276-300 Flashcards
A user forwarded a suspicious email to the security team. Upon investigation, a malicious URL was discovered. Which of the following should be done FIRST to prevent other users from accessing the malicious URL?
A. Configure the web content filter for the web address.
B. Report the website to threat intelligence partners.
C. Set the SIEM to alert for any activity to the web address.
D. Send out a corporate communication to warn all users of the malicious email.
A. Configure the web content filter for the web address.
A systems analyst is responsible for generating a new digital forensics chain-of-custody form. Which of the following should the analyst include in this documentation? (Choose two.)
A. The order of volatility
B. A CRC32 checksum
C. The provenance of the artifacts
D. The vendor’s name
E. The date and time
F. A warning banner
C. The provenance of the artifacts
E. The date and time
An organization is migrating several SaaS applications that support SSO. The security manager wants to ensure the migration is completed securely. Which of the following application integration aspects should the organization consider before focusing into underlying implementation details? (Choose two.)
A. The back-end directory source
B. The identity federation protocol
C. The hashing method
D. The encryption method
E. The registration authority
F. The certificate authority
B. The identity federation protocol
F. The certificate authority
A security analyst has been tasked with finding the maximum amount of data loss that can occur before ongoing business operations would be impacted. Which of the following terms BEST defines this metric?
A. MTTR
B. RTO
C. RPO
D. MTBF
C. RPO
The IT department’s on-site developer has been with the team for many years. Each time an application is released, the security team is able to identify multiple vulnerabilities. Which of the following would BEST help the team ensure the application is ready to be released to production?
A. Limit the use of third-party libraries.
B. Prevent data exposure queries.
C. Obfuscate the source code.
D. Submit the application to QA before releasing it.
D. Submit the application to QA before releasing it.
During a security incident investigation, an analyst consults the company’s SIEM and sees an event concerning high traffic to a known, malicious command-and-control server. The analyst would like to determine the number of company workstations that may be impacted by this issue. Which of the following can provide this information?
A. WAF logs
B. DNS logs
C. System logs
D. Application logs
B. DNS logs
A company has a flat network that is deployed in the cloud. Security policy states that all production and development servers must be segmented. Which of the following should be used to design the network to meet the security requirements?
A. CASB
B. VPC
C. Perimeter network
D. WAF
B. VPC
A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?
A. Change the default settings on the PC.
B. Define the PC firewall rules to limit access.
C. Encrypt the disk on the storage device.
D. Plug the storage device in to the UPS.
A. Change the default settings on the PC.
A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would BEST support the policy?
A. Mobile device management
B. Full-device encryption
C. Remote wipe
D. Biometrics
A. Mobile device management
A company wants to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy to implement?
A. Incremental backups followed by differential backups
B. Full backups followed by incremental backups
C. Delta backups followed by differential backups
D. Incremental backups followed by delta backups
E. Full backups followed by differential backups
E. Full backups followed by differential backups
The compliance team requires an annual recertification of privileged and non-privileged user access. However, multiple users who left the company six months ago still have access. Which of the following would have prevented this compliance violation?
A. Account audits
B. AUP
C. Password reuse
D. SSO
A. Account audits
A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would MOST likely have prevented this breach?
A. A firewall
B. A device pin
C. A USB data blocker
D. Biometrics
C. A USB data blocker
The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of a __________.
A. data controller.
B. data owner.
C. data custodian.
D. data processor.
C. data custodian.
An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the MOST acceptable?
A. SED
B. HSM
C. DLP
D. TPM
A. SED
After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?
A. A DMZ
B. A VPN
C. A VLAN
D. An ACL
D. An ACL