276-300 Flashcards

1
Q

A user forwarded a suspicious email to the security team. Upon investigation, a malicious URL was discovered. Which of the following should be done FIRST to prevent other users from accessing the malicious URL?

A. Configure the web content filter for the web address.
B. Report the website to threat intelligence partners.
C. Set the SIEM to alert for any activity to the web address.
D. Send out a corporate communication to warn all users of the malicious email.

A

A. Configure the web content filter for the web address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

A systems analyst is responsible for generating a new digital forensics chain-of-custody form. Which of the following should the analyst include in this documentation? (Choose two.)

A. The order of volatility
B. A CRC32 checksum
C. The provenance of the artifacts
D. The vendor’s name
E. The date and time
F. A warning banner

A

C. The provenance of the artifacts
E. The date and time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An organization is migrating several SaaS applications that support SSO. The security manager wants to ensure the migration is completed securely. Which of the following application integration aspects should the organization consider before focusing into underlying implementation details? (Choose two.)

A. The back-end directory source
B. The identity federation protocol
C. The hashing method
D. The encryption method
E. The registration authority
F. The certificate authority

A

B. The identity federation protocol
F. The certificate authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A security analyst has been tasked with finding the maximum amount of data loss that can occur before ongoing business operations would be impacted. Which of the following terms BEST defines this metric?

A. MTTR
B. RTO
C. RPO
D. MTBF

A

C. RPO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The IT department’s on-site developer has been with the team for many years. Each time an application is released, the security team is able to identify multiple vulnerabilities. Which of the following would BEST help the team ensure the application is ready to be released to production?

A. Limit the use of third-party libraries.
B. Prevent data exposure queries.
C. Obfuscate the source code.
D. Submit the application to QA before releasing it.

A

D. Submit the application to QA before releasing it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

During a security incident investigation, an analyst consults the company’s SIEM and sees an event concerning high traffic to a known, malicious command-and-control server. The analyst would like to determine the number of company workstations that may be impacted by this issue. Which of the following can provide this information?

A. WAF logs
B. DNS logs
C. System logs
D. Application logs

A

B. DNS logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A company has a flat network that is deployed in the cloud. Security policy states that all production and development servers must be segmented. Which of the following should be used to design the network to meet the security requirements?

A. CASB
B. VPC
C. Perimeter network
D. WAF

A

B. VPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?

A. Change the default settings on the PC.
B. Define the PC firewall rules to limit access.
C. Encrypt the disk on the storage device.
D. Plug the storage device in to the UPS.

A

A. Change the default settings on the PC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A company is adopting a BYOD policy and is looking for a comprehensive solution to protect company information on user devices. Which of the following solutions would BEST support the policy?

A. Mobile device management
B. Full-device encryption
C. Remote wipe
D. Biometrics

A

A. Mobile device management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A company wants to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy to implement?

A. Incremental backups followed by differential backups
B. Full backups followed by incremental backups
C. Delta backups followed by differential backups
D. Incremental backups followed by delta backups
E. Full backups followed by differential backups

A

E. Full backups followed by differential backups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The compliance team requires an annual recertification of privileged and non-privileged user access. However, multiple users who left the company six months ago still have access. Which of the following would have prevented this compliance violation?

A. Account audits
B. AUP
C. Password reuse
D. SSO

A

A. Account audits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would MOST likely have prevented this breach?

A. A firewall
B. A device pin
C. A USB data blocker
D. Biometrics

A

C. A USB data blocker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The manager who is responsible for a data set has asked a security engineer to apply encryption to the data on a hard disk. The security engineer is an example of a __________.

A. data controller.
B. data owner.
C. data custodian.
D. data processor.

A

C. data custodian.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the MOST acceptable?

A. SED
B. HSM
C. DLP
D. TPM

A

A. SED

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

A. A DMZ
B. A VPN
C. A VLAN
D. An ACL

A

D. An ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following BEST describes when an organization utilizes a ready-to-use application from a cloud provider?

A. IaaS
B. SaaS
C. PaaS
D. XaaS

A

B. SaaS

15
Q

Which of the following BEST helps to demonstrate integrity during a forensic investigation?

A. Event logs
B. Encryption
C. Hashing
D. Snapshots

A

C. Hashing

16
Q

Which of the following would be MOST effective to contain a rapidly spreading attack that is affecting a large number of organizations?

A. Machine learning
B. DNS sinkhole
C. Blocklist
D. Honeypot

A

B. DNS sinkhole

17
Q

A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output:

CPU 0 percent busy, from 300 sec ago
1 sec ave: 99 percent busy
5 sec ave: 97 percent busy
1 min ave: 83 percent busy

Which of the following is the router experiencing?

A. DDoS attack
B. Memory leak
C. Buffer overflow
D. Resource exhaustion

A

D. Resource exhaustion

18
Q

The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, including during a pandemic or crisis. However, the CEO is concerned that some staff members may take advantage of the flexibility and work from high-risk countries while on holiday or outsource work to a third-party organization in another country. The Chief Information Officer (CIO) believes the company can implement some basic controls to mitigate the majority of the risk. Which of the following would be BEST to mitigate the CEO’s concerns? (Choose two.)

A. Geolocation
B. Time-of-day restrictions
C. Certificates
D. Tokens
E. Geotagging
F. Role-based access controls

A

A. Geolocation
B. Time-of-day restrictions

19
Q

While checking logs, a security engineer notices a number of end users suddenly downloading files with the .tar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring?

A. A RAT was installed and is transferring additional exploit tools.
B. The workstations are beaconing to a command-and-control server.
C. A logic bomb was executed and is responsible for the data transfers.
D. A fileless virus is spreading in the local network environment

A

A. A RAT was installed and is transferring additional exploit tools.

20
Q

A business is looking for a cloud service provider that offers a la carte services, including cloud backups, VM elasticity, and secure networking. Which of the following cloud service provider types should the business engage?

A. IaaS
B. PaaS
C. XaaS
D. SaaS

A

C. XaaS

21
Q

A research company discovered that an unauthorized piece of software has been detected on a small number of machines in its lab. The researchers collaborate with other machines using port 445 and on the Internet using port 443. The unauthorized software is starting to be seen on additional machines outside of the lab and is making outbound communications using HTTPS and SMB. The security team has been instructed to resolve the problem as quickly as possible while causing minimal disruption to the researchers. Which of the following contains the BEST course of action in this scenario?

A. Update the host firewalls to block outbound SMB.
B. Place the machines with the unapproved software in containment.
C. Place the unauthorized application in a blocklist.
D. Implement a content filter to block the unauthorized software communication.

A

C. Place the unauthorized application in a blocklist.

22
Q

A security analyst has been reading about a newly discovered cyberattack from a known threat actor. Which of the following would BEST support the analyst’s review of the tactics, techniques, and protocols the threat actor was observed using in previous campaigns?

A. Security research publications
B. The MITRE ATT&CK framework
C. The Diamond Model of Intrusion Analysis
D. The Cyber Kill Chain

A

B. The MITRE ATT&CK framework

23
Q

A security analyst is hardening a network infrastructure. The analyst is given the following requirements:

  • Preserve the use of public IP addresses assigned to equipment on the core router.
  • Enable “in transport” encryption protection to the web server with the strongest ciphers.

Which of the following should the analyst implement to meet these requirements? (Choose two.)

A. Configure VLANs on the core router.
B. Configure NAT on the core router.
C. Configure BGP on the core router.
D. Enable AES encryption on the web server.
E. Enable 3DES encryption on the web server.
F. Enable TLSv2 encryption on the web server.

A

B. Configure NAT on the core router.
F. Enable TLSv2 encryption on the web server.