hello quizlet
Home
Subjects
Expert solutions
Create
Study sets, textbooks, questions
Log in
Sign up
Upgrade to remove ads
Only $35.99/year
Security+
Flashcards
Learn
Test
Match
Flashcards
Learn
Test
Match
Terms in this set (180)
Which of the following attacks uses precomputed hashes?
A: Dictionary
B: Cipher text
C: Replay
D: Rainbow tables
- Dictionary
A security team has received more than 50 antivirus alerts from a user's workstation. The alerts were caused by the process of compiling software that executes a PowerShell script. No further indicators of malicious activity have been reported. Which of the following BEST describes what took place? (Select TWO).
A: Heuristic-based detection
B: Authentication-based detection
C: Signature-based detection
D: True positive
E: True negative
F: False positive
- Heuristic-based detection
- False positive
Joe, a security analyst, needs to determine why the wireless network appears to be randomly connecting and disconnecting. Joe notes that only the expected SSID appears, and the WAP MAC address matches. Given that the WAP connection has to be confirmed, which of the following is MOST likely the type of wireless attack being seen?
A: Evil twin
B: Disassociation
C: Rogue AP
D: Brute force
- Disassociation
A developer has just finished coding a custom web application and would like to test it for bugs by automatically injecting malformed data into it. Which of the following is the developer looking to perform?
A: Fuzzing
B: Stress testing
C: Sandboxing
D: Normalization
- Fuzzing
A social media platform was recently breached, and millions of user credentials were made available to malicious attackers. The Chief Information Security Officer (CISO) at a company is trying to prevent the company's user accounts from being hijacked. Which of the following should the CISO do? (Select TWO).
A: Restrict users from reusing any previous passwords.
B: Enable time-of-day restrictions to block users from logging in at night.
C: Require all affected users to recreate accounts.
D: Enforce password complexity that uses symbols and numbers.
E: Reset all user accounts with passwords that have fewer than ten characters.
F: Force the affected users to change their passwords.
- Restrict users from reusing any previous passwords.
- Force the affected users to change their passwords.
Which of the following BEST describes the concept of persistence in the context of penetration testing?
A: The capability of maintaining service availability during a sustained DDoS attack, providing persistent service.
B: The property of a system used by penetration testers to exploit long-running network connections.
C: The state where an attacker can interact with a network host's Internet-facing resources at will.
D: The ability of an attacker to retain access to a system despite the best efforts to dislodge an attacker.
- The ability of an attacker to retain access to a system despite the best efforts to dislodge an attacker.
A security administrator recently discovered the AAA server is receiving cleartext credentials from network infrastructure devices. Which of the following should the administrator configure to enable encryption?
A: PAP
B: TACACS+ attributes
C: IPSec
D: Kerberos
- TACACS+ attributes
Which of the following BEST describes suspicious emails that are sent to high-level executives asking for credentials while falsely claiming to be from the IT department?
A: Brute forcing
B: Impersonating
C: Vishing
D: Tailgating
E: Spear phishing
- Spear phishing
An employee of a large payroll company has a machine that recently started locking up randomly with greatly increased processor consumption. Which of the following is the FIRST action an analyst should take to investigate this potential loss?
A: Actively monitor traffic from the system to see if there is some form of command and control.
B: Capture a memory dump of the system for further evaluation of malicious processes.
C: Reimage the machine from a known-good image and get it back to the employee.
D: Take a full disk image of the filesystem to analyze files for possible malicious activity.
- Capture a memory dump of the system for further evaluation of malicious processes.
Which of the following is a characteristic unique to a Type 1 hypervisor?
A: Memory is directly controlled by the hypervisor.
B: There is support for two or more operating systems to run simultaneously.
C: It has the ability to pass through peripheral devices to the guest operating systems.
D: Snapshots of the guest operating systems can be taken.
- Memory is directly controlled by the hypervisor.
An administrator needs to implement a connection to a supplier for confidential order processing and also provide a method for support engineers in the field to connect to the ERP. Which of the following should the administrator implement?
A: A remote access VPN for the supplier and a site-to-site VPN for the field engineers
B: A full-tunnel VPN for the supplier and a split-tunnel VPN for the field engineers
C: A VPN concentrator for the supplier and an SSL accelerator for the field engineers
D: An IPSec VPN connection for the supplier and SSL VPN connections for the field engineers
- An IPSec VPN connection for the supplier and SSL VPN connections for the field engineers
Which of the following would be BEST to balance time constraints with risk reduction prior to deploying patches or upgrading applications?
A: Creating a system snapshot
B: Performing a full system backup
C: Ramping up and increasing VM resources
D: Ensuring elastic resource failover is configured
- Creating a system snapshot
A user's company-issued computer is low on memory and runs slowly when the user opens multiple applications. The user is unable to run the company's antivirus software. After rebooting, the issues still occur. Which of the following attacks is the computer experiencing?
A: Rootkit
B: Ransomware
C: Backdoor
D: Cryptomalware
- Rootkit
A long-time employee at a small company recently quit. The employee had access to many files and services. The IT department has been informed that a new hire will be starting the following day and will need access to all the same resources. Which of the following steps should the IT department perform to secure the network and prepare for the new employee?
A: Back up the former employee's files and create a shared folder.
B: Disable the former employee's user account and replicate the permissions.
C: Create a group and place both users in it.
D: Delete the former employee's user account and create a new user.
- Disable the former employee's user account and replicate the permissions.
A company's datacenter was damaged by coastal flooding. Which of the following risk responses would BEST describe the company's decision to relocate the datacenter 30mi (48km) from the coast?
A: Transference
B: Avoidance
C: Acceptance
D: Mitigation
- Mitigation
A security technician has been asked to respond to a recent audit that states:
A: An application server is transmitting credentials to the database server in cleartext.
B: The Windows servers are not properly synchronizing time with the corporate NTP server.
C: Which of the following tools were MOST likely used in this assessment? (Select TWO).
D: A configuration compliance scanner
E: A wireless scanner
F: A password cracker
G: A honeypot
H: A protocol analyzer
I: A port scanner
- A configuration compliance scanner
- A protocol analyzer
Which of the following data types is specifically protected when implementing the PCI DSS framework?
A: Investment data
B: PHI data
C: Credit card data
D: Financial data
- Credit card data
Joe, a user, visited a banking website from a saved bookmark and logged in with his credentials. After logging in, Joe discovered he could not access any resources, and none of his account information would display. The next day, the bank called to report his account had been compromised. Which of the following MOST likely would have prevented this from occurring?
A: SSH
B: TLS
C: LDAPS
D: DNSSEC
- TLS
A USB blocking policy can be BEST implemented with the deployment of:
A: SIEM.
B: DLP.
C: media gateway.
D: NIDS.
- DLP.
A network administrator has been tasked with monitoring all the information systems on a distributed network. The administrator must be able to securely monitor whether the system is up and operational but is not required to configure or access the system remotely. Which of the following would allow the administrator to BEST perform this function?
A: SSH
B: SNMPv3
C: ICMP request
D: RDP
- SNMPv3
Which of the following can be used for the encryption of communication between two parties who are unable to agree on a common key in advance?
A: SHA
B: RC4
C: RSA
D: AES
- RSA
The Chief Information Security Officer (CISO) at a company is concerned about the amount of PII being transmitted over the Internet via email. The CISO wants to encrypt all email with asymmetric cryptography to ensure privacy of the messages. Which of the following should be implemented to meet this goal?
A: SRTP
B: S/MIME
C: LDAPS
D: SMTP
- S/MIME
Joe, a network administrator, ran a utility to perform banner grabbing to look for an older version of FTP service running on the servers. Which of the following BEST describes the underlying purpose of this approach?
A: Identify lack of security controls
B: Identify misconfigurations
C: Identify vulnerabilities
D: Identify poor firewall rules
- Identify vulnerabilities
Which of the following has a direct impact on whether a company can meet the RTO?
A: MTTR
B: MTBF
C: ARO
D: RPO
- RPO
A critical web application experiences slow response times during the end of a company's fiscal year. This web application typically sees a 35% increase in utilization during this time. The Chief Information Officer (CIO) wants an automated solution in place to deal with the annual spike. Which of the following does the CIO MOST likely want to implement?
A: Scalability
B: Elasticity
C: Redundancy
D: High availability
- Elasticity
Which of the following should be implemented when there is a need for a physically isolated network?
A: Firewall
B: DMZ
C: Geofencing
D: Air gap
- Air gap
An organization is collecting logs from its critical infrastructure, and a large number of the events are common system activities with identical logs. This is causing the SIEM to consume a large amount of disk space, which may result in the organization having to purchase additional disks to store the logs. Which of the following should the organization do to help mitigate this problem?
A: Enable event deduplication.
B: Enable log correlation.
C: Enable log aggregation.
D: Enable log filtering.
- Enable event deduplication.
A government contractor has a security requirement that any service in use must not be accessible by a non-governmental agency. The contractor is trying to reduce costs by moving the on-premises virtual servers to the cloud in a single-tenant environment. Which of the following would BEST meet the requirements?
A: Public PaaS
B: Public SaaS
C: Public IaaS
D: Private PaaS
E: Private SaaS
F: Private IaaS
- Private IaaS
A security administrator needs to have third-party connections for limited time periods on site. Which of the following solutions would MOST likely need to be created to segregate those connections from the corporate network?
A: A DMZ subnet
B: Clientless VPN access
C: A wireless guest network
D: A honeynet
- A wireless guest network
An environmentally friendly company recently converted from a tape to a cloud-based backup. A technician needs to recycle the tape material without compromising the company's data. Which of the following data destruction methods should the technician use?
A: Purging
B: Degaussing
C: Pulping
D: Burning
- Degaussing
Which of the following would have the GREATEST impact on the supporting database server if input handling is not properly implemented on a web application?
A: Server-side request forgery
B: Cross-site request forgery
C: Insecure direct object reference
D: Command injection
E: Cross-site scripting
- Command injection
Which of the following is a type of attack in which a hacker leverages previously obtained packets to gain access to a wireless network?
A: Replay attack
B: ARP poisoning
C: Bluesnarfing
D: IP spoofing
- Replay attack
Users accessing the ERP are indicating they cannot log on due to a certificate error. An analyst determines the current SSL certificate was compromised. Which of the following can the analyst use to revoke the certificate? (Select TWO).
A: A private key
B: OCSP
C: A CSR
D: Chaining
E: A CRL
F: Key escrow
- OCSP
- A CRL
The help desk received a call after hours from an employee who was attempting to log into the payroll server remotely. When the help desk returned the call the next morning, the employee was able to log into the server remotely without incident. However, the incident occurred again the next evening. Which of the following BEST describes the cause of the issue?
A: The password expired on the account and needed to be reset.
B: The employee does not have the rights needed to access the database remotely.
C: Time-of-day restrictions prevented the account from logging in.
D: The employee's account was locked out and needed to be unlocked.
- Time-of-day restrictions prevented the account from logging in.
After receiving an alert regarding an anomaly in network traffic spikes, a security analyst discovered a web server has a web-enabled application. The application was recently installed and was being used by a group of developers that shared a set of default credentials. During a switch migration, the server was unintentionally plugged into a switchport that was configured for DMZ access. The analysis provided evidence showing the server was being accessed from international IP addresses via the web-enabled application and used to process and print shipping labels. Which of the following would prevent this from happening?
A: Ensure the server operating system is part of the patch management process.
B: Disable default usernames/passwords and unnecessary ports.
C: Use DLP to prevent the use of USB printers and drives on the server.
D: Implement NAT between the DMZ and the internal network.
- Implement NAT between the DMZ and the internal network.
A company wants to deploy multifactor authentication while minimizing the cost. Which of the following will the company MOST likely choose?
A: A hardware token
B: An iris scanner
C: A software TOTP
D: Facial recognition
- A software TOTP
Ephemeral algorithms should be used to obtain:
A: collision avoidance.
B: key strength.
C: forward secrecy.
D: obfuscation.
- forward secrecy.
A security analyst used a vulnerability scanning tool to scan a company's network. The analyst was able to identify network devices, their IP addresses, MAC addresses, and open ports. However, when running a scan to identify elevated permission levels for user accounts in the domain, the scan could not complete. Which of the following is the MOST likely cause of the error?
A: The tool ran a passive vulnerability scan.
B: The tool identified a false positive result in the domain.
C: The tool did not have the required domain credentials.
D: The tool did not have the ICMP protocol configured.
- The tool did not have the required domain credentials.
A business sector is highly competitive, and safeguarding trade secrets and critical information is paramount. On a seasonal basis, an organization employs temporary hires and contractor personnel to accomplish its mission objectives. The temporary and contract personnel require access to network resources only when on the clock. Which of the following account management practices are the BEST ways to manage these accounts?
A: (Select TWO).
B: Employ time-of-day restrictions.
C: Employ password complexity.
D: Employ a random key generator strategy.
E: Employ an account expiration strategy.
F: Employ a password lockout policy.
- Employ time-of-day restrictions.
- Employ an account expiration strategy.
A network security administrator is implementing a technology that follows the concept of zero trust. Every session that flows through this particular firewall must also be authenticated. Which of the following types of implementation will the administrator MOST likely select?
A: UTM
B: SDN
C: RBAC
D: NAC
- NAC
A security analyst is conducting a vulnerability scan and comes across a scheduled task that runs a batch script. The analyst sees the following text when viewing the batch script's contents:
A: net use \\dc01\publicshare\files 1q2w3e4r /USER:ServiceAcct
B: copy \
.bak \\dc01\publicshare\files\
.bak
C: Which of the following is the MOST likely reason for the analyst to flag this task?
D: The credentials are not encrypted.
E: The files are being sent to a public share.
F: The wildcard parameters are incorrectly set.
G: The password does not meet the minimum requirements.
- The wildcard parameters are incorrectly set.
Which of the following enables a corporation to extend local security policies to corporate resources hosted in a CSP's infrastructure?
A: PKI
B: CRL
C: Directory services
D: CASB
E: VDI
- CASB
A database application will no longer have vendor support at the end of the year. Which of the following is a risk associated with not upgrading the software?
A: The code will be made open source.
B: New vulnerabilities will not be patched.
C: The database will no longer keep audit logs.
D: Read and write times will decrease.
- New vulnerabilities will not be patched.
An organization that recently experienced several different phishing attacks has hired a security consultant to suggest improvements. Which of the following is the BEST recommendation the consultant can provide?
A: Perform stricter email filtering and block all attachments.
B: Disable unnecessary web services on any servers and hosts.
C: Provide regular, comprehensive awareness training to users.
D: Conduct periodic vulnerability assessments to address risks.
- Provide regular, comprehensive awareness training to users.
Which of the following is a symmetric encryption algorithm that applies the encryption over multiple iterations?
A: RC4
B: RSA
C: 3DES
D: SHA
- 3DES
An administrator wants to increase the ease of use for employees by allowing a successful authentication from the network through LDAP to be passed to the ERP system for access. This implementation is an example of:
A: transitive trust.
B: federation.
C: two-factor authentication.
D: single sign-on.
- transitive trust.
Smart home devices that are always on or connected, such as HVAC system components, introduce SOHO networks to risks because of:
A: default factory settings and constant communication channels to cloud servers.
B: strong passwords, which are not known by SOHO administrators, preventing security patching.
C: IoT devices requiring constant Internet access for license validation.
D: automatic firmware updates constantly shifting the threat landscape.
- default factory settings and constant communication channels to cloud servers.
When investigating an incident, which of the following is crucial to preserve the integrity of an artifact under investigation in a court of law?
A: Internal incident response plan
B: Order of volatility
C: Legal hold
D: Witness interviews
E: Chain of custody
F: Mirror images with recorded checksums
- Chain of custody
The Chief Information Officer (CIO) and Chief Information Security Officer (CISO) are discussing the best way for an organization to maintain its current email capabilities while moving to a cloud-based solution. The CIO is primarily concerned about the cost, while the CISO has security and privacy issues to address. The CIO wants to host email in a low-cost geographic region, but the CISO is unsure about this option. The CISO is MOST
A: likely concerned about:
B: higher latency and less availability in the international region.
C: the less expensive region having more malicious attackers.
D: adhering to data sovereignty rules and laws.
E: ownership of the data that is being transferred to the provider.
- adhering to data sovereignty rules and laws.
After discovering a buffer overflow vulnerability in an application, the security analyst needs to report it to the development team leader. Which of the following are MOST likely to appear in the impact section of the report? (Select TWO).
A: An attacker can obtain privileged data handled by the application.
B: An attacker can inject DLLs into the server via the application.
C: An attacker can pivot to other servers using the application.
D: An attacker can execute arbitrary code using the application.
E: An attacker can execute a DDoS on the server.
- An attacker can inject DLLs into the server via the application.
- An attacker can execute arbitrary code using the application.
A penetration tester has been hired to scan a company's network for potentially active hosts. The company's IPS system blocks the ICMP echo reply and echo request packets. Which of the following can be used to scan the network?
A: OSPF
B: ARP
C: IPSec
D: Ping
- ARP
Which of the following is a preventive control?
A: CCTV
B: IDS
C: Lights
D: ACL
E: Fence
- ACL
A bank with high-profile customer accounts is concerned about collusion and fraud occurring between staff and customers at a specific branch. Which of the following best practices would help detect any fraudulent activities?
A: Acceptable use policy
B: Continuous network monitoring
C: Job rotation
D: Least privilege
E: Separation of duties
- Job rotation
An organization requires three separate factors for authentication to sensitive systems. Which of the following would BEST satisfy the requirement?
A: Fingerprint, PIN, and mother's maiden name
B: One-time password sent to a smartphone, thumbprint, and home street address
C: Fingerprint, voice recognition, and password
D: Password, one-time password sent to a smartphone, and text message sent to a smartphone
- One-time password sent to a smartphone, thumbprint, and home street address
Employees receive a benefits enrollment email from the company's human resources department at the beginning of each year. Several users have reported receiving the email but are unable to log in to the website with their usernames and passwords. Users who enter the URL for the human resources website can log in without issue. Which of the following security issues is occurring?
A: Several users' computers were not configured to use HTTPS to access the website.
B: The human resources servers received a large number of requests, resulting in a DoS.
C: The internal DNS server was compromised, directing users to a hacker's server.
D: Users received a social engineering email and were directed to an external website.
- Users received a social engineering email and were directed to an external website.
A security analyst reviews the following log entry:
A: 2017-01-13 1622CST 10.11.24.18 93242 148 TCP HIT 200.200.0.223
B: OBSERVED POST HTTP/1.1.0 "Mozilla 1.0" www.dropbox.com
C: Financial_Report_2016_CONFId.pdf, 13MB, MS-RTC IMO; .NET
D: CLR 3.0.4509.1392; Jane.Doe
E: Which of the following security issues can the analyst identify?
F: Data exfiltration
G: Access violation
H: Social engineering
I: Unencrypted credentials
- Data exfiltration
Which of the following helps find current and future gaps in an existing COOP?
A: Vulnerability assessment
B: Lessons learned
C: Tabletop exercise
D: After-action report
- Tabletop exercise
Which of the following is a difference between hashing and encryption?
A: Hashing algorithms are symmetric and encryption algorithms are asymmetric.
B: Hashing uses 160-bit keys, while encryption provides multiple key lengths.
C: Hashing supports integrity, while encryption supports both integrity and confidentiality.
D: Hashing provides variable-length output, while encryption provides fixed-length output.
- Hashing supports integrity, while encryption supports both integrity and confidentiality.
Which of the following are examples of two-factor authentication? (Select THREE).
A: Voice recognition and fingerprint
B: Proximity reader and password
C: User ID and password
D: Smart card and PIN
E: Password and TOTP
F: Smart card and ID badge
- Proximity reader and password
- Smart card and PIN
- Password and TOTP
During an investigation of a recent security breach, a team learned that a similar breach occurred eight months ago and was successfully mitigated. Which of the following steps of the incident response process did the organization fail to implement?
A: Recovery
B: Lessons learned
C: Containment
D: Identification
- Lessons learned
Which of the following generates reports that show the number of systems that are associated with POODLE, 3DES, and SMBv1 listings?
A: A protocol analyzer
B: A UTM appliance
C: A vulnerability scanner
D: A honeypot
- A vulnerability scanner
Which of the following cryptographic algorithms can be used for full-disk encryption?
A: AES
B: SHA-256
C: PBKDF2
D: RSA
- AES
During a recent security audit, an organization discovered that server configurations were changed without documented approval. The investigators have confirmed that configuration changes require elevated permissions, and the investigation has failed to identify specific user accounts that are making the configuration changes. Which of the following is MOST likely occurring?
A: Users have been sharing superuser account passwords.
B: Privileged accounts are being used by systems administrators.
C: Intruders have compromised the servers and enabled guest accounts.
D: Administrators are logging in to the servers using service accounts.
- Users have been sharing superuser account passwords.
Which of the following systems, if compromised, may cause a denial of service to the use of a smart TV?
A: SCADA
B: IoT
C: HVAC
D: UAV
- UAV
An auditor asks the security team to provide tangible proof that the following hardening principles are applied to the servers in a DMZ. Some examples of items the auditor is looking for include:
A: Disabling anonymous share access
B: Disabling null sessions
C: Disabling NTLM usage
D: Which of the following is the BEST tool to utilize to comply with the request in an ongoing manner?
E: Configuration compliance scan
F: Export GPO settings into CSV
G: Credentialed vulnerability scan
H: Patch management tool
- Configuration compliance scan
An analyst is trying to obtain a signed certificate from a CA by pasting a public key into the CA's web request form: however, it does not work, and an error is generated. Which of the following does the analyst need to paste into the web request form?
A: A private key
B: A CSR
C: The OID
D: A certificate chain
- The OID
A law firm wants to protect its customers' individual information, which is stored at a remote facility, from inadvertently being compromised through a violation of the security objectives. Which of the following BEST describes the customer information that is being stored at this facility?
A: Trade secrets
B: Personal health information
C: Proprietary
D: Confidential
- Confidential
A penetration tester has successfully accessed a web server using an exploit in the user-agent string for Apache Struts. The tester then brute forces a credential that provides access to the back-end database server in a different subnet. This is an example of:
A: persistence.
B: pivoting.
C: escalation of privilege.
D: a remote access Trojan.
- pivoting.
Which of the following can be used to prevent SQL injection?
A: Encryption
B: Error handling
C: Input validation
D: Code signing
- Input validation
Which of the following attacks rely on exploiting the finite number of open TCP connections on a server? (Select TWO).
A: Buffer overflow
B: Man in the middle
C: SYN flooding
D: DoS
E: DNS poisoning
F: IP spoofing
- SYN flooding
- DoS
A Chief Security Officer (CSO) has implemented a policy to prevent the reuse of hard drives due to the risk of information spillage to unauthorized users. Which of the following would be the MOST practical process to decommission the workstations?
A: Remove all the hard drives and dispose of them in the trash.
B: Remove all the hard drives and shred the disks.
C: Remove all the hard drives and degauss them.
D: Remove all the hard drives and purge them.
- Remove all the hard drives and shred the disks.
A company that provides IT services to the federal government wants to expand to provide services to other governments. The company wants to use an industry standard framework to guide it through the expansion. Which of the following framework categories will the company MOST likely select?
A: International
B: Industry-specific
C: Proprietary
D: Regulatory
- Regulatory
A company wants to provide a guest wireless system for its visitors. The system should have a captive portal for guest self-registration and protect guest devices from spreading malware to other connected devices. Which of the following should be done on the wireless network to satisfy these requirements? (Select TWO).
A: Configure WRA2-PSIS.
B: Configure a wireless IDS.
C: Use an open authentication system.
D: Enforce 802.1X with PEAP.
E: Disable SSID broadcasting.
F: Enable client isolation.
- Use an open authentication system.
- Enable client isolation.
A user's laptop is being analyzed because malware was discovered. The forensics analyst has taken the laptop off the corporate network. Following order of volatility, which of the following actions should be performed FIRST?
A: Engage the human resources department.
B: Clone the hard drive for analysis.
C: Dump the contents of the laptop's memory.
D: Inform law enforcement.
E: Take hashes of data
- Dump the contents of the laptop's memory.
Which of the following provides the ability to attest to the integrity of a system from the initiation of an incident to the time the incident is litigated?
A: Chain of custody
B: Data encryption
C: Legal holds and preservation
D: Screenshots and witness interviews
- Chain of custody
During an assessment, a security analyst was asked to use a service account to perform a vulnerability scan against the main application server. Which of the following BEST classifies this type of test?
A: Non-intrusive test
B: Credentialed test
C: Escalation of privilege test
D: Initial exploitation test
- Credentialed test
A manufacturer of goods recently had products picked up by a global retailer. The manufacturer needs to hire a significant number of customer service employees to support the new sales while also ensuring the new hires only have access to the necessary applications. Which of the following would BEST meet the manufacturer's needs?
A: Mandatory access controls
B: Least privilege controls
C: Discretionary access controls
D: Role-based access controls
- Role-based access controls
A company is planning to develop mobile applications. The applications will connect back to several different company servers in the company.com domain over TLS. The servers will be named the following:
A: login.company.com
B: my.company.com
C: app.company.com
D: The company is planning to connect the applications to more servers in the future. Which of the following is the type of certificate the company will MOST likely use for the servers?
E: Wildcard
F: Code-signing
G: Self-signed
H: SAN
- Wildcard
A large organization has recently noticed an increase in the number of corporate mobile devices that are being lost. These mobile devices are used exclusively for on-campus communication at the organization's international headquarters using the wireless network. Per the organization's policy, the devices should not be taken off campus. The security team must find a solution that will encourage users to leave the devices on campus. Which of the following is the BEST solution?
A: Geofencing
B: Remote wipe
C: Tethering
D: Mobile device management
- Geofencing
A company would like to transition from an OpenLDAP solution to Active Directory. The main goal for this project is security. All authentications to the domain controllers must be as secure as possible. Which of the following should the company use to achieve this goal?
A: LDAP
B: RADIUS
C: Kerberos
D: Shibboleth
- Kerberos
A user requires a legacy application running on an OS that has reached end of life. The network administrator is concerned that the OS and the application are likely to be compromised. Which of the following would allow the system to continue running while it is physically isolated from the company's servers?
A: Create a VLAN for the host and create an ACL on the router.
B: Segment the host on a separate network and use NAT to address the segment.
C: Virtualize the OS and run it on an air-gapped network segment.
D: Ensure the system has updated patches and install antivirus and a local firewall on the host.
- Segment the host on a separate network and use NAT to address the segment.
A web-server application does not properly validate user input and is therefore vulnerable to injection-type attacks. Which of the following is MOST likely to be successful as a result?
A: IDOR
B: XSS
C: XSRF
D: DDoS
- IDOR
Which of the following is an encryption algorithm that uses one of three key sizes and operates on 128-bit blocks?
A: Blowfish
B: AES
C: 3DES
D: RC4
- AES
A penetration tester is assessing a company's network, and the tester has some knowledge of the network objects in scope. Which of the following is being performed?
A: A vulnerability scan
B: A black-box test
C: A white-box test
D: A gray-box test
- A gray-box test
Which of the following threat actors is characterized by the use of highly sophisticated techniques over a long time period?
A: Nation-state
B: Script kiddie
C: Organized crime
D: Hacktivist
- Nation-state
- Cryptomalware
- Cryptomalware
Which of the following is being used by a VPN when the knowledge of the shared secret does not compromise the security of the data transmitted?
A: Ephemeral key
B: Two-factor authentication
C: Salted nonce
D: Stream cipher
- Ephemeral key
A network administrator at a bank needs to create zones that will prevent an attacker from freely traversing the network in the event of a perimeter firewall breach. The zones should allow the bank tellers to communicate with each other but prevent them from accessing Internet resources. Which of the following should the network administrator implement?
A: Air gaps
B: A DMZ
C: A VPN
D: Proxies
- A DMZ
Which of the following is the security threat a hiring manager is trying to prevent by performing a background screening of a job candidate?
A: Plagiarism
B: Open-source intelligence
C: Malicious insider
D: Social engineering
E: Hacktivism
- Malicious insider
A vulnerability scan was run multiple times. The first time, the scan detected multiple operating system flaws. The second time, the scan indicated that a few third-party application programs required patching and no operating system flaws. Which of the following is the MOST likely cause for the different scan results?
A: The initial scan used credentials that had limited access to system resources.
B: The second scan used credentials that were configured for time-of-day scanning.
C: The first scan had full-system scanning capabilities.
D: The vulnerability scanner was not configured with the common vulnerability and exposure database.
- The first scan had full-system scanning capabilities.
Users are being redirected to unusual sites while trying to access their company's benefits portal on the Internet. Which of the following protocols should the company enact to validate responses to queries using a form of digital signatures before returning them to the client?
A: DNSSEC
B: S/MIME
C: HTTPS
D: LDAPS
E: TLS
- S/MIME
The web platform team is deploying a new web application. During testing, the team notices the web application is unable to create a TLS connection to the API gateway. The administrator created a firewall rule that permits TLS traffic from the web application server to the API gateway. However, the firewall logs show all traffic is being dropped. Which of the following is MOST likely causing the issue?
A: The web application server and API gateway cannot negotiate a TLS cipher suite.
B: The API gateway requires configuration changes to allow TLS connections from the new servers.
C: The TLS connection is running over a non-standard port.
D: The API gateway and web server use TLS certificate pinning.
- The web application server and API gateway cannot negotiate a TLS cipher suite.
The Chief Security Officer (CSO) for an online retailer received a report from a penetration test that was performed against the company's servers. After reviewing the report, the CSO decided not to implement the recommended changes due to cost: instead, the CSO increased insurance coverage for data breaches. Which of the following describes how the CSO managed the risk?
A: Acceptance
B: Ignorance
C: Transference
D: Avoidance
- Transference
A developer needs to set up a secure SSO for authentication of a mobile application. The requirements are:
A: It must be built directly into the protocol.
B: It must be easy to integrate.
C: It should not require the use of any extensions.
D: Which of the following will the developer MOST likely use?
E: OpenID Connect
F: SAML
G: OAuth
H: Shibboleth
I: CHAP
- OpenID Connect
A company needs to implement an on-premises system that allows partner organizations to exchange order and inventory data electronically with the company over the Internet. The security architect must ensure the data is protected while minimizing the overhead associated with managing individual partner connections. Which of the following should the security architect recommend?
A: Deploy an encrypted SaaS file-sharing service.
B: Set up site-to-site VPNs using ACLs.
C: Develop and publish a RESTful API.
D: Implement an authenticated SFTP server.
- Set up site-to-site VPNs using ACLs.
A corporation with 35,000 employees replaces its staff laptops every three years. The social responsibility director would like to reduce the organization's carbon footprint and e-waste by donating the old equipment to a charity. Which of the following would be the MOST cost- and time-effective way for the corporation to prevent accidental disclosure of data and minimize additional cost to the charity?
A: Wiping
B: Formatting
C: SSD shredding
D: Degaussing
- Wiping
In which of the following ways does phishing and smishing differ?
A: One is primarily based on social engineering, and the other is based on evading spam filters.
B: One uses SMS as a delivery mechanism, and the other uses email.
C: Smishing relies on hard-wired connections and mobile code updates.
D: Phishing leverages poor email tagging to exploit SRN settings.
- One uses SMS as a delivery mechanism, and the other uses email.
An organization recently experienced a number of zero-day malware attacks that were delivered via email. Which of the following should the organization implement to detect and stop zero-day attacks?
A: An IDS
B: A spam filter
C: A sandbox
D: A stateful firewall
- A spam filter
An administrator is trying to inspect SSL traffic to evaluate if it has a malicious code injection. The administrator is planning to use the inspection features of a firewall solution. Which of the following should be done after the implementation of the firewall solution?
A: Export the certificate chain to the WAF.
B: Store all private keys in the DMZ escrow server.
C: Generate the new firewall certificate and import it to all the user's endpoints.
D: Import the private certificate of each user to the firewall.
- Generate the new firewall certificate and import it to all the user's endpoints.
A security administrator is setting MDM policies that will enforce the company's BYOD policy. The following requirements are in the BYOD policy:
A: If a device is lost or stolen, all email and application data must go through a media sanitization process.
B: All BYOD devices must have the MDM software installed and configured before company data or email can be accessed.
C: The company may not access private files or photos on the devices.
D: Which of the following should the security administrator enable in the MDM policy? (Select TWO).
E: Containerization
F: Geofencing
G: Application whitelisting
H: Remote wipe
I: Biometrics
J: Context-aware authentication
- Containerization
- Remote wipe
A company's security audit points to an internal threat that is capturing voice packets on a compromised network switch. This mechanism is likely being used to eavesdrop on business phone calls. Which of the following should be used to mitigate the reported security issue?
A: SRTP
B: SSL
C: SPIM
D: SIPS
- SRTP
Which of the following algorithms can be used to exchange a secret key securely and remotely?
A: Elliptic-curve cryptography
B: RSA
C: Diffie-Hellman
D: SHA-1
E: Blowfish
- Diffie-Hellman
Which of the following BEST describes the risk presented by EOL systems?
A: There is an additional cost for internal support.
B: There are no vendor-supplied patches.
C: There are no functionality upgrades.
D: Vendor troubleshooting support stops.
- There are no vendor-supplied patches.
A security engineer wants to be able to monitor and configure network devices remotely and securely. Which of the following would be the BEST option for this objective?
A: SNMPv3
B: DNSSEC
C: SFTP
D: S/MIME
E: AES
- SNMPv3
The IT department is deploying new computers. To ease the transition, users will be allowed to access their old and new systems. The help desk is receiving reports that users are experiencing the following error when attempting to log in to their previous system:
A: Logon Failure: Access Denied
B: Which of the following can cause this issue?
C: Permission issues
D: Access violations
E: Certificate issues
F: Misconfigured devices
- Permission issues
A security analyst wants to obfuscate some code and decides to use ROT13. Which of the following is an example of the text "HELLO WORLD" in ROT13?
A: DLROW OLLEH
B: URYYB JBEY0
C: KHOOR ZRIJOG
D: OYEBJ BYYRU
- URYYB JBEY0
A security analyst recommends implementing SSL for an existing web service. A technician installs the SSL certificate and successfully tests the connection on the server. Soon after, the help desk begins receiving calls from users who are unable to log in. After further investigation, it becomes clear that no users have successfully connected to the web server since the certificate installation. Which of the following is MOST likely the issue?
A: Incorrect firewall rules are blocking HTTPS traffic.
B: Users are still accessing the IP address and not the HTTPS address.
C: Workstations need an updated trusted sites list.
D: Users are not using tokens to log on.
- Users are still accessing the IP address and not the HTTPS address.
An attacker is purposely locking out multiple user accounts by logging on to a company's external web server with the wrong credentials and reaching the lockout threshold. Which of the following attack types is MOST likely being used by the attacker?
A: Buffer overflow
B: Pointer dereference
C: Denial of service
D: System sprawl
E: Race condition
- Denial of service
An organization requires two separate factors as part of an authentication scheme. One of those factors is a password. Which of the following would BEST meet the requirement for the other factor?
A: Passphrase
B: OTP
C: Security question
D: PIN
- OTP
Following a breach, a forensic analyst reviewed system logs and determined that an attacker used an unknown account with elevated privileges on a computer to access organization files. Which of the following MOST likely occurred to allow the attacker to access the files?
A: The attacker renamed a domain administrator account on the computer and used it to access the files.
B: The attacker used Metasploit to identify the location of the organization's files and access them.
C: The attacker used an active default administrator account to create new accounts with rights to access the files.
D: The attacker used a pass-the-hash attack to access the network location and access the files.
- The attacker renamed a domain administrator account on the computer and used it to access the files.
Which of the following BEST describes a defense-in-depth strategy?
A: A security administrator places a web server behind two firewalls from two different vendors with only ports 80 and 443 open.
B: The security architect scans servers daily with a vulnerability scanner and conducts weekly penetration-testing exercises.
C: The security team configures an application-whitelisting program on endpoints and installs HIDS.
D: Outbound traffic travels through a proxy and a stateful firewall with ports 80 and 443 open.
- The security team configures an application-whitelisting program on endpoints and installs HIDS.
A security administrator plans to conduct a vulnerability scan on the network to determine if system applications are up to date. The administrator wants to limit disruptions to operations but not consume too many resources. Which of the following types of vulnerability scans should be conducted?
A: Credentialed
B: Web Application
C: SYN
D: Port
E: Configuration Compliance
- Credentialed
A company wants to allow employees to use their personal mobile phones for business purposes, but it wants to isolate the business applications from the personal applications. Which of the following technologies will the company MOST likely use?
A: Sideloading
B: Encryption
C: Containerization
D: Segmentation
- Containerization
Before placing a server into production, an organization requires the server team to identify all running services and associated applications on the server. The server team must also document the host network addresses and MAC addresses. The server team wants to automate this process so it can be performed more efficiently. Which of the following actions should the server team take?
A: Perform the necessary actions once while recording the actions as a macro, and send the macro to the rest of the server team.
B: Create a batch file to include: netstat -nab > configuration and ipconfig /all >> configuration.
C: Create a virtual machine with the necessary configuration settings and use clones to replicate the settings.
D: Schedule the commands tcpdump and arp to run as nightly services.
- Create a batch file to include: netstat -nab > configuration and ipconfig /all >> configuration.
A software developer is building a secure application and is looking to store passwords securely. Which of the following should the developer use?
A: Encryption
B: Hashing
C: Obfuscation
D: Masking
- Hashing
An organization is launching a series of security campaigns internally, which include phishing emails, social-engineering scenarios, and placing unmarked media throughout the facility. The campaign collects metrics and reports that concern management. Which of the following is the BEST action to reduce the risk of all three types of security issues?
A: Disable USB ports.
B: Conduct user training.
C: Configure a web proxy.
D: Implement a mail filter.
- Conduct user training.
Which of the following would be MOST effective at stopping zero-day attacks on an endpoint? (Select TWO).
A: Deploying multivendor NGFWs
B: Deploying antivirus and anti-malware system tools
C: Implementing application whitelisting
D: Removing administrator rights from users
E: Implementing a web application firewall
F: Installing a reverse proxy
- Deploying antivirus and anti-malware system tools
- Implementing application whitelisting
In a directory services environment, a user in the accounting organizational unit needs access to a printer in the marketing organizational unit. Access to the marketing printer is granted via permissions to the IT organizational unit, which then gives permissions to the accounting user. Which of the following does this process describe?
A: Kerberos
B: Transitive trust
C: OpenID connect
D: Mandatory access control
E: Single sign-on
- Transitive trust
Which of the following is a sophisticated threat actor that is MOST likely to use post-compromise to avoid detection?
A: Spear phishing
B: Open-source intelligence
C: Zero-day exploits
D: Platform-native tools
- Zero-day exploits
Which of the following must be updated prior to conducting weekly cyber hygiene scans of a network?
A: WIDS settings
B: Rainbow tables
C: Antivirus definitions
D: Vulnerability signatures
- Vulnerability signatures
A common asymmetric algorithm utilizes the user's login name to create the key to encrypt communications. To ensure the key is different each time the user encrypts data, which of the following should be added to the login name?
A: POP
B: Nonce
C: PSK
D: Certificate
- Nonce
An organization would like to set up a more robust network access system. The network administrator suggests the organization move to a certificate-based authentication setup in which a client-side certificate is used while connecting. Which of the following EAP types should be used to meet these criteria?
A: EAP-TLS
B: EAP-FAST
C: EAP-MD5
D: EAP-TTLS
- EAP-TLS
Which of the following would MOST likely be found in an incident response plan?
A: Lessons learned
B: Roles and responsibilities
C: Risk register
D: Threat assessments
E: Asset value details
- Roles and responsibilities
A user opens a web browser and accesses the corporate intranet. Immediately, several pop-up windows appear, displaying content that is not related to the company. The user's computer is MOST likely infected with:
A: a worm.
B: adware.
C: a Trojan.
D: a RAT.
E: ransomware.
- adware.
All employees of an organization received an email message from the Chief Executive Officer (CEO) asking them for an urgent meeting in the main conference room. When the employees assembled, they learned the message received was not actually from the CEO. Which of the following BEST represents what happened?
A: Spear-phishing attack
B: Whaling attack
C: Phishing attack
D: Vishing attack
- Spear-phishing attack
After downloading third-party software, a user begins receiving continuous pop-up messages stating the Windows antivirus is outdated. The user is unable to access any files or programs until the subscription is renewed with Bitcoin. Which of the following types of attacks is being executed?
A: Spyware
B: Cryptomalware
C: Adware
D: Ransomware
- Ransomware
Which of the following will ensure the integrity of a file is preserved during the process of forensic acquisition?
A: Compute the hashes for all files and recompute on the destination end.
B: Copy and paste the contents of the acquisition to a secure USB drive.
C: Encrypt the files to an archive to prevent accidental clickers.
D: Use solid-state drives to remain reliable and consistent.
- Compute the hashes for all files and recompute on the destination end.
A computer forensics analyst collected a thumb drive that contained a single file with 500 pages of text. To ensure the file maintains its confidentiality, which of the following should the analyst use?
A: SHA
B: AES
C: SLA
D: NDA
- AES
A corporation wants to allow users who work for its affiliate companies to sign on to each other's wireless networks with their own company's credentials. Which of the following architectures would support this requirement?
A: Open authentication
B: Key escrow
C: RADIUS Federation
D: Certificate chaining
- RADIUS Federation
A company recently hired several new help desk technicians. The security team has set the following requirements for the administrator accounts used by the new technicians:
A: They are granted a separate administrator account to perform administrative duties.
B: They must not be allowed to log on to local machines with the administrator account.
C: They must set a password with a minimum length of eight characters and include one number and one special character.
D: They must not be allowed to access systems after their predefined shift has ended.
E: They must be placed in the help desk administrator user group.
F: Which of the following technical controls should be configured to BEST meet these requirements?
G: Time-of-day restrictions
H: 802.1
I: Multifactor authentication
J: Proximity cards
- Multifactor authentication
A security analyst discovers one of the business processes, which generates 75% of the annual revenue, uses a legacy system. This creates a tolerable risk that can contribute to a 2% drop in revenue generation every quarter. Which of the following would be the BEST response to this risk?
A: Mitigation
B: Avoidance
C: Insurance
D: Acceptance
- Acceptance
An organization wants to use a ticket-based approach to access management for an internal network. The organization would like the solution to be vendor-independent and use a widely supported protocol, but it does not want to use an XML-based approach. Which of the following access protocols should the organization choose?
A: Kerberos
B: OAuth
C: MSCHAPv2
D: SAML
- Kerberos
A company is hosting three different domains on its web servers and using a pair of highly available reverse proxies in front of the web servers. The proxies are terminating TLS connections from clients. When creating a CSR for certificates that will be placed on the proxy servers, which of the following fields will need to contain multiple entries?
A: Organizational unit
B: Thumbprint
C: CRL
D: SAN
E: Public key
- SAN
A new desktop support staff member recently completed onboarding. Which of the following account types should be created for the member while following the company's policy of the principle of least privilege?
A: Service account
B: Local admin
C: Guest account
D: Generic credentials
- Local admin
An organization requires the ability to identify potential malicious events across multiple systems. It needs to centralize inputs from many servers and applications and perform analysis to correlate those events. Which of the following solutions would BEST meet the organization's needs? (Select TWO).
A: SIEM
B: DLP
C: NAC
D: Host health checks
E: Time synchronization
F: Event deduplication
- SIEM
- Time synchronization
Which of the following would a security analyst use to check the integrity of some sensitive files on an organization's file server?
A: GPO
B: SHA-1
C: RC4
D: POP
- SHA-1
An organization has defined secure baselines for all servers and applications. Before any servers or applications are placed into production, they must be reviewed for compliance deviations. Which of the following actions would streamline the process and provide more consistent results?
A: Purchase a vulnerability scanner and upgrade the signatures to include compliance items based on the organization's secure configuration baselines.
B: Perform penetration testing against every server and generate automated reports that can be reviewed by all application and server teams.
C: Implement a configuration scanner that automatically reviews every server and application against the established baselines.
D: Use a network scanner to identify non-compliant ports and services, and have the server and application teams review the results independently.
- Implement a configuration scanner that automatically reviews every server and application against the established baselines.
A network administrator is helping with the setup of a newly purchased cloud application. One of the requirements of the software is that users who no longer work for the company should have access removed immediately and automatically. Which of the following would meet this requirement?
A: Offboarding practices
B: Permission auditing
C: Role-based access control
D: Federated identity
- Offboarding practices
A healthcare company is determining which controls are required to meet a specific regulation. The company must not allow staff to utilize any third-party file-sharing services. Which of the following control types BEST meet the company's needs? (Select TWO).
A: Compensating
B: Corrective
C: Detective
D: Technical
E: Physical
F: Preventive
- Technical
- Preventive
Two companies need to exchange a large number of confidential files. Both companies run high availability UTM devices. They do not want to use email systems to exchange the data. Since the data needs to be exchanged in both directions, which of the following solutions should a security analyst recommend?
A: Configuring the remote access feature on both UTMs
B: Configuring an FTP server in one company
C: Establishing a site-to-site VPN between the two companies
D: Exchanging data by using a free cloud-storage product
- Establishing a site-to-site VPN between the two companies
Which of the following strategies provides the ability to roll back when a server is compromised with malware?
A: Elasticity
B: Snapshots
C: High availability
D: Master image
- Snapshots
A user typically works remotely over the holidays, using a web-based VPN to access corporate resources. The user reports getting untrusted host errors and being unable to connect. Which of the following is MOST likely the cause?
A: The certificate has expired.
B: The browser does not support SSL.
C: The user's account is locked out.
D: The VPN software has reached the seat license maximum.
- The certificate has expired.
A company wants to host documentation on the Internet for its customers to access using credentials and encryption. The company would like to ensure every customer is required to create an account and use the latest encryption standards, but it also wants to ensure the information is quickly and easily accessible to the widest audience possible. Which of the following should the company implement?
A: SSL VPN
B: HTTPS
C: SFTP
D: FTPS
- HTTPS
A security analyst needs to perform regular security audits on all the company's network devices and servers. The goal is to detect indicators of unauthorized changes or security violations that are made by privileged accounts. Which of the following practices will be MOST effective in optimizing the audit detection rate and reducing the time spent on the activity without affecting business processes?
A: Restrict the use of shared privileged accounts to non-critical resources, thus reducing the scope of the audit to just production systems.
B: Perform a privileged account activity audit on the company's identity system and research the vendor's specific log codes.
C: Implement mandatory access control for the devices under audit. Continue to use DAC on non-critical devices.
D: Impose time-of-day logon restrictions via Group Policy for privileged accounts, reducing the number of logs generated by the systems.
- Perform a privileged account activity audit on the company's identity system and research the vendor's specific log codes.
A company plans to hire several temporary employees to work during the next three months. The employees need minimal access to the company's network. Which of the following should be implemented to provide security for the new accounts?
A: Begin the accounts with the word "temp" for auditing.
B: Create a shared account.
C: Set the accounts to expire.
D: Disable the accounts to prevent unauthorized access.
- Set the accounts to expire.
While reviewing a company help desk report, a network administrator noted that several machines were missing memory modules. Which of the following detective controls should the administrator recommend?
A: CCTV cameras
B: Computer case locks
C: Keycard entry system
D: RFID tags
- CCTV cameras
The legal department of a cafe chain wants to ensure customers who are using the free WiFi system acknowledge review of the AUP. Which of the following would BEST meet this goal?
A: Utilize a captive portal whenever someone connects to WiFi.
B: Perform a NAITM technique to force the policy to display.
C: Deploy a WPS solution to ensure compliance with the policy.
D: Give the password to people who sign the agreement only.
- Utilize a captive portal whenever someone connects to WiFi.
A security specialist is notified about a certificate warning that users receive when using a new internal website. After being given the URL from one of the users and seeing the warning, the security specialist inspects the certificate and realizes it has been issued to the IP address, which is how the developers reach the site. Which of the following would BEST resolve the issue?
A: OCSP
B: OID
C: REM
D: SAN
- OID
Which of the following is considered passive reconnaissance?
A: Utilizing WHOIS
B: Running a port scan
C: Performing enumeration of services
D: Using OS fingerprinting
E: Employing social engineering
- Utilizing WHOIS
A security analyst runs the C: \>netstat -b command on a workstation and receives the following output:
A: TCP 192.168.66.6:45997 generic.com: 80 TIME WAIT
B: TCP 192.168.66.6:45894 qabgco.gf.com: 129 TIMEWAIT
C: TCP 192.168.66.6:44996 website.com: 443 TIME WAIT
D: TCP 192.168.66.6:54952 thebank.org: 443 TIME WAIT
E: The analyst notices an entry on the server for a file called WindowsRemote.exe that is listening on port 129. Which of the following types of malware is MOST likely being used?
F: Rootkit
G: Spyware
H: Backdoor
I: Zero-day
- Rootkit
Which of the following BEST represent detective controls? (Select TWO).
A: Security guard
B: Camera
C: Mantrap
D: Bollards
E: Fencing
- Security guard
- Camera
A security analyst is running routine port scans on various servers across the company network each week. A scan of the host produces the following output:
A: Nmap scan report for 192.168.2.100
B: Host is up (0.045s latency).
C: PORT STATE SERVICE
D: 21/tcp open ftp
E: 22/tcp open ssh
F: 80/tcp open http
G: 111/tcp open rpcbind
H: 443/tcp open https
I: MAC Address: 00:52:55:CA:22:6F (VMware)
J: Which of the following can be deduced from the output? (Select THREE).
K: The server needs to be rebooted.
L: The server is located at an off-site datacenter.
M: The server is a virtual machine.
N: The server is currently under attack.
O: The server is used as an email server.
P: The server can be remotely accessed by administrators.
Q: The server is not fully patched.
R: The server is hosting a web application.
- The server is a virtual machine.
- The server can be remotely accessed by administrators.
- The server is hosting a web application.
After a business performed a risk assessment, the current RPO has been deemed insufficient for its needs. The business decides on a new RPO Which of the following steps should be taken NEXT?
A: The company should match its backup procedures against the new RPO.
B: The company should review its MTBF to guarantee it is lower than the new RPO.
C: The company should review its MTTR to guarantee it is higher than the new RPO.
D: The company should review its access controls to guarantee the new RPO is covered.
- The company should match its backup procedures against the new RPO.
A company wants to use internal directory services to authenticate users to the wireless network. Which of the following components can be used for part of the authentication architecture? (Select TWO).
A: TACACS+
B: 802.1X
C: CCMP
D: RADIUS
E: WPS
F: PSK
- 802.1X
- RADIUS
A security analyst is reviewing system logs to look for potential attacks against a website that is used to share trade secrets with vendors. The analyst notes there are many HTTPS sessions that have been downgraded from TLS 1.2 to SSL 3.0 as requested by the client. An attacker is MOST likely trying to exploit:
A: improper error handling by collaboration software.
B: a poor implementation of cryptographic protocols.
C: outdated software that is being used on the server.
D: a weak root password on the web-hosting platform.
- a poor implementation of cryptographic protocols.
A security analyst wants to prevent current employees who previously worked in different departments from accessing resources that are no longer necessary for their present job roles. Which of the following policies would meet this objective?
A: Job rotation
B: Discretionary account
C: Least privilege
D: Mandatory vacation
E: Separation of duties
- Least privilege
Which of the following BEST explains the difference between diffusion and confusion in encryption?
A: Diffusion provides encryption strength, while confusion provides data integrity.
B: Diffusion provides function integrity, while confusion provides encryption confidentiality.
C: Diffusion provides ciphertext heterogeneity, while confusion provides algorithm complexity.
D: Diffusion provides encryption portability, while confusion provides coding coherence.
- Diffusion provides ciphertext heterogeneity, while confusion provides algorithm complexity.
A wireless infrastructure is being designed for a university campus. The network clients will consist of:
A: Students' personal devices
B: Corporate laptops used by staff
C: An IoT sensor distributed within the campus area
D: A WLAN will be created for each client profile. Which of the following will provide the MOST secure environment?
E: Ensure WPA2-TKIP is used on every access point that is activated on the campus.
F: Use a captive portal to centralize IoT authentication over the network.
G: Use WPA2-TKIP and activate WPS on the access points that will provide connectivity to the staff WLAN.
H: Use 802.1X authentication with WPA2-Enterprise for the staff WLAN.
- Use 802.1X authentication with WPA2-Enterprise for the staff WLAN.
A user decides to take a company phone on vacation to check email. However, when the user attempts to access the device, a message is displayed indicating the device cannot be used in this location. Which of the following is configured to prevent the phone from being used?
A: Geofencing
B: Geomarker
C: Geolocation
D: Geotracking
- Geofencing
Users at a company clicked on a link that was embedded in a phishing email, which then downloaded a rootkit onto their devices. Which of the following incident response phases would be appropriate for removing the malware from the end-user devices?
A: Containment
B: Identification
C: Eradication
D: Recovery
- Eradication
Which of the following explains the importance of patching servers in a test environment?
A: It identifies potential availability and stability issues before they affect production systems.
B: It prioritizes the security of the organization's critical internal systems before the external systems are secured.
C: It facilitates the update of the organization's secure baselines before impacting production.
D: It shortens the time to patch production systems by working out issues in the test and staging environments
- It identifies potential availability and stability issues before they affect production systems.
A systems administrator performing routine maintenance notices a user's profile is sending GET requests to an external IP address. Which of the following BEST fits this IoC?
A: Logic bomb
B: Trojan
C: Bots
D: Keylogger
- Bots
A company recently experienced a significant malware attack that caused all business operations to stop. After an investigation, a single PC was identified as the root cause, and a security analyst on the IR team disconnected the machine from the corporate network, both the wired and wireless connections. Which of the following incident response phases was just completed?
A: Preparation
B: Identification
C: Containment
D: Eradication
E: Recovery
F: Lessons learned
- Containment
An attacker has recently compromised an executive's laptop and installed a RAT. The attacker used a registry key to ensure the RAT starts every time the laptop is powered on. Of which of the following is this an example?
A: Pivot
B: Persistence
C: Escalation of privilege
D: Reconnaissance
- Escalation of privilege
Poor inventory control practices can lead to undetected and potentially catastrophic system exploitation due to:
A: diversion of capital funds to cover leased equipment costs.
B: license exhaustion as a result of protecting more devices.
C: control gaps resulting from unmanaged hosts.
D: missing SIEM threat feed updates.
- control gaps resulting from unmanaged hosts.
A network administrator wants to further secure the routers and switches that are used on the company network. The administrator would like to achieve full packet encryption and full command logging when interacting with these devices. Which of the following technologies should be implemented?
A: RADIUS
B: SAML
C: TACACS+
D: LDAP
- TACACS+
A company recently experienced a DDoS attack that caused a significant datacenter outage and resulted in a failure to meet the RTO. Which of the following should take place to prevent this issue in the future?
A: Hold a lessons-learned session with all involved stakeholders.
B: Switch to a cold recovery site.
C: Assign roles and responsibilities to different staff members.
D: Update business continuity documents.
- Hold a lessons-learned session with all involved stakeholders.
A systems administrator is trying to reduce the amount of time backups take every night. Which of the following backup types only includes changes since the most recent backup of any type?
A: Differential
B: Snapshot
C: Incremental
D: Full
- Incremental
An organization with a cloud-based environment is looking to implement a new IDS. Which of the following cloud models should be implemented?
A: DaaS
B: PaaS
C: IaaS
D: SaaS
- SaaS
An administrator needs to apply a secure WiFi network for an organization. The solution must work for domain users only. Which of the following should the administrator apply in addition to WPA2?
A: TKIP
B: RADIUS
C: AES
D: TACACS+
- RADIUS
An administrator performs a workstation audit and finds one that has non-standard software installed. The administrator then requests a report to see if a change request was completed for the installed software. The report shows a request was completed. Which of the following has the administrator found?
A: A baseline deviation
B: Unauthorized software
C: A license compliance violation
D: An insider threat
- A baseline deviation
An organization's management is concerned about insider threats as well as accidental sending of restricted or confidential files outside the organization. The organization has already disabled USB ports on users' workstations. Which of the following should the organization do to further protect its confidential and restricted files?
A: Implement containerization.
B: Implement FDE on workstations.
C: Implement DLP.
D: Perform file integrity checks.
- Implement DLP.
Passive reconnaissance during a penetration test consists of:
A: open-source intelligence gathering.
B: social engineering to obtain target information.
C: non-intrusive vulnerability scanning.
D: probing the target network in a methodical manner.
- open-source intelligence gathering.
The use of a unique attribute inherent to a user as part of an MFA system is BEST described as:
A: something you do.
B: something you have.
C: something you know.
D: something you are.
- something you are.
A manager decides to terminate the DBA due to poor job performance. Before the DBA's account is disabled, the DBA configured a daily task to perform the following on the database server:
A: killall netcat
B: netcat -1 -p 4430 -e /bin/bash
C: Which of the following did the DBA install?
D: Backdoor
E: Logic bomb
F: RAT
G: Rootkit
- Backdoor
An administrator has installed a backup solution. As a best practice, which of the following backup types must be completed FIRST?
A: Snapshot
B: Differential
C: Incremental
D: Full
- Full
A security analyst just discovered that developers have access to production systems that are used for deployment and troubleshooting. One developer, who recently left the company, abused this access to obtain sensitive information. Which of the following is the BEST account management strategy to prevent this from reoccurring?
A: Perform an account review and ensure least privilege is being followed for production access.
B: Implement multifactor authentication for accessing production systems.
C: Configure jump boxes and prevent access to production from any other system.
D: Set up time-of-day restrictions that prevent access to production systems during business hours.
E: Modify the AUP to prohibit developers from accessing production systems.
- Perform an account review and ensure least privilege is being followed for production access.
Which of the following threat actors is motivated primarily by a desire for personal recognition and a sense of accomplishment?
A: A script kiddie
B: A hacktivist
C: An insider threat
D: An industrial saboteur
- A script kiddie
An organization's Chief Information Security Officer (CISO) is implementing a policy to govern who will maintain proper backups of PHI to comply with local regulations. Which of the following roles is BEST suited to perform this task?
A: System owner
B: Application owner
C: Data custodian
D: Product manager
E: Systems administrator
- Data custodian
A systems administrator wants to secure a backup environment so backups are less prone to ransomware attacks. The administrator would like to have a fully isolated set of backups. Which of the following would be the MOST secure option for the administrator to implement?
A: A DMZ
B: An air gap
C: A honeypot
D: A VLAN
- An air gap
Students also viewed
Security+
265 terms
Security+
400 terms
Security+
292 terms
Security+ Vocab
34 terms