601-625 Flashcards

1
Q

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

A. Compensating control
B. Network segmentation
C. Transfer of risk
D. SNMP traps

A

A. Compensating control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An attacker tricks a user into providing confidential information. Which of the following describes this form of malicious reconnaissance?

A. Phishing
B. Social engineering
C. Typosquatting
D. Smishing

A

B. Social engineering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A large bank with two geographically dispersed data centers is concerned about major power disruptions at both locations. Every day each location experiences very brief outages that last for a few seconds. However, during the summer a high risk of intentional under-voltage events that could last up to an hour exists, particularly at one of the locations near an industrial smelter. Which of the following is the best solution to reduce the risk of data loss?

A. Dual supply
B. Generator
C. PDU
D. Daily backups

A

B. Generator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following examples would be best mitigated by input sanitization?

A.
B. nmap -p- 10.11.1.130
C. Email message: “Click this link to get your free gift card.”
D. Browser message: “Your connection is not private.”

A

A. XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An organization would like to store customer data on a separate part of the network that is not accessible to users on the mam corporate network. Which of the following should the administrator use to accomplish this goal?

A. Segmentation
B. Isolation
C. Patching
D. Encryption

A

A. Segmentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?

A. Cross-site scripting
B. Buffer overflow
C. Jailbreaking
D. Side loading

A

C. Jailbreaking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

A. Open-source intelligence
B. Bug bounty
C. Red team
D. Penetration testing

A

B. Bug bounty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Choose two.)

A. Application
B. Authentication
C. Error
D. Network
E. Firewall
F. System

A

D. Network
E. Firewall

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

A. Compromise
B. Retention
C. Analysis
D. Transfer
E. Inventory

A

B. Retention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company’s final software releases? (Choose two.)

A. Unsecure protocols
B. Use of penetration-testing utilities
C. Weak passwords
D. Included third-party libraries
E. Vendors/supply chain
F. Outdated anti-malware software

A

D. Included third-party libraries
E. Vendors/supply chain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An organization has a growing workforce that is mostly driven by additions to the sales department. Each newly hired salesperson relies on a mobile device to conduct business. The Chief Information Officer (CIO) is wondering if the organization may need to scale down just as quickly as it scaled up. The CIO is also concerned about the organization’s security and customer privacy. Which of the following would be BEST to address the CIO’s concerns?

A. Disallow new hires from using mobile devices for six months.
B. Select four devices for the sales department to use in a CYOD model.
C. Implement BYOD for the sales department while leveraging the MDM.
D. Deploy mobile devices using the COPE methodology.

A

C. Implement BYOD for the sales department while leveraging the MDM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A company has limited storage space available and an online presence that cannot be down for more than four hours. Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time in the event of a failure, while being mindful of the limited available storage space?

A. Implement full tape backups every Sunday at 8:00 p.m. and perform nightly tape rotations.
B. Implement differential backups every Sunday at 8:00 p.m. and nightly incremental backups at 8:00 p.m.
C. Implement nightly full backups every Sunday at 8:00 p.m.
D. Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m.

A

D. Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A startup company is using multiple SaaS and IaaS platforms to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?

A. SIEM
B. DLP
C. CASB
D. SWG

A

C. CASB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?

A. DLP
B. HIDS
C. EDR
D. NIPS

A

C. EDR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to the account and pivot throughout the global network. Which of the following would be BEST to help mitigate this concern?

A. Create different accounts for each region, each configured with push MFA notifications.
B. Create one global administrator account and enforce Kerberos authentication.
C. Create different accounts for each region, limit their logon times, and alert on risky logins.
D. Create a guest account for each region, remember the last ten passwords, and block password reuse.

A

C. Create different accounts for each region, limit their logon times, and alert on risky logins.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?

A. Documenting the new policy in a change request and submitting the request to change management
B. Testing the policy in a non-production environment before enabling the policy in the production network
C. Disabling any intrusion prevention signatures on the “deny any” policy prior to enabling the new policy
D. Including an “allow any” policy above the “deny any” policy

A

B. Testing the policy in a non-production environment before enabling the policy in the production network

17
Q

A network technician is installing a guest wireless network at a coffee shop. When a customer purchases an item, the password for the wireless network is printed on the receipt so the customer can log in. Which of the following will the technician MOST likely configure to provide the highest level of security with the least amount of overhead?

A. WPA-EAP
B. WEP-TKIP
C. WPA-PSK
D. WPS-PIN

A

C. WPA-PSK

18
Q

Which of the following ISO standards is certified for privacy?

A. ISO 9001
B. ISO 27002
C. ISO 27701
D. ISO 31000

A

C. ISO 27701

19
Q

An organization suffered an outage, and a critical system took 90 minutes to come back online. Though there was no data loss during the outage, the expectation was that the critical system would be available again within 60 minutes. Which of the following is the 60-minute expectation an example of?

A. MTBF
B. RPO
C. MTTR
D. RTO

A

D. RTO

20
Q

A security analyst needs to be proactive in understanding the types of attacks that could potentially target the company’s executives. Which of the following intelligence sources should the security analyst review?

A. Vulnerability feeds
B. Trusted automated exchange of indicator information
C. Structured threat information expression
D. Industry information-sharing and collaboration groups

A

D. Industry information-sharing and collaboration groups

21
Q

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that is discovered. Which of the following BEST represents the type of testing that will occur?

A. Bug bounty
B. Black-box
C. Gray-box
D. White-box
E. Red-team

A

A. Bug bounty

22
Q

A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company’s network. The company’s lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts. While reviewing the log files, the analyst discovers the following:

3/16/20 3:31:10 AM Audit Failure: CompanyNetwork\User1 Unknown username or bad password.
3/16/20 3:31:11 AM Audit Failure: CompanyNetwork\User1 Unknown username or bad password.
3/16/20 3:31:12 AM Audit Failure: CompanyNetwork\User1 Unknown username or bad password.
3/16/20 3:31:13 AM Audit Failure: CompanyNetwork\User1 Account locked out
3/16/20 3:31:14 AM Audit Failure: CompanyNetwork\User2 Unknown username or bad password.
3/16/20 3:31:15 AM Audit Failure: CompanyNetwork\User2 Unknown username or bad password.
3/16/20 3:31:16 AM Audit Failure: CompanyNetwork\User2 Unknown username or bad password.
3/16/20 3:31:18 AM Audit Failure: CompanyNetwork\User2 Account locked out
3/16/20 3:31:19 AM Audit Failure: CompanyNetwork\User3 Unknown username or bad password.
3/16/20 3:32:40 AM Audit Failure: CompanyNetwork\User4 Unknown username or bad password.
3/16/20 3:33:25 AM Audit Failure: CompanyNetwork\User4 Successful logon.

Which of the following attacks MOST likely occurred?

A. Dictionary
B. Credential-stuffing
C. Password-spraying
D. Brute-force

A

C. Password-spraying

23
Q

Users have been issued smart cards that provide physical access to a building. The cards also contain tokens that can be used to access information systems. Users can log in to any thin client located throughout the building and see the same desktop each time. Which of the following technologies are being utilized to provide these capabilities? (Choose two.)

A. COPE
B. VDI
C. GPS
D. TOTP
E. RFID
F. BYOD

A

B. VDI
F. BYOD

24
Q

A security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their devices, the following requirements must be met:

  • Mobile device OSs must be patched up to the latest release.
  • A screen lock must be enabled (passcode or biometric).
  • Corporate data must be removed if the device is reported lost or stolen.

Which of the following controls should the security engineer configure? (Choose two.)

A. Containerization
B. Storage segmentation
C. Posturing
D. Remote wipe
E. Full-device encryption
F. Geofencing

A

C. Posturing
D. Remote wipe

25
Q

A systems administrator needs to implement an access control scheme that will allow an object’s access policy to be determined by its owner. Which of the following access control schemes BEST fits the requirements?

A. Role-based access control
B. Discretionary access control
C. Mandatory access control
D. Attribute-based access control

A

B. Discretionary access control