401-425 Flashcards
A security analyst is reviewing logs on a server and observes the following output:
01/01/2020 03:33:23 admin attempted login with password sneak
01/01/2020 03:33:32 admin attempted login with password sneaked
01/01/2020 03:33:41 admin attempted login with password sneaker
01/01/2020 03:33:50 admin attempted login with password sneer
01/01/2020 03:33:59 admin attempted login with password sneeze
01/01/2020 03:34:08 admin attempted login with password sneezy
Which of the following is the security analyst observing?
A. A rainbow table attack
B. A password-spraying attack
C. A dictionary attack
D. A keylogger attack
C. A dictionary attack
A company is launching a website in a different country in order to capture user information that a marketing business can use. The company itself will not be using the information. Which of the following roles is the company assuming?
A. Data owner
B. Data processor
C. Data steward
D. Data collector
A. Data owner
An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?
A. SLA
B. BPA
C. NDA
D. MOU
A. SLA
Which of the following secure application development concepts aims to block verbose error messages from being shown in a user’s interface?
A. OWASP
B. Obfuscation/camouflage
C. Test environment
D. Prevention of information exposure
D. Prevention of information exposure
If a current private key is compromised, which of the following would ensure it cannot be used to decrypt all historical data?
A. Perfect forward secrecy
B. Elliptic-curve cryptography
C. Key stretching
D. Homomorphic encryption
A. Perfect forward secrecy
An organization has expanded its operations by opening a remote office. The new office is fully furnished with office resources to support up to 50 employees working on any given day. Which of the following VPN solutions would BEST support the new office?
A. Always-on
B. Remote access
C. Site-to-site
D. Full tunnel
C. Site-to-site
Which of the following scenarios BEST describes a risk reduction technique?
A. A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches.
B. A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.
C. A security control objective cannot be met through a technical change, so the company performs regular audits to determine if violations have occurred.
D. A security control objective cannot be met through a technical change, so the Chief Information Officer decides to sign off on the risk.
B. A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.
Which of the following social engineering attacks BEST describes an email that is primarily intended to mislead recipients into forwarding the email to others?
A. Hoaxing
B. Pharming
C. Watering-hole
D. Phishing
A. Hoaxing
Which of the following will provide the BEST physical security countermeasures to stop intruders? (Choose two.)
A. Alarms
B. Signage
C. Lighting
D. Access control vestibules
E. Fencing
F. Sensors
D. Access control vestibules
E. Fencing
An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Choose two.)
A. MAC filtering
B. Zero trust segmentation
C. Network access control
D. Access control vestibules
E. Guards
F. Bollards
D. Access control vestibules
E. Guards
An employee used a corporate mobile device during a vacation. Multiple contacts were modified in the device during the employee’s vacation. Which of the following attack methods did an attacker use to insert the contacts without having physical access to the device?
A. Jamming
B. Bluejacking
C. Disassociation
D. Evil twin
B. Bluejacking
A security administrator wants to implement a program that tests a user’s ability to recognize attacks over the organization’s email system. Which of the following would be best suited for this task?
A. Social media analysis
B. Annual information security training
C. Gamification
D. Phishing campaign
D. Phishing campaign
A security analyst is reviewing packet capture data from a compromised host on the network. In the packet capture, the analyst locates packets that contain large amounts of text. Which of the following is most likely installed on the compromised host?
A. Keylogger
B. Spyware
C. Trojan
D. Ransomware
A. Keylogger
An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the project include:
- Check-in/checkout of credentials
- The ability to use but not know the password
- Automated password changes
- Logging of access to credentials
Which of the following solutions would meet the requirements?
A. OAuth 2.0
B. Secure Enclave
C. A privileged access management system
D. An OpenID Connect authentication system
C. A privileged access management system
A systems analyst is responsible for generating a new digital forensics chain-of-custody form. Which of the following should the analyst include in this documentation? (Choose two).
A. The order of volatility
B. A forensics NDA
C. The provenance of the artifacts
D. The vendor’s name
E. The date and time
F. A warning banner
C. The provenance of the artifacts
E. The date and time