200 questions v1 Flashcards by Christopher Judd

An employee in the finance department receives an email, which appears to come from the Chief Financial Officer (CFO), instructing the employee to immediately wire a large sum of money to a vendor. Which of the following BEST describes the principles of social engineering used? (Choose two.)
A.  Familiarity
B.  Scarcity
C.  Urgency
D.  Authority
E.  Consensus

C. Urgency

D. Authority

How well did you know this?

Not at all

Perfectly

A security administrator has replaced the firewall and notices a number of dropped connections. After looking
at the data the security administrator sees the following information that was flagged as a possible issue:
Which of the following can the security administrator determine from this?
A. An SQL injection attack is being attempted
B. Legitimate connections are being dropped
C. A network scan is being done on the system
D. An XSS attack is being attempted
Correct Answer: A

A. An SQL injection attack is being attempted

How well did you know this?

Not at all

Perfectly

A penetration testing team deploys a specifically crafted payload to a web server, which results in opening a
new session as the web server daemon. This session has full read/write access to the file system and the
admin console. Which of the following BEST describes the attack?
A. Domain hijacking
B. Injection
C. Buffer overflow
D. Privilege escalation

D. Privilege escalation

How well did you know this?

Not at all

Perfectly

A corporation is concerned that, if a mobile device is lost, any sensitive information on the device could be
accessed by third parties. Which of the following would BEST prevent this from happening?
A. Initiate remote wiping on lost mobile devices
B. Use FDE and require PINs on all mobile devices
C. Use geolocation to track lost devices
D. Require biometric logins on all mobile devices
Correct Answer: A

A. Initiate remote wiping on lost mobile devices

How well did you know this?

Not at all

Perfectly

5
Ann, a security analyst, wants to implement a secure exchange of email. Which of the following is the BEST
option for Ann to implement?
A.  PGP
B.  HTTPS
C.  WPA
D.  TLS

A. PGP

How well did you know this?

Not at all

Perfectly

6
After a security assessment was performed on the enterprise network, it was discovered that:
Configuration changes have been made by users without the consent of IT.
Network congestion has increased due to the use of social media.
Users are accessing file folders and network shares that are beyond the scope of their need to know.
Which of the following BEST describe the vulnerabilities that exist in this environment? (Choose two.)
A. Poorly trained users
B. Misconfigured WAP settings
C. Undocumented assets
D. Improperly configured accounts
E. Vulnerable business processes

A. Poorly trained users

D. Improperly configured accounts

How well did you know this?

Not at all

Perfectly

7
A security administrator wants to determine if a company’s web servers have the latest operating system and
application patches installed. Which of the following types of vulnerability scans should be conducted?
A.  Non-credentialed
B.  Passive
C.  Port
D.  Credentialed
E.  Red team
F.  Active

D. Credentialed

How well did you know this?

Not at all

Perfectly

8
During a recent audit, several undocumented and unpatched devices were discovered on the internal network.
Which of the following can be done to prevent similar occurrences?
A. Run weekly vulnerability scans and remediate any missing patches on all company devices
B. Implement rogue system detection and configure automated alerts for new devices
C. Install DLP controls and prevent the use of USB drives on devices
D. Configure the WAPs to use NAC and refuse connections that do not pass the health check

A. Run weekly vulnerability scans and remediate any missing patches on all company devices

How well did you know this?

Not at all

Perfectly

9
A company needs to implement a system that only lets a visitor use the company’s network infrastructure if the
visitor accepts the AUP. Which of the following should the company use?
A. WiFi-protected setup
B. Password authentication protocol
C. Captive portal
D. RADIUS

C. Captive portal

How well did you know this?

Not at all

Perfectly

10
An analyst is currently looking at the following output:
Which of the following security issues has been discovered based on the output?
A. Insider threat
B. License compliance violation
C. Unauthorized software
D. Misconfigured admin permissions

B. License compliance violation

How well did you know this?

Not at all

Perfectly

11
A company has purchased a new SaaS application and is in the process of configuring it to meet the
company’s needs. The director of security has requested that the SaaS application be integrated into the
company’s IAM processes. Which of the following configurations should the security administrator set up in
order to complete this request?
A. LDAP
B. RADIUS
C. SAML
D. NTLM
Correct Answer: C

C. SAML

How well did you know this?

Not at all

Perfectly

12
An organization wants to implement a method to correct risks at the system/application layer. Which of the
following is the BEST method to accomplish this goal?
A. IDS/IPS
B. IP tunneling
C. Web application firewall
D. Patch management

C. Web application firewall

How well did you know this?

Not at all

Perfectly

13
A company recently updated its website to increase sales. The new website uses PHP forms for leads and
provides a directory with sales staff and their phone numbers. A systems administrator is concerned with the
new website and provides the following log to support the concern:
Which of the following is the systems administrator MOST likely to suggest to the Chief Information Security
Officer (CISO) based on the above?
A. Changing the account standard naming convention
B. Implementing account lockouts
C. Discontinuing the use of privileged accounts
D. Increasing the minimum password length from eight to ten characters

A. Changing the account standard naming convention

How well did you know this?

Not at all

Perfectly

14
A company hired a firm to test the security posture of its database servers and determine if any vulnerabilities
can be exploited. The company provided limited imformation pertaining to the infrastructure and database
server. Which of the following forms of testing does this BEST describe?
A. Black box
B. Gray box
C. White box
D. Vulnerability scanning

B. Gray box

How well did you know this?

Not at all

Perfectly

15
When considering IoT systems, which of the following represents the GREATEST ongoing risk after a
vulnerability has been discovered?
A. Difficult-to-update firmware
B. Tight integration to existing systems
C. IP address exhaustion
D. Not using industry standards

B. Tight integration to existing systems

How well did you know this?

Not at all

Perfectly

16
A systems administrator has been assigned to create accounts for summer interns. The interns are only
authorized to be in the facility and operate computers under close supervision. They must also leave the
facility at designated times each day. However, the interns can access intern file folders without supervision.
Which of the following represents the BEST way to configure the accounts? (Choose two.)
A. Implement time-of-day restrictions.
B. Modify archived data.
C. Access executive shared portals.
D. Create privileged accounts.
E. Enforce least privilege.
Correct Answer: AE

answer

How well did you know this?

Not at all

Perfectly

17
An attachment that was emailed to finance employees contained an embedded message. The security
administrator investigates and finds the intent was to conceal the embedded information from public view.
Which of the following BEST describes this type of message?
A. Obfuscation
B. Steganography
C. Diffusion
D. BCRYPT
Correct Answer: B

answer

How well did you know this?

Not at all

Perfectly

18
If two employees are encrypting traffic between them using a single encryption key, which of the following
algorithms are they using?
A.  RSA
B.                                                                                                                3DES
C.  DSA
D.  SHA-2
Correct Answer: B

answer

How well did you know this?

Not at all

Perfectly

19
An organization hosts a public-facing website that contains a login page for users who are registered and
authorized to access a secure, non-public section of the site. That non-public site hosts information that
requires multifactor authentication for access. Which of the following access management approaches would
be the BEST practice for the organization?
A. Username/password with TOTP
B. Username/password with pattern matching
C. Username/password with a PIN
D. Username/password with a CAPTCHA
Correct Answer: A

answer

How well did you know this?

Not at all

Perfectly

20
A security administrator needs to configure remote access to a file share so it can only be accessed between
the hours of 9:00 a.m. and 5:00 p.m. Files in the share can only be accessed by members of the same
department as the data owner. Users should only be able to create files with approved extensions, which may
differ by department. Which of the following access controls would be the MOST appropriate for this situation?
A. RBAC
B. MAC
C. ABAC
D. DAC
Correct Answer: C

answer

How well did you know this?

Not at all

Perfectly

21
A member of the human resources department received the following email message after sending an email
containing benefit and tax information to a candidate:
“Your message has been quarantined for the following policy violation: external potential_PII. Please contact
the IT security administrator for further details”.
Which of the following BEST describes why this message was received?
A. The DLP system flagged the message.
B. The mail gateway prevented the message from being sent to personal email addresses.
C. The company firewall blocked the recipient’s IP address.
D. The file integrity check failed for the attached files.
Correct Answer: A

answer

How well did you know this?

Not at all

Perfectly

22
A security analyst is checking log files and finds the following entries:
Which of the following is MOST likely happening?
A. A hacker attempted to pivot using the web server interface.
B. A potential hacker could be banner grabbing to determine what architecture is being used.
C. The DNS is misconfigured for the server’s IP address.
D. A server is experiencing a DoS, and the request is timing out.
Correct Answer: B

answer

How well did you know this?

Not at all

Perfectly

23
After discovering the /etc/shadow file had been rewritten, a security administrator noticed an application
insecurely creating files in / tmp.
Which of the following vulnerabilities has MOST likely been exploited?
A. Privilege escalation
B. Resource exhaustion
C. Memory leak
D. Pointer dereference
Correct Answer: A

answer

How well did you know this?

Not at all

Perfectly

24
A security analyst is specifying requirements for a wireless network. The analyst must explain the security
features provided by various architecture choices.
Which of the following is provided by PEAP, EAP-TLS, and EAP-TTLS?
A. Key rotation
B. Mutual authentication
C. Secure hashing
D. Certificate pinning
Correct Answer: B

answer

How well did you know this?

Not at all

Perfectly

25 A company is planning to build an internal website that allows for access to outside contracts and partners. A majority of the content will only be to internal employees with the option to share. Which of the following concepts is MOST appropriate? A. VPN B. Proxy C. DMZ D. Extranet Correct Answer: D

answer

26 A small organization has implemented a rogue system detection solution. Which of the following BEST explains the organization’s intent? A. To identify weak ciphers being used on the network B. To identify assets on the network that are subject to resource exhaustion C. To identify end-of-life systems still in use on the network D. To identify assets that are not authorized for use on the network Correct Answer: D

answer

``` 27 Which of the following is used to encrypt web application data? A. MD5 B. AES C. SHA D. DHA Correct Answer: B ```

answer

``` 28 Which of the following uses tokens between the identity provider and the service provider to authenticate and authorize users to resources? A. RADIUS B. SSH C. OAuth D. MSCHAP Correct Answer: C ```

answer

29 A company has won an important government contract. Several employees have been transferred from their existing projects to support a new contract. Some of the employees who have transferred will be working long hours and still need access to their project information to transition work to their replacements. Which of the following should be implemented to validate that the appropriate offboarding process has been followed? A. Separation of duties B. Time-of-day restrictions C. Permission auditing D. Mandatory access control Correct Answer: C

answer

``` 30 Which of the following are considered to be “something you do”? (Choose two.) A. Iris scan B. Handwriting C. CAC card D. Gait E. PIN F. Fingerprint Correct Answer: BD ```

answer

``` 31 A user needs to transmit confidential information to a third party. Which of the following should be used to encrypt the message? A. AES B. SHA-2 C. SSL D. RSA Correct Answer: A ```

answer

32 A security analyst believes an employee’s workstation has been compromised. The analyst reviews the system logs, but does not find any attempted logins. The analyst then runs the diff command, comparing the C:\Windows\System32 directory and the installed cache directory. The analyst finds a series of files that look suspicious. One of the files contains the following commands: Which of the following types of malware was used? A. Worm B. Spyware C. Logic bomb D. Backdoor Correct Answer: D

answer

``` 33 Which of the following access management concepts is MOST closely associated with the use of a password or PIN?? A. Authorization B. Authentication C. Accounting D. Identification Correct Answer: B ```

answer

34 An organization employee resigns without giving adequate notice. The following day, it is determined that the employee is still in possession of several company-owned mobile devices. Which of the following could have reduced the risk of this occurring? (Choose two.) A. Proper offboarding procedures B. Acceptable use policies C. Non-disclosure agreements D. Exit interviews E. Background checks F. Separation of duties Correct Answer: AD

answer

35 Which of the following differentiates ARP poisoning from a MAC spoofing attack? A. ARP poisoning uses unsolicited ARP replies. B. ARP poisoning overflows a switch’s CAM table. C. MAC spoofing uses DHCPOFFER/DHCPACK packets. D. MAC spoofing can be performed across multiple routers. Correct Answer: A

answer

36 A security administrator has completed a monthly review of DNS server query logs. The administrator notices continuous name resolution attempts from a large number of internal hosts to a single Internet addressable domain name. The security administrator then correlated those logs with the establishment of persistent TCP connections out to this domain. The connections seem to be carrying on the order of kilobytes of data per week. Which of the following is the MOST likely for this anomaly? A. An attacker is exfiltrating large amounts of proprietary company data. B. Employees are playing multiplayer computer games. C. A worm is attempting to spread to other hosts via SMB exploits. D. Internal hosts have become members of a botnet. Correct Answer: D

answer

37 An audit found that an organization needs to implement job rotation to be compliant with regulatory requirements. To prevent unauthorized access to systems after an individual changes roles or departments, which of the following should the organization implement? A. Permission auditing and review B. Exit interviews C. Offboarding D. Multifactor authentication Correct Answer: A

answer

38 A company has just completed a vulnerability scan of its servers. A legacy application that monitors the HVAC system in the datacenter presents several challenges, as the application vendor is no longer in business. Which of the following secure network architecture concepts would BEST protect the other company servers if the legacy server were to be exploited? A. Virtualization B. Air gap C. VLAN D. Extranet Correct Answer: B

answer

``` 39 Which of the following methods is used by internal security teams to assess the security of internally developed applications? A. Active reconnaissance B. Pivoting C. White box testing D. Persistence Correct Answer: C ```

answer

40 A company wants to implement a wireless network with the following requirements: All wireless users will have a unique credential. User certificates will not be required for authentication. The company’s AAA infrastructure must be utilized. Local hosts should not store authentication tokens. Which of the following should be used in the design to meet the requirements? A. EAP-TLS B. WPS C. PSK D. PEAP Correct Answer: D

answer

41 A technician has discovered a crypto-virus infection on a workstation that has access to sensitive remote resources. Which of the following is the immediate NEXT step the technician should take? A. Determine the source of the virus that has infected the workstation. B. Sanitize the workstation’s internal drive. C. Reimage the workstation for normal operation. D. Disable the network connections on the workstation. Correct Answer: D

answer

42 A user is unable to open a file that has a grayed-out icon with a lock. The user receives a pop-up message indicating that payment must be sent in Bitcoin to unlock the file. Later in the day, other users in the organization lose the ability to open files on the server. Which of the following has MOST likely occurred? (Choose three.) A. Crypto-malware B. Adware C. Botnet attack D. Virus E. Ransomware F. Backdoor G. DDoS attack Correct Answer: ADE

answer

43 A security administrator is configuring a RADIUS server for wireless authentication. The configuration must ensure client credentials are encrypted end-to-end between the client and the authenticator. Which of the following protocols should be configured on the RADIUS server? (Choose two.) A. PAP B. MSCHAP C. PEAP D. NTLM E. SAML Correct Answer: BC

answer

44 A security engineer implements multiple technical measures to secure an enterprise network. The engineer also works with the Chief Information Officer (CIO) to implement policies to govern user behavior. Which of the following strategies is the security engineer executing? A. Baselining B. Mandatory access control C. Control diversity D. System hardening Correct Answer: C

answer

``` 45 A security analyst identified an SQL injection attack. Which of the following is the FIRST step in remediating the vulnerability? A. Implement stored procedures. B. Implement proper error handling. C. Implement input validations. D. Implement a WAF. Correct Answer: C ```

answer

46 Joe, a contractor, is hired by a firm to perform a penetration test against the firm’s infrastructure. When conducting the scan, he receives only the network diagram and the network list to scan against the network. Which of the following scan types is Joe performing? A. Authenticated B. White box C. Automated D. Gray box Correct Answer: D

answer

``` 47 Which of the following types of security testing is the MOST cost-effective approach used to analyze existing code and identity areas that require patching? A. Black box B. Gray box C. White box D. Red team E. Blue team Correct Answer: C ```

answer

48 Which of the following needs to be performed during a forensics investigation to ensure the data contained in a drive image has not been compromised? A. Follow the proper chain of custody procedures. B. Compare the image hash to the original hash. C. Ensure a legal hold has been placed on the image. D. Verify the time offset on the image file. Correct Answer: B

answer

49 A company is performing an analysis of the corporate enterprise network with the intent of identifying any one system, person, function, or service that, when neutralized, will cause or cascade disproportionate damage to the company’s revenue, referrals, and reputation. Which of the following an element of the BIA that this action is addressing? A. Identification of critical systems B. Single point of failure C. Value assessment D. Risk register Correct Answer: A

answer

50 An analyst generates the following color-coded table shown in the exhibit to help explain the risk of potential incidents in the company. The vertical axis indicates the likelihood of an incident, while the horizontal axis indicates the impact. Which of the following is this table an example of? A. Internal threat assessment B. Privacy impact assessment C. Qualitative risk assessment D. Supply chain assessment Correct Answer: C

answer

``` 51 An office recently completed digitizing all its paper records. Joe, the data custodian, has been tasked with the disposal of the paper files, which include: Intellectual property Payroll records Financial information Drug screening results Which of the following is the BEST way to dispose of these items? A. Schredding B. Pulping C. Deidentifying D. Recycling Correct Answer: B ```

answer

52 Upon learning about a user who has reused the same password for the past several years, a security specialist reviews the logs. The following is an extraction of the report after the most recent password change requirement: Which of the following security controls is the user’s behavior targeting? A. Password expiration B. Password history C. Password complexity D. Password reuse Correct Answer: B

answer

53 In a lessons learned report, it is suspected that a well-organized, well-funded, and extremely sophisticated group of attackers may have been responsible for a breach at a nuclear facility. Which of the following describes the type of actors that may have been implicated? A. Nation state B. Hacktivist C. Insider D. Competitor Correct Answer: A

answer

54 A security administrator is analyzing a user report in which the computer exhibits odd network-related outages. The administrator, however, does not see any suspicious processes running. A prior technician’s notes indicate the machine has been remediated twice, but the system still exhibits odd behavior. Files were deleted from the system recently. Which of the following is the MOST likely cause of this behavior? A. Crypto-malware B. Rootkit C. Logic bomb D. Session hijacking Correct Answer: B

answer

55 Joe, a member of the sales team, recently logged into the company servers after midnight local time to download the daily lead form before his coworkers did. Management has asked the security team to provide a method for detecting this type of behavior without impeding the access for sales employee as they travel overseas. Which of the following would be the BEST method to achieve this objective? A. Configure time-of-day restrictions for the sales staff. B. Install DLP software on the devices used by sales employees. C. Implement a filter on the mail gateway that prevents the lead form from being emailed. D. Create an automated alert on the SIEM for anomalous sales team activity. Correct Answer: D

answer

56 A security administrator wants to implement least privilege access for a network share that stores sensitive company data. The organization is particularly concerned with the integrity of data and implementing discretionary access control. The following controls are available: Read = A user can read the content of an existing file. Write = A user can modify the content of an existing file and delete an existing file. Create = A user can create a new file and place data within the file. A missing control means the user does not have that access. Which of the following configurations provides the appropriate control to support the organization/s requirements? A. Owners: Read, Write, Create Group Members: Read, Write Others: Read, Create B. Owners: Write, Create Group Members: Read, Write, Create Others: Read C. Owners: Read, Write Group Members: Read, Create Others: Read, Create D. Owners: Write, Create Group Members: Read, Create Others: Read, Write, Create Correct Answer: A

answer

57 After reports of slow internet connectivity, a technician reviews the following logs from a server’s host-based firewall: Which of the following can the technician conclude after reviewing the above logs? A. The server is under a DDoS attack from multiple geographic locations. B. The server is compromised, and is attacking multiple hosts on the Internet. C. The server is under an IP spoofing resource exhaustion attack. D. The server is unable to complete the TCP three-way handshake and send the last ACK. Correct Answer: C

answer

``` 58 Which of the following strategies helps reduce risk if a rollback is needed when upgrading a critical system platform? A. Non-persistent configuration B. Continuous monitoring C. Firmware updates D. Fault tolerance Correct Answer: D ```

answer

59 A security administrator is creating a risk assessment with regard to how to harden internal communications in transit between servers. Which of the following should the administrator recommend in the report? A. Configure IPSec in transport mode. B. Configure server-based PKI certificates. C. Configure the GRE tunnel. D. Configure a site-to-site tunnel. Correct Answer: B

answer

``` 60 A company is executing a strategy to encrypt and sign all proprietary data in transit. The company recently deployed PKI services to support this strategy. Which of the following protocols supports the strategy and employs certificates generated by the PKI? (Choose three.) A. S/MIME B. TLS C. SFTP D. SAML E. SIP F. IPSec G. Kerberos Correct Answer: ABC ```

answer

61 A security specialist is notified about a certificate warning that users receive when using a new internal website. After being given the URL from one of the users and seeing the warning, the security specialist inspects the certificate and realizes it has been issued to the IP address, which is how the developers reach the site. Which of the following would BEST resolve the issue? A. OSCP B. OID C. PEM D. SAN Correct Answer: D

answer

62 Joe, an employee, asks a coworker how long ago Ann started working at the help desk. The coworker expresses surprise since nobody named Ann works at the help desk. Joe mentions that Ann called several people in the customer service department to help reset their passwords over the phone due to unspecified “server issues”. Which of the following has occurred? A. Social engineering B. Whaling C. Watering hole attack D. Password cracking Correct Answer: A

answer

``` 63 Hacktivists are most commonly motivated by: A. curiosity B. notoriety C. financial gain D. political cause Correct Answer: D ```

answer

64 A systems administrator is configuring a new network switch for TACACS+ management and authentication. Which of the following must be configured to provide authentication between the switch and the TACACS+ server? A. 802.1X B. SSH C. Shared secret D. SNMPv3 E. CHAP Correct Answer: C

answer

``` 65 A security analyst monitors the syslog server and notices the following: A. Memory leak B. Buffer overflow C. Null pointer deference D. Integer overflow Correct Answer: B ```

answer

``` 66 A security, who is analyzing the security of the company’s web server, receives the following output: Which of the following is the issue? A. Code signing B. Stored procedures C. Access violations D. Unencrypted credentials Correct Answer: D ```

answer

67 Which of the following is an example of resource exhaustion? A. A penetration tester requests every available IP address from a DHCP server. B. An SQL injection attack returns confidential data back to the browser. C. Server CPU utilization peaks at 100% during the reboot process. D. System requirements for a new software package recommend having 12GB of RAM, but only 8GB are available. Correct Answer: A

answer

``` 68 A security consultant is setting up a new electronic messaging platform and wants to ensure the platform supports message integrity validation. Which of the following protocols should the consultant recommend? A. S/MIME B. DNSSEC C. RADIUS D. 802.11x Correct Answer: A ```

answer

69 Datacenter employees have been battling alarms in a datacenter that has been experiencing hotter than normal temperatures. The server racks are designed so all 48 rack units are in use, and servers are installed in any manner in which the technician can get them installed. Which of the following practices would BEST alleviate the heat issues and keep costs low? A. Utilize exhaust fans. B. Use hot and cold aisles. C. Airgap the racks. D. Use a secondary AC unit. Correct Answer: B

answer

70 When accessing a popular website, a user receives a warming that the certificate for the website is not valid. Upon investigation, it was noted that the certificate is not revoked and the website is working fine for other users. Which of the following is the MOST likely cause for this? A. The certificate is corrupted on the server. B. The certificate was deleted from the local cache. C. The user needs to restart the machine. D. The system date on the user’s device is out of sync. Correct Answer: D

answer

71 A company wishes to move all of its services and applications to a cloud provider but wants to maintain full control of the deployment, access, and provisions of its services to its users. Which of the following BEST represents the required cloud deployment model? A. SaaS B. IaaS C. MaaS D. Hybrid E. Private Correct Answer: A

answer

``` 72 A systems administrator has created network file shares for each department with associated security groups for each role within the organization. Which of the following security concepts is the systems administrator implementing? A. Separation of duties B. Permission auditing C. Least privilege D. Standard naming conversation Correct Answer: A ```

answer

73 A technician has installed a new AAA server, which will be used by the network team to control access to a company’s routers and switches. The technician completes the configuration by adding the network team members to the NETWORK_TEAM group, and then adding the NETWORK_TEAM group to the appropriate ALLOW_ACCESS access list. Only members of the network team should have access to the company’s routers and switches. Members of the network team successfully test their ability to log on to various network devices configured to use the AAA server. Weeks later, an auditor asks to review the following access log sample: Which of the following should the auditor recommend based on the above information? A. Configure the ALLOW_ACCESS group logic to use AND rather than OR. B. Move the NETWORK_TEAM group to the top of the ALLOW_ACCESS access list. C. Disable groups nesting for the ALLOW_ACCESS group in the AAA server. D. Remove the DOMAIN_USERS group from ALLOW_ACCESS group. Correct Answer: D

answer

``` 74 A security technician has been given the task of preserving emails that are potentially involved in a dispute between a company and a contractor. Which of the following BEST describes this forensic concept? A. Legal hold B. Chain of custody C. Order of volatility D. Data acquisition Correct Answer: A ```

answer

75 Which of the following outcomes is a result of proper error-handling procedures in secure code? A. Execution continues with no notice or logging of the error condition. B. Minor fault conditions result in the system stopping to preserve state. C. The program runs through to completion with no detectable impact or output. D. All fault conditions are logged and do not result in a program crash. Correct Answer: D

answer

``` 76 Which of the following enables sniffing attacks against a switched network? A. ARP poisoning B. IGMP snooping C. IP spoofing D. SYN flooding Correct Answer: A ```

answer

``` 77 A company wants to ensure users are only logging into the system from their laptops when they are on site. Which of the following would assist with this? A. Geofencing B. Smart cards C. Biometrics D. Tokens Correct Answer: A ```

answer

78 During a penetration test, the tester performs a preliminary scan for any responsive hosts. Which of the following BEST explains why the tester is doing this? A. To determine if the network routes are improperly forwarding request packets B. To identify the total number of hosts and determine if the network can be victimized by a DoS attack C. To identify servers for subsequent scans and further investigation D. To identify the unresponsive hosts and determine if those could be used as zombies in a follow-up scan. Correct Answer: C

answer

``` 79 Which of the following is being used when a malicious actor searches various social media websites to find information about a company’s system administrators and help desk staff? A. Passive reconnaissance B. Initial exploitation C. Vulnerability scanning D. Social engineering Correct Answer: A ```

answer

``` 80 Given the following requirements: Help to ensure non-repudiation Capture motion in various formats Which of the following physical controls BEST matches the above descriptions? A. Camera B. Mantrap C. Security guard D. Motion sensor Correct Answer: A ```

answer

``` 81 Which of the following is a random value appended to a credential that makes the credential less susceptible to compromise when hashed? A. Nonce B. Salt C. OTP D. Block cipher E. IV Correct Answer: B ```

answer

82 An organization has hired a new remote workforce. Many new employees are reporting that they are unable to access the shared network resources while traveling. They need to be able to travel to and from different locations on a weekly basis. Shared offices are retained at the headquarters location. The remote workforce will have identical file and system access requirements, and must also be able to log in to the headquarters location remotely. Which of the following BEST represent how the remote employees should have been set up initially? (Choose two.) A. User-based access control B. Shared accounts C. Group-based access control D. Mapped drives E. Individual accounts F. Location-based policies Correct Answer: CF

answer

``` 83 A salesperson often uses a USB drive to save and move files from a corporate laptop. The coprorate laptop was recently updated, and now the files on the USB are read-only. Which of the following was recently added to the laptop? A. Antivirus software B. File integrity check C. HIPS D. DLP Correct Answer: D ```

answer

``` 84 A network technician is setting up a new branch for a company. The users at the new branch will need to access resources securely as if they were at the main location. Which of the following networking concepts would BEST accomplish this? A. Virtual network segmentation B. Physical network segmentation C. Site-to-site VPN D. Out-of-band access E. Logical VLANs Correct Answer: C ```

answer

``` 85 A water utility company has seen a dramatic increase in the number of water pumps burning out. A malicious actor was attacking the company and is responsible for the increase. Which of the following systems has the attacker compromised? A. DMZ B. RTOS C. SCADA D. IoT Correct Answer: C ```

answer

86 An organization’s Chief Executive Officer (CEO) directs a newly hired computer technician to install an OS on the CEO’s personal laptop. The technician performs the installation, and a software audit later in the month indicates a violation of the EULA occurred as a result. Which of the following would address this violation going forward? A. Security configuration baseline B. Separation of duties C. AUP D. NDA Correct Answer: A

answer

``` 87 Which of the following attackers generally possesses minimal technical knowledge to perform advanced attacks and uses widely available tools as well as publicly available information? A. Hacktivist B. White hat hacker C. Script kiddle D. Penetration tester Correct Answer: C ```

answer

``` 88 A company is performing an analysis of which corporate units are most likely to cause revenue loss in the event the unit is unable to operate. Which of the following is an element of the BIA that this action is addressing? A. Critical system inventory B. Single point of failure C. Continuity of operations D. Mission-essential functions Correct Answer: D ```

answer

89 A company has critical systems that are hosted on an end-of-life OS. To maintain operations and mitigate potential vulnerabilities, which of the following BEST accomplishes this objective? A. Use application whitelisting. B. Employ patch management. C. Disable the default administrator account. D. Implement full-disk encryption. Correct Answer: A

answer

``` 90 Which of the following terms BEST describes an exploitable vulnerability that exists but has not been publicly disclosed yet? A. Design weakness B. Zero-day C. Logic bomb D. Trojan Correct Answer: B ```

answer

91 A company’s IT staff is given the task of securely disposing of 100 server HDDs. The security team informs the IT staff that the data must not be accessible by a third party after disposal. Which of the following is the MOST time-efficient method to achieve this goal? A. Use a degausser to sanitize the drives. B. Remove the platters from the HDDs and shred them. C. Perform a quick format of the HDD drives. D. Use software to zero fill all of the hard drives. Correct Answer: A

answer

92 A company has migrated to two-factor authentication for accessing the corporate network, VPN, and SSO. Several legacy applications cannot support multifactor authentication and must continue to use usernames and passwords. Which of the following should be implemented to ensure the legacy applications are as secure as possible while ensuring functionality? (Choose two.) A. Privileged accounts B. Password reuse restrictions C. Password complexity requirements D. Password recovery E. Account disablement Correct Answer: CE

answer

``` 93 Two companies are enabling TLS on their respective email gateways to secure communications over the Internet. Which of the following cryptography concepts is being implemented? A. Perfect forward secrecy B. Ephemeral keys C. Domain validation D. Data in transit Correct Answer: D ```

answer

94 The Chief Executive Officer (CEO) received an email from the Chief Financial Officer (CFO), asking the CEO to send financial details. The CEO thought it was strange that the CFO would ask for the financial details via email. The email address was correct in the “From” section of the email. The CEO clicked the form and sent the financial information as requested. Which of the following caused the incident? A. Domain hijacking B. SPF not enabled C. MX records rerouted D. Malicious insider Correct Answer: B

answer

``` 95 Which of the following control types would a backup of server data provide in case of a system issue? A. Corrective B. Deterrent C. Preventive D. Detective Correct Answer: A ```

answer

96 A recent penetration test revealed several issues with a public-facing website used by customers. The testers were able to: Enter long lines of code and special characters Crash the system Gain unauthorized access to the internal application server Map the internal network The development team has stated they will need to rewrite a significant portion of the code used, and it will take more than a year to deliver the finished product. Which of the following would be the BEST solution to introduce in the interim? A. Content fileting B. WAF C. TLS D. IPS/IDS E. UTM Correct Answer: B

answer

``` 97 Which of the following can occur when a scanning tool cannot authenticate to a server and has to rely on limited information obtained from service banners? A. False positive B. Passive reconnaissance C. Access violation D. Privilege escalation Correct Answer: A ```

answer

98 A systems administrator needs to integrate multiple IoT and small embedded devices into the company’s wireless network securely. Which of the following should the administrator implement to ensure low-power and legacy devices can connect to the wireless network? A. WPS B. WPA C. EAP-FAST D. 802.1X Correct Answer: A

answer

99 When backing up a database server to LTO tape drives, the following backup schedule is used. Backups take one hour to complete: On Friday at 9:00 p.m., there is a RAID failure on the database server. The data must be restored from backup. Which of the following is the number of backup tapes that will be needed to complete this operation? A. 1 B. 2 C. 3 D. 4 E. 6 Correct Answer: D

answer

``` 100 Management wants to ensure any sensitive data on company-provided cell phones is isolated in a single location that can be remotely wiped if the phone is lost. Which of the following technologies BEST meets this need? A. Geofencing B. Containerization C. Device encryption D. Sandboxing Correct Answer: B ```

answer