401-425 Flashcards

1
Q

A security analyst is reviewing logs on a server and observes the following output:

01/01/2020 03:33:23 admin attempted login with password sneak
01/01/2020 03:33:32 admin attempted login with password sneaked
01/01/2020 03:33:41 admin attempted login with password sneaker
01/01/2020 03:33:50 admin attempted login with password sneer
01/01/2020 03:33:59 admin attempted login with password sneeze
01/01/2020 03:34:08 admin attempted login with password sneezy

Which of the following is the security analyst observing?

A. A rainbow table attack
B. A password-spraying attack
C. A dictionary attack
D. A keylogger attack

A

C. A dictionary attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A company is launching a website in a different country in order to capture user information that a marketing business can use. The company itself will not be using the information. Which of the following roles is the company assuming?

A. Data owner
B. Data processor
C. Data steward
D. Data collector

A

A. Data owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?

A. SLA
B. BPA
C. NDA
D. MOU

A

A. SLA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following secure application development concepts aims to block verbose error messages from being shown in a user’s interface?

A. OWASP
B. Obfuscation/camouflage
C. Test environment
D. Prevention of information exposure

A

D. Prevention of information exposure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

If a current private key is compromised, which of the following would ensure it cannot be used to decrypt all historical data?

A. Perfect forward secrecy
B. Elliptic-curve cryptography
C. Key stretching
D. Homomorphic encryption

A

A. Perfect forward secrecy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An organization has expanded its operations by opening a remote office. The new office is fully furnished with office resources to support up to 50 employees working on any given day. Which of the following VPN solutions would BEST support the new office?

A. Always-on
B. Remote access
C. Site-to-site
D. Full tunnel

A

C. Site-to-site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following scenarios BEST describes a risk reduction technique?

A. A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches.
B. A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.
C. A security control objective cannot be met through a technical change, so the company performs regular audits to determine if violations have occurred.
D. A security control objective cannot be met through a technical change, so the Chief Information Officer decides to sign off on the risk.

A

B. A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following social engineering attacks BEST describes an email that is primarily intended to mislead recipients into forwarding the email to others?

A. Hoaxing
B. Pharming
C. Watering-hole
D. Phishing

A

A. Hoaxing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following will provide the BEST physical security countermeasures to stop intruders? (Choose two.)

A. Alarms
B. Signage
C. Lighting
D. Access control vestibules
E. Fencing
F. Sensors

A

D. Access control vestibules
E. Fencing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Choose two.)

A. MAC filtering
B. Zero trust segmentation
C. Network access control
D. Access control vestibules
E. Guards
F. Bollards

A

D. Access control vestibules
E. Guards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An employee used a corporate mobile device during a vacation. Multiple contacts were modified in the device during the employee’s vacation. Which of the following attack methods did an attacker use to insert the contacts without having physical access to the device?

A. Jamming
B. Bluejacking
C. Disassociation
D. Evil twin

A

B. Bluejacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A security administrator wants to implement a program that tests a user’s ability to recognize attacks over the organization’s email system. Which of the following would be best suited for this task?

A. Social media analysis
B. Annual information security training
C. Gamification
D. Phishing campaign

A

D. Phishing campaign

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A security analyst is reviewing packet capture data from a compromised host on the network. In the packet capture, the analyst locates packets that contain large amounts of text. Which of the following is most likely installed on the compromised host?

A. Keylogger
B. Spyware
C. Trojan
D. Ransomware

A

A. Keylogger

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the project include:

  • Check-in/checkout of credentials
  • The ability to use but not know the password
  • Automated password changes
  • Logging of access to credentials

Which of the following solutions would meet the requirements?

A. OAuth 2.0
B. Secure Enclave
C. A privileged access management system
D. An OpenID Connect authentication system

A

C. A privileged access management system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A systems analyst is responsible for generating a new digital forensics chain-of-custody form. Which of the following should the analyst include in this documentation? (Choose two).

A. The order of volatility
B. A forensics NDA
C. The provenance of the artifacts
D. The vendor’s name
E. The date and time
F. A warning banner

A

C. The provenance of the artifacts
E. The date and time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A security analyst reviews web server logs and notices the following line:

104.35.45.53 - - [22/May/2020:07:00:58 +0100 “GET /wordpress/wp-content/plugins/custom_plugin/check_user.php? userid=1 UNION ALL SELECT user_login,user_email from wp-users– HTTP/1.1” 200 1072 “http://www.example.com/wordpress/wp-admin/”

Which of the following vulnerabilities is the attacker trying to exploit?

A. SSRF
B. CSRF
C. XSS
D. SQLi

A

D. SQLi

17
Q

A user is having network connectivity issues when working from a coffee shop. The user has used the coffee shop as a workspace for several months without any issues. None of the other customers at the coffee shop are experiencing these issues. A help desk analyst at the user’s company reviews the following Wi-Fi log:

8:13:40 Coffee_Wi-Fi Network connected 5GHz
08:13:45 Coffee_Wi-Fi Network disconnected 5GHz
09:04:10 Coffee_Wi-Fi Network connected 5GHz
08:04:15 Coffee_Wi-Fi Network disconnected 5GHz
11:15:07 Coffee_Wi-Fi Network connected 5GHz
08:13:12 Coffee_Wi-Fi Network disconnected 5GHz

Which of the following best describes what is causing this issue?

A. Another customer has configured a rogue access point.
B. The coffee shop network is using multiple frequencies.
C. A denial-of-service attack by disassociation is occurring.
D. An evil twin access point is being utilized.

A

C. A denial-of-service attack by disassociation is occurring.

18
Q

Which of the following is a physical security control that ensures only the authorized user is present when gaining access to a secured area?

A. A biometric scanner
B. A smart card reader
C. A PKI token
D. A PIN pad

A

A. A biometric scanner

19
Q

During a forensic investigation, a security analyst discovered that the following command was run on a compromised host:

crackmapexec smb 192.168.10.232 -u localadmin -H 0A3CE8D07A46E5C51070F03593E0A5E6

Which of the following attacks occurred?

A. Buffer overflow
B. Pass the hash
C. SQL injection
D. Replay attack

A

B. Pass the hash

20
Q

A company is moving to new location. The systems administrator has provided the following server room requirements to the facilities staff:

  • Consistent power levels in case of brownouts or voltage spikes
  • A minimum of 30 minutes runtime following a power outage
  • Ability to trigger graceful shutdowns of critical systems

Which of the following would BEST meet the requirements?

A. Maintaining a standby, gas-powered generator
B. Using large surge suppressors on computer equipment
C. Configuring managed PDUs to monitor power levels
D. Deploying an appropriately sized, network-connected UPS device

A

D. Deploying an appropriately sized, network-connected UPS device

21
Q

Which of the following would provide guidelines on how to label new network devices as part of the initial configuration?

A. IP schema
B. Application baseline configuration
C. Standard naming convention policy
D. Wireless LAN and network perimeter diagram

A

C. Standard naming convention policy

22
Q

A systems engineer thinks a business system has been compromised and is being used to exfiltrate data to a competitor. The engineer contacts the CSIRT. The CSIRT tells the engineer to immediately disconnect the network cable and to not do anything else. Which of the following is the most likely reason for this request?

A. The CSIRT thinks an insider threat is attacking the network.
B. Outages of business-critical systems cost too much money.
C. The CSIRT does not consider the systems engineer to be trustworthy.
D. Memory contents, including fileless malware, are lost when the power is turned off.

A

D. Memory contents, including fileless malware, are lost when the power is turned off.

23
Q

Which of the following best describes the situation where a successfully onboarded employee who is using a fingerprint reader is denied access at the company’s main gate?

A. Crossover error rate
B. False match rate
C. False rejection
D. False positive

A

C. False rejection

24
Q

Which of the following should customers who are involved with UI developer agreements be concerned with when considering the use of these products on highly sensitive projects?

A. Weak configurations
B. Integration activities
C. Unsecure user accounts
D. Outsourced code development

A

D. Outsourced code development

25
Q

Which of the following identifies the point in time when an organization will recover data in the event of an outage?

A. ALE
B. RPO
C. MTBF
D. ARO

A

B. RPO