76-100 Flashcards

1
Q

A security forensics analyst is examining a virtual server. The analyst wants to preserve the present state of the virtual server, including memory contents. Which of the following backup types should be used?

A. Snapshot
B. Differential
C. Cloud
D. Full
E. Incremental

A

A. Snapshot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

After returning from a conference, a user’s laptop has been operating slower than normal and overheating, and the fans have been running constantly. During the diagnosis process, an unknown piece of hardware is found connected to the laptop’s motherboard. Which of the following attack vectors was exploited to install the hardware?

A. Removable media
B. Spear phishing
C. Supply chain
D. Direct access

A

D. Direct access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

After a recent security breach, a security analyst reports that several administrative usernames and passwords are being sent via cleartext across the network to access network devices over port 23. Which of the following should be implemented so all credentials sent over the network are encrypted when remotely accessing and configuring network devices?

A. SSH
B. SNMPv3
C. SFTP
D. Telnet
E. FTP

A

A. SSH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following provides a calculated value for known vulnerabilities so organizations can prioritize mitigation steps?

A. CVSS
B. SIEM
C. SOAR
D. CVE

A

A. CVSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Several universities are participating in a collaborative research project and need to share compute and storage resources. Which of the following cloud deployment strategies would BEST meet this need?

A. Community
B. Private
C. Public
D. Hybrid

A

A. Community

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A forensic analyst needs to prove that data has not been tampered with since it was collected. Which of the following methods will the analyst MOST likely use?
A. Look for tampering on the evidence collection bag.

B. Encrypt the collected data using asymmetric encryption.
C. Ensure proper procedures for chain of custody are being followed.
D. Calculate the checksum using a hashing algorithm.

A

D. Calculate the checksum using a hashing algorithm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Multiple business accounts were compromised a few days after a public website had its credentials database leaked on the Internet. No business emails were identified in the breach, but the security team thinks that the list of passwords exposed was later used to compromise business accounts. Which of the following would mitigate the issue?

A. Complexity requirements
B. Password history
C. Acceptable use policy
D. Shared accounts

A

B. Password history

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A security analyst wants to fingerprint a web server. Which of the following tools will the security analyst MOST likely use to accomplish this task?

A. nmap -pl-65535 192.168.0.10
B. dig 192.168.0.10
C. curl –head http://192.168.0.10
D. ping 192.168.0.10

A

C. curl –head http://192.168.0.10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A penetration tester was able to compromise an internal server and is now trying to pivot the current session in a network lateral movement. Which of the following tools, if available on the server, will provide the MOST useful information for the next assessment step?

A. Autopsy
B. Cuckoo
C. Memdump
D. Nmap

A

D. Nmap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Field workers in an organization are issued mobile phones on a daily basis. All the work is performed within one city, and the mobile phones are not used for any purpose other than work. The organization does not want these phones used for personal purposes. The organization would like to issue the phones to workers as permanent devices so the phones do not need to be reissued every day. Given the conditions described, which of the following technologies would BEST meet these requirements?

A. Geofencing
B. Mobile device management
C. Containerization
D. Remote wiping

A

B. Mobile device management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following control types is focused primarily on reducing risk before an incident occurs?

A. Preventive
B. Deterrent
C. Corrective
D. Detective

A

B. Deterrent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A systems administrator reports degraded performance on a virtual server. The administrator increases the virtual memory allocation, which improves conditions, but performance degrades again after a few days. The administrator runs an analysis tool and sees the following output:
==3214== timeAttend.exe analyzed
==3214== ERROR SUMMARY:
==3214== malloc/free: in use at exit: 4608 bytes in 18 blocks.
==3214== checked 82116 bytes
==3214== definitely lost: 4608 bytes in 18 blocks.
The administrator terminates the timeAttend.exe, observes system performance over the next few days, and notices that the system performance does not degrade. Which of the following issues is MOST likely occurring?

A. DLL injection
B. API attack
C. Buffer overflow
D. Memory leak

A

D. Memory leak

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An administrator is experiencing issues when trying to upload a support file to a vendor. A pop-up message reveals that a payment card number was found in the file, and the file upload was blocked. Which of the following controls is most likely causing this issue and should be checked FIRST?

A. DLP
B. Firewall rule
C. Content filter
D. MDM
E. Application allow list

A

A. DLP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following risk management strategies would an organization use to maintain a legacy system with known risks for operational purposes?

A. Acceptance
B. Transference
C. Avoidance
D. Mitigation

A

A. Acceptance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following is the BEST action to foster a consistent and auditable incident response process?

A. Incent new hires to constantly update the document with external knowledge.
B. Publish the document in a central repository that is easily accessible to the organization.
C. Restrict eligibility to comment on the process to subject matter experts of each IT silo.
D. Rotate CIRT members to foster a shared responsibility model in the organization.

A

D. Rotate CIRT members to foster a shared responsibility model in the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

During a recent penetration test, the tester discovers large amounts of data were exfiltrated over the course of 12 months via the internet. The penetration tester stops the test to inform the client of the findings. Which of the following should be the client’s NEXT step to mitigate the issue?

A. Conduct a full vulnerability scan to identify possible vulnerabilities.
B. Perform containment on the critical servers and resources.
C. Review the firewall and identify the source of the active connection.
D. Disconnect the entire infrastructure from the internet.

A

B. Perform containment on the critical servers and resources.

17
Q

A security analyst is designing the appropriate controls to limit unauthorized access to a physical site. The analyst has a directive to utilize the lowest possible budget. Which of the following would BEST meet the requirements?

A. Preventive controls
B. Compensating controls
C. Deterrent controls
D. Detective controls

A

C. Deterrent controls

18
Q

A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has 100 databases that are on premises. Which of the following solutions will require the LEAST management and support from the company?

A. SaaS
B. IaaS
C. PaaS
D. SDN

A

A. SaaS

19
Q

Which of the following employee roles is responsible for protecting an organization’s collected personal information?

A. CTO
B. DPO
C. CEO
D. DBA

A

B. DPO

20
Q

Against the recommendation of the IT security analyst, a company set all user passwords on a server as P@55w0rD. Upon review of the /etc/passwd file, an attacker found the following: alice:a8df3b6c4fd75f0617431fd248f35191df8d237f bob:2d250c5b2976b03d757f324ebd59340df96aa05e chris:ea981ec3285421d014108089f3f3f997ce0f4150
Which of the following BEST explains why the encrypted passwords do not match?

A. Perfect forward secrecy
B. Key stretching
C. Salting
D. Hashing

A

C. Salting

21
Q

After gaining access to a dual-homed (i.e., wired and wireless) multifunction device by exploiting a vulnerability in the device’s firmware, a penetration tester then gains shell access on another networked asset. This technique is an example of:

A. privilege escalation.
B. footprinting.
C. persistence.
D. pivoting.

A

D. pivoting.

22
Q

Which of the following should be monitored by threat intelligence researchers who search for leaked credentials?

A. Common Weakness Enumeration
B. OSINT
C. Dark web
D. Vulnerability databases

A

C. Dark web

23
Q

A security analyst needs to be able to search and correlate logs from multiple sources in a single tool. Which of the following would BEST allow a security analyst to have this ability?

A. SOAR
B. SIEM
C. Log collectors
D. Network-attached storage

A

B. SIEM

24
Q

A security analyst is investigating suspicious traffic on the web server located at IP address 10.10.1.1. A search of the WAF logs reveals the following output:

Source IP
172.15.1.3

Which of the following is MOST likely occurring?
A. XSS attack
B. SQLi attack
C. Replay attack
D. XSRF attack

A

B. SQLi attack

25
Q

Which of the following components can be used to consolidate and forward inbound internet traffic to multiple cloud environments though a single firewall?

A. Transit gateway
B. Cloud hot site
C. Edge computing
D. DNS sinkhole

A

A. Transit gateway