526-550 Flashcards

1
Q

An engineer needs to deploy a security measure to identify and prevent data tampering within the enterprise. Which of the following will accomplish this goal?

A. Antivirus
B. IPS
C. FTP
D. FIM

A

D. FIM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following mitigation techniques places devices in physically or logically separated networks and leverages policies to limit the types of communications that are allowed?

A. Host-based firewalls
B. Access control list
C. Port security
D. Least privilege

A

B. Access control list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

All security analysts’ workstations at a company have network access to a critical server VLAN. The information security manager wants to further enhance the controls by requiring that all access to the secure VLAN be authorized only from a given single location. Which of the following will the information security manager most likely implement?

A. A forward proxy server
B. A jump server
C. A reverse proxy server
D. A stateful firewall server

A

B. A jump server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following best describes why a company would erase a newly purchased device and install its own image with an operating system and applications?

A. Installing a new operating system thoroughly tests the equipment
B. Removing unneeded applications reduces the system’s attack surface
C. Reimaging a system creates an updated baseline of the computer image
D. Wiping the device allows the company to evaluate its performance

A

C. Reimaging a system creates an updated baseline of the computer image

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A backdoor was detected on the containerized application environment. The investigation detected that a zero-day vulnerability was introduced when the latest container image version was downloaded from a public registry. Which of the following is the best solution to prevent this type of incident from occurring again?

A. Enforce the use of a controlled trusted source of container images.
B. Deploy an IPS solution capable of detecting signatures of attacks targeting containers.
C. Define a vulnerability scan to assess container images before being introduced on the environment.
D. Create a dedicated VPC for the containerized environment.

A

A. Enforce the use of a controlled trusted source of container images.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the perimeter network and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will best assist with this investigation?

A. Perform a vulnerability scan to identify the weak spots.
B. Use a packet analyzer to investigate the NetFlow traffic.
C. Check the SIEM to review the correlated logs.
D. Require access to the routers to view current sessions.

A

C. Check the SIEM to review the correlated logs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies?

A. PCI DSS
B. GDPR
C. NIST
D. ISO 31000

A

B. GDPR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

During an internal penetration test, a security analyst identified a network device that had accepted cleartext authentication and was configured with a default credential. Which of the following recommendations should the security analyst make to secure this device?

A. Configure SNMPv1.
B. Configure SNMPv2c.
C. Configure SNMPv3.
D. Configure the default community string.

A

C. Configure SNMPv3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Developers are writing code and merging it into shared repositories several times a day, where it is tested automatically. Which of the following concepts does this best represent?

A. Functional testing
B. Stored procedures
C. Elasticity
D. Continuous integration

A

D. Continuous integration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A large financial services firm recently released information regarding a security breach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file downloaded from a social media site and subsequently installed it without the user’s knowledge. Since the compromise, the attacker was able to take command and control of the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker most likely use to gain access?

A. A bot
B. A fileless virus
C. A logic bomb
D. A RAT

A

D. A RAT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Recent changes to a company’s BYOD policy require all personal mobile devices to use a two-factor authentication method that is not something you know or have. Which of the following will meet this requirement?

A. Facial recognition
B. Six-digit PIN
C. PKI certificate
D. Smart card

A

A. Facial recognition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A critical file server is being upgraded, and the systems administrator must determine which RAID level the new server will need to achieve parity and handle two simultaneous disk failures. Which of the following RAID levels meets this requirement?

A. RAID 0+1
B. RAID 2
C. RAID 5
D. RAID 6

A

D. RAID 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?

A. Hashing
B. Tokenization
C. Encryption
D. Segmentation

A

C. Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A security assessment found that several embedded systems are running unsecure protocols. These systems were purchased two years ago, and the company that developed them is no longer in business. Which of the following constraints best describes the reason the findings cannot be remediated?

A. Inability to authenticate
B. Implied trust
C. Lack of computing power
D. Unavailable patch

A

D. Unavailable patch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A security engineer is concerned about using an agent on devices that relies completely on defined known-bad signatures. The security engineer wants to implement a tool with multiple components including the ability to track, analyze, and monitor devices without reliance on definitions alone. Which of the following solutions best fits this use case?

A. EDR
B. DLP
C. NGFW
D. HIPS

A

A. EDR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A user’s login credentials were recently compromised. During the investigation, the security analyst determined the user input credentials into a pop-up window when prompted to confirm the username and password. However, the trusted website does not use a pop-up for entering user credentials. Which of the following attacks occurred?

A. Cross-site scripting
B. SQL injection
C. DNS poisoning
D. Certificate forgery

A

A. Cross-site scripting

17
Q

To reduce costs and overhead, an organization wants to move from an on-premises email solution to a cloud-based email solution. At this time, no other services will be moving. Which of the following cloud models would best meet the needs of the organization?

A. MaaS
B. IaaS
C. SaaS
D. PaaS

A

C. SaaS

18
Q

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

A. Testing input validation on the user input fields
B. Performing code signing on company-developed software
C. Performing static code analysis on the software
D. Ensuring secure cookies are used

A

B. Performing code signing on company-developed software

19
Q

An organization is having difficulty correlating events from its individual AV, EDR, DLP, SWG, WAF, MDM, HIPS, and CASB systems. Which of the following is the best way to improve the situation?

A. Remove expensive systems that generate few alerts.
B. Modify the systems to alert only on critical issues.
C. Utilize a SIEM to centralize logs and dashboards.
D. Implement a new syslog/NetFlow appliance.

A

C. Utilize a SIEM to centralize logs and dashboards.

20
Q

A company’s end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?

A. Concurrent session usage
B. Secure DNS cryptographic downgrade
C. On-path resource consumption
D. Reflected denial of service

A

D. Reflected denial of service

21
Q

An audit identified PII being utilized in the development environment of a critical application. The Chief Privacy Officer (CPO) is adamant that this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to best satisfy both the CPO’s and the development team’s requirements?

A. Data purge
B. Data encryption
C. Data masking
D. Data tokenization

A

C. Data masking

22
Q

A security analyst is investigating a malware incident at a company. The malware is accessing a command-and-control website at www.comptia.com. All outbound Internet traffic is logged to a syslog server and stored in /logfiles/messages. Which of the following commands would be best for the analyst to use on the syslog server to search for recent traffic to the command-and-control website?

A. head -500 www.comptia.com | grep /logfiles/messages
B. cat /logfiles/messages | tail -500 www.comptia.com
C. tail -500 /logfiles/messages | grep www.comptia.com
D. grep -500 /logfiles/messages | cat www.comptia.com

A

C. tail -500 /logfiles/messages | grep www.comptia.com

23
Q

A systems administrator set up an automated process that checks for vulnerabilities across the entire environment every morning. Which of the following activities is the systems administrator conducting?

A. Scanning
B. Alerting
C. Reporting
D. Archiving

A

A. Scanning

24
Q

An engineer is setting up a VDI environment for a factory location, and the business wants to deploy a low-cost solution to enable users on the shop floor to log in to the VDI environment directly. Which of the following should the engineer select to meet these requirements?

A. Laptops
B. Containers
C. Thin clients
D. Workstations

A

C. Thin clients

25
Q

A systems administrator receives the following alert from a file integrity monitoring tool:

The hash of the cmd.exe file has changed.

The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

A. The end user changed the file permissions.
B. A cryptographic collision was detected.
C. A snapshot of the file system was taken.
D. A rootkit was deployed.

A

D. A rootkit was deployed.