An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sale systems The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load Which of the following are the BEST options to accomplish this objective'? (Select TWO) Load balancing Incremental backups UPS RAID Dual power supply NIC teaming.
A security analyst is investigating an incident that was first reported as an issue connecting to network
shares and the Internet. While reviewing logs and tool output, the analyst sees the following:
Which of the following attacks has occurred? IP conflict Pass-the-hash MAC flooding Directory traversal ARP poisoning.
The CSIRT is reviewing the lessons learned from a recent incident. A worm was able to spread unhindered
throughout the network and infect a large number of computers and servers. Which of the following
recommendations would be BEST to mitigate the impacts of a similar incident in the future? Install a NIDS device at the boundary. Segment the network with firewalls. Update all antivirus signatures daily. Implement application blacklisting.
A security administrator suspects there may be unnecessary services running on a server. Which of the
following tools will the administrator MOST likely use to confirm the suspicions? Nmap Wireshark Autopsy DNSEnum.
A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web
application that is used to communicate with business customers. Due to the technical limitations of its
customers the company is unable to upgrade the encryption standard. Which of the following types of
controls should be used to reduce the risk created by this scenario? Physical Detective Preventive Compensating.
A retail executive recently accepted a job with a major competitor. The following week, a security analyst
reviews the security logs and identifies successful logon attempts to access the departed executive's
accounts. Which of the following security practices would have addressed the issue? A non-disclosure agreement Least privilege An acceptable use policy Ofboarding.
Which of the following job roles would sponsor data quality and data entry initiatives that ensure business
and regulatory requirements are met? The data owner The data processor The data steward The data privacy officer.
Which of the following types of controls is a turnstile? Physical Detective Corrective Technical.
After consulting with the Chief Risk Officer (CRO). a manager decides to acquire cybersecurity insurance
for the company Which of the following risk management strategies is the manager adopting? Risk acceptance Risk avoidance Risk transference Risk mitigation.
A nuclear plant was the victim of a recent attack, and all the networks were air gapped. A subsequent
investigation revealed a worm as the source of the issue. Which of the following BEST explains what
happened? A malicious USB was introduced by an unsuspecting employee. The ICS firmware was outdated A local machine has a RAT installed. The HVAC was connected to the maintenance vendor.
After entering a username and password, and administrator must gesture on a touch screen. Which of the
following demonstrates what the administrator is providing? Multifactor authentication Something you can do Biometric Two-factor authentication.
An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth
of inbound network traffic to the server and transfer the pcap back to the machine for analysis. Which of
the following tools should the analyst use to further review the pcap? Nmap cURL Netcat Wireshark.
A security administrator checks the table of a network switch, which shows the following output:
Which of the following is happening to this switch? MAC Flooding DNS poisoning MAC cloning ARP poisoning.
The process of passively gathering information poor to launching a cyberattack is called:
tailgating reconnaissance pharming prepending.
A company is launching a new internet platform for its clients. The company does not want to implement its
own authorization solution but instead wants to rely on the authorization provided by another platform.
Which of the following is the BEST approach to implement the desired solution? OAuth TACACS+ SAML RADIUS.
A user recent an SMS on a mobile phone that asked for bank delays. Which of the following social engineering techniques was used in this case? SPIM Vishing Spear phishing Smishing.
Which of the following algorithms has the SMALLEST key size? DES Twofish RSA AES.
An attacker has successfully exfiltrated several non-salted password hashes from an online system. Given
the logs below:
Which of the following BEST describes the type of password attack the attacker is performing? Dictionary Pass-the-hash Brute-force Password spraying.
A security engineer needs to Implement the following requirements:
1. All Layer 2 switches should leverage Active Directory tor authentication.
2. All Layer 2 switches should use local fallback authentication If Active Directory Is offline.
3. All Layer 2 switches are not the same and are manufactured by several vendors.
Which of the following actions should the engineer take to meet these requirements? (Select TWO). Implement RADIUS. Configure AAA on the switch with local login as secondary Configure port security on the switch with the secondary login method. Implement TACACS+ Enable the local firewall on the Active Directory server. Implement a DHCP server.
A startup company is using multiple SaaS and IaaS platforms to stand up a corporate infrastructure and
build out a customer-facing web application. Which of the following solutions would be BEST to provide
security, manageability, and visibility into the platforms? SIEM DLP CASB SWG.
A user is concerned that a web application will not be able to handle unexpected or random input without
crashing. Which of the following BEST describes the type of testing the user should perform? Code signing Fuzzing Manual code review Dynamic code analysis.
A company recently set up an e-commerce portal to sell its product online. The company wants to start
accepting credit cards for payment, which requires compliance with a security standard. Which of the
following standards must the company comply with before accepting credit cards on its e-commerce
platform? PCI DSS ISO 22301 ISO 27001 NIST CSF.
A security administrator needs to create a RAIS configuration that is focused on high read speeds and fault
tolerance. It is unlikely that multiple drivers will fail simultaneously. Which of the following RAID
configurations should the administration use? RA1D 0 RAID1 RAID 5 RAID 10.
A cybersecurity analyst needs to implement secure authentication to third-party websites without users'
passwords. Which of the following would be the BEST way to achieve this objective? OAuth SSO SAML PAP.
Which of the following allows for functional test data to be used in new systems for testing and training
purposes to protect the read data? Data encryption Data masking Data deduplication Data minimization.
Which of the following cloud models provides clients with servers, storage, and networks but nothing else? SaaS PaaS IaaS DaaS.
A smart retail business has a local store and a newly established and growing online storefront. A recent
storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and
delayed order processing.
The business owner now needs to ensure two things:
1. Protection from power outages
2. Always-available connectivity In case of an outage
The owner has decided to implement battery backups for the computer equipment Which of the following
would BEST fulfill the owner's second need? Lease a point-to-point circuit to provide dedicated access. Connect the business router to its own dedicated UPS Purchase services from a cloud provider for high availability Replace the business's wired network with a wireless network.
An organization needs to implement more stringent controls over administrator/root credentials and service
accounts. Requirements for the project include:
1. Check-in/checkout of credentials
2. The ability to use but not know the password
3. Automated password changes
4. Logging of access to credentials
Which of the following solutions would meet the requirements? OAuth 2.0 Secure Enclave A privileged access management system An OpenID Connect authentication system.
A security analyst Is hardening a Linux workstation and must ensure It has public keys forwarded to
remote systems for secure login Which of the following steps should the analyst perform to meet these
requirements? (Select TWO). Forward the keys using ssh-copy-id. Forward the keys using scp Forward the keys using ash -i. Forward the keys using openssl -s. Forward the keys using ssh-keyger.
Which of the following will provide the BEST physical security countermeasures to stop intruders? (Select
TWO.) Alarms Signage Lighting Mantraps Fencing Sensors.
The manager who is responsible for a data set has asked a security engineer to apply encryption to the
data on a hard disk. The security engineer is an example of a: data controller data owner data custodian. data processor.
An organization's help desk is flooded with phone calls from users stating they can no longer access
certain websites. The help desk escalates the issue to the security team, as these websites were
accessible the previous day. The security analysts run the following command: ipconfig /flushdns, but the
issue persists. Finally, an analyst changes the DNS server for an impacted machine, and the issue goes
away. Which of the following attacks MOST likely occurred on the original DNS server? DNS cache poisoning Domain hijacking Distributed denial-of-service DNS tunneling.
An attacker is attempting to exploit users by creating a fake website with the URL users. Which of the
following social-engineering attacks does this describe? Information elicitation Typo squatting Impersonation Watering-hole attack.
A well-known organization has been experiencing attacks from APIs. The organization is concerned that
custom malware is being created and emailed into the company or installed on USB sticks that are
dropped in parking lots. Which of the following is the BEST defense against this scenario? Configuring signature-based antivirus io update every 30 minutes Enforcing S/MIME for email and automatically encrypting USB drives upon insertion. Implementing application execution in a sandbox for unknown software. Fuzzing new files for vulnerabilities if they are not digitally signed.
After reading a security bulletin, a network security manager is concerned that a malicious actor may have
breached the network using the same software flaw. The exploit code is publicly available and has been
reported as being used against other industries in the same vertical. Which of the following should the
network security manager consult FIRST to determine a priority list for forensic review? The vulnerability scan output The IDS logs The full packet capture data The SIEM alerts.
A security analyst receives the configuration of a current VPN profile and notices the authentication is only
applied to the IP datagram portion of the packet. Which of the following should the analyst implement to
authenticate the entire packet? AH ESP SRTP LDAP.
The facilities supervisor for a government agency is concerned about unauthorized access to
environmental systems in the event the staff WiFi network is breached. Which of the blowing would BEST
address this security concern? install a smart meter on the staff WiFi. Place the environmental systems in the same DHCP scope as the staff WiFi. Implement Zigbee on the staff WiFi access points. Segment the staff WiFi network from the environmental systems network.
A startup company is using multiple SaaS and IaaS platform to stand up a corporate infrastructure and
build out a customer-facing web application. Which of the following solutions would be BEST to provide
security, manageability, and visibility into the platforms? SIEM DLP CASB SWG.
A security analyst needs to make a recommendation for restricting access to certain segments of the
network using only data-link layer security. Which of the following controls will the analyst MOST likely
recommend? MAC ACL BPDU ARP.
A network administrator would like to configure a site-to-site VPN utilizing iPSec. The administrator wants
the tunnel to be established with data integrity encryption, authentication and anti- replay functions Which
of the following should the administrator use when configuring the VPN? AH EDR ESP DNSSEC.
A network engineer is troubleshooting wireless network connectivity issues that were reported by users.
The issues are occurring only in the section of the building that is closest to the parking lot. Users are
intermittently experiencing slow speeds when accessing websites and are unable to connect to network
drives. The issues appear to increase when laptop users return desks after using their devices in other
areas of the building. There have also been reports of users being required to enter their credentials on
web pages in order to gain access to them. Which of the following is the MOST likely cause of this issue? An external access point is engaging in an evil-twin attack. The signal on the WAP needs to be increased in that section of the building The certificates have expired on the devices and need to be reinstalled. The users in that section of the building are on a VLAN that is being blocked by the firewall.
Joe, a user at a company, clicked an email link led to a website that infected his workstation. Joe, was
connected to the network, and the virus spread to the network shares. The protective measures failed to
stop this virus, and It has continues to evade detection. Which of the following should administrator
implement to protect the environment from this malware? Install a definition-based antivirus Implement an IDS/IPS Implement a heuristic behavior-detection solution. Implement CASB to protect the network shares.
The following is an administrative control that would be MOST effective to reduce the occurrence of
malware execution? Security awareness training Frequency of NIDS updates Change control procedures EDR reporting cycle.
A cybersecurity manager has scheduled biannual meetings with the IT team and department leaders to
discuss how they would respond to hypothetical cyberattacks. During these meetings, the manager
presents a scenario and injects additional information throughout the session to replicate what might occur
in a dynamic cybersecurity event involving the company, its facilities, its data, and its staff. Which of the
following describes what the manager is doing? Developing an incident response plan Building a disaster recovery plan Conducting a tabletop exercise Running a simulation exercise.
A financial organization has adopted a new secure, encrypted document-sharing application to help with its
customer loan process. Some important PII needs to be shared across this new platform, but it is getting
blocked by the DLP systems. Which of the following actions will BEST allow the PII to be shared with the
secure application without compromising the organization's security posture? Configure the DLP policies to allow all PII Configure the firewall to allow all ports that are used by this application Configure the antivirus software to allow the application Configure the DLP policies to whitelist this application with the specific PII.
An analyst needs to identify the applications a user was running and the files that were open before the
user's computer was shut off by holding down the power button. Which of the following would MOST likely
contain that information? NGFW Pagefile NetFlow RAM.
A security analyst is configuring a large number of new company-issued laptops. The analyst received the
following requirements:
1. The devices will be used internationally by staff who travel extensively.
2. Occasional personal use is acceptable due to the travel requirements.
3. Users must be able to install and configure sanctioned programs and productivity suites.
4. The devices must be encrypted
5. The devices must be capable of operating in low-bandwidth environments.
Which of the following would provide the GREATEST benefit to the security posture of the devices? Configuring an always-on VPN Implementing application whitelisting Requiring web traffic to pass through the on-premises content filter Setting the antivirus DAT update schedule to weekly.
A user recently entered a username and password into a recruiting application website that had been
forged to look like the legitimate site Upon investigation, a security analyst the identifies the following:
1. The legitimate websites IP address is 10.1.1.20 and eRecruit local resolves to the IP
2. The forged website's IP address appears to be 10.2.12.99. based on NetFtow records
3. AH three at the organization's DNS servers show the website correctly resolves to the legitimate IP
4. DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the
approximate time of the suspected compromise.
Which of the following MOST likely occurred? A reverse proxy was used to redirect network traffic An SSL strip MITM attack was performed An attacker temporarily pawned a name server An ARP poisoning attack was successfully executed.
While checking logs, a security engineer notices a number of end users suddenly downloading files with
the .tar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they
did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external
email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely
occurring? A RAT was installed and is transferring additional exploit tools The workstations are beaconing to a command-and-control server. A logic bomb was executed and is responsible for the data transfers. A fireless virus is spreading in the local network environment.
A company uses wireless tor all laptops and keeps a very detailed record of its assets, along with a
comprehensive list of devices that are authorized to be on the wireless network. The Chief Information
Officer (CIO) is concerned about a script kiddie potentially using an unauthorized device to brute force the
wireless PSK and obtain access to the internal network. Which of the following should the company
implement to BEST prevent this from occurring? A BPDU guard WPA-EAP IP filtering A WIDS.
A security engineer has enabled two-factor authentication on all workstations. Which of the following
approaches are the MOST secure? (Select TWO). Password and security question Password and CAPTCHA Password and smart card Password and fingerprint Password and one-time token Password and voice.
A Chief Executive Officer's (CEO) personal information was stolen in a social engineering attack. Which of
the following sources would reveal if the CEO's personal information is for sale? Automated information sharing Open-source intelligence The dark web Vulnerability databases.
An organization has a growing workforce that is mostly driven by additions to the sales department. Each
newly hired salesperson relies on a mobile device to conduct business. The Chief Information Officer (CIO)
is wondering it the organization may need to scale down just as quickly as it scaled up. The ClO is also
concerned about the organization's security and customer privacy. Which of the following would be BEST
to address the ClO's concerns? Disallow new hires from using mobile devices for six months Select four devices for the sales department to use in a CYOD mode Implement BYOD for the sates department while leveraging the MDM Deploy mobile devices using the COPE methodology.
A worlwide manufacturing company has been experiencing email account compromised. In one incident,
a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil.
Which of the following account policies would BEST prevent this type of attack? Network location Impossible travel time Geolocation Geofencing.
A financial analyst is expecting an email containing sensitive information from a client. When the email
arrives, the analyst receives an error and is unable to open the encrypted message. Which of the following
is the MOST likely cause of the issue? The S/MME plug-in is not enabled The SLL certificate has expired. Secure IMAP was not implemented POP3S is not supported.
An organization suffered an outage and a critical system took 90 minutes to come back online. Though
there was no data loss during the outage, the expectation was that the critical system would be available
again within 60 minutes Which of the following is the 60- minute expectation an example of: MTBF RPO MTTR RTO.
A security audit has revealed that a process control terminal is vulnerable to malicious users installing and
executing software on the system. The terminal is beyond end-of-life support and cannot be upgraded, so
it is placed on a projected network segment. Which of the following would be MOST effective to implement
to further mitigate the reported vulnerability? DNS sinkholding DLP rules on the terminal An IP blacklist Application whitelisting.
A researcher has been analyzing large data sets for the last ten months. The researcher works with
colleagues from other institutions and typically connects via SSH to retrieve additional data. Historically,
this setup has worked without issue, but the researcher recently started getting the following message:
Which of the following network attacks is the researcher MOST likely experiencing? MAC cloning Evil twin Man-in-the-middle ARP poisoning.
Which of the following scenarios would make a DNS sinkhole effective in thwarting an attack? An attacker is sniffing traffic to port 53, and the server is managed using unencrypted usernames and
passwords. An organization is experiencing excessive traffic on port 53 and suspects an attacker is trying to DoS
the domain name server. Malware trying to resolve an unregistered domain name to determine if it is running in an isolated
sandbox Routing tables have been compromised, and an attacker is rerouting traffic to malicious websites.
An organization is developing a plan in the event of a complete loss of critical systems and data. Which of
the following plans is the organization MOST likely developing? Incident response Communications Disaster recovery Data retention.
A security analyst is investigating an incident to determine what an attacker was able to do on a
compromised laptop. The analyst reviews the following SIEM log:
Which of the following describes the method that was used to compromise the laptop? An attacker was able to move laterally from PC1 to PC2 using a pass-the-hash attack An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an
embedded PowerShell in the file An attacker was able to install malware to the CAasdf234 folder and use it to gam administrator nights
and launch Outlook An attacker was able to phish user credentials successfully from an Outlook user profile.
Local guidelines require that all information systems meet a minimum-security baseline to be compliant.
Which of the following can security administrators use to assess their system configurations against the
baseline? SOAR playbook Security control matrix Risk management framework Benchmarks.
A company is designing the layout of a new datacenter so it will have an optimal environmental
temperature Which of the following must be included? (Select TWO) An air gap A cold aisle Removable doors A hot aisle An loT thermostat A humidity monitor.
A document that appears to be malicious has been discovered in an email that was sent to a company's
Chief Financial Officer (CFO). Which of the following would be BEST to allow a security analyst to gather
information and confirm it is a malicious document without executing any code it may contain? Open the document on an air-gapped network View the document's metadata for origin clues Search for matching file hashes on malware websites Detonate the document in an analysis sandbox.
A recent malware outbreak across a subnet included successful rootkit installations on many PCs,
ensuring persistence by rendering remediation efforts ineffective. Which of the following would BEST
detect the presence of a rootkit in the future? FDE NIDS EDR DLP.
A security analyst is reviewing information regarding recent vulnerabilities. Which of the following will the
analyst MOST likely consult to validate which platforms have been affected? OSINT SIEM CVSS CVE.
A public relations team will be taking a group of guest on a tour through the facility of a large e-commerce
company. The day before the tour, the company sends out an email to employees to ensure all whiteboars
are cleaned and all desks are cleared. The company is MOST likely trying to protect against. Loss of proprietary information Damage to the company's reputation Social engineering Credential exposure.
A privileged user at a company stole several proprietary documents from a server. The user also went into
the log files and deleted all records of the incident. The systems administrator has Just informed
investigators that other log files are available for review. Which of the following did the administrator MOST
likely configure that will assist the investigators? Memory dumps The syslog server The application logs The log retention policy.
An organization hired a consultant to assist with an active attack, and the consultant was able to identify
the compromised accounts and computers. Which of the following is the consultant MOST likely to
recommend to prepare for eradication? Quarantining the compromised accounts and computers, only providing them with network access Segmenting the compromised accounts and computers into a honeynet so as to not alert the attackers. Isolating the compromised accounts and computers, cutting off all network and internet access. Logging off and deleting the compromised accounts and computers to eliminate attacker access.
In which of the following risk management strategies would cybersecurity insurance be used? Transference Avoidance Acceptance Mitigation.
Which of the following disaster recovery tests is The LEAST time-consuming for the disaster recovery team? Tabletop Parallel Full interruption Simulation.
A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company
information on user devices. Which of the following solutions would BEST support the policy? Mobile device management Full-device encryption Remote wipe Biometrics.
A symmetric encryption algorithm Is BEST suited for: key-exchange scalability. protecting large amounts of data. providing hashing capabilities, implementing non-repudiation.
A company needs to centralize its logs to create a baseline and have visibility on its security events. Which
of the following technologies will accomplish this objective? Security information and event management A web application firewall A vulnerability scanner A next-generation firewall.
Which of the following are requirements that must be configured for PCI DSS compliance? (Select TWO). Testing security systems and processes regularly Installing and maintaining a web proxy to protect cardholder data Assigning a unique ID to each person with computer access Encrypting transmission of cardholder data across private networks Benchmarking security awareness training for contractors Using vendor-supplied default passwords for system passwords.
Which of the following policies would help an organization identify and mitigate potential single points of
failure in the company's IT/security operations? Least privilege Awareness training Separation of duties Mandatory vacation.
Which of the following describes the ability of code to target a hypervisor from inside? Fog computing VM escape Software-defined networking Image forgery Container breakout.
Which of the following would be BEST to establish between organizations to define the responsibilities of
each party outline the key deliverables and include monetary penalties for breaches to manage third-party
risk? An ARO An MOU An SLA A BPA.
An analyst visits an Internet forum looking for information about a tool. The analyst finds a thread that
appears to contain relevant information. One of the posts says the following:
Which of the following BEST describes the attack that was attempted against the forum readers? SOU attack DLL attack XSS attack API attack.
Which of the following should be put in place when negotiating with a new vendor about the timeliness of
the response to a significant outage or incident? MOU MTTR SLA NDA.
An analyst has determined that a server was not patched and an external actor exfiltrated data on port
139. Which of the following sources should the analyst review to BEST ascertain how the Incident could
have been prevented? The vulnerability scan output The security logs The baseline report The correlation of events.
A company processes highly sensitive data and senior management wants to protect the sensitive data by
utilizing classification labels. Which of the following access control schemes would be BEST for the
company to implement? Discretionary Rule-based Role-based Mandatory.
A large industrial system's smart generator monitors the system status and sends alerts to third-party
maintenance personnel when critical failures occur. While reviewing the network logs the company's
security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the
following mitigations would be BEST for the security manager to implement while maintaining alerting
capabilities? Segmentation Firewall whitelisting Containment Isolation.
The SOC is reviewing process and procedures after a recent incident. The review indicates it took more
than 30 minutes to determine that quarantining an infected host was the best course of action. The allowed
the malware to spread to additional hosts before it was contained. Which of the following would be BEST
to improve the incident response process? Updating the playbooks with better decision points Dividing the network into trusted and untrusted zones Providing additional end-user training on acceptable use Implementing manual quarantining of infected hosts.
Which of the following BEST describes a security exploit for which a vendor patch is not readily available? Integer overflow Zero-day End of life Race condition.
A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The
consultant will be using a service account to scan systems with administrative privileges on a weekly basis,
but there is a concern that hackers could gain access to account to the account and pivot through the
global network. Which of the following would be BEST to help mitigate this concern? Create consultant accounts for each region, each configured with push MFA notifications. Create one global administrator account and enforce Kerberos authentication Create different accounts for each region. limit their logon times, and alert on risky logins Create a guest account for each region. remember the last ten passwords, and block password reuse.
During an incident response, a security analyst observes the following log entry on the web server:
Which of the following BEST describes the type of attack the analyst is experiencing? SQL injection Cross-site scripting Pass-the-hash Directory traversa.
The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to
work from home anytime during business hours, incident during a pandemic or crisis, However, the CEO is
concerned that some staff members may take advantage of the of the flexibility and work from high-risk
countries while on holidays work to a third-party organization in another country. The Chief information
Officer (CIO) believes the company can implement some basic to mitigate the majority of the risk. Which of
the following would be BEST to mitigate CEO's concern? (Select TWO). Geolocation Time-of-day restrictions Certificates Tokens Geotagging.
A host was infected with malware. During the incident response, Joe, a user, reported that he did not
receive any emails with links, but he had been browsing the Internet all day. Which of the following would
MOST likely show where the malware originated? The DNS logs The web server logs The SIP traffic logs The SNMP logs.
An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against
loss or data theft. Which of the following would be the MOST acceptable? SED HSM DLP TPM.
|
