451-475 Flashcards
A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server is set up on the router to forward all polls so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets were never patched. Which of the following should be done to prevent an attack like this from happening again? (Choose three.)
A. install DLP software to prevent data loss
B. Use the latest version of software
C. Install a SIEM device
D. Implement MDM
E. Implement a screened subnet for the web server
F. Install an endpoint security solution
G. Update the website certificate and revoke the existing ones
H. Deploy additional network sensors
B. Use the latest version of software
E. Implement a screened subnet for the web server
F. Install an endpoint security solution
A security investigation revealed that malicious software was installed on a server using a server administrator’s credentials. During the investigation, the server administrator explained that Telnet was regularly used to log in. Which of the following most likely occurred?
A. A spraying attack was used to determine which credentials to use
B. A packet capture tool was used to steal the password
C. A remote-access Trojan was used to install the malware
D. A dictionary attack was used to log in as the server administrator
B. A packet capture tool was used to steal the password
Which of the following roles would most likely have direct access to the senior management team?
A. Data custodian
B. Data owner
C. Data protection officer
D. Data controller
C. Data protection officer
Stakeholders at an organization must be kept aware of any incidents and receive updates on status changes as they occur. Which of the following plans would fulfill this requirement?
A. Communication plan
B. Disaster recovery plan
C. Business continuity plan
D. Risk plan
A. Communication plan
An employee who is using a mobile device for work, is required to use a fingerprint to unlock the device. Which of the following is this an example of?
A. Something you know
B. Something you are
C. Something you have
D. Somewhere you are
B. Something you are
Which of the following security controls can be used to prevent multiple people from using a unique card swipe and being admitted to a secure entrance?
A. Visitor logs
B. Faraday cages
C. Access control vestibules
D. Motion detection sensors
C. Access control vestibules
Unauthorized devices have been detected on the internal network. The devices’ locations were traced to Ethernet ports located in conference rooms. Which of the following would be the best technical controls to implement to prevent these devices from accessing the internal network?
A. NAC
B. DLP
C. IDS
D. MFA
A. NAC
A Chief Information Security Officer (CISO) wants to implement a new solution that can protect against certain categories of websites whether the employee is in the office or away. Which of the following solutions should the CISO implement?
A. WAF
B. SWG
C. VPN
D. HIDS
B. SWG
A security analyst is using OSINT to gather information to verify whether company data is available publicly. Which of the following is the best application for the analyst to use?
A. theHarvester
B. Cuckoo
C. Nmap
D. Nessus
A. theHarvester
A network engineer receives a call regarding multiple LAN-connected devices that are on the same switch. The devices have suddenly been experiencing speed and latency issues while connecting to network resources. The engineer enters the command show mac address-table and reviews the following output:
1 00-04-28-ER-14-30 Fa0/1
1 88-CD-34-19-E8-98 Fa0/2
1 40-11-08-87-10-13 Fa0/3
1 0D-04-1B-EB-14-30 Fa/04
1 8B-CD-34-00-15-F3 Fa/05
1 FA-13-02-04-27-64 Fa/06
Which of the following best describes the attack that is currently in progress’?
A. MAC flooding
B. Evil twin
C. ARP poisoning
D. DHCP spoofing
A. MAC flooding
A security administrator needs to add fault tolerance and load balancing to the connection from the file server to the backup storage. Which of the following is the best choice to achieve this objective?
A. Multipath
B. RAID
C. Segmentation
D. 802.11
A. Multipath
Which of the following incident response phases should the proper collection of the detected IoCs and establishment of a chain of custody be performed before?
A. Containment
B. Identification
C. Preparation
D. Recovery
A. Containment
Which of the following measures the average time that equipment will operate before it breaks?
A. SLE
B. MTBF
C. RTO
D. ARO
B. MTBF
A security administrator examines the ARP table of an access switch and sees the following output:
All 012b1283f77b STATIC CPU
All o656da1009f1 STATIC CPU
1 f9de6ed7d38f DYNAMIC Fa0/1
2 f98d0ae3850b DYNAMIC Fa0/2
2 7f403b7cf59a DYNAMIC Fa0/2
2 f4182c262c61 DYNAMIC Fa0/2
A. DDoS on Fa0/2 port
B. MAC flooding on Fa0/2 port
C. ARP poisoning on Fa0/1 port
D. DNS poisoning on port Fa0/1
B. MAC flooding on Fa0/2 port
Which of the following documents specifies what to do in the event of catastrophic loss of a physical or virtual system?
A. Data retention plan
B. Incident response plan
C. Disaster recovery plan
D. Communication plan
C. Disaster recovery plan