101-125 Flashcards
A DBA reports that several production server hard drives were wiped over the weekend. The DBA also reports that several Linux servers were unavailable due to system files being deleted unexpectedly. A security analyst verified that software was configured to delete data deliberately from those servers. No backdoors to any servers were found. Which of the following attacks was MOST likely used to cause the data loss?
A. Logic bomb
B. Ransomware
C. Fileless virus
D. Remote access Trojans
E. Rootkit
A. Logic bomb
Digital signatures use asymmetric encryption. This means the message is encrypted with:
A. the sender’s private key and decrypted with the sender’s public key.
B. the sender’s public key and decrypted with the sender’s private key.
C. the sender’s private key and decrypted with the recipient’s public key.
D. the sender’s public key and decrypted with the recipient’s private key.
A. the sender’s private key and decrypted with the sender’s public key.
A security engineer was assigned to implement a solution to prevent attackers from gaining access by pretending to be authorized users. Which of the following technologies meets the requirement?
A. SSO
B. IDS
C. MFA
D. TPM
C. MFA
The Chief Information Security Officer (CISO) has requested that a third-party vendor provide supporting documents that show proper controls are in place to protect customer data. Which of the following would be BEST for the third-party vendor to provide to the CISO?
A. GDPR compliance attestation
B. Cloud Security Alliance materials
C. SOC 2 Type 2 report
D. NIST RMF workbooks
C. SOC 2 Type 2 report
Which of the following is assured when a user signs an email using a private key?
A. Non-repudiation
B. Confidentiality
C. Availability
D. Authentication
A. Non-repudiation
A systems administrator is troubleshooting a server’s connection to an internal web server. The administrator needs to determine the correct ports to use. Which of the following tools BEST shows which ports on the web server are in a listening state?
A. ipconfig
B. ssh
C. ping
D. netstat
D. netstat
Which of the following BEST reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?
A. Implement proper network access restrictions.
B. Initiate a bug bounty program.
C. Classify the system as shadow IT.
D. Increase the frequency of vulnerability scans.
A. Implement proper network access restrictions.
Due to unexpected circumstances, an IT company must vacate its main office, forcing all operations to alternate, off-site locations. Which of the following will the company MOST likely reference for guidance during this change?
A. The business continuity plan
B. The retention policy
C. The disaster recovery plan
D. The incident response plan
A. The business continuity plan
While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor?
A. Utilizing SIEM correlation engines
B. Deploying Netflow at the network border
C. Disabling session tokens for all sites
D. Deploying a WAF for the web server
A. Utilizing SIEM correlation engines
Two organizations plan to collaborate on the evaluation of new SIEM solutions for their respective companies. A combined effort from both organizations’ SOC teams would speed up the effort. Which of the following can be written to document this agreement?
A. MOU
B. ISA
C. SLA
D. NDA
A. MOU
The Chief Information Security Officer wants to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations. Which of the following would be the BEST solution to implement?
A. DLP
B. USB data blocker
C. USB OTG
D. Disabling USB ports
B. USB data blocker
The board of directors at a company contracted with an insurance firm to limit the organization’s liability. Which of the following risk management practices does this BEST describe?
A. Transference
B. Avoidance
C. Mitigation
D. Acknowledgement
A. Transference
Which of the following is a risk that is specifically associated with hosting applications in the public cloud?
A. Unsecured root accounts
B. Zero-day
C. Shared tenancy
D. Insider threat
C. Shared tenancy
DDoS attacks are causing an overload on the cluster of cloud servers. A security architect is researching alternatives to make the cloud environment respond to load fluctuation in a cost-effective way. Which of the following options BEST fulfills the architect’s requirements?
A. An orchestration solution that can adjust scalability of cloud assets
B. Use of multipath by adding more connections to cloud storage
C. Cloud assets replicated on geographically distributed regions
D. An on-site backup that is displayed and only used when the load increases
A. An orchestration solution that can adjust scalability of cloud assets
Which of the following documents provides expectations at a technical level for quality, availability, and responsibilities?
A. EOL
B. SLA
C. MOU
D. EOSL
B. SLA