but the link appears to be located on an external server. Which of the following would BEST describe this email?

Which of the following risk management strategies would include the purchase and installation of an NGFW?

A security administrator is designing an authentication process for a new remote site deployment. They would like the users to provide their credentials when they authenticate in the morning, and they do not want any additional authentication requests to appear during the rest of the day. Which of the following should be used to meet this requirement?

A manufacturing company would like to use an existing router to separate a corporate network and a manufacturing floor that use the same physical switch. The company does not want to install any additional hardware. Which of the following would be the BEST choice for this segmentation?

Create separate VLANs for the corporate network and the manufacturing floor

A user has opened a help desk ticket complaining of poor system performance, excessive pop up messages, and the cursor moving without anyone touching the mouse. This issue began after they opened a spreadsheet from a vendor containing part numbers and pricing information. Which of the following is MOST likely the cause of this user's issues?

A web-based manufacturing company processes monthly charges to credit card information saved in the customer's profile. Which of the following standards would be required to maintain this payment information?

A security manager has created a report showing intermittent network communication from external IP addresses to certain workstations on the internal network. These traffic patterns occur at random times during the day. Which of the following would be the MOST likely reason for these traffic patterns?

The security policies in a manufacturing company prohibit the transmission of customer information. However, a security administrator has received an alert that credit card numbers were transmitted as an email attachment. Which of the following was the MOST likely source of this alert message?

Which cryptographic method is used to add trust to a digital certificate?

Digital Signature

A user with restricted access has typed this text in a search field of an internal web-based application:

USER77' OR '1'='1

After submitting this search request, all of the database records are displayed on the screen. Which of the following would BEST describe this search?

Which of the following describes a monetary loss if one event occurs?

Jennifer is reviewing this security log from her IPS:

ALERT 2018-06-01 13:07:29 [163bcf65118-179b547b] Cross-Site Scripting in JSON Data 222.43.112.74:3332 -> 64.235.145.35:80 URL/index.html - Method POST - Query String "-" User Agent: curl/7.21.3 (i386-redhat-linux-gnu) libcurl/7.21.3 NSS/3.13.1.0 zlib/1.2.5 libidn/1.19 libssh2/1.2.7 Detail: token=""

Which of the following can be determined from this log information?

The alert was generated from an embedded script, The attacker's IP address is 222.43.112.74

A corporate security team would like to consolidate and protect the certificates across all of their web servers. Which of these would be the BEST way to securely store these certificates?

An organization's content management system (CMS) currently labels files and documents as "Unclassified" and "Restricted." On a recent updated to the CMS, a new classification type of "PII" was added. Which of the following would be the MOST likely reason for this addition?

Expanded privacy compliance

An organization maintains a large database of customer information for sales tracking and customer support. Which person in the organization would be responsible for managing the access rights to this data?

An MSP is designing a new server room for a large company. Which of the following should be included in the design to provide redundancy?

RAID arrays, Dual power supplies

A recent report shows the return of a vulnerability that was previously patched four months ago. After researching this issue, the security team has found that a recent patch has reintroduced this vulnerability on the servers. Which of the following should the security administrator implement to prevent this issue from occurring in the future?

Continuous monitoring

A security manager would like to ensure that unique hashes are used with an application login process. Which of the following would be the BEST way to add random data when generating a set of stored password hashes?

A data center manager has built a Faraday cage in the data center, and a set of application servers have been placed into racks inside the Faraday cage. Which of the following would be the MOST likely reason for the data center manager to install this configuration of equipment?

Protect the servers against any unwanted electromagnetic fields

When a home user connects to the corporate VPN, they are no longer able to print to their local network printer. Once the user disconnects from the VPN, the printer works normally. Which of the following would be the MOST likely reason for this issue?

The VPN tunnel is configured for full tunnel

A security analyst has identified a number of sessions from a single IP address with a TTL equal to zero. One of the sessions has a destination of the Internet firewall, and a session immediately after has a destination of your DMZ server. Which of the following BEST describes this log information?

Someone is performing a traceroute to the DMZ server

A company encourages users to encrypt all of their confidential materials on a central server. The organization would like to enable key escrow as a backup. Which of these keys should the organization place into escrow?

An attacker has sent more information than expected in a single API call, and this has allowed the execution of arbitrary code. Which of the following would BEST describe this attack?

Buffer overflow

A member of the accounting team was out of the office for two weeks, and an important financial transfer was delayed until they returned. Which of the following would have prevented this delay?

Which of the following would be the BEST way to confirm the secure baseline of a deployed application instance?

Perform an integrity measurement

A security administrator has been asked to respond to a potential security breach of the company's databases, and they need to gather the most volatile data before powering down the database servers. In which order should they collect this information?

CPU registers, memory, temporary files, remote monitoring data

An organization is installing a UPS for their new data center. Which of the following would BEST describe this type of control?

A security administrator has configured a virtual machine in a screened subnet with a guest login account and no password. Which of the following would be the MOST likely reason for this configuration?

The server is a honeypot for attracting potential attackers

A company's outgoing email server currently uses SMTP with no encryption. The security administrator would like to implement encryption between email clients without changing the existing server-to-server communication. Which of the following would be the BEST way to implement this requirement?

Require the use of S/MIME

A company has just purchased a new application server, and the security director wants to determine if the system is secure. The system is currently installed in a test environment and will not be available to users until the rollout to production next week. Which of the following would be the BEST way to determine if any part of the system can be exploited?

Penetration test

A company would like to securely deploy applications without the overhead of installing a virtual machine for each system. Which of the following would be the BEST way to deploy these applications?

Containerization

A company is concerned their EDR solution will not be able to stop more advanced ransomware variants. Technicians have created a backup and restore utility that will get most systems up and running less than an hour after an attack. What type of security control is associated with this restore process?

To upgrade an internal application, the development team provides the operations team with a patch and instructions for backing up, patching, and reverting the patch if needed. The operations team schedules a date for the upgrade, informs the business divisions, and tests the upgrade process after completion. Which of the following describes this process?

Change management

A company is implementing a public file-storage and cloud-based sharing service, but does not want to build a separate authentication front-end. Instead, the company would like users to authenticate with an existing account on a trusted third-party web site. Which of the following should the company implement?

A system administrator is viewing this output from Microsoft's System File Checker:

15:43:01 - Repairing corrupted file C:\Windows\System32\kernel32.dll 15:43:03 - Repairing corrupted file C:\Windows\System32\netapi32.dll 15:43:07 - Repairing corrupted file C:\Windows\System32\user32.dll 15:43:43 - Repair complete

Which of the following malware types is the MOST likely cause of this output?

What type of vulnerability would be associated with this log information?

GET http://example.com/show.asp?view=../../Windows/ system.ini HTTP/1.1

Directory Traversal

A developer has created an application that will store password information in a database. Which of the following BEST describes a way of protecting these credentials by adding random data to the password?

Which of the following processes merges developed code, tests for issues, and automatically moves the newly developed application to production without any human intervention?

Continuous deployment

Which of the following BEST describes a risk matrix?

A visual summary of a risk assessment

A security administrator would like to implement an authentication system that uses cryptographic tickets to validate users. Which of the following would provide this functionality?

Richard is reviewing this information from an IPS log:

MAIN_IPS: 22June2019 09:02:50 reject 10.1.111.7Alert: HTTP Suspicious Webdav OPTIONS Method Request; Host: Server Severity: medium; Performance Impact:3;Category: info-leak; Packet capture; disable Proto:tcp; dst:192.168.11.1; src:10.1.111.7

Which of the following can be associated with this log information? (Select TWO)

The source of the attack is 10.1.111.7

The attacker sent an unusual HTTP packet to trigger the IPS

A company has contracted with a third-party to provide penetration testing services. The service includes a port scan of each externally-facing device. This is an example of:

Active reconnaissance

An access point in a corporate headquarters office has the following configuration:

IP address: 10.1.10.1Subnet mask: 255.255.255.0 DHCPv4 Server: EnabledSSID: WirelessWireless Mode: 802.11g Security Mode: WEP-PSK Frequency band: 2.4 GHz Software revision: 2.1MAC Address: 60:3D:26:71:FF:AA IPv4 Firewall: Enabled

Which of the following would apply to this configuration?

weak encryption

An application does not properly release unused memory, and eventually it grows so large that it uses all available memory. Which of the following would describe this issue?

A company is receiving complaints of slowness and disconnections to their Internet-facing web server. A network administrator monitors the Internet link and finds excessive bandwidth utilization from thousands of different IP addresses. Which of the following would be the MOST likely reason for these performance issues?

A penetration tester is researching a company using information gathered from user profiles and posts on a social media site. Which of the following would describe this activity?

A system administrator is configuring an IPsec VPN to a remote location and would like to ensure that the VPN provides confidentiality for both the original IP header and the data. Which of the following should be configured on the VPN?

Which of these cloud deployment models would BEST describe a company that would build a cloud for their own use and use systems and storage platforms in their data center?

Which of the following malware types would cause a workstation to participate in a DDoS?

Which of these are used to force the preservation of data for later use in court?

A network administrator is installing a series of access points in a public library. Which of the following would be the BEST way to prevent theft of his laptop while performing this work?

A company would like to install an IPS to observe normal network activity and block any traffic that deviates from this baseline. Which of these IPS types would be the BEST fit for this requirement?

A security engineer is capturing packets on an internal company network and is documenting the IP addresses and MAC addresses associated with the local network devices. Which of these commands would provide the MAC address of the default gateway at 10.11.1.1?

ping 10.11.1.1 arp -a

A network administrator needs to identify all inbound connections to a Linux web server. Which of the following utilities would be the BEST choice for this task?

A company has identified a web server data breach that resulted in the theft of financial records from 150 million customers. A security update to the company's web server software was available for two months prior to the breach. Which of the following would have prevented this breach from occurring?

Patch management

A security administrator is deploying a web server and needs to understand the methods an attacker could use to gain access to the system. Which of the following would be the BEST source of this information?

A system administrator has identified an unexpected username on a database server, and the user has been transferring database files to an external server over the company's Internet connection. The administrator then performed these tasks:

• Physically disconnected the Ethernet cable on the database server
• Disabled the unknown account
• Configured a firewall rule to prevent file transfers from the server

Which of the following would BEST describe this part of the incident response process?

Which of the following would be the MOST effective
use of asymmetric encryption?

Securely derive session key

Each salesperson in a company will receive a laptop with applications and data to support their sales efforts. The IT manager would like to prevent third-parties from gaining access to this information if the laptop is stolen. Which of the following would be the BEST way to protect this data?

Full disk encryption

During sales meetings, visitors often require an Internet connection for demonstrations. Which of the following should the company implement to maintain the security of the internal network resources?

Guest network with captive portal

A company's web server has been infected with malware, and the security administrator has contained the system and would like to create a bit-by-bit image of the server storage drive. Which of the following would be the BEST choice for this task?

A set of corporate security policies is what kind of security control?

Which of the following would be the MOST significant security concern when protecting against criminal syndicates?

Maintain reliable backup data

An application team has been provided with a hardened version of Linux to use with a new application rollout, and they are installing a web service and the application code on the server. Which of the following would BEST protect the application from attacks?

Implement a secure configuration of the web service

A system administrator has configured MAC filtering on the corporate access point, but access logs show that unauthorized users are accessing the network.The administrator has confirmed that the address filter includes only authorized MAC addresses. Which of the following should the administrator configure to prevent this authorized use?

Enable WPA3 encryption

A company is building a broad set of conditional steps to follow when investigating a data breach. Which of the following would BEST describe these steps?

During an initial network connection, a supplicant communicates to an authenticator, which then sends an authentication request to an Active Directory database. Which of the following would BEST describe this authentication technology?

A security administrator would like use employee-owned mobile phones to unlock the door of the data center using a sensor on the wall. The users would authenticate on their phones with a fingerprint before the door would unlock. Which of the following features should the administrator use? (Select TWO)

NFC and Biometrics

Visitors to a corporate data center must enter through the main doors of the building. Which of the following security controls would be the BEST choice to successfully guide people to the front door?
Quick Answer: 291
The Details: 373
(Select TWO)

Bollards and Fencing

A company is contracting with a third-party to find vulnerabilities that employees could possibly exploit on the company's internal networks. Which of the following would be the BEST way for the third-party to meet this requirement?

Run credentialed vulnerability scan

A company has recently moved from one accounting system to another, and the new system includes integration with many other divisions of the organization. Which of the following would ensure that the correct access has been provided to the proper employees in each division?

Permission and usage audit

An attacker has circumvented a web-based application to send commands directly to a database. Which of the following would describe this attack type?

A group of business partners is using blockchain technology to monitor and track raw materials and parts as they are transferred between companies. Where would a partner find these tracking details?

A network technician at a bank has noticed a significant decrease in traffic to the bank's public website. After additional investigation, the technician finds that users are being directed to a web site that looks similar to the bank's site but is not under the bank's control. Flushing the local DNS cache and changing the DNS entry does not have any effect. Which of the following has most likely occurred?

domain hijacking

A company runs two separate applications in their data center. The security administrator has been tasked with preventing all communication between these applications. Which of the following would be the BEST way to implement this security requirement?

A receptionist at a manufacturing company recently received an email from the CEO asking for a copy of the internal corporate employee directory. The receptionist replied to the email and attached a copy of the directory. It was later determined that the email address was not sent from the CEO and the domain associated with the email address was not a corporate domain name. What type of training could help prevent this type of situation in the future?

Recognizing social engineering

A company's security engineer is working on a project to simplify the employee onboarding and offboarding process. One of the project goals is to allow individuals to use their personal phones for work purposes. If the user leaves the company, the company data will be removed but the user's data would remain intact. Which of these technologies would meet this requirement?

Containerization

Which of the following will MOST likely adversely impact the operations of unpatched traditional programmable-logic controllers, running a backend LAMP server and OT systems with human-management interfaces that are accessible over the Internet via a web interface?

Weak encryption & Server-side request forgery

A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged corporate-owned mobile devices. Which of the following technologies would be BEST to balance the BYOD culture while also protecting the company's data?

Full-disk encryption

A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives?

Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.

A network engineer has been asked to investigate why several wireless barcode scanners and wireless computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and computers are all on forklift trucks and move around the warehouse during their regular use. Which of the following should the engineer do to determine the issue?

Perform a site survey & Create a heat map

A security administrator suspects an employee has been emailing proprietary information to a competitor. Company policy requires the administrator to capture an exact copy of the employee's hard disk. Which of the following should the administrator use?

Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?

Phishing and spear-phishing attacks have been occurring more frequently against a company's staff. Which of the following would MOST likely help mitigate this issue?

Exact mail exchanger records in the DNS

On which of the following is the live acquisition of data for forensic analysis MOST dependent?

Value and volatility of data & Right-to-audit clauses

Which of the following incident response steps involves actions to protect critical systems while maintaining business operations?

A security auditor is reviewing vulnerability scan data provided by an internal security team. Which of the following BEST indicates that valid credentials were used?

The scan enumerated software versions of installed programs

Which of the following BEST explains the difference between a data owner and a data custodian?

The data owner is responsible for determining how the data may be used, while the data custodian is responsible for implementing the protection to the data

A network engineer needs to build a solution that will allow guests at the company's headquarters to access the Internet via WiFi. This solution should not allow access to the internal corporate network, but it should require guests to sign off on the acceptable use policy before accessing the Internet. Which of the following should the engineer employ to meet these requirements?

Install a captive portal

Which of the following cloud models provides clients with servers, storage, and networks but nothing else?

A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of the following would BEST meet this objective?

Dual Power Supply & Off-site backups

An organization is developing an authentication service for use at the entry and exit ports of country borders. The service will use data feeds obtained from passport systems, passenger manifests, and high-denition video feeds from CCTV systems that are located at the ports. The service will incorporate machine- learning techniques to eliminate biometric enrollment processes while still allowing authorities to identify passengers with increasing accuracy over time. The more frequently passengers travel, the more accurately the service will identify them. Which of the following biometrics will MOST likely be used, without the need for enrollment?

An organization needs to implement more stringent controls over administrator/root credentials and service accounts.

Requirements for the project include:
- Check-in/checkout of credentials - The ability to use but not know the password
- Automated password changes
- Logging of access to credentials

Which of the following solutions would meet the requirements?

An OpenID Connect authentication system

Several employees return to work the day after attending an industry trade show. That same day, the security manager notices several malware alerts coming from each of the employee's workstations. The security manager investigates but nds no signs of an attack on the perimeter rewall or the NIDS. Which of the following is MOST likely causing the malware alerts?

A worm that has propagated itself across the intranet, which was initiated by presentation media

After reading a security bulletin, a network security manager is concerned that a malicious actor may have breached the network using the same software aw. The exploit code is publicly available and has been reported as being used against other industries in the same vertical. Which of the following should the network security manager consult FIRST to determine a priority list for forensic review?

The vulnerability scan output

A financial organization has adopted a new secure, encrypted document-sharing application to help with its customer loan process. Some important PII needs to be shared across this new platform, but it is getting blocked by the DLP systems. Which of the following actions will BEST allow the PII to be shared with the secure application without compromising the organization's security posture?

Configure the DLP policies to whitelist this application with the specific PII

An auditor is performing an assessment of a security appliance with an embedded OS that was vulnerable during the last two assessments. Which of the following BEST explains the appliance's vulnerable state?

The vendor has not supplied a patch for the appliance.

A pharmaceutical sales representative logs on to a laptop and connects to the public WiFi to check emails and update reports. Which of the following would be BEST to prevent other devices on the network from directly accessing the laptop?

Trusted platform module & a host-based firewall

A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly. Which of the following technologies should the IT manager use when implementing MFA?

Push notications

The CSIRT is reviewing the lessons learned from a recent incident. A worm was able to spread unhindered throughout the network and infect a large number of computers and servers. Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future?

Segment the network with firewalls

A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would BEST support the policy

A development team employs a practice of bringing all the code changes from multiple team members into the same development project through automation. A tool is utilized to validate the code and track source code through version control. Which of the following BEST describes this process?

Continuous integration

A cybersecurity administrator needs to add disk redundancy for a critical server. The solution must have a two-drive failure for better fault tolerance. Which of the following RAID levels should the administrator select?

Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?

The document is a honeyfile and is meant to attract the attention of a cyber intruder.

A small company that does not have security staff wants to improve its security posture. Which of the following would BEST assist the company?

An organization's help desk is flooded with phone calls from users stating they can no longer access certain websites. The help desk escalates the issue to the security team, as these websites were accessible the previous day. The security analysts run the following command: ipconfig /flushdns, but the issue persists. Finally, an analyst changes the DNS server for an impacted machine, and the issue goes away. Which of the following attacks MOST likely occurred on the original DNS server?

Domain Hijacking

A cybersecurity manager has scheduled biannual meetings with the IT team and department leaders to discuss how they would respond to hypothetical cyberattacks. During these meetings, the manager presents a scenario and injects additional information throughout the session to replicate what might occur in a dynamic cybersecurity event involving the company, its facilities, its data, and its staff. Which of the following describes what the manager is doing?

Conducting a tabletop exercise

A RAT that was used to compromise an organization's banking credentials was found on a user's computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set. Which of the following recommendations would BEST prevent this from reoccurring?

Enforce application whitelisting.

A security analyst is reviewing a new website that will soon be made publicly available. The analyst sees the following in the URL:

http://devsite.comptia.org/home/show.php?sessionID=77276554&loc=us

The analyst then sends an internal user a link to the new website for testing purposes, and when the user clicks the link, the analyst is able to browse the website with the following URL: http://dev-site.comptia.org/home/show.php?sessionID=98988475&loc=us Which of the following application attacks is being tested?

Cross-site request forgery

A network administrator has been asked to install an IDS to improve the security posture of an organization. Which of the following control types is an IDS?

Which of the following should be put in place when negotiating with a new vendor about the timeliness of the response to a signicant outage or incident?

A startup company is using multiple SaaS and IaaS platforms to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?

A root cause analysis reveals that a web application outage was caused by one of the company's developers uploading a newer version of the third-party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent the issue from reoccurring?

Containerization

A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to conrm the suspicions?

A company has drafted an insider-threat policy that prohibits the use of external storage devices. Which of the following would BEST protect the company from data exfiltration via removable media?

Blocking removable-media devices and write capabilities using a host-based security tool

A company provides mobile devices to its users to permit access to email and enterprise applications. The company recently started allowing users to select from several different vendors and device models. When configuring the MDM, which of the following is a key security implication of this heterogeneous device approach?

Certain devices are inherently less secure than others, so compensatory controls will be needed to address the delta between device vendors

An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the MOST acceptable?

In which of the following situations would it be BEST to use a detective control type for mitigation?

A company purchased an IPS system, but after reviewing the requirements, the appliance was supposed to monitor, not block, any trac.

The IT department's on-site developer has been with the team for many years. Each time an application is released, the security team is able to identify multiple vulnerabilities. Which of the following would BEST help the team ensure the application is ready to be released to production?

Submit the application to QA before releasing it.

A cybersecurity analyst needs to implement secure authentication to third-party websites without users' passwords. Which of the following would be the BEST way to achieve this objective?

An analyst needs to identify the applications a user was running and the les that were open before the user's computer was shut off by holding down the power button. Which of the following would MOST likely contain that information?

A remote user recently took a two-week vacation abroad and brought along a corporate-owned laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN. Which of the following is the MOST likely reason for the user's inability to connect the laptop to the VPN?

Due to foreign travel, the user's laptop was isolated from the network.

In which of the following common use cases would steganography be employed?

To secure an application after a large data breach, an e-commerce site will be resetting all users' credentials. Which of the following will BEST ensure the site's users are not compromised after the reset?

Encrypted credentials in transit

In which of the following risk management strategies would cybersecurity insurance be used?

An organization has implemented a policy requiring the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab. Which of the following did the organization determine to be the GREATEST risk to intellectual property when creating this policy?

Data exfiltration over a mobile hotspot

A security analyst is using a recently released security advisory to review historical logs, looking for the specific activity that was outlined in the advisory. Which of the following is the analyst doing?

Which of the following would MOST likely support the integrity of a voting machine?

Perfect forward secrecy

A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies?

The IT department at a university is concerned about professors placing servers on the university network in an attempt to bypass security controls. Which of the following BEST represents this type of threat?

A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers. Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:

anonymize any PII that is observed within the IoC data

While checking logs, a security engineer notices a number of end users suddenly downloading files with the .tar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring?

A RAT was installed and is transferring additional exploit tools.

An organization is developing a plan in the event of a complete loss of critical systems and data. Which of the following plans is the organization MOST likely developing?

Disaster recovery

Which of the following is the purpose of a risk register?

To identify the risk, the risk owner, and the risk measures

A university with remote campuses, which all use different service providers, loses Internet connectivity across all locations. After a few minutes, Internet and VoIP services are restored, only to go online again at random intervals, typically within four minutes of services being restored. Outages continue throughout the day, impacting all inbound and outbound connections and services. Services that are limited to the local LAN or WiFi network are not impacted, but all WAN and VoIP services are affected. Later that day, the edge-router manufacturer releases a CVE outlining the ability of an attacker to exploit the SIP protocol handling on devices, leading to resource exhaustion and system reloads. Which of the following BEST describe this type of attack?

DoS & Race condition

A company recently set up an e-commerce portal to sell its product online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard. Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?

Which of the following BEST describes a security exploit for which a vendor patch is not readily available?

The Chief Financial officer (CFO) of an insurance company received an email from Ann, the company's Chief Executive officer (CEO), requesting a transfer of $10,000 to an account. The email states Ann is on vacation and has lost her purse, containing cash and credit cards. Which of the following social-engineering techniques is the attacker using?

An organization wants to implement a third factor to an existing multifactor authentication. The organization already uses a smart card and password. Which of the following would meet the organization's needs for a third factor?

An employee has been charged with fraud and is suspected of using corporate assets. As authorities collect evidence, and to preserve the admissibility of the evidence, which of the following forensic techniques should be used?

Chain of Custody

A company wants to deploy PKI on its Internet-facing website. The applications that are currently deployed are:

-www.company.com (main website)
- contactus.company.com (for locating a nearby location)
- quotes.company.com (for requesting a price quote)

The company wants to purchase one SSL certificate that will work for all the existing applications and any future applications that follow the same naming conventions, such as store.company.com. Which of the following certificate types would BEST meet the requirements?

A Chief Security officer (CSO) is concerned about the amount of PII that is stored locally on each salesperson's laptop. The sales department has a higher-than- average rate of lost equipment. Which of the following recommendations would BEST address the CSO's concern?

Implement managed FDE.

A user contacts the help desk to report the following:
- Two days ago, a pop-up browser window prompted the user for a name and password after connecting to the corporate wireless SSID. This had never happened before, but the user entered the information as requested.
- The user was able to access the Internet but had trouble accessing the department share until the next day.
- The user is now getting notications from the bank about unauthorized transactions.

Which of the following attack vectors was MOST likely used in this scenario?

Rogue Access Point

A host was infected with malware. During the incident response, Joe, a user, reported that he did not receive any emails with links, but he had been browsing the Internet all day. Which of the following would MOST likely show where the malware originated?

A recently discovered zero-day exploit utilizes an unknown vulnerability in the SMB network protocol to rapidly infect computers. Once infected, computers are encrypted and held for ransom. Which of the following would BEST prevent this attack from reoccurring?

configure the perimeter firewall to deny inbound external connections to SMB ports.

Joe, an employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm Joe's identity before sending him the prize. Which of the following BEST describes this type of email?

Which of the following refers to applications and systems that are used within an organization without consent or approval?

A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect these designs?

A company processes highly sensitive data and senior management wants to protect the sensitive data by utilizing classification labels. Which of the following access control schemes would be BEST for the company to implement?

Which of the following policies would help an organization identify and mitigate potential single points of failure in the company's IT/security operations?

separation of duties

Which of the following would be the BEST method for creating a detailed diagram of wireless access points and hotspots?

A user enters a password to log in to a workstation and is then prompted to enter an authentication code. Which of the following MFA factors or attributes are being utilized in the authentication process?

Something you know & Something you have

When selecting a technical solution for identity management, an architect chooses to go from an in-house solution to a third-party SaaS provider. Which of the following risk management strategies is this an example of?

A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal?

Tokenizing the credit cards in the database

A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would MOST likely have prevented this breach?

A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would MOST likely have prevented this breach?

Users have been issued smart cards that provide physical access to a building. The cards also contain tokens that can be used to access information systems. Users can log in to any thin client located throughout the building and see the same desktop each time. Which of the following technologies are being utilized to provide these capabilities?

The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve security in the environment and protect patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO's concerns?

SSO would reduce the resilience and availability of systems if the identity provider goes oine

A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patching routine. Which of the following steps should also be taken to harden the smart switch?

Change the default password for the switch

A cybersecurity administrator has a reduced team and needs to operate an on-premises network and security infrastructure efficently. To help with the situation, the administrator decides to hire a service provider. Which of the following should the administrator use?

A security assessment determines DES and 3DES are still being used on recently deployed production servers. Which of the following did the assessment identify?

Weak Encryption

Which of the following types of controls is a turnstile?

Which of the following describes the BEST approach for deploying application patches?

Apply the patches to systems in a testing environment, then to systems in a staging environment, and finally to production systems

After entering a username and password, an administrator must draw a gesture on a touch screen. Which of the following demonstrates what the administrator is providing?

Something you can do

An organization suffered an outage, and a critical system took 90 minutes to come back online. Though there was no data loss during the outage, the expectation was that the critical system would be available again within 60 minutes. Which of the following is the 60-minute expectation an example of

Joe, a user at a company, clicked an email links that led to a website that infected his workstation. Joe was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and it has continued to evade detection. Which of the following should a security administrator implement to protect the environment from this malware?

Implement a heuristic behavior-detection solution.

An organization is concerned that its hosted web servers are not running the most updated version of the software. Which of the following would work BEST to help identify potential vulnerabilities?

nmap comptia.org ""p 80 ""sV

A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?

A security analyst is performing a forensic investigation involving compromised account credentials. Using the Event Viewer, the analyst was able to detect the following message: "Special privileges assigned to new logon." Several of these messages did not have a valid logon associated with the user before these privileges were assigned. Which of the following attacks is MOST likely being detected?

A systems administrator needs to implement an access control scheme that will allow an object's access policy to be determined by its owner. Which of the following access control schemes BEST ts the requirements

Discretionary access control

A cybersecurity analyst reviews the log less from a web server and sees a series of less that indicate a directory-traversal attack has occurred. Which of the following is the analyst MOST likely seeing?

http://sample.url.com/someotherpageonsite/../../../etc/shadow

A company has limited storage space available and an online presence that cannot be down for more than four hours. Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time in the event of a failure, while being mindful of the limited available storage space?

Implement differential backups every Sunday at 8:00 p.m. and nightly incremental backups at 8:00 p.m

An organization has a growing workforce that is mostly driven by additions to the sales department. Each newly hired salesperson relies on a mobile device to conduct business. The Chief Information Officer (CIO) is wondering if the organization may need to scale down just as quickly as it scaled up. The CIO is also concerned about the organization's security and customer privacy. Which of the following would be BEST to address the CIO's concerns

Implement BYOD for the sales department while leveraging the MDM.

A malicious actor recently penetrated a company's network and moved laterally to the datacenter. Upon investigation, a forensics rm wants to know what was in the memory on the compromised server. Which of the following les should be given to the forensics rm?

A public relations team will be taking a group of guests on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against:

loss of proprietary information

The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of a:

data processor.

A network engineer is troubleshooting wireless network connectivity issues that were reported by users. The issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return to their desks after using their devices in other areas of the building. There have also been reports of users being required to enter their credentials on web pages in order to gain access to them. Which of the following is the MOST likely cause of this issue?

An external access point is engaging in an evil-twin attack.

A security administrator needs to create a RAID configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drives will fail simultaneously. Which of the following RAID configurations should the administrator use?

A company's Chief Information Officer (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company's developers. Which of the following would be MOST suitable for training the developers?

Basic awareness training

A security analyst needs to generate a server certificate to be used for 802.1X and secure RDP connections. The analyst is unsure what is required to perform the task and solicits help from a senior colleague. Which of the following is the FIRST step the senior colleague will most likely tell the analyst to perform to accomplish this task?

Generate a CSR.

Under GDPR, which of the following is MOST responsible for the protection of privacy and website user rights?

A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?

Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.

A global pandemic is forcing a private organization to close some business units and reduce stang at others. Which of the following would be BEST to help the organization's executives determine their next course of action?

A business continuity plan

Which of the following describes the ability of code to target a hypervisor from inside a guest OS?

After a ransomware attack, a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the company MOST likely review to trace this transaction?

Which of the following ISO standards is certified for privacy?

A document that appears to be malicious has been discovered in an email that was sent to a company's Chief Financial Officer (CFO). Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?

Search for matching file hashes on malware websites.

A security analyst is running a vulnerability scan to check for missing patches during a suspected security incident. During which of the following phases of the response process is this activity MOST likely occurring?

Which of the following is a team of people dedicated to testing the effectiveness of organizational security programs by emulating the techniques of potential attackers?

A security analyst discovers that a company's username and password database was posted on an Internet forum. The usernames and passwords are stored in plain text. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

Implement salting and hashing.

Which of the following are requirements that must be configured for PCI DSS compliance?

Installing and maintaining a web proxy to protect cardholder data & Encrypting transmission of cardholder data across private networks

A security analyst needs to be proactive in understanding the types of attacks that could potentially target the company's executives. Which of the following intelligence sources should the security analyst review?

Industry information-sharing and collaboration groups

A security audit has revealed that a process control terminal is vulnerable to malicious users installing and executing software on the system. The terminal is beyond end-of-life support and cannot be upgraded, so it is placed on a protected network segment. Which of the following would be MOST effective to implement to further mitigate the reported vulnerability

Application whitelisting

A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site. Upon investigation, a security analyst identities the following:

- The legitimate website's IP address is 10.1.1.20 and eRecruit.local resolves to this IP.
- The forged website's IP address appears to be 10.2.12.99, based on NetFlow records.
- All three of the organization's DNS servers show the website correctly resolves to the legitimate IP.
- DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise.

Which of the following MOST likely occurred?

An SSL strip MITM attack was performed.

An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network trac to the server and transfers the pcap back to the machine for analysis. Which of the following tools should the analyst use to further review the pcap?

A company uses wireless for all laptops and keeps a very detailed record of its assets, along with a comprehensive list of devices that are authorized to be on the wireless network. The Chief Information Officer (CIO) is concerned about a script kiddie potentially using an unauthorized device to brute force the wireless PSK and obtain access to the internal network. Which of the following should the company implement to BEST prevent this from occurring?

A vulnerability assessment report will include the CVSS score of the discovered vulnerabilities because the score allows the organization to better:

prioritize remediation of vulnerabilities based on the possible impact.

A security engineer is reviewing log les after a third party discovered usernames and passwords for the organization's accounts. The engineer sees there was a change in the IP address for a vendor website one week earlier. This change lasted eight hours. Which of the following attacks was MOST likely used?

A company recently moved sensitive videos between on-premises, company-owned websites. The company then learned the videos had been uploaded and shared to the Internet. Which of the following would MOST likely allow the company to nd the cause?

A right-to-audit clause

A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company's security manager notices the generator's IP is sending packets to an internal le server's IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

Firewall whitelisting

Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the real data?

A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to the account and pivot throughout the global network. Which of the following would be BEST to help mitigate this concern?

Create different accounts for each region, each configured with push MFA notifications

A software developer needs to perform code-execution testing, black-box testing, and non-functional testing on a new product before its general release. Which of the following BEST describes the tasks the developer is conducting?

A security analyst is configuring a large number of new company-issued laptops. The analyst received the following requirements:
- The devices will be used internationally by staff who travel extensively.
- Occasional personal use is acceptable due to the travel requirements.
- Users must be able to install and configure sanctioned programs and productivity suites. - The devices must be encrypted.
- The devices must be capable of operating in low-bandwidth environments. Which of the following would provide the GREATEST benefit to the security posture of the devices?

Setting the antivirus DAT update schedule weekly

An organization has decided to host its web application and database in the cloud. Which of the following BEST describes the security concerns for this decision?

The cloud vendor is a new attack vector within the supply chain.

An organization that is located in a flood zone is MOST likely to document the concerns associated with the restoration of IT operations in a:

disaster recovery plan.

A user received an SMS on a mobile phone that asked for bank details. Which of the following social-engineering techniques was used in this case?

Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?

Watering-hole attack

Which of the following will provide the BEST physical security countermeasures to stop intruders?

Fencing & Sensors

A security analyst is looking for a solution to help communicate to the leadership team the severity levels of the organization's vulnerabilities. Which of the following would BEST meet this need?

A security incident may have occurred on the desktop PC of an organization's Chief Executive Officer (CEO). A duplicate copy of the CEO's hard drive must be stored securely to ensure appropriate forensic processes and the chain of custody are followed. Which of the following should be performed to accomplish this task?

Refrain from completing a forensic analysis of the CEO's hard drive until after the incident is confirmed; duplicating the hard drive at this stage could destroy evidence.

The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer (CIO) believes the company can implement some basic controls to mitigate the majority of the risk. Which of the following would be BEST to mitigate the CEO's concerns?

Geolocation & . Time-of-day restrictions

In the middle of a cyberattack, a security engineer removes the infected devices from the network and locks down all compromised accounts. In which of the following incident response phases is the security engineer currently operating?

The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process?

Updating the playbooks with better decision points

A network administrator is setting up wireless access points in all the conference rooms and wants to authenticate devices using PKI. Which of the following should the administrator configure?

Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company's final software releases?

Unsecure protocols & weak passworda

A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers, the company is unable to upgrade the encryption standard. Which of the following types of controls should be used to reduce the risk created by this scenario?

An organization just experienced a major cyberattack incident. The attack was well coordinated, sophisticated, and highly skilled. Which of the following targeted the organization?

A security analyst has received an alert about PII being sent via email. The analyst's Chief Information Security Officer (CISO) has made it clear that PII must be handled with extreme care. From which of the following did the alert MOST likely originate?

Sets found in the same folder

Security+ 601

251 terms

Security+ 601 Practice Questions

187 terms

Security+ 601 Part 1

195 terms

Security+ 601 Practice Questions 2:

163 terms

Other sets by this creator

Air Force Chain of Command

21 terms

Ranks & Recognizing Them

21 terms

Verified questions

other

What is the location of each of the six Zone Control System?

Verified answer

other

Tho Umayyad caliphs expanded the empire by ___

Verified answer

other

Which of the following are true about marijuana: A. It can impair learning and memory B. It can bring upon panic attacks or anxiety C. It can become addictive D. All of the above

Verified answer

other

What should a sailboat operator do when approaching a pwc head-on?

Verified answer

Other Quizlet sets

SCM

278 terms

AHTG Test 5 Answers

50 terms

C120: Ch. 9 The Underwriting Environment

11 terms

Test 1

40 terms