101-125 Flashcards

1
Q

A DBA reports that several production server hard drives were wiped over the weekend. The DBA also reports that several Linux servers were unavailable due to system files being deleted unexpectedly. A security analyst verified that software was configured to delete data deliberately from those servers. No backdoors to any servers were found. Which of the following attacks was MOST likely used to cause the data loss?

A. Logic bomb
B. Ransomware
C. Fileless virus
D. Remote access Trojans
E. Rootkit

A

A. Logic bomb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Digital signatures use asymmetric encryption. This means the message is encrypted with:

A. the sender’s private key and decrypted with the sender’s public key.
B. the sender’s public key and decrypted with the sender’s private key.
C. the sender’s private key and decrypted with the recipient’s public key.
D. the sender’s public key and decrypted with the recipient’s private key.

A

A. the sender’s private key and decrypted with the sender’s public key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A security engineer was assigned to implement a solution to prevent attackers from gaining access by pretending to be authorized users. Which of the following technologies meets the requirement?

A. SSO
B. IDS
C. MFA
D. TPM

A

C. MFA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The Chief Information Security Officer (CISO) has requested that a third-party vendor provide supporting documents that show proper controls are in place to protect customer data. Which of the following would be BEST for the third-party vendor to provide to the CISO?

A. GDPR compliance attestation
B. Cloud Security Alliance materials
C. SOC 2 Type 2 report
D. NIST RMF workbooks

A

C. SOC 2 Type 2 report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is assured when a user signs an email using a private key?

A. Non-repudiation
B. Confidentiality
C. Availability
D. Authentication

A

A. Non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A systems administrator is troubleshooting a server’s connection to an internal web server. The administrator needs to determine the correct ports to use. Which of the following tools BEST shows which ports on the web server are in a listening state?

A. ipconfig
B. ssh
C. ping
D. netstat

A

D. netstat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following BEST reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?

A. Implement proper network access restrictions.
B. Initiate a bug bounty program.
C. Classify the system as shadow IT.
D. Increase the frequency of vulnerability scans.

A

A. Implement proper network access restrictions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Due to unexpected circumstances, an IT company must vacate its main office, forcing all operations to alternate, off-site locations. Which of the following will the company MOST likely reference for guidance during this change?

A. The business continuity plan
B. The retention policy
C. The disaster recovery plan
D. The incident response plan

A

A. The business continuity plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor?

A. Utilizing SIEM correlation engines
B. Deploying Netflow at the network border
C. Disabling session tokens for all sites
D. Deploying a WAF for the web server

A

A. Utilizing SIEM correlation engines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Two organizations plan to collaborate on the evaluation of new SIEM solutions for their respective companies. A combined effort from both organizations’ SOC teams would speed up the effort. Which of the following can be written to document this agreement?

A. MOU
B. ISA
C. SLA
D. NDA

A

A. MOU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The Chief Information Security Officer wants to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations. Which of the following would be the BEST solution to implement?

A. DLP
B. USB data blocker
C. USB OTG
D. Disabling USB ports

A

B. USB data blocker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The board of directors at a company contracted with an insurance firm to limit the organization’s liability. Which of the following risk management practices does this BEST describe?

A. Transference
B. Avoidance
C. Mitigation
D. Acknowledgement

A

A. Transference

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is a risk that is specifically associated with hosting applications in the public cloud?

A. Unsecured root accounts
B. Zero-day
C. Shared tenancy
D. Insider threat

A

C. Shared tenancy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

DDoS attacks are causing an overload on the cluster of cloud servers. A security architect is researching alternatives to make the cloud environment respond to load fluctuation in a cost-effective way. Which of the following options BEST fulfills the architect’s requirements?

A. An orchestration solution that can adjust scalability of cloud assets
B. Use of multipath by adding more connections to cloud storage
C. Cloud assets replicated on geographically distributed regions
D. An on-site backup that is displayed and only used when the load increases

A

A. An orchestration solution that can adjust scalability of cloud assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following documents provides expectations at a technical level for quality, availability, and responsibilities?

A. EOL
B. SLA
C. MOU
D. EOSL

A

B. SLA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following is an example of transference of risk?

A. Purchasing insurance
B. Patching vulnerable servers
C. Retiring outdated applications
D. Application owner risk sign-off

A

A. Purchasing insurance

17
Q

An employee received a word processing file that was delivered as an email attachment. The subject line and email content enticed the employee to open the attachment. Which of the following attack vectors BEST matches this malware?

A. Embedded Python code
B. Macro-enabled file
C. Bash scripting
D. Credential-harvesting website

A

B. Macro-enabled file

18
Q

A security proposal was set up to track requests for remote access by creating a baseline of the users’ common sign-in properties. When a baseline deviation is detected, an MFA challenge will be triggered. Which of the following should be configured in order to deploy the proposal?

A. Context-aware authentication
B. Simultaneous authentication of equals
C. Extensive authentication protocol
D. Agentless network access control

A

A. Context-aware authentication

19
Q

Which of the following secure coding techniques makes compromised code more difficult for hackers to use?

A. Obfuscation
B. Normalization
C. Execution
D. Reuse

A

A. Obfuscation

20
Q

As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the auditor do to complete the assessment?

A. User behavior analysis
B. Packet captures
C. Configuration reviews
D. Log analysis

A

C. Configuration reviews

21
Q

A database administrator wants to grant access to an application that will be reading and writing data to a database. The database is shared by other applications also used by the finance department. Which of the following account types is MOST appropriate for this purpose?

A. Service
B. Shared
C. Generic
D. Admin

A

A. Service

22
Q

A security analyst generated a file named host1.pcap and shared it with a team member who is going to use it for further incident analysis. Which of the following tools will the other team member MOST likely use to open this file?

A. Autopsy
B. Memdump
C. FTK imager
D. Wireshark

A

D. Wireshark

23
Q

An application developer accidentally uploaded a company’s code-signing certificate private key to a public web server. The company is concerned about malicious use of its certificate. Which of the following should the company do FIRST?

A. Delete the private key from the repository.
B. Verify the public key is not exposed as well.
C. Update the DLP solution to check for private keys.
D. Revoke the code-signing certificate.

A

D. Revoke the code-signing certificate.

24
Q

An organization implemented a process that compares the settings currently configured on systems against secure configuration guidelines in order to identify any gaps. Which of the following control types has the organization implemented?

A. Compensating
B. Corrective
C. Preventive
D. Detective

A

D. Detective

25
Q

The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access. Which of the following is the BEST security solution to reduce this risk?

A. CASB
B. VPN concentrator
C. MFA
D. VPC endpoint

A

A. CASB