476-500

Question 1

Which of the following would a security analyst use to determine if other companies in the same sector have seen similar malicious activity against their systems?

A. Vulnerability scanner
B. Open-source intelligence
C. Packet capture
D. Threat feeds

Answer 1

D. Threat feeds

Question 2

Which of the following types of disaster recovery plan exercises requires the least interruption to IT operations?

A. Parallel
B. Full-scale
C. Tabletop
D. Simulation

Answer 2

C. Tabletop

Question 3

Which of the follow ng disaster recovery sites is the most cost effective to operate?

A. Warm site
B. Cold site
C. Hot site
D. Hybrid site

Answer 3

B. Cold site

Question 4

A security operations center wants to implement a solution that can execute files to test for malicious activity. The solution should provide a report of the files’ activity against known threats. Which of the following should the security operations center implement?

A. the Harvester
B. Nessus
C. Cuckoo
D. Sn1per

Answer 4

C. Cuckoo

Question 5

A security administrator would like to ensure all cloud servers will have software preinstalled for facilitating vulnerability scanning and continuous monitoring. Which of the following concepts should the administrator utilize?

A. Provisioning
B. Staging
C. Staging
D. Quality assurance

Answer 5

A. Provisioning

Question 6

A network architect wants a server to have the ability to retain network availability even if one of the network switches it is connected to goes down. Which of the following should the architect implement on the server to achieve this goal?

A. RAID
B. UPS
C. NIC teaming
D. Load balancing

Answer 6

C. NIC teaming

Question 7

An employee received multiple messages on a mobile device. The messages were instructing the employee to pair the device to an unknown device. Which of the follow ng best describes what a malicious person might be doing to cause this issue to occur?

A. Jamming
B. Bluesnarfing
C. Evil twin attack
D. Rogue access point

Answer 7

B. Bluesnarfing

Question 8

A security administrator installed a new web server. The administrator did this to increase the capacity for an application due to resource exhaustion on another server. Which of the following algorithms should the administrator use to split the number of the connections on each server in half?

A. Weighted response
B. Round-robin
C. Least connection
D. Weighted least connection

Answer 8

B. Round-robin

Question 9

Security analysts have noticed the network becomes flooded with malicious packets at specific times of the day. Which of the following should the analysts use to investigate this issue?

A. Web metadata
B. Bandwidth monitors
C. System files
D. Correlation dashboards

Answer 9

B. Bandwidth monitors

Question 10

A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator’s activities?

A. Continuous deployment
B. Continuous integration
C. Data owners
D. Data processor

Answer 10

D. Data processor

Question 11

An attacker is targeting a company. The attacker notices that the company’s employees frequently access a particular website. The attacker decides to infect the website with malware and hopes the employees’ devices will also become infected. Which of the follow ng techniques is the attacker using?

A. Watering-hole attack
B. Pretexting
C. Typosquatting
D. Impersonation

Answer 11

A. Watering-hole attack

Question 12

A digital forensics team at a large company is investigat ng a case in which malicious code was down oaded over an HTTPS connection and was running in memory, but was never committed to disk. Which of the following techniques should the team use to obtain a sample of the malware binary?

A. pcap reassembly
B. SSD snapshot
C. Image volatile memory
D. Extract from checksums

Answer 12

C. Image volatile memory

Question 13

A website visitor is required to provide properly formatted information in a specific field on a website form. Which of the following security measures is most likely used for this mandate?

A. Input validation
B. Code signing
C. SQL injection
D. Form submission

Answer 13

A. Input validation

Question 14

A technician is setting up a new firewall on a network segment to allow web traffic to the internet while hardening the network. After the firewall is configured, users receive errors stating the website could not be located. Which of the following would best correct the issue?

A. Setting an explicit deny to all traffic using port 80 instead of 443
B. Moving the implicit deny from the bottom of the rule set to the top
C. Configuring the first line in the rule set to allow all traffic
D. Ensuring that port 53 has been explicitly allowed in the rule set

Answer 14

D. Ensuring that port 53 has been explicitly allowed in the rule set

Question 15

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

A. Private
B. Critical
C. Sensitive
D. Public

Answer 15

C. Sensitive

Question 16

A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?

A. Patch availability
B. Product software compatibility
C. Ease of recovery
D. Cost of replacement

Answer 16

A. Patch availability

Question 17

During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization’s network. Which of the following fulfills this request?

A. access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32
B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0
C. access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0
D. access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

Answer 17

B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

Question 18

Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

A. Preparation
B. Recovery
C. Lessons learned
D. Analysis

Answer 18

A. Preparation

Question 19

An administrator is reviewing a single server’s security logs and discovers the following:

Audit 09/16/2022 Microsoft 4625 Logon
Faulire 11:13:05 AM Windows Security
Audit 09/16/2022 Microsoft 4625 Logon
Faulire 11:13:07 AM Windows Security
Audit 09/16/2022 Microsoft 4625 Logon
Faulire 11:13:09 AM Windows Security
Audit 09/16/2022 Microsoft 4625 Logon
Faulire 11:13:11 AM Windows Security
Audit 09/16/2022 Microsoft 4625 Logon
Faulire 11:13:13 AM Windows Security
Audit 09/16/2022 Microsoft 4625 Logon
Faulire 11:13:15 AM Windows Security
Audit 09/16/2022 Microsoft 4625 Logon
Faulire 11:13:17 AM Windows Security
Audit 09/16/2022 Microsoft 4625 Logon
Faulire 11:13:19 AM Windows Security
Audit 09/16/2022 Microsoft 4625 Logon
Faulire 11:13:21 AM Windows Security
Audit 09/16/2022 Microsoft 4625 Logon
Faulire 11:13:23 AM Windows Security
Audit 09/16/2022 Microsoft 4625 Logon
Faulire 11:13:25 AM Windows Security
Audit 09/16/2022 Microsoft 4625 Logon
Faulire 11:13:27 AM Windows Security

Which of the following best describes the action captured in this log file?

A. Brute-force attack
B. Privilege escalation
C. Failed password audit
D. Forgotten password by the user

Answer 19

A. Brute-force attack

Question 20

Which of the following can be used to identify potential attacker activities without affecting production servers?

A. Honeypot
B. Video surveillance
C. Zero trust
D. Geofencing

Answer 20

A. Honeypot

Question 21

A company wants the ability to restrict web access and monitor the websites that employees visit. Which of the following would best meet these requirements?

A. Internet proxy
B. VPN
C. WAF
D. Firewall

Answer 21

A. Internet proxy

Question 22

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?

A. DDoS
B. Privilege escalation
C. DNS poisoning
D. Buffer overflow

Answer 22

A. DDoS

Question 23

A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective?

A. Security information and event management
B. A web application firewall
C. A vulnerability scanner
D. A next-generation firewall

Answer 23

A. Security information and event management

Question 24

Two organizations are discussing a possible merger. Both organizations’ Chief Financial Officers would like to safely share payroll data with each other to determine if the pay scales for different roles are similar at both organizations. Which of the following techniques would be best to protect employee data while allowing the companies to successfully share this information?

A. Pseudo-anonymization
B. Tokenization
C. Data masking
D. Encryption

Answer 24

A. Pseudo-anonymization

Question 25

A large retail store’s network was breached recently, and this news was made public. The store did not lose any intellectual property, and no customer information was stolen. Although no fines were incurred as a result, the store lost revenue after the breach. Which of the following is the most likely reason for this issue?

A. Employee training
B. Leadership changes
C. Reputation damage
D. Identity theft

Answer 25

C. Reputation damage