SY0-106 Flashcards


Set Details Share
created 3 years ago by Heather_McGehee
3,991 views
Security+
updated 3 years ago by Heather_McGehee
show moreless
Page to share:
Embed this setcancel
COPY
code changes based on your size selection
Size:
X
Show:

1

Which of the following will MOST likely adversely impact the operations of unpatched traditional programmable - logic controllers, running a back-end LAMP server and OT systems with human-management interfaces that are accessible over the internet via a web interface?(PICK 2)

SQL injection

Server-side request forgery

2

A small business just recovered from a ransomware attack its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again.

Which of the following should thew IT administrator do FIRST after recovery?

Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis

3

An attack is attempting to exploit users by creating a fake website with the URL www.validwebsite.com. The attacker's intent is to imitate the look and fell of a legitimate website to obtain personal information for unsuspecting users.

Which of the following social-engineering attacks does this describe?

Pharming

4

Which of the following is a team of people dedicated testing the effectiveness of organizational security programs by emulating the techniques of potential attackers?

Red Team

5

To reduce costs and overhead, an organization wants to move from an on-premises email solution to a cloud-based email solution. At this time, no other services will be moving.

Which of the following cloud models would BEST meet the needs of the organization?

SaaS

6

A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked.

Which of the following would BEST these requirement?

OCSP

7

A security analyst needs to complete an assessment. The analyst is logged into a server and must use native tools map services running on it to the server's listening ports.

Which of the following tools can BEST accomplish this talk?

Netstat

8

On which of the following is the live acquisition of data for forensic analysis MOST dependent?

(PICK 2)

Value and Volatility of data

Right-to-audit clauses

9

An organization's Chief Security Officer (CSO) wants to validate the business's involvement in the incident response plan to ensure its validity and thoroughness.

Which of the following will the CSO MOST likely use?

A tabletop exercise

10

During a routine scan of a wireless segment at a retail company, a security administrator discovers several devices are connected to the network that do not match the company's naming convention and are not the asset inventory. WiFi access is protected with 255-Wt encryption visa WPA2. Physical access to the company's facility requires two-factor authentication using a badge and passcode.

Which of the following should the administrator implement to find and remediate the issue? (PICK 2)

Enable MAC filtering on thew switches that support the wireless network

Scan the wireless network for rogue access points

11

Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?

GDPR

12

An organization routes all of its traffic through a VPN. Most users are remote and connect into a corporate datacenter that houses confidential information. There is a firewall at the internet border followed by a DIP appliance, the VPN server and the datacenter itself.

Which of the following is the WEAKEST design element?

Encrypted VPN traffic will not be inspected when entering or leaving the network

13

Joe, an employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm Joe's identity before sending him the prize

Which of the following BEST describes this type of email?

Phishing

14

A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area.

Which of the following would MOST likely have prevented this breach?

A USB data blocker

15

A security analyst discovers several .jpg photos from a cellular phone during a forensics investigation involving a compromised system. The analyst runs a forensics tool to gather file metadate .

Which of the following would be part of the images if all the metadata is still intact?

The GPS Location

16

A security analyst discovers that a company username and password database was posted on an internet forum. The username and passwords are stored in plan text.

Which of the following would mitigate the damage done by this type of data exfiltration in the future?

Implement salting and hashing

17

Which of the following would be BEST to establish between organizations that have agreed cooperate and are engaged in early discussion to define the responsibilities of each party, but do not want to establish a contractually binding agreement?

A MOU

18

A RAT that was used to compromise an organization's banking credentials was found on a user's computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management toolset.

Which of the following recommendations would BEST prevent this from reoccurring?

Enforce application whitelisting

19

Users have been issued smart cards that provide physical access to a building. The cards also contain tokens that can be used to access information systems. Users can log in to any thin client located throughout the building and see the same desktop each time.

Which of the following technologies are being utilized to provide these capabilities? (PICK 2)

VDI

RFID

20

A malicious actor recently penetration a company's network and moved laterally the the datacenter. Upon investigation, a forensics firm wants to know was in the memory on the compromised server.

Which of the following files should be given to the forensics firm?

Dump

21

A security administrator currently spends a large amount of time on common security tasks, such as report generation, phishing investigations, and user provisioning and deprovisioning. This prevents the administrator from spending time on other security projects. The business DOES NOT have the budget to add more staff members.

Which of the following should administrator implement?

SOAR

22

A security analyst needs to be proactive in understand the types of attacks that could potentially target the company's execute.

Which of the following intelligence sources should security analyst review?

Industry information-sharing and collabortation groups

23

Which of the following organizational policies are MOST likely to detect fraud that is being conducted by existing employees?

(PICK 2)

Mandatory Vacation

Job Rotation

24

N/A

N/A

25

A network engineer has been asked to investigate why several wireless barcode scanners and wireless computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and computers are all on forklift trucks and move around the warehouse during their regular use.

Which of the following should the engineer do to determine the issue?

(PICK 2)

Perform a site survey

Create a heat map

26

Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?

EDR

27

A user recently attended an exposition and received some digital promotional materials. The user later noticed blue boxes popping up and disapppearing on the computer, and reported receiving several spam emails. Which the user DID NOT open.

Which of the following is MOST likely the cause of the reported issuse?

There was malicious code on the USB drive

28

A company. Is upgrading It's Wireless infrastructure. To WPA2. - Enterprise Using. Eap-tls. Which of the following? Must be part of the security architecture, to achieve a AAA.

Radius

29

A company Recently experienced an attack in which a malicious actor was able to exfiltrate data by cracking stolen passwords using a rainbow table, the sensitive data. Which of the following should be?

Secretly engineered to do. Prevent such an attack in the future. Question mark.

Implement password salting

30

A vulnerability assessment report will include the CVS s score of the discovered vulnerabilities because the score allows the organization to better.

Prioritize remediation of vulnerabilities based on the possible impact.

31

Information officer CIO is meeting with the Chief Information, Security Officer ciso to plan some activities, to enhance the skill levels of the company's developers, which of the following would be most suitable for training the Developers.

Role Based Security Awareness training

32

A database administrator needs to ensure all passwords or stored in a secure manner. So the administrator adds remotely generated data to each password before string.

Role Based Security Awareness Training

33

A pharmaceutical sales representative logs on to a laptop and connects to the public Wi-Fi to check emails and update reports, which of the following would be the best to prevent other devices on the network from directly accessing the laptop.

a host-based firewall

a DPL solution

34

Which of the following control sets should a well-written BCP include?

Preventive

Corrective

Recovery

35

A Smart Switch has the ability to monitor electrical levels and shut off power to a building in the event of a power, surge or other fault situation. A switch was installed on a wired Network. In a hospital and is monitored by the facilities Department via a cloud application. The Security administrator isolated, the switch on a separate VLAN and set up a patch routine, which of the following steps would also be taken to harden the Smart Switch.

Change the default password for the switch

36

A company recently, moved sensitive videos between on premises company own websites. The company had then learned. The videos have been uploaded and shared on the internet, which of the following. Would most likely allow the company to find the cause.

A log analysis

37

In which of the following common use cases would stenography be employed?

Obfuscation

38

And end user reports that computer has been acting slower than normal for a few days during an investigation and analysts determines. The system is sending the users email address and a 10-digit number to an IP address. Once a day. The only recent log entry regarding the computers, is the following

The end user purchased and installed a PUP from a web browser

39

A cyber security department purchased a new Pam solution. The team is planning to randomize the service account credentials of the Windows Server first, which of the following would be the best method to increase the security of the Linux server.

Use SSH keys and remove generic passwords

40

Phishing and spear phishing attacks, have been occurring more frequently against a company staff, which of the following would most likely help mitigate the issue.

DNSSEC and DMARC

41

An organization wants to implement a third factor to an existing multi-factor authentication. The organization already uses a smart card and password which of the following would meet the organization's needs for the third Factor.

Fingerprints

42

Which of the following will most likely cause machine learning and AI enabled systems to operate with unintended consequences?

data bias

43

A manufacturer creates design for very high security products that are required to be protected, and controlled, by the government regulations. These designs are not accessible by corporate networks, or the internet, which of the following would be the best solution to protect these designs.

An air gap

44

A security auditor is reviewing vulnerability scan data provided by an internal security team, which of the following best indicates the valid credentials were used.

The scan enumerated software versions of the installed programs.

45

After a ransomware attack a forensics company needs to review. A cryptocurrency transaction between the victim and the attacker, which of the following will the company most likely review to trace this transaction.

The public ledger

46

A chief security officer. CSO is concerned about the amount of pii that is stored locally on each salesperson. Slap top. The salesperson has a higher than average rate of lost equipment. Which of the following recommendations would best address the cso's concern.

A CASB

47

A security analyst is reviewing the output of a web server login notices, that particular account, is attempting to transfer large amounts of money, which of the following types of attacks is most likely being conducted.

Session relay

48

A network technician, is installing a guest wireless network at a coffee shop. When a customer purchases an item, the password for the wireless network is printed on the recent. So the customer can login, which of the following will. The technician most likely configured to provide the highest level of security at that least amount of overhead.

WPA-PSK

49

When used at the design stage, which of the following improves, the efficiency, accuracy, and speed of a database?

Normalization

50

Employees are having issues, accessing the company's website, some employees report, very slow performance. While others cannot the website at all, the web and Security administrator search, the logs and find millions of okay, half open connections to Port, 443 on the web server, future analysis, reveals, thousands of different Source, IPS initiating the traffic. Which of the following attacks is the most likely occurred?

DDoS

51

A company. He has decided to move its operation to the cloud. It wants to utilize technology that will prevent users from downloading Company applications for personal use to restrict data that is uploaded and have visibility and it which applications are being used across the company, which of the following Solutions will best meet these requirements.

A CASB

52

A company has determined that if it's computer-based, manufacturing is not functional for 12 hours consecutively, it will lose more money than it costs to maintain the equipment, which of the following must be less than 12 hours to maintain a positive total cost of ownership.

RTO

53

Which of the following environments, minimizes end-user disruption, and is most likely to be used to access the impacts of any database migrations or major system changes by using the final version of the code.

Staging

54

Which of the following ISO standards is certified for privacy.

ISO 27701

55

A network administrator needs to build out a new data center with the focus on resilience and uptime, which of the following would be best meet this objective.

Dual Power Supply

NIC Teaming

56

An organization has implemented a policy, requiring. The use of conductive metal lock boxes for personal electronic devices outside of the secure research lab, which of the following did, the organization determined to be the greatest risk to intellectual property when creating this policy.

Data exfiltration over a mobile hotspot

57

A company recently, transitioned to a strict BYOD culture due to the cost of replacing lost or damaged corporate. Vices which of the following Technologies would be best to balance the BYOD culture while also protecting the company's data.

Containerization

58

Several employees return to work the day after attending an industry trade show that same day, the security manager. Notices several mayor Weller alerts coming from each of the employees work stations. This security manager, investigates, but finds no sign of an attack on the perimeter, firewall, or the nids, which of the following is most likely causing the malware or alerts.

A USB flash drive that is trying to run malicious code but is being blocked by the host firewall

59

The it departments on-site developer has been with the team for many years. Each time. An application is released. The security team is able to identify the multiple vulnerabilities, which of the following would best help. The team ensure. The application is ready to be released to production.

Submit the application to QA before releasing it

60

A security analyst needs to implement an MDM solution for BYOD users. That will allow the company to retain control over company emails, residing on the device and limit data exfiltration that might occur. If the devices are lost or stolen, which of the following would best meet the requirements.

Full-device encryption

Containerization

61

A recently discovered zero-day exploit utilizes an unknown vulnerability in the SMB Network protocol to reply to rapidly, infect computers Once infected computers are encrypted and held at Ransom, which of the following would be the best prevent this attack from reoccurring.

Configure the perimeter, firewall to deny inbound, external connections to SMB ports.

62

A system administrator needs to implement an access control scheme that will allow and objectives. Access policy to be determined by its owner, which of the following Access Control scheme. Best fits the requirements.

Discretionary access control

63

An information security incident, recently occurred at an organization and the organization was required to report the incident to authorities and notify the affected parties. When the organization's customers became aware of the incident, some reduced, their orders are stopped, placing orders and entirely, which of the following is the organization experiencing.

Reputation Damage

64

A security engineer needs to implement an MDM solution that companies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their devices. The following requirements must be met mobile devices. OS. Must be patched up to the latest release, the screen, lock must be enabled, passcode or biometric corporate data, must be removed if the device is reported lost or stolen, which of the following. Trolls should the security engineer configure?

Remote Wipe

Full-Device encryption

65

The IT department at a university is concerned about the professor's, placing servers on the University Network, in an attempt to bypass, security controls, which of the following best represents this type of threat

Shadow IT

66

An organization is concerned that it's hosted, web services are not running. The most updated version of the software, which of the following would be the best to help identify potential vulnerabilities.

nmap comptia.org -p 80- sV

67

An attacker is trying to gain access by installing malware on a website. That is known to be visited by the Target victims. Which of the following is the attacker, most likely attempting.

A waterhole-hole attack (Pharming)

68

A critical for our server is being upgraded in the system administrator must determine which RAID level. The new server will need to achieve. parity and handle to simulation disk failures, which of the following delayed raid levels meets this requirement.

RAID 6

69

Following a prolonged data center outage that affected web-based sales at company, has decided to move its operations to a private Cloud Solutions. A security team has received the following requirements. There must be visible in to how teams are using cloud-based Services. The company must be able to identify when data related to credit card payments. As being sent to the cloud data must be available. Regardless of the end-users geographical location. Administrators need a simple pane of glass. You

Into the traffic and Trends which of the following should the security analysts recommend.

Implement a CASB solution

70

Which of the following would most likely support the Integrity of a voting machine?

Blockchain

71

An auditor is performing an assessment of a security, Appliance with an embedded OS. That was vulnerable during the last two assessments, which of the following best explains the appliances vulnerable state?

The vendor has not supplied a patch for the appliance.

72

A company wants to deploy pki on the internet facing website. The application that are currently deployed are www.company.com.Contact us.company.com quotes.company.com., The company wants to purchase one. SSL certificate that will work with all existing applications in any future applications that follow the same naming conventions, such as store company.com, which of the following certificates would be best to meet these requirements.

Wildcard

73

A cyber security analyst reviews, the log files from a web server and sees that a series of files, that indicate a directory transversal attack has occurred, which of the following is the analysts most likely seeing

http://sample.url.com/someotherpageonthesite/../../../etc/shadow

74

A security analyst needs to determine how an attacker was able to use user 3 to gain a foothold within the company's Network. The company's lockout policy requires that an account. We locked out for a minimum of 15 minutes. After three unsuccessful attempts are reviewing the log files analysts, discovered the following.

Brute-force

75

A security analyst is logged into a Windows file server. Needs to see who is accessing the files from, which computers, which of the following tools should be analysts use.

netstat

76

A chief security officer cso's key priorities are to improve preparation response and Recovery practices to minimize system downtime and to enhance organizational resilience to ransomware attacks, which of the following would best meet the cso's objectives.

Implement application, whitelisting and centralized event. Log management of perform regular testing and validation of full backups.

77

A security manager for retailer needs to reduce the scope of a project to comply with PCI DSS. The PCI Data is located in a different office than where the credit cards are accepted. All the offices are connected via mpls back to the primary data center, which of the following should the security manager Implement to achieve this objective.

Segmentation

78

Which of the following describes the best approach for deploying application, patches?

Apply the patches to the system in a testing environment, then two systems, and a staging environment. And then finally, to production systems.

79

A small company that does not have security staff wants to improve its security posture, which of the following would be the best to assist the company.

MSSP

80

Which of the following best explains the difference between a data owner and a data custodian?

The data owner is responsible for determining how much the data must be used, while the data custodian is responsible for implementing the protection of the data.

81

Which of the following provides the best protection for sensitive information and data stored in Cloud Based Services, but still allows for full functionality and searchability of data within the cloud-based services.

Data encryption

82

Which of the following incident response steps, involves the action to protect critical systems while maintaining business operations?

Containment

83

A chief information security officer. Ciso is The organization's ability to contain business operations in the event of a prolonged DDOS attack. On the local data center that consumes data resources, which of the following will the ciso most likely recommend to mitigate the risk.

Implement a hot-site failover location

84

A company is implementing MFA to all applications that store sensitive data, the it manager wants MFA to be non-disruptive and user-friendly, which of the following technology should the it manager use when implementing MFA.

Push Notifications

85

Which of the following best explains. The reason why server administrator would place a document named password.txt on a desktop of an administrator account on a server?

The document is a honeyfile and is meant to attract the attention of a cyber intruder.

86

A security analyst receives an SIEM alert that someone logged in to the admin app, test account, which is only used for early detection of attacks the security analysts then reviews The Following application log. Which of the following can the security analysts conclude?

And injection attack is being conducted against the user authentication system.

87

A security assessment determines DES and 3DES is that still being used on recently deployed production servers? Which of the following did the assessment identify?

Weak Encryption

88

A security assessment determines DS and 3DS is that still being used on recently deployed production servers? Which of the following did the assessment identify?

Whaling

89

A security analyst needs to poor form. A periodic vulnerability scans on production systems, which of the following scan types would best produce the vulnerability scan report.

Credentialed

90

A security modem may have occurred on a desktop PC of an organization's chief executive officer CEO. A duplicate copy. This easel hard drive must be stored securely to ensure appropriate forensics processes in the chain of custody are followed, which of the following should be performed to accomplish this task.

Connect a write blocker to the hard drive. Then leveraging a forensic workstation utilize the DD command on a live LINUX environment to create a duplicate copy.

91

A security analyst is looking for a solution to help communicate to the leadership team. The severity levels of the organization's former abilities, which of the following would best meet this need.

CVSS

92

An organization concerned that is hosted, web servers are not running with the most updated version of the software, which of the following would best to help identify potential vulnerabilities.

nmap comptia.org -p 80 -sV

93

An organization has been experiencing outage during holiday sales and needs to ensure availability of its point to cell system. The it administrator has been asked to improve both server-side data fault, tolerance and the site's availability under high consumer load, which of the following best options to accomplish this objective.

load balancing

RAID

94

A security analyst is investigating an incident. That was first reported to an issue, concerning to network shares and the internet.

While reviewing logs and Tool output the analyst sees the following. Which of the following attacks has occurred?

ARP poisoning

95

The sea sirt is reviewing the lessons. Learned from the recent incident. A worm was able to spread unhindered through the network and infected a large number of computers and servers, which of the following would be the best recommendation to mitigate the impacts of a similar incident in the future.

Segment, the network with firewalls.

96

A security administrators suspect that there may be unnecessary Services running on the server, which of the following tools would the administrator most likely used to confirm the suspicions

nmap

97

A recent audit uncovered, a key finding regarding the use of a specific encryption standard in a web application. That is used to communicate with business customers due to technical limitations of its customers. The company is unable to upgrade the encryption standard, which of the following types of controls should be reduced the risk created by the scenario.

Compensating

98

A retail executive recently, accepted a job with a major competitor the following week. A security analyst reviews the security logs and identify successful. Login attempts to access the Departed Executives account, which of the following security practices would have addressed this issue.

Offboarding

99

Which of the following job. Roles would sponsor data quality and data entry initiatives, that ensure business and regulatory requirements are met

The data Steward

100

Which of the following controls is a turnstile

physical

101

After Consulting with the chief risk, officer CRO a manager decides to acquire cyber security insurance for the company, which of the Risk management. Strategies is the manager adopting.

Risk transference

102

A nuclear plant was the victim of a recent attack in all of the networks were air-gaped. A subsequent investigation reveals a worm as the source of the issue. What is the best explanation for what happened?

A malicious USB was introduced by an unsuspecting employee.

103

N/A

N/A

104

And organization has hired a security analyst to perform a penetration test. The analyst captures one gig worth of inbound, Network traffic to the server and transfers, the pcap back to the machine for analysis, which of the following tools, should the analyst use to Future review the pcap.

Wireshark

105

A Security Administrative text, the table of a network switch, which shows the following output which of the following is happening to the switch.

MAC Flooding

106

The process of passively gathering information prior to launching a Cyber attack is called.

Reconnaissance.

107

A company is launching a new internet platform for its clients. The company does not want to implement its own authorization solution. But instead wants to rely on the authorization provided by another platform, which of the following is the best approach to implement the desired solution.

Oauth

108

A user recent sent an SMS on a mobile phone, that asked for bank transfer, which of the following social engineering techniques was used. In this case.

Smishing

109

Which of the following algorithms has the smallest key Size?

DES

110

An attacker has successfully exfiltrated, several non salted, password, hashes from an online system, which of the following describes, the type of password attack dis attackers performing.

Brute Force

111

A security engineer needs to implement the following requirements. All layer 2 switches should average active directory for authentication, all layer 2. Switches should have local fallback authentication. If active, directories offline. All layer 2 switches are not the same and are manufactured by different vendors, which of the following actions, should the engineer take to meet these requirements.

Implement RADIUS

Configure AAA on the switch with local login as secondary

112

A startup company is using multiple SaaS and IaaS platforms, to stand up at corporate infrastructure and build out a customer facing web application. Which of the following solutions would be the best to provide security manageability and visibility into these platforms.

CASB

113

A user is concerned that the web application will not be able to handle unexpected or random inputs without crashing, which of the following best describes, the type of testing the users should perform.

fuzzing

114

A company recently set up an e-commerce portal to sell its product online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard, which of the following standards must accompany complying with before accepting credit cards on its e-commerce platform.

PCI DSS

115

A Security administrator needs to create a RAID configuration that is focused on high speeds and fault tolerance. It is unlikely, the multiple drives will fail simultaneously, which of the following raid configurations? Should the administrator use?

RAID 5

116

A cyber security analyst needs to implement secure authentication to third-party websites without users passwords, which of the following would be the best way to achieve this objective.

SAML

117

Which of the following allows for functional test data to be used in a new system for testing and training purposes to protect the read data?

Data Masking

118

Which of the following Cloud models. Provide clients with server storage and networks, but nothing else?

IaaS

119

A small retail business that has a local store and newly established and growing online. Storefront a recent storm caused a power outage to the business and local ISP resulting in several hours worth of lost sales and delayed order processing. The business owner, now needs to ensure two things protection from Power surges. Always available connectivity. In case of an outage, the owner has decided to implement battery backups for the computer equipment, which of the following

Would best fulfill the owners secondary needs.

Purchase services from a cloud provider for high availability.

120

An organization needs to implement more, stringent controls over administrator, /root credentials, and service accounts. Requirements for the project include check-in/check-out of credentials, the ability to use, but not know the password, automated password changes. Logging of access to credentials which of the following solutions would meet these requirements.

A privileged access management system

121

A security analyst is hardening a Linux workstation. No must ensure. It has public Keys forwarded to remote systems for secured login, which of the following steps with the analysts perform to meet these requirements.

Forward the keys using ssh-copy-id

Forward the keys using scp

122

Which of the following will provide the best physical security countermeasures to stop Intruders?

Mantraps

Fencing

123

The manager is responsible for a data set has asked a security engineer to apply encryption to the hard disk.

The security engineer and an example of

data processor

124

In organizations, help desk is flooded with phone calls from user stating that they can no longer access certain websites. The helpdesk escalates the issue to the security team as these websites are accessible to previous day. The security analyst run the following command ipconfig /flushdns, but the issue persist. Finally, the NSA analyst changes. The DNS server for an impacted machine in the issue goes away, which of the following attacks is Most likely occurred on the original DNS server.

DNS cache posioning

125

An attacker is attempting to exploit users by creating a fake website, and redirecting users, which of the following social engineering attacks. Does this describe?

Pharming

126

Well-known organization has been experiencing attacks from API's. The organization is concerned. The custom malware is being created and emailed into the company or installed on a USB sticks that are dropped in parking lots, which of the following is the best defense to test the Newfound software.

Implementing application execution, in the sandbox for unknown software.

127

After reading a security bulletins and network security managers concerned that a malicious actor, may have breached the network using the same software flaw. The exploit code is publicly available and it has been reported as being used against other Industries in the same vertical which of the following should the network security manager. Consult first to determine the priority list of the forensic review.

The vulnerability scan output

128

A security analyst receives the configuration of her current VPN profile and notices. The authentication is only applied to IP diagram portion of the packet, which of the following should the analysis Implement to authenticate the entire packet.

AH

129

The facility's supervisor for government agency is concerned about the author unauthorized access to environment systems in the event of a staff. Wi-Fi network is breached. Which of the following would best address the security concern.

Segment the staff Wi-Fi network from the environmental systems Network.

130

A startup company is using multiple SaaS, and IaaS platforms to stand up a corporate infrastructure and build out a new customer facing web application, which of the following solutions would best to provide security, manageability and visibility onto the platforms.

CASB

131

A security analyst needs to make a recommendation for restricting access to certain segments of a network using only data link layer security, which of the following controls will be the analyst, most likely recommended.

MAC

132

A network administrator or like you to configure a site-to-site, VPN you utilizing ipsec. The administrator wants the tunnel to be established with data Integrity encryption authentication and anti relay functions, which of the following should the administrator use when configuring the VPN?

ESP

133

N/A

N/A

134

A network engineer is troubleshooting, wireless network connectivity issues that were reported by users. The issues are occurring only in sections of the building. That is closest to the parking lot users are immediately experiencing slow speeds when accessing websites and are unable to connect to network drives. The user appears to increase when the laptop uses return desk, after using their devices in an area of the building. There are also reports of users being required to enter credentials on to Pages. Order to gain access to them, which of the following is the most likely cause of the issue.

An external access point is engaging an evil twin attack.

135

Joe a user at a company, clicked on an email link led to a website that infected his workstation Joe was connected to the network and the virus spread to the network shares to protective measures failed to stop the virus and it was has contained to evade detection, which of the following should the administrator Implement protect the environment from malware.

Implement a heuristic Behavior, detection solution.

136

The following is Administrative control, that would be most effective to reduce the occurrence of malware execution.

Security Awareness Training

137

A cyber security. Manager, has scheduled biannual meetings with the IT team and the department leaders discuss, how they would respond to hypothetical cyber attacks during these meetings, the manager plans, a scenario and injects additional information through the session to replicate what might occur in a dynamic cybersecurity event involving the company. Its facilities its data and its staff which of the following describes, what the manager is doing.

Conducting a tabletop exersise

138

A financial organization has adopted a new secure encrypted document sharing application to help its customers. Loan process has some important PII needs to be shared across the new platform, but it is blocked by the DPL system, which of the following actions will best allow the PII to be shared with the secured application without compromising the organization security posture.

Configure the DPL policies to whitelist this application with the specific PII

139

An analyst needs to identify the applications, a user is running and the files that they were open before. The computer users computer will shut off by holding down the power button, which of the following would most likely contain that information.

Pagefile

140

A security analyst is configuring a large number of new company, issued laptops, the analysts received the following requirements. The devices will be used, internally by staff, who travel extensively occasional personal use is acceptable due to the travel requirements. Users must be able to install and configure sanctioned programs and productivity suites. The devices must be encrypted. The devices must be capable of operating and low bandwidth Pro environments.

Which of the following would be provide the greatest benefit to the security posture of the devices?

Implementing application whitelisting

141

A user recently entered a username and password into a recruiting application website that has been formed to look like the legitimate site upon investigation, a security analyst the identities the following. The legitimate websites IP address is 10.1.1.20, Andy recruit locally resolves to the IP, the forged websites IP address appears to be 10.2.12 99 based on the net flow records. All three of the organization's. DNS server shows the website correctly resolves to the legitimate IP. DNS query logs shows one of the three DNS servers returning, a result of 10.

That 1299 cashed at the appropriate approximate time as a suspected compromise, which of the following most likely occurred?

Am attacker temporarily pawned a name server

142

While checking logs, a security engineer notices, a number of end users suddenly downloading files with the dot r dot gz. Extension closer examination of the files. Reveals. They are PE 32 files the end-user states. They did not initiate any downloads. Further investigation. Reveals, the end-users all clicked on an external email containing an affected MHT file and the href link. A week prior, which of the following is most likely occurred.

a RAT was installed and is ttransferring additional exploit tools

143

A company uses Wireless laptops for all and keeps very detailed record of its assets along with a comprehensive list of devices that are authorized to be on the wireless network. The Chief Information officer. CIO is concerned about a script kiddie. Potentially being an unauthorized device to brute-force the wireless PSK and obtain access to the internal Network. Which of the following should the company Implement to Best prevent this from happening. Hurry.

WPA-EAP

144

N/A

N/A

145

A chief executive officers CEOs personal information was stolen and a social engineering attack, which of the following sources would reveal. If the CEOs personal information is for sale.

the dark web

146

An organization has a growing Workforce that is mostly driven by additions to sales department, even newly hired salesperson real. It relies on mobile device, to conduct business. The Chief Information officer, CIO is wondering if the organization may need to scale down just as quickly as it scaled up. The CIO is also concerned about the organization security, and customer privacy, which of the following would best to address this cios concerns.

Implementing BYOD for the sales department. While leveraging MD m.

Implementing BYOD for the sales department. While leveraging MDM.

147

A worldwide manufacturing company has been experiencing email account compromises and one incident, a user logged in from the corporate office in France, but then seconds, later the same user account attempted to login, from Brazil, which of the following account policies would best prevent this type of attack.

Geolocation

148

Financial analyst is expecting an email, containing sensitive information from a client. When the email arrives, the analyst receives an error and is unable to open the encrypted message with to the following is most likely the cause of the issue.

The SSL certificate has expired

149

An organization, suffered, an outage and a critical system, took 90 minutes to come back online. Though. There were no data loss. During the outage, the expectation was that the critical system would be available within 60 minutes, which of the following is the 60-minute expectation. And example of

MTTR

150

A security audit has revealed that they process control terminal is vulnerable to malicious users installing and executing software on the system. The terminal is beyond end of life support and cannot be upgraded. So, it is placed on a projected Network segment, which of the following would be most effective to the Implement to further mitigate the report vulnerability.

Application whitelisting

151

A researcher has been analyzing large data sets for the last 10 months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following messages, which of the following Network attacks is the researcher most likely experiencing.

Man-in-the-middle

152

Which of the following scenarios would be make a sinkhole effective and authority and attack?

Routing tables have been compromised and attackers rerouting traffic to malicious websites.

153

An organization is developing a plan in the event of a complete loss of critical systems and data, which of the following plans is the organization mostly likely developing.

Disaster Recovery

154

A security analyst is investigating an incident to determine what an attacker was able to do on a compromise laptop. The analysis reviews, The Following SIEM log, which of the following describes the method that was used to compromise the laptop.

The attacker was able to bypass application. Whitelisting by emailing a spreadsheet attached with an embedded Powershell in the file.

The attacker was able to bypass application. Whitelisting by emailing a spreadsheet attached with an embedded Powershell in the file.

155

Local guidelines required that all information systems meet a minimum security Baseline to be compliant, which of the following can security administrators use to access their system configurations against the Baseline

Benchmarks

156

A Security engineer is setting up passwordless authentication for the first time

ssh-keygen -t rsa

ssh-copy-id -i ~/.ssh/id/id_rsa.pub user@server

ssh -i ~/.ssh/id_rsa user@server

157

A company is designing the layout of a new data center. So it will have the optimal environmental temperature which of the following must be included.

a cold aisle

a hot aisle

158

A document that appears to be malicious has been discovered in an email that was sent to a company's Chief Financial Officer CFO, which of the following would be the best to allow a security analyst to gather information and confirm that it is a malicious document without executing any code in my contain.

Detonate the document with an analyst sandbox.

159

A recent malware outbreak across a subnet included successful. Rootkit installations on many PCs ensuring persistence by rendering remediation efforts and effective.

Which of the following would best detect the presence of a rootkit in the future?

EDR

160

A security analyst is reviewing information regarding recent vulnerabilities, which of the following will the analyst most likely consult to validate which platforms has been affected.

CVE

161

A public relations team will be talking a group of guests on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure. All whiteboards are cleaned and all data disc or cleared. The company is most likely trying to protect against.

Loss of proprietary information

162

A privileged user in a company stole several proprietary documents from a server. The user also went into the log files, deleted all records of the incident. The system administrator has just informed investigators that the other log files are available for review, which of the following did. The administrator most likely configure that will assist with the investigation.

The syslog server

163

An organization, hired, a consultant to assist with the active attack and the consultant was able to identify the compromised accounts, a computers, which of the following is the consultant most likely to recommend prepare for eradication.

Isolating the compromised accounts of computers, cutting off all network and internet access.

164

In which of the following risk management strategies would cybersecurity Insurance be used?

Transference

165

Which of the following Disaster Recovery test is the least time consuming of the disaster recovery team?

Tabletop

166

A company is adopting, a BYOD policy and is looking for a comprehensive solution to protect company information on their user devices.

Mobile Device Manager

167

A symmetric encryption algorithm is best suited for.

protecting large amounts of data

168

A company needs to centralize its logs to create a Baseline and have visibility on its security events, which of the following technologies will accomplish this objective.

Security Information and Event Management

169

Which of the following are requirements that must be configured for PCI DSS compliance?

Assigning a unique ID to each person with computer access. Encrypting transmission of cardholder data across private Networks.

170

Which of the following policies would help an organization identify and mitigate potential single points of failure in the company's IT/ security operations?

Mandatory Vacations

171

Which of the following describes, the ability to code a target, a hypervisor from inside?

VM escape

172

Which of the following would best to establish between organizations to Define responsibilities of each party. Outlining the key deliverables and include monetary penalties for breaches to manage third-party risk.

BPA

173

An analyst visits an internal Forum looking for information. About a tool, the analyst finds a threat that appears to contain relevant information. One of the post says the following which of the following best describes the attack, that was attempted against the forum readers.

XSS attack

174

Which of the following should be put in place when negotiating with a new vendor about the timelines of response to a significant outage or incident?

SLA

175

An analyst has determined that a server was not patched and the external actor exfiltrated data on a port 139, which of the following sources should the analyst review to best aascertain. How the incident could have been prevented?

The vulnerability scan output

176

A company process is highly sensitive data and Senior Management wants to protect the sensitive data by utilizing classification labels, which of the following Access Control schemes would be the best for the company to implement.

Mandatory

177

A large industry systems smart generator monitors the system status and sends alerts to a third party. Maintenance person when critical failure occurs while reviewing the network logs. The company's security manager notices that. The generators IP is sending packets to an internal file servers IP, which of the following mitigations would be best for the security manager to implement while maintaining alerting capabilities.

segmentation

178

The SOC is reviewing processes and procedures. After a recent incident, the review indicates. It took more than 30 minutes to determine that quarantine and First was the best course of action, the allowed, the malware to spread to additional host before it was contained, which of the would be the best to improve the incident response process.

Updating the playbooks with better decision points

179

Which of the following best describes a security exploit for which a vendor patch is not readily available.

Zero-day

180

IT consulting is configuring a vulnerability scanner for a large Global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that they hackers could gain access to account to the account in pivot, through the net Global Network, which of the following would best to help mitigate this concern.

Create different accounts for each region and limit their login times. An alert on risky logins.

181

During an incident response, a security analyst observes the following, log entry, on the web server, which of the following best describes. The type of attack the analyst is experiencing.

Directory Traversal

182

The chief executive officer, CEO open our organization. Would like staff members to have the flexibility to work from home. Anytime, during business hours. Incident during a pandemic or crisis. However, the CEO is concerned that some staff members may take advantage of the flexibility and work from home high-risk countries while on holidays working to a third-party organization in another country. The Chief Information officer, CIO believes the company, can implement the same basic to mitigate the majority of the risk. Which of the following would be best to mitigate the CEOs concerns?

Geolocation

Time-of-day restrictions

183

A host was infected with malware. During the incident response, Joe, a use of reported that he did not receive any emails with links, but he had been browsing the internet all day, which of the following would be most likely show where the malware originated.

The DNS Logs

184

An organization with a low tolerance for user. Inconvenience wants to protect laptop, hard drives against data loss, or Data Theft, which of the following would be the most acceptable.

SED

185

An organization with a low tolerance for user. Inconvenience wants to protect laptop, hard drives against data loss, or Data Theft, which of the following would be the most acceptable. A network engineer needs to build a solution that will allow guests at a company headquarters to access. The internet via Wi-Fi. The solution should on allow access to internal corporate network, but it should require guests to sign off on an acceptable use policy before accessing the internet which of the following should the engineer employee to meet these requirements

Install a captive portal

186

Which of the following types of controls is a CCTV camera. That is not being monitored.

Detective

187

An engineer wants to access sensitive data from a corporate mobile device. Personal data is not allowed on the device. Which of the following MDM configurations must be considered when the engineer travels for business.

Containerization

188

A security analyst reviews the data center access logs for fingerprint scanner and notices an absence of errors that correlate with the user's reports of issues. Accessing the facility, which one of the following most likely caused the access issues.

False rejection

189

A cyber Security administrator has reduced team and needs to operate on an on-premises, Network and security infrastructure. Efficiently to help with this situation. The administrator decides to hire a service provider, which of the following, should the administrator use

MSSP

190

Under GDPR which of the following is most responsible for the protection of privacy and website user rights.

The data owner

191

An organization just experienced a major Cyber attack. The attack was well, coordinated sophisticated in the highly skilled, which of the following targeted the organization.

An advanced persistant threat

192

Given the following logs which of the following best describes, the type of attack that occurred.

Dictonary

193

In which of the following situations would it best to be used detective control type for mitigation?

A company purchased an IPS system, but after reviewing the requirements, the appliance was supposed to monitor not blocking any traffic.

194

A security at Ministry expects, an employee has been email and proprietary information to a competitor company. Policy requires the administrator to capture an exact copy the employees hard disk, which of the following should the administrator use

dd

195

Company Engineers regular participate in public internet forms with other Engineers throughout the industry, which of the following tactics. Would an attacker, most likely using this scenario.

waterhole-attack

196

Which of the following would be the best method for creating a detailed diagram of wireless access points and hotspots?

Footprinting

197

Which of the following is the purpose of a risk register?

To identify the risk, the risk owner and the risk measures.

198

A University with remote campuses which all use different service providers, loses internet connectivity across the locations after a few minutes, internet, and VOIP services are restored only to go offline again and random intervals, typically within four minutes of service being restored. Outages could throughout the day impacting, all inbound and outbound connections, and services services that are limited to local or Wi-Fi network is not impacted. But When and VOIP services are affected later that day The Edge, router manufacturer releases a cve outlining, the ability of an attacker to exploit the Sip protocol handling on devices, leading to Resource exhaustion and system reloads, which of the following best describes this type of attack.

DoS

Race condition

199

A security analyst is reviewing a new website that will soon be made publicly available. The analyst, sees the following URL HTTP Dev - CompTIA dot org, slash home slash show dot PHP question, mark session ID, whatever the analyst then sends an internal user, a link to the new website for testing purposes. And when the user clicks, the link the analyst is able. Browse the website without following the URL HTTP Dev site. CompTIA dot org, slash home slash show dot PHP session ID equals US which of the following application attacks is being tested.

Cross-site request forgery

200

Which of the following refers to applications and systems that are used within an organization without consent or approval?

shadow IT

201

A security analyst is performing a packet capture on a series of SOAP HTTP request for a security assessment, the analyst, redirect the output to a file after the capture is complete, the analyst needs to review, the file transactions quickly, and then search the entire series of requests for particular string, which of the following would be this way to accomplish this task.

head

grep

202

Which of the following describes applications and systems that are used within an organization without consent or approval?

Shadow It

203

Which of the following would best identify and remediate and data loss event. And an Enterprise using third-party web based services or file sharing platforms?

DPL

204

A company's Chief Information. Security Officer ciso recently, warned the security manager. That the company's chief executive officer is planning to publish a controversial option, article and a national newspaper, which may result in new cyber attacks. Which of the following would be best for the security manager to do in a threat mode.

Hacktivist

205

A security analyst is reviewing the following attack log output, which of the following types of attacks. Does this most likely represent?

Password Spraying

206

A security analyst is preparing a threat For an upcoming internal. Penetration test to the analyst, needs to identify a method for determining the tactics techniques and procedures of a threat against the organization's Network. Which of the following will the analyst most likely use to accomplish this objective.

MITTR ATTACK

207

A root cause analysis reveals that a web application outage was caused by one of the company's developers. Uploading a new version of a third-party libraries that were shared among several applications, which of the following implementations would be best to prevent the issue from reoccurring.

Containerization

208

A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks, which of the following methods would best protect data.

Drive encryption

USB Blocker

209

A network engineer notices, the VPN concentrator overload and crashes on days when there are a lot of remote workers, Senior Management has placed great importance on the availability of vpm resources for remote, rural remote workers when the security of the end users traffic, which of the following would be the best to solve this issue.

Split Tunneling

210

The chief security officer CSO at a major Hospital wants to implement SSO to help improve the environment. Patient data, particularly at shared terminals. The chief risk officer cro is concerned that the training and guidance have been provided to the Frontline staff. And a risk analysis is not been performed. Which of the following is the most likely cause of the Sierras concerns.

SSO would reduce the resilience and availability of systems. If it provider goes offline.

211

An organization has decided to host, its web application to database, the cloud, which of the following best describes, the security concerns for this decision.

The cloud vendor is a new attack Vector within the supply chain.

212

A chief information security officer ciso needs to create a policy set that meets International standards for data privacy and sharing which of the following should the ciso read and understand before writing the policies.

GDPR

213

Which of the following are the most likely vectors for the unauthorized inclusion of vulnerable code. In a software companies final software release?

Include third party libraries

Vendors/Supply chain

214

A security analyst sees the following log output while we're viewing, web blogs, which of the following mitigation strategies would be best to prevent an attack from this being successful.

Input Validation

215

A security analyst has received an alert about being sent via email. The analyst Chief information security officer. Ciso has made it clear that pii must be handled with extreme care from which of the following did the alert most likely originated.

DPL

216

A company's bank has reported that multiple corporate credit cards have been stolen over the past, several weeks. The bank has provided the names of the effect of card holders to the company's forensic team to assist with cyber incident investigation, an incident response, learns the following information. The timeline of stolen cards corresponds closely with the affected users making internet-based purchases from diverse websites via Enterprise desktop, PCS. All purchase connections are encrypted in the company. This is an SSL inspection proxy for the inspection of encrypted traffic of the hardware Network. Purchases made with corporate credit cards over the corporate Wi-Fi. Network. There is no SSL inspection, occur are unaffected, which of the following is, most likely the root cause

HTTP sessions are being downgraded to insecure Cipher Suites.

217

A security analyst is performing a forensic investigation, compromised account credentials, using the Event Viewer. The analyst able to detect the following message, special privileges assigned to the new login, several of these messages did not have a valid login associated with the user before these privileges were assigned, which of the following attacks is likely being detected.

pass-the-hash

218

An analyst needs to set up a method of securely transferring files between systems. One of the requirements is to authenticate the IP header and the payload, which of the following Services would best meet the criteria.

AH

219

The cyber security administrators using iptables as an Enterprise firewall, the administrator created, some rules, but the network now seems to be unresponsive all connections are being dropped by the firewall, which of the following would be the best option to remove the tables.

#iptables -F

220

An organization that is located in a flood zone. Is most likely to document the concerns associated with restoration of it operations in a

disaster recovery plan

221

A network administrator has been asked to design a solution to improve the company, security posture. The administrator has given the following requirements that the solution must be in line with the network, the solution must be able to block known malicious traffic. The solution must be able to stop network-based attacks, which of the following, should the network administrator Implement to best meet these requirements.

NIPS

222

Forensic, examiners attempting to dump password cash in the physical memory of a live system. But keeps receiving an error message, which of the following best describes, the cause of the air.

The Examiner does not have administrative privileges to the system.

223

An organization, blocks user access to command-line interpreters, but hackers still managed to invoke the interpreters using a native administrative tools, which of the following should the security team do to prevent this from happening in the future.

Disable, the built-in OS utilities as long as they are not needed for functionality.

224

A cyber Security administrator needs to add disk redundancy for the critical server. The solution must have to drive failure for better fault tolerance, which of the following raids should be the administrator select.

RAID 6

225

A security analyst needs to produce a document that details how a security incident occurred. The steps that were taken for recovery and how future incidents can be avoided during which of the following stages of the response process. Will the activity taking place.

Lessons learned

226

An organization's RPO for a critical system is two hours. The system is used Monday through Friday from 9 a.m. To 5 p.m. Currently the organization performs a full backup every Saturday that takes four hours to complete, which of the following additional backup. Implementations would be the best way for the analysts to meet the business requirements.

Full backups Monday, through Friday at 6 p.m. and differental back up. Hourly

227

A technician needs to prevent data loss in a laboratory. The laboratory is connected to any external networks, which of the following methods would best prevent an exfiltration of data.

Drive Encryption

USB locker

228

A network engineer needs to create a plan for upgrading the wireless infrastructure in a large office. Prior priority must be given to access that are currently experiencing latency and connectivity issues. Which of the following would be the best resource for determining the order of priority.

heatmap

229

A user reports constant, lack and performance issues with the wireless network. When working with a local coffee shop. This is a security analyst walks the user through the installation of Wireshark and gets a five-minute pcap to analyze the analysis, observations, the following output, which of the following attacks. That is the most likely. See in the packet capture.

Evil Twin

230

N/A

N/A

231

Which of the following would be the best resource for a software developer, who is looking to improve secure coding practices for web applications?

OWASP

232

A security engineer is reviewing log files after a third party discovered usernames and passwords for the organization's accounts. The engineer sees that there is a change in the IP address for a vendor website. One hour, earlier. This change, lasted eight hours, which of the following attacks was most likely used.

DNS Posioning

233

A security analyst has been asked to investigate a situation after the soc started to receive alerts from Siem. The analysts first, looks at the domain controller, and find the following event, alerts, based on the analysis findings, which of the following attacks has been executed.

Spraying

234

An attacker to exploiting a vulnerability, that does not have a patch available, which of the following attackers exploiting.

Zero-day

235

A security analyst is using a recently released security advisory to review historical logs, looking for a specific activity that was outlined in The Advisory. Which of the following is the analysts doing.

threat hunting

236

A security analyst needs to generate a server certificate to be used for a tow 1.1 x and secure RDP connections. The analyst is unsure. What is required to perform the task? And solicit eights help from a senior colleague, which of the following is the first steps. The senior colleague will most likely tell the analyst to perform to accomplish this task.

Generate CSR

237

A forensics investigator is examining a number of unauthorized payments that were reported on the company's website. Some unusual log entries show users receiving an email for an unwanted mailing list and clicking on a link to attempt at this fun. Subscribe. One of the users reported the email to the fishing team and for Now revealed the link below which of the following will the forensic investigator most likely to determine has occurred.

CSRF

238

A security engineer needs to enhance MFA access to sensitive areas in the building, a key card, and a fingerprint scan are already in use, which of the following would add additional Factor of Authentication.

Keypad PIN

239

A security analyst is reviewing logs on a server and observes the following output, which of the following is a security analyst observing.

Dictonary Attack

240

And employee has been charged with fraud and a suspected of using corporate assets as authorities, collect evidence, and to prevent the admissibility of evidence, which of the following four risk techniques should be used.

Chain of Custody

241

A website developer is working on a new e-commerce website and has been asked to inform security expert for the most appropriate ways to store credit card numbers, to create an easy reordering process, which of the following methods will be best to accomplish this goal.

Tokenizing, the credit cards in a database.

Tokenizing, the credit cards in a database.

242

An Enterprise has hired an outside security firm to conduct a penetration testing on its networking applications. The Firm has only been given the documentation available to the customer of the applications, which of the following best represents this type of testing that will occur.

Grey-Box

243

Users at organizations have been installing programs from the internet on their work stations without first proper authorization. The authorization maintains a portal in which users can install standardized programs. However, some users have administrative access to the workstations, to enable Legacy programs to function properly, which of the following should the Security administrator consider implementing to address this issue.

Application Whitelisting

244

To secure an application. After a large data breach, and e-commerce site will be resetting. All users credentials, which of the following will best ensure. The site's users are not compromised after the reset

encrypted credentials and Transit.

245

A large Enterprise has moved all of its data to the cloud behind a strong authentication and encryption a sales director recently had a laptop stolen. And later Enterprise data was found to have being a compromise database, which of the following was the most likely cause

Shadow IT

246

An incident response, technician collected, a mobile device during an investigation, which of the following should the technician do to maintain chain of custody

document, the collection and require a sign off when The Possession changes.

247

The website HTTP company, website.com requires user to provide personal information, including security question responses registration, which of the following would most likely cause a data breach.

Unsecure protocols

248

And company has drafted an Insider threat policy that prohibits the use of external storage devices, which of the following would best protect the company from data exfiltration via remote media.

Blocking remote media devices and write capabilities, using a host-based security tool.

249

N/A

N/A

250

A company was recently breached part of the company. New cybersecurity strategy is to centralize the logs from all security devices, which of the following components forwards, the logs to the central resource.

log collector

251

Which of the following best describes a risk reduction, technique

a security control objective cannot be met through a technical change. So the company implements a policy to train users on more secure methods of operation.

252

A network administrator is setting up wireless access points in a conference room in wants to authenticate via using pki, which of the following should the administrator configure.

802.1X

253

A remote user recently took a two-week vacation abroad and brought back along and corporate own laptop Upon returning to work. The user was unable to connect to the laptop via the VPN, which of the following is most likely the reason for the uses inability to connect the laptop to the VPN.

Due to foreign travel. The user's laptop was isolated from the network.

254

When selecting a technical solution for identity management at architect chooses to go from an in-house to a third-party saas provider which of the following risk management strategies is an example of

Transferance

255

A commercial cyber threat, intelligence organization, observe ioc, s across a variety of unrelated customers prior to releasing specific threat intelligence to other paid cars subscribers. The organization is most likely, obligated to contracts to

anonymize, any pii that is observed within the Ico data.

256

A global pandemic is forcing a private organization to close some businesses units and reduce Staffing at others, which of the following would be the best to help the organization's Executives determine the next course of action.

business continuity plan

257

Some laptops recently went missing from a locked storage area, that is protected by a keyless RFID enabled locks. There is no obvious damage to the physical space, the security manager, identifies who unlocked the door. However Human Resources confirm that that employee was on vacation at the time of incident, which of the following describes, the most likely occurrence.

The employees physical access card was cloned.

258

A user contacts to help desk to report the following two days ago. A pop-up browser window, prompted the user for name and password after connecting to the corporates wireless SSID that has never happened before, but the user entered, the information as requested. The user was able to access the internet but not trouble accessing the department shares until the next day. The user is now getting notifications from the bank about unauthorized transactions. What's it a following attack vectors was most likely used in the scenario.

Evil Twin

259

A network administrator has been alerted. The web pages are experiencing long load times after determining. This is not a routing or DNS issued. They administered a logs into the router runs the command, and receives following output, which of the following router experiencing.

resource exhaustion

260

A network administrator has been asked to install an IDS to improve the security posture of an organization, which of the following controlled types is an IDS.

Detective

261

A company provides mobile devices to its users to permit access to email and Enterprise applications. The company recently started allowing users select from several different vendors and different devices. When confirming the MDM, which of the following is the key security, Implement K implementation and her erogenous device approach.

Certain devices are inherently less secure than others. So compensatory controls will be needed to address the Delta between device vendors.

262

A development team employs a practice of bringing all code changes from multiple team members into the same development project through automation. A tool is utilized to validate the code, and track source code through Version Control, which is the best described process.

Continuios Intergration

263

An organization's developing an authentication Service for use at the entry and exit points of country borders. The service will use data feeds obtained, from passport systems passport manifest in the highly definition video, feeds from CCTV systems that are located at the ports. The service will incorporate machine learning techniques to eliminate biometric enrollment processes while still allowing authorities to defy passengers with increasingly accurate. The more frequent passengers travel. The more accurate, the server will Define identity, which of the following Biometrics, will most likely be used without the need for enrollment.

gait

facial

264

In the middle of a Cypress Security, a security engineer removes. The infected devices from the network and locks down. All compromised accounts in which of the following incident response phases is security engineer. Currently operating.

Containment

265

A software developer needs to perform code execution tasking, Black Box, testing and non-functional testing on a new production before it gets its General release, which following is the best describes the task. The developer is conducting.

Verification

266

A Security administrator has noticed unusual activity occurred between different Global instances and workloads and needs to identify the source of the unusual traffic, which of the following log sources would be best to show the source of the unusual traffic.

CASB

267

A security analyst is reviewing a penetration testing report for third-party contractor. The penetration testers use the organization's new API to bypass a driver to perform privileged escalation on an organization's web servers upon looking at the API, the security analyst. Realizes the particular API call was to a legacy system running, an outdated OS, which of the following is most likely the attack type.

Shimming

268

A website developer is working on a new e-commerce website that has asked an information security expert for the most appropriate way to store, the credit card numbers to create an easily reorder will process, which of the following methods would best accomplish this goal.

Tokenizing, the credit cards in the database.

269

A chief security officer or CSO was notified. That a customer is able to access confidential. Internal company files on a commonly used file share service, the file share Services, the same one used by company staff as one of the appropriate approved third party applications, after further investigation the security team determines the sharing of confidential files was accidental and not malicious. However, the CSO wants to implement changes to minimize this type of incident from but does not want to impact existing business processes, which of the following would best meet the cso's objectives.

DLP

270

A company has been experiencing very brief power outages from its utility company over the last few months. These outages only last for one second. Each time. The utility company is aware of the issue and is working to replace the faulty Transformer. What is the best describes? The company should use to purchase to ensure the critical servers and network devices. Stay online.

UPS

271

A university is opening a facility in a location where there is an elevated risk of theft at the University wants to protect the desktops in this classroom in Labs, which of the following should the University use to best. Protect these assets deploying in the facility.

cable locks

272

A company deploying a Wi-Fi access point in a public area and wants to harden the configuration to make it more secure. After performing an assessment, the analysts identifies that the access point is configured to use WPA, three AES WPS and radius which of the following should the analyst disable to enhance the access point security.

WPS

273

A company needs to centralize its logs to create a Baseline and have the visibility on its security events, which of the following techniques are will accomplish this objective.

Secure information and event management.

274

A company uses specifically configured workstations for any work that requires administrative, privileges, to its tier 0, and Tier 1 systems, the company follows a strict process of hardening systems immediately upon delivery, even if these strict security processes are in place and incident occurred from one of the workstations, the root cause appeared to be the SoC. Was tampered from, and replaced, which of the following most likely occurred.

A supply-chain attack

275

Which of the following would be best for a technician to review, to determine the total risk and organization conveyor? When accessing a cloud first adoption strategy?

Risk Tolerance

276

A multinational organization that offers web Based Services, has data centers that are located only in the United States. However, large number of customers are in Australia, Europe and China, payments for services are managed by a third party in the United Kingdom that specialize in payment gateways. The management team is concerned. The organization is not compliant with privacy laws that cover. Some of its customers which of the following platforms, should the management team follow.

Payment card, industry data, security standard.

277

Which of the following terms should be included in a contract to help a company monitor, the ongoing security maturity of a new vendor?

A right to audit Clause allowing for annual security audits.

278

A manufacturing company that has several one-off Legacy information system that cannot be mitigated to a newer OS due to a software compatibility issues. The OS is are still supported by the vendor, but the industrial software is no longer supported. The Chief Information security officer. Ciso. Has created a resilience plan for these systems that will allow OS patches to be installed in a non production environment.The system for Recovery, which of the following resilience techniques will provide the full capabilities.

Full Backup

279

A Security administrator needs to inspect in transit files on the Enterprise Network to search for PII, Credit Card data, and classification Words, which is the following best to use.

Network DPL solution

280

A Security administrator is analyzing the corporate wireless network. The network only has two access points running in channels, 1 and 11 while using airodump-ng the administrator notices. Another access points are running the same corporate essid on all available channels and with the same bssid of one of the legitimate access points.

Which erf the following attacks in happening on the corporate Network?

Evil Twin

281

An organization relies on, third-party video conferencing to conduct Daily Business, the recent security changes. Now require all remote workers to utilize a VPN to corporate resources, which of the following would best maintain high quality video conferencing while minimizing link latency.

Configuring QoS properly on the VPN accelerators.

282

A security administrators trying to determine whether a server is vulnerable to a range of attacks after using a tool, the administrator obtains, the following output, which of the following attacks was successfully implemented based on the output.

Directory transversal

283

An incident which is affecting dozens of systems involving malware that reached out to an internet, service for rules and updates. The IP address for the internet. Host appeared to be different in each case. The organization would like to determine a common IoC to support response and Recovery actions, which of the following sources of information would best support this solution.

DNS query logs

284

A security analyst, notices several attacks are being blocked by the in IPS, but does not have anything on the Boron jury firewall locks. The attack seems to have been thwarted, which of the following resilience techniques was applied to the network to prevent this attack.

Defense in Depth

285

A Security administrator is setting up an Siem to help monitor the notable events. Across the Enterprise, which of the following control types. Is this best represent?

Detective

286

A chief executive officer CEO is dissatisfied with the level of service from the company's new service provider. The service provider is preventing the CEO from sending emails, from a work account to a personal account, which is following types of service providers is being used.

cloud service provider

287

A Hospital's Administration is concerned about the potential loss of patient data that is stored on tablets. A Security administrator needs to implement controls to alert the soc. Anytime the devices are near exits, which of the following would best achieve this objective.

Geofencing

288

A financial institution would like to start is customer data and could but still allow the data to be accessed and manipulated while encrypted doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about the compilation, overheads or slow speeds, which of the following cryptic techniques would best meet this requirement.

Symmetric

289

To further secure a company's email system and administrators adding public keys to DNS records in the company's domain which of the following is being used.

DNSSEC

290

To further secure a company's email system and administrators adding public keys to DNS records in the company's domain which of the following is being used. An engineer is setting up a vdi environment for a Factory location and the business wants to deploy low-cost solution to enable users to shop floor to log into the vdi, environment directly. Which of the following should the engineers select to meet these requirements.

Thin Clients

291

Which of the following is a risk that is specifically associated with hosting applications on a public cloud

shared tendancy

292

a local coffee shop runs a small Wi-Fi hotspot for its customers to utilize WPA2. - psk the coffee shop would like to stay connected with securely trans and wants to implement WPA, three to make it Wi-Fi even more secure. Which of the following technologies will the coffee shop. Most likely have to use in place of psk.

SAE

293

Several large orders of merchandise were recently. Purchased on an e-commerce companies website, the totals for each of the transactions, were negative values. Resulting in credits on the customer's account, which of the following should be implemented to prevent the similar situations in the future.

Ensure input validation is in place to prevent the use of invalid characters and values.

294

And companies helpdesk receive several AV alerts. Indicating mine. Cats attempt to run on a remote system. Several years also reported that the new company flash drives. They picked up in the break room, only have 512 KB of storage, which of the following is the most likely the cause.

The GPO Blocking the flash drives is being bypassed by a malicious flash drive that was attempting to harvest plaintext credentials from memory.

295

A client sent several inquiries to a project manager about a delinquent. Delivery status on some critical reports, the project manager. During the reports were previously sent via email, but then quickly generated and backdated the reports before submitting them v, a new email message, which of the following actions most likely supports an investigation for fraudulent submission.

Review the email event logs

296

A network administrator is concerned about users being exposed to malicious content went accessing company. Cloud applications. The administered wants to be able to block access to sites based on the aaup. The users also be protected because many of them work from home and remote locations, provided on-site customer support, which of the following should, the administrator employee to meet these criterias.

Impliment an SWG

297

Joe is security analyst. Recently formed a network discovery to a fully understanding is organizations. That electronic footprint from public perspective. Joe also ran a set of commands of receive the following output, which of the following can be determined from the organization's public presence and security posture.

Joe used Whois to produce the output

The organization has adaquate information availible in public registration

298

When implementing automation with IoT devices. Which of the following should be considered first?

Communication Protocols

299

To mitigate the impact of a single VM being compromised by another VM on the same. Hypervisor and administrator would like to utilize a technique control to further segment the traffic which of the following solutions would best accomplish this objective.

Add more VLANS to the hypervisor network switches

300

Which of the following is the most secure. But least expensive Data, Destruction method for data that is stored on hard drives.

degaussing

301

Entering a secure area requires pass through two doors, both of which require someone who is already inside to initiate the axis, which of the following types of physical security. Controls. Does this describe?

Access control Vestibule

302

An organization regularly scans, its infrastructure for missing, security patches, but is concerned about hackers gaining access to the scanners account, which of the following would be the best minimization this risk.

Log an alert on unusual scan account login times.

303

A recent security assessment revealed that an actor exploited are vulnerable workstation within an organization that has persistent on the network for several months. The organization realizes the need to reassess a security strategically for migration risk within the perimeter which of the following solutions would best support the organization strategy.

EDR

304

The human resources department of a large online retailer has recently received multiple customer complaints about the rudeness of automated chat Bots. It uses to interface in the cyst online Shoppers the system, which continuously learns. And adapts was working fine. When it was installed a few months ago, which of the following best describes the method behind the use of exploiting the system.

Tainted Training DATA

305

A new vulnerability in the SMB protocol on the Windows system was recently discovered, but no patches are currently available to resolve the issue. The Security administrator is concerned. If servers in the company's DMZ will be vulnerable to external attack. However, the administrator cannot disable the service on the servers as SMB is used by another, by a number of internal systems and applications on the land which of the following TCP port. Should be blocked for all external inbound connections to the DMZ, as a workaround to protect the servers.

139

445

306

Which of the following best describes a social engineering attack that relies on an executive at a small business visiting, a fake banking website, where credit card and Account Details are harvested?

Pharming

307

A company wants to modify his current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the best backup strategy to implement.

Full backups followed by differential backups.

308

The spread of misinformation surrounding the outbreak of a novel virus on an election day, led to eligible voters, choosing not to take the risk of going to the voting polls. This is an example of

an influance campain

309

During a security assessment, a security finds a file with overwhelming permissions from permissive, which of the following tools will allow the analyst to reduce the permissions for an existing user, and groups, and remove the set - user - ID from the file.

chmod

310

After installing Windows Server, a cyber Security administrator needs to harden, it following the Securities best practices, which of the following will achieve the administrators goal.

disable guest accounts

disable net bios over TCP/IP

311

An organization recently, acquires an ISO 27001 certification, which of the following would most likely be considered a benefit of this certification. It is shares.

The customers at the organization meets security standards.

312

A customer called a security. A company security team to report that all invoices customer has received over the last five days from the company appear to have fraudulent. Banking credentials the information into the matter, reveals the following the manager of the accounts, payable department is using the same. Password across multiple external websites and corporate accounts. One of the websites. The manager used recently experienced a data breach. The managers Corporate email account was successfully accessed in the last five days. Buy an IP address located in a foreign country, which of the following attacks is most likely been used to compromise the managers corporate account.

Credintal Stuffing

313

Which of the following should a data owner require all Personnel to sign to legally, protect intellectual property?

NDA

314

Which of the following distributes data among nodes, making it more difficult to manipulate the data while. Also minimizing downtime?

Hybrid Cloud

315

An organization recently recovered from a data breach, during the root cause analysis. The organization determine the source of the breach, to be a personal cell phone that had been reported lost which of the following Solutions should the organization Implement to reduce the likelihood of future data breaches.

MDM

316

A security engineer obtain, the following output from a threat intelligence source that recently performed an attack on the company service, which of the following best describes, this kind of attack.

Directory Traversal

317

A company is concerned about is security after a red team exercise. The report shows the team was able to reach the critical service due to SMB being exposed to the internet and running NTMLV1, which of the following best explains the findings.

Open ports and services

318

A Soc is implementing an Insider threat detection program. The primary concern is that all the users may be accessing confidential data without authorization, which of the following should be deployed to detect a potential Insider threat?

honeyfile

319

An organization's corporate offices were destroyed due to a natural disaster. So the organization is Now setting up offices and temporary workspace which of the following whether your organization most likely consult.

the business continuity plan

320

I said seems administrator needs to install the same x dot 509 certificate on multiple servers, which of the following, should the administrative use.

self signed certificate

321

Which of the following is the correct order of validity from most to least volatile?

Cache memory temporary file system disk, archival media.

322

A bank detects fraudulent activity on a user's account. The user confirms the transactions completed. Yesterday in the bank's website at HTTP, www.subply.com a security analyst, then examines. The users internet, usage, logs and observes. The following output, which of the following is the most likely occurred.

replay attack

323

A security researcher is attempting to gather data on a web spread use of zero day exploit which of the following will the researcher most likely used to capture the data.

honeypot

324

Which of the following would use a chief information, security, officer ciso, the most concern regarding newly-installed, internet, accessible 4K, surveillance cameras.

The cameras could be compromised, if not passed in a timely manner.

325

A cyber Security administrator needs to add discourse undersea for a critical server. The solution must have to drive failure for the better fault, tolerance, which following raid levels? Should the administrator select?

RAID6

326

When selecting a technical solution for identity management and architect chooses to go from an in-house to a third-party saas provider which of the following risk management strategies is this an example of

Transferance

327

Joe. An employee is transferring apartments in his providing copies of his files to a network share folder. That is previous team to access. Joe is granting readwrite, execution. Permissions to his manager, but given read-only access to the rest of the team, which of the following access controls is Joe using

DAC

328

Which of the following cryptographic concepts would a security engineer utilize while implementing non-repudiation?

hashing

private key

329

A small business office is setting up. A wireless infrastructure with primary requirement centered around, protecting customers information, preventing unauthorized access to the business Network, which of the following would best support the offices business needs.

configuring access using WPA3

Enabling MAC filtering

330

A security analyst is concerned about traffic initiating to a dark web, from the corporate land, which of the following networks. Should he analyzed monitor?

Tor

331

A security analyst must determine if either SSH or telnet is being used to log into servers, which of the following, should the analysts use.

netstat

332

A systems analyst is responsible for Gathering a new digital forensics chain of custody form. Which of the following should the analyst include in this document?

location of the artifact

The date and Time

333

A security analyst is investigating multiple hosts that are communicated to an external IP address during the hours of 2:00 a.m. To 4 o'clock a.m. The mail, where has evaded detection by traditional antivirus software, which of the following types of malware is most likely infecting, the host

Ploymorphic

334

The following our logs of an accessor sexual attack, which of the following controls would best be used to prevent such a breach of data.

account lockout

335

A security Engineers, installing a WAF to protect the cusp company's website from malicious web request over SSL. What following is needed to meet this objective?

a decryption certificate

336

An incident response, technician collected, a mobile device during an investigation, which of the following should the technician do to maintain the chain of custody.

Document the collection and require a sign off when possession changes.

337

An organization that is local in a flood zone. Is most likely to document the concerns associated with the restoration of it operations in a

disaster recovery plan

338

Which of the following is the best reason to maintain a functional and effective Asset Management policy that aids in ensuring the security of an organization?

To only allow approved organization, own devices, onto the business Network.

339

An attacker was easily able to log in to the company, security cameras by performing a basic online search for a set-up guide for that particular camera. Brand and model which of the following best describes the configurations, the attacker exploited.

Default Settings

340

A cloud administrators configuring 5 compute instances under the same VPN Subnet in a VP c. 3 instances are required to communicate to one another, the other two must be logically isolated all other instances in a V PC which of the following must the administrative configured to meet this requirement.

Three security groups

341

A user enters, a password to login to a workstation, then prompted to enter an authentication code, which of the following MFA factors or attributes are being utilized in an authentication process.

something you know

something you have

342

Which of the following is most likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic, catastrophic events that may affect business processes and systems. While also highlighting the residual risk that need to be managed after mitigating controls have been implement

A risk Register

343

A RAT, that was used to compromise an organization's bacon. Contentious was found on a user's computer. The RAT evaded, anti virus detection. It was installed by a user who has local rights to the system as part of the Remote Management toolset, which of the following recommendations would best prevent this from reoccurring.

Enforcing Application Whitelisting

344

The process of passively gathering information. Poor to launching a Cyber attack is called

reconnaissance

345

An attacker was easily able to log into a company. Secured camera by performing a based online search for the set-up guide, for that particular camera. Brand and model which of the following best describes the configurations, the attacker exploited.

Default settings

346

A security architect at a large multinational organization is concerned about the complexities and overhead of managing multiple encryption Keys securely in a multi cloud provider environment. The security architect is looking for a solution with reduced Legacy to allow the incorporation of the organization's existing keys, that do maintain consistent, centralized control of management, regardless of data location, which of the following would be best to meet The Architects objectives.

Key Management Sevices

347

An analyst is trying to identify insecure services that are running on an internal Network. After performing a port. Scan the analysts identifies that a server. Has some insecure Services enabled on default ports, which of the following best describes the services that are currently running and the secure alternatives for replacing them.

SNMPv2 SNPMv3

HTTP HTTPS

Telnet SSH

348

A company is setting up a web server on the internet that will utilize both encrypted and unencrypted web browser. Protocols. The security engineer runs a port scan against the server from the internet and sees the following output, which of the following steps would be best for the security engineer to do next.

block SSH access form the internet