451-475 Flashcards

1
Q

A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server is set up on the router to forward all polls so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets were never patched. Which of the following should be done to prevent an attack like this from happening again? (Choose three.)

A. install DLP software to prevent data loss
B. Use the latest version of software
C. Install a SIEM device
D. Implement MDM
E. Implement a screened subnet for the web server
F. Install an endpoint security solution
G. Update the website certificate and revoke the existing ones
H. Deploy additional network sensors

A

B. Use the latest version of software
E. Implement a screened subnet for the web server
F. Install an endpoint security solution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A security investigation revealed that malicious software was installed on a server using a server administrator’s credentials. During the investigation, the server administrator explained that Telnet was regularly used to log in. Which of the following most likely occurred?

A. A spraying attack was used to determine which credentials to use
B. A packet capture tool was used to steal the password
C. A remote-access Trojan was used to install the malware
D. A dictionary attack was used to log in as the server administrator

A

B. A packet capture tool was used to steal the password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following roles would most likely have direct access to the senior management team?

A. Data custodian
B. Data owner
C. Data protection officer
D. Data controller

A

C. Data protection officer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Stakeholders at an organization must be kept aware of any incidents and receive updates on status changes as they occur. Which of the following plans would fulfill this requirement?

A. Communication plan
B. Disaster recovery plan
C. Business continuity plan
D. Risk plan

A

A. Communication plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An employee who is using a mobile device for work, is required to use a fingerprint to unlock the device. Which of the following is this an example of?

A. Something you know
B. Something you are
C. Something you have
D. Somewhere you are

A

B. Something you are

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following security controls can be used to prevent multiple people from using a unique card swipe and being admitted to a secure entrance?

A. Visitor logs
B. Faraday cages
C. Access control vestibules
D. Motion detection sensors

A

C. Access control vestibules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Unauthorized devices have been detected on the internal network. The devices’ locations were traced to Ethernet ports located in conference rooms. Which of the following would be the best technical controls to implement to prevent these devices from accessing the internal network?

A. NAC
B. DLP
C. IDS
D. MFA

A

A. NAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A Chief Information Security Officer (CISO) wants to implement a new solution that can protect against certain categories of websites whether the employee is in the office or away. Which of the following solutions should the CISO implement?

A. WAF
B. SWG
C. VPN
D. HIDS

A

B. SWG

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A security analyst is using OSINT to gather information to verify whether company data is available publicly. Which of the following is the best application for the analyst to use?

A. theHarvester
B. Cuckoo
C. Nmap
D. Nessus

A

A. theHarvester

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A network engineer receives a call regarding multiple LAN-connected devices that are on the same switch. The devices have suddenly been experiencing speed and latency issues while connecting to network resources. The engineer enters the command show mac address-table and reviews the following output:

1 00-04-28-ER-14-30 Fa0/1
1 88-CD-34-19-E8-98 Fa0/2
1 40-11-08-87-10-13 Fa0/3
1 0D-04-1B-EB-14-30 Fa/04
1 8B-CD-34-00-15-F3 Fa/05
1 FA-13-02-04-27-64 Fa/06

Which of the following best describes the attack that is currently in progress’?

A. MAC flooding
B. Evil twin
C. ARP poisoning
D. DHCP spoofing

A

A. MAC flooding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A security administrator needs to add fault tolerance and load balancing to the connection from the file server to the backup storage. Which of the following is the best choice to achieve this objective?

A. Multipath
B. RAID
C. Segmentation
D. 802.11

A

A. Multipath

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following incident response phases should the proper collection of the detected IoCs and establishment of a chain of custody be performed before?

A. Containment
B. Identification
C. Preparation
D. Recovery

A

A. Containment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following measures the average time that equipment will operate before it breaks?

A. SLE
B. MTBF
C. RTO
D. ARO

A

B. MTBF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A security administrator examines the ARP table of an access switch and sees the following output:

All 012b1283f77b STATIC CPU
All o656da1009f1 STATIC CPU
1 f9de6ed7d38f DYNAMIC Fa0/1
2 f98d0ae3850b DYNAMIC Fa0/2
2 7f403b7cf59a DYNAMIC Fa0/2
2 f4182c262c61 DYNAMIC Fa0/2

A. DDoS on Fa0/2 port
B. MAC flooding on Fa0/2 port
C. ARP poisoning on Fa0/1 port
D. DNS poisoning on port Fa0/1

A

B. MAC flooding on Fa0/2 port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following documents specifies what to do in the event of catastrophic loss of a physical or virtual system?

A. Data retention plan
B. Incident response plan
C. Disaster recovery plan
D. Communication plan

A

C. Disaster recovery plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following rales is responsible for defining the protection type and classification type for a given set of files?

A. General counsel
B. Data owner
C. Risk manager
D. Chief Information Officer

A

B. Data owner

17
Q

An employee’s company email is configured with conditional access and requires that MFA is enabled and used. An example of MFA is a phone call and:

A. a push notification
B. a password
C. an SMS message
D. an authentication application

A

B. a password

18
Q

Which of the following is a security implication of newer ICS devices that are becoming more common in corporations?

A. Devices with cellular communication capabilities bypass traditional network security controls
B. Many devices do not support elliptic-curve encryption algorithms due to the overhead they require
C. These devices often lack privacy controls and do not meet newer compliance regulations
D. Unauthorized voice and audio recording can cause loss of intellectual property

A

A. Devices with cellular communication capabilities bypass traditional network security controls

19
Q

Which of the following is required in order for an IDS and a WAF to be effective on HTTPS traffic?

A. Hashing
B. DNS sinkhole
C. TLS inspection
D. Data masking

A

C. TLS inspection

20
Q

A company policy requires third-party suppliers to self-report data breaches within a specific time frame. Which of the following third-party risk management policies is the company complying with?

A. MOU
B. SLA
C. EOL
D. NDA

A

B. SLA

21
Q

While troubleshooting service disruption on a mission-critical server, a technician discovered the user account that was configured to run automated processes was disabled because the user s password failed to meet password complexity requirements. Which of the following would be the best solution to securely prevent future issues?

A. Using an administrator account to run the processes and disabling the account when it is not in use
B. Implementing a shared account the team can use to run automated processes
C. Configuring a service account to run the processes
D. Removing the password complexity requirements for the user account

A

C. Configuring a service account to run the processes

22
Q

A security analyst is assessing a new y developed web application by testing SQL injection, CSRF, and XML injection. Which of the follow ng frameworks should the analyst consider?

A. ISO
B. MITRE ATT&CK
C. OWASP
D. NIST

A

C. OWASP

23
Q

A user s laptop constantly disconnects from the Wi-Fi network. Once the laptop reconnects, the user can reach the internet but cannot access shared folders or other network resources. Which of the following types of attacks is the user most likely experiencing?

A. Bluejacking
B. Jamming
C. Rogue access point
D. Evil twin

A

D. Evil twin

24
Q

Which of the following procedures would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring?

A. Walk-throughs
B. Lessons learned
C. Attack framework alignment
D. Containment

A

B. Lessons learned

25
Q

A security administrator is integrating several segments onto a single network. One of the segments, which includes legacy devices, presents a significant amount of risk to the network. Which of the follow ng would allow users to access to the legacy devices without compromising the security of the entire network?

A. NIDS
B. MAC filtering
C. Jump server
D. IPSec
E. NAT gateway

A

C. Jump server