626-650 Flashcards
Which of the following security concepts should an e-commerce organization apply for protection against erroneous purchases?
A. Privacy
B. Availability
C. Integrity
D. Confidentiality
C. Integrity
A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of the following would BEST meet this objective? (Choose two.)
A. Dual power supply
B. Off-site backups
C. Automatic OS upgrades
D. NIC teaming
E. Scheduled penetration testing
F. Network-attached storage
A. Dual power supply
B. Off-site backups
A company’s Chief Information Officer (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company’s developers. Which of the following would be MOST suitable for training the developers?
A. A capture-the-flag competition
B. A phishing simulation
C. Physical security training
D. Basic awareness training
A. A capture-the-flag competition
A cybersecurity administrator has a reduced team and needs to operate an on-premises network and security infrastructure efficiently. To help with the situation, the administrator decides to hire a service provider. Which of the following should the administrator use?
A. SDP
B. AAA
C. IaaS
D. MSSP
E. Microservices
D. MSSP
Which of the following threat vectors would appear to be the most legitimate when used by a malicious actor to impersonate a company?
A. Phone call
B. Instant message
C. Email
D. Text message
A. Phone call
The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process?
A. Updating the playbooks with better decision points
B. Dividing the network into trusted and untrusted zones
C. Providing additional end-user training on acceptable use
D. Implementing manual quarantining of infected hosts
A. Updating the playbooks with better decision points
A security administrator checks the table of a network switch, which shows the following output:
1 001a:42ff:5113 dynamic GE0/5
1 0faa:abcf:ddee dynamic GE0/5
1 c6a9:6b16:758e dynamic GE0/5
1 a3aa:b6a3:1212 dynamic GE0/5
1 8025:2ad8:bfac dynamic GE0/5
1 b839:f995:a00a dynamic GE0/5
Which of the following is happening to this switch?
A. MAC flooding
B. DNS poisoning
C. MAC cloning
D. ARP poisoning
A. MAC flooding
An organization just experienced a major cyberattack incident. The attack was well coordinated, sophisticated, and highly skilled. Which of the following targeted the organization?
A. Shadow IT
B. An insider threat
C. A hacktivist
D. An advanced persistent threat
D. An advanced persistent threat
A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patching routine. Which of the following steps should also be taken to harden the smart switch?
A. Set up an air gap for the switch.
B. Change the default password for the switch
C. Place the switch in a Faraday cage.
D. Install a cable lock on the switch.
B. Change the default password for the switch
A company recently set up an e-commerce portal to sell its products online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard. Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?
A. PCI DSS
B. ISO 22301
C. ISO 27001
D. NIST CSF
A. PCI DSS
A security analyst is investigating an incident that was first reported as an issue connecting to network shares and the Internet. While reviewing logs and tool output, the analyst sees the following:
IP Physical Address
10.0.0.1 00-18-21-ad-24-bc
10.0.0.114 01-31-a3-cd-23-ab
10.0.0.115 00-18-21-ad-24-bc
10.0.0.116 00-19-08-ba-07-da
10.0.0.117 01-12-21-ca-11-ad
Which of the following attacks has occurred?
A. IP conflict
B. Pass-the-hash
C. MAC flooding
D. Directory traversal
E. ARP poisoning
E. ARP poisoning
Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the real data?
A. Data encryption
B. Data masking
C. Data deduplication
D. Data minimization
B. Data masking
A company recently moved sensitive videos between on-premises, company-owned websites. The company then learned the videos had been uploaded and shared to the Internet. Which of the following would MOST likely allow the company to find the cause?
A. Checksums
B. Watermarks
C. Order of volatility
D. A log analysis
E. A right-to-audit clause
D. A log analysis
A public relations team will be taking a group of guests on a tour through the facility of a large e- commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against:
A. loss of proprietary information.
B. damage to the company’s reputation.
C. social engineering.
D. credential exposure.
A. loss of proprietary information.
Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?
A. The document is a honeyfile and is meant to attract the attention of a cyberintruder.
B. The document is a backup file if the system needs to be recovered.
C. The document is a standard file that the OS needs to verify the login credentials.
D. The document is a keylogger that stores all keystrokes should the account be compromised
A. The document is a honeyfile and is meant to attract the attention of a cyberintruder.