526-550 Flashcards
An engineer needs to deploy a security measure to identify and prevent data tampering within the enterprise. Which of the following will accomplish this goal?
A. Antivirus
B. IPS
C. FTP
D. FIM
D. FIM
Which of the following mitigation techniques places devices in physically or logically separated networks and leverages policies to limit the types of communications that are allowed?
A. Host-based firewalls
B. Access control list
C. Port security
D. Least privilege
B. Access control list
All security analysts’ workstations at a company have network access to a critical server VLAN. The information security manager wants to further enhance the controls by requiring that all access to the secure VLAN be authorized only from a given single location. Which of the following will the information security manager most likely implement?
A. A forward proxy server
B. A jump server
C. A reverse proxy server
D. A stateful firewall server
B. A jump server
Which of the following best describes why a company would erase a newly purchased device and install its own image with an operating system and applications?
A. Installing a new operating system thoroughly tests the equipment
B. Removing unneeded applications reduces the system’s attack surface
C. Reimaging a system creates an updated baseline of the computer image
D. Wiping the device allows the company to evaluate its performance
C. Reimaging a system creates an updated baseline of the computer image
A backdoor was detected on the containerized application environment. The investigation detected that a zero-day vulnerability was introduced when the latest container image version was downloaded from a public registry. Which of the following is the best solution to prevent this type of incident from occurring again?
A. Enforce the use of a controlled trusted source of container images.
B. Deploy an IPS solution capable of detecting signatures of attacks targeting containers.
C. Define a vulnerability scan to assess container images before being introduced on the environment.
D. Create a dedicated VPC for the containerized environment.
A. Enforce the use of a controlled trusted source of container images.
An external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the perimeter network and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will best assist with this investigation?
A. Perform a vulnerability scan to identify the weak spots.
B. Use a packet analyzer to investigate the NetFlow traffic.
C. Check the SIEM to review the correlated logs.
D. Require access to the routers to view current sessions.
C. Check the SIEM to review the correlated logs.
A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies?
A. PCI DSS
B. GDPR
C. NIST
D. ISO 31000
B. GDPR
During an internal penetration test, a security analyst identified a network device that had accepted cleartext authentication and was configured with a default credential. Which of the following recommendations should the security analyst make to secure this device?
A. Configure SNMPv1.
B. Configure SNMPv2c.
C. Configure SNMPv3.
D. Configure the default community string.
C. Configure SNMPv3.
Developers are writing code and merging it into shared repositories several times a day, where it is tested automatically. Which of the following concepts does this best represent?
A. Functional testing
B. Stored procedures
C. Elasticity
D. Continuous integration
D. Continuous integration
A large financial services firm recently released information regarding a security breach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file downloaded from a social media site and subsequently installed it without the user’s knowledge. Since the compromise, the attacker was able to take command and control of the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker most likely use to gain access?
A. A bot
B. A fileless virus
C. A logic bomb
D. A RAT
D. A RAT
Recent changes to a company’s BYOD policy require all personal mobile devices to use a two-factor authentication method that is not something you know or have. Which of the following will meet this requirement?
A. Facial recognition
B. Six-digit PIN
C. PKI certificate
D. Smart card
A. Facial recognition
A critical file server is being upgraded, and the systems administrator must determine which RAID level the new server will need to achieve parity and handle two simultaneous disk failures. Which of the following RAID levels meets this requirement?
A. RAID 0+1
B. RAID 2
C. RAID 5
D. RAID 6
D. RAID 6
A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?
A. Hashing
B. Tokenization
C. Encryption
D. Segmentation
C. Encryption
A security assessment found that several embedded systems are running unsecure protocols. These systems were purchased two years ago, and the company that developed them is no longer in business. Which of the following constraints best describes the reason the findings cannot be remediated?
A. Inability to authenticate
B. Implied trust
C. Lack of computing power
D. Unavailable patch
D. Unavailable patch
A security engineer is concerned about using an agent on devices that relies completely on defined known-bad signatures. The security engineer wants to implement a tool with multiple components including the ability to track, analyze, and monitor devices without reliance on definitions alone. Which of the following solutions best fits this use case?
A. EDR
B. DLP
C. NGFW
D. HIPS
A. EDR