626-650 Flashcards

1
Q

Which of the following security concepts should an e-commerce organization apply for protection against erroneous purchases?

A. Privacy
B. Availability
C. Integrity
D. Confidentiality

A

C. Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of the following would BEST meet this objective? (Choose two.)

A. Dual power supply
B. Off-site backups
C. Automatic OS upgrades
D. NIC teaming
E. Scheduled penetration testing
F. Network-attached storage

A

A. Dual power supply
B. Off-site backups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A company’s Chief Information Officer (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company’s developers. Which of the following would be MOST suitable for training the developers?

A. A capture-the-flag competition
B. A phishing simulation
C. Physical security training
D. Basic awareness training

A

A. A capture-the-flag competition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A cybersecurity administrator has a reduced team and needs to operate an on-premises network and security infrastructure efficiently. To help with the situation, the administrator decides to hire a service provider. Which of the following should the administrator use?

A. SDP
B. AAA
C. IaaS
D. MSSP
E. Microservices

A

D. MSSP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following threat vectors would appear to be the most legitimate when used by a malicious actor to impersonate a company?

A. Phone call
B. Instant message
C. Email
D. Text message

A

A. Phone call

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process?

A. Updating the playbooks with better decision points
B. Dividing the network into trusted and untrusted zones
C. Providing additional end-user training on acceptable use
D. Implementing manual quarantining of infected hosts

A

A. Updating the playbooks with better decision points

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A security administrator checks the table of a network switch, which shows the following output:

1 001a:42ff:5113 dynamic GE0/5
1 0faa:abcf:ddee dynamic GE0/5
1 c6a9:6b16:758e dynamic GE0/5
1 a3aa:b6a3:1212 dynamic GE0/5
1 8025:2ad8:bfac dynamic GE0/5
1 b839:f995:a00a dynamic GE0/5

Which of the following is happening to this switch?

A. MAC flooding
B. DNS poisoning
C. MAC cloning
D. ARP poisoning

A

A. MAC flooding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An organization just experienced a major cyberattack incident. The attack was well coordinated, sophisticated, and highly skilled. Which of the following targeted the organization?

A. Shadow IT
B. An insider threat
C. A hacktivist
D. An advanced persistent threat

A

D. An advanced persistent threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patching routine. Which of the following steps should also be taken to harden the smart switch?

A. Set up an air gap for the switch.
B. Change the default password for the switch
C. Place the switch in a Faraday cage.
D. Install a cable lock on the switch.

A

B. Change the default password for the switch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A company recently set up an e-commerce portal to sell its products online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard. Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?

A. PCI DSS
B. ISO 22301
C. ISO 27001
D. NIST CSF

A

A. PCI DSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A security analyst is investigating an incident that was first reported as an issue connecting to network shares and the Internet. While reviewing logs and tool output, the analyst sees the following:

IP Physical Address
10.0.0.1 00-18-21-ad-24-bc
10.0.0.114 01-31-a3-cd-23-ab
10.0.0.115 00-18-21-ad-24-bc
10.0.0.116 00-19-08-ba-07-da
10.0.0.117 01-12-21-ca-11-ad

Which of the following attacks has occurred?

A. IP conflict
B. Pass-the-hash
C. MAC flooding
D. Directory traversal
E. ARP poisoning

A

E. ARP poisoning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the real data?

A. Data encryption
B. Data masking
C. Data deduplication
D. Data minimization

A

B. Data masking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A company recently moved sensitive videos between on-premises, company-owned websites. The company then learned the videos had been uploaded and shared to the Internet. Which of the following would MOST likely allow the company to find the cause?

A. Checksums
B. Watermarks
C. Order of volatility
D. A log analysis
E. A right-to-audit clause

A

D. A log analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A public relations team will be taking a group of guests on a tour through the facility of a large e- commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against:

A. loss of proprietary information.
B. damage to the company’s reputation.
C. social engineering.
D. credential exposure.

A

A. loss of proprietary information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?

A. The document is a honeyfile and is meant to attract the attention of a cyberintruder.
B. The document is a backup file if the system needs to be recovered.
C. The document is a standard file that the OS needs to verify the login credentials.
D. The document is a keylogger that stores all keystrokes should the account be compromised

A

A. The document is a honeyfile and is meant to attract the attention of a cyberintruder.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A security analyst needs to generate a server certificate to be used for 802.1X and secure RDP connections. The analyst is unsure what is required to perform the task and solicits help from a senior colleague. Which of the following is the FIRST step the senior colleague will most likely tell the analyst to perform to accomplish this task?

A. Create an OCSP.
B. Generate a CSR.
C. Create a CRL.
D. Generate a .pfx file.

A

B. Generate a CSR.

17
Q

When selecting a technical solution for identity management, an architect chooses to go from an in-house solution to a third-party SaaS provider. Which of the following risk management strategies is this an example of?

A. Acceptance
B. Mitigation
C. Avoidance
D. Transference

A

D. Transference

18
Q

Which of the following describes the BEST approach for deploying application patches?

A. Apply the patches to systems in a testing environment, then to systems in a staging environment, and finally to production systems.
B. Test the patches in a staging environment, develop against them in the development environment, and then apply them to the production systems.
C. Test the patches in a test environment, apply them to the production systems, and then apply them to a staging environment.
D. Apply the patches to the production systems, apply them in a staging environment, and then test all of them in a testing environment.

A

A. Apply the patches to systems in a testing environment, then to systems in a staging environment, and finally to production systems.

19
Q

A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?

A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.
B. Restrict administrative privileges and patch all systems and applications.
C. Rebuild all workstations and install new antivirus software.
D. Implement application whitelisting and perform user application hardening.

A

A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.

20
Q

After entering a username and password, an administrator must draw a gesture on a touch screen. Which of the following demonstrates what the administrator is providing?

A. Multifactor authentication
B. Something you can do
C. Biometrics
D. Two-factor authentication

A

B. Something you can do

21
Q

An analyst visits an Internet forum looking for information about a tool. The analyst finds a thread that appears to contain relevant information. One of the posts says the following:

Hello everyone
I’m having the same problem with my server. Can you help me?

<script type=”text/javascript” src=http://website.com/user.js>
Onload=sqlexec
</script>

Thank you,

Joe

Which of the following BEST describes the attack that was attempted against the forum readers?

A. SQLi attack
B. DLL attack
C. XSS attack
D. API attack

A

C. XSS attack

22
Q

A root cause analysis reveals that a web application outage was caused by one of the company’s developers uploading a newer version of the third-party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent this issue from reoccurring?

A. CASB
B. SWG
C. Containerization
D. Automated failover

A

C. Containerization

23
Q

The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve security in the environment and protect patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO’s concerns?

A. SSO would simplify username and password management, making it easier for hackers to guess accounts.
B. SSO would reduce password fatigue, but staff would still need to remember more complex passwords.
C. SSO would reduce the password complexity for frontline staff.
D. SSO would reduce the resilience and availability of systems if the identity provider goes offline.

A

D. SSO would reduce the resilience and availability of systems if the identity provider goes offline.

24
Q

A software developer needs to perform code-execution testing, black-box testing, and non- functional testing on a new product before its general release. Which of the following BEST describes the tasks the developer is conducting?

A. Verification
B. Validation
C. Normalization
D. Staging

A

D. Staging

25
Q

Joe, a user at a company, clicked an email link that led to a website that infected his workstation. Joe was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and it has continued to evade detection. Which of the following should a security administrator implement to protect the environment from this malware?

A. Install a definition-based antivirus.
B. Implement an IDS/IPS.
C. Implement a heuristic behavior-detection solution.
D. Implement CASB to protect the network shares.

A

C. Implement a heuristic behavior-detection solution.