Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Sec+ > 201-225 > Flashcards

201-225 Flashcards

1
Q

Which of the following prevents an employee from seeing a colleague who is visiting an inappropriate website?

A. Job rotation policy
B. NDA
C. AUP
D. Separation of duties policy

A

C. AUP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A user reports falling for a phishing email to an analyst. Which of the following system logs would the analyst check FIRST?

A. DNS
B. Message gateway
C. Network
D. Authentication

A

B. Message gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An attacker has determined the best way to impact operations is to infiltrate third-party software vendors. Which of the following vectors is being exploited?

A. Social media
B. Cloud
C. Supply chain
D. Social Engineering

A

C. Supply chain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An organization would like to give remote workers the ability to use applications hosted inside the corporate network. Users will be allowed to use their personal computers, or they will be provided organization assets. Either way, no data or applications will be installed locally on any user systems. Which of the following mobile solutions would accomplish these goals?

A. VDI
B. MDM
C. COPE
D. UTM

A

A. VDI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is used to ensure that evidence is admissible in legal proceedings when it is collected and provided to the authorities?

A. Chain of custody
B. Legal hold
C. Event log
D. Artifacts

A

A. Chain of custody

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The Chief Information Security Officer (CISO) of a bank recently updated the incident response policy. The CISO is concerned that members of the incident response team do not understand their roles. The bank wants to test the policy but with the least amount of resources or impact. Which of the following BEST meets the requirements?

A. Warm site failover
B. Tabletop walk-through
C. Parallel path testing
D. Full outage simulation

A

B. Tabletop walk-through

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following control types fixes a previously identified issue and mitigates a risk?

A. Detective
B. Corrective
C. Preventative
D. Finalized

A

B. Corrective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An analyst is reviewing logs associated with an attack. The logs indicate an attacker downloaded a malicious file that was quarantined by the AV solution. The attacker utilized a local non-administrative account to restore the malicious file to a new location. The file was then used by another process to execute a payload.

Which of the following attacks did the analyst observe?

A. Privilege escalation
B. Request forgeries
C. Injection
D. Replay attack

A

C. Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A security engineer must deploy two wireless routers in an office suite. Other tenants in the office building should not be able to connect to this wireless network.

Which of the following protocols should the engineer implement to ensure the STRONGEST encryption?

A. WPS
B. WPA2
C. WAP
D. HTTPS

A

B. WPA2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An attacker browses a company’s online job board attempting to find any relevant information regarding the technologies the company uses. Which of the following BEST describes this social engineering technique?

A. Hoax
B. Reconnaissance
C. Impersonation
D. Pretexting

A

B. Reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

During an incident response process involving a laptop, a host was identified as the entry point for malware. The management team would like to have the laptop restored and given back to the user. The cybersecurity analyst would like to continue investigating the intrusion on the host. Which of the following would allow the analyst to continue the investigation and also return the laptop to the user as soon as possible?

A. dd
B. memdump
C. tcpdump
D. head

A

A. dd

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan, the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them? (Choose three.)

A. SFTP, FTPS
B. SNMPv2, SNMPv3
C. HTTP, HTTPS
D. TFTP, FTP
E. SNMPv1, SNMPv2
F. Telnet, SSH
G. TLS, SSL
H. POP, IMAP
I. Login, rlogin

A

B. SNMPv2, SNMPv3
C. HTTP, HTTPS
F. Telnet, SSH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place?

A. Recovery
B. Identification
C. Lessons learned
D. Preparation

A

C. Lessons learned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An administrator is configuring a firewall rule set for a subnet to only access DHCP, web pages, and SFTP, and to specifically block FTP. Which of the following would BEST accomplish this goal?

A. [Permission Source Destination Port]

Allow: Any Any 80 -

Allow: Any Any 443 -

Allow: Any Any 67 -

Allow: Any Any 68 -

Allow: Any Any 22 -

Deny: Any Any 21 -
Deny: Any Any

B. [Permission Source Destination Port]

Allow: Any Any 80 -

Allow: Any Any 443 -

Allow: Any Any 67 -

Allow: Any Any 68 -

Deny: Any Any 22 -

Allow: Any Any 21 -
Deny: Any Any
C. [Permission Source Destination Port]

Allow: Any Any 80 -

Allow: Any Any 443 -

Allow: Any Any 22 -

Deny: Any Any 67 -

Deny: Any Any 68 -

Deny: Any Any 21 -
Allow: Any Any
D. [Permission Source Destination Port]

Allow: Any Any 80 -

Allow: Any Any 443 -

Deny: Any Any 67 -

Allow: Any Any 68 -

Allow: Any Any 22 -

Allow: Any Any 21 -
Allow: Any Any

A

A. [Permission Source Destination Port]

Allow: Any Any 80 -

Allow: Any Any 443 -

Allow: Any Any 67 -

Allow: Any Any 68 -

Allow: Any Any 22 -

Deny: Any Any 21 -
Deny: Any Any

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

While investigating a recent security incident, a security analyst decides to view all network connections on a particular server. Which of the following would provide the desired information?

A. arp
B. nslookup
C. netstat
D. nmap

A

C. netstat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A company recently decided to allow its employees to use their personally owned devices for tasks like checking email and messaging via mobile applications. The company would like to use MDM, but employees are concerned about the loss of personal data. Which of the following should the IT department implement to BEST protect the company against company data loss while still addressing the employees’ concerns?

A. Enable the remote-wiping option in the MDM software in case the phone is stolen.
B. Configure the MDM software to enforce the use of PINs to access the phone.
C. Configure MDM for FDE without enabling the lock screen.
D. Perform a factory reset on the phone before installing the company’s applications.

A

A. Enable the remote-wiping option in the MDM software in case the phone is stolen.

17
Q

The concept of connecting a user account across the systems of multiple enterprises is BEST known as:

A. federation.
B. a remote access policy.
C. multifactor authentication.
D. single sign-on.

A

A. federation.

18
Q

A user received an SMS on a mobile phone that asked for bank details. Which of the following social-engineering techniques was used in this case?

A. SPIM
B. Vishing
C. Spear phishing
D. Smishing

A

D. Smishing

19
Q

A company is working on mobile device security after a report revealed that users granted non-verified software access to corporate data. Which of the following is the MOST effective security control to mitigate this risk?

A. Block access to application stores
B. Implement OTA updates
C. Update the BYOD policy
D. Deploy a uniform firmware

A

A. Block access to application stores

20
Q

A security analyst needs to implement security features across smartphones, laptops, and tablets. Which of the following would be the MOST effective across heterogeneous platforms?

A. Enforcing encryption
B. Deploying GPOs
C. Removing administrative permissions
D. Applying MDM software

A

D. Applying MDM software

21
Q

The new Chief Information Security Officer at a company has asked the security team to implement stronger user account policies. The new policies require:

  • Users to choose a password unique to their last ten passwords
  • Users to not log in from certain high-risk countries

Which of the following should the security team implement? (Choose two.)

A. Password complexity
B. Password history
C. Geolocation
D. Geofencing
E. Geotagging
F. Password reuse

A

B. Password history
D. Geofencing

22
Q

Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?

A. SSAE SOC 2
B. PCI DSS
C. GDPR
D. ISO 31000

A

C. GDPR

23
Q

Which of the following is MOST likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?

A. An RTO report
B. A risk register
C. A business impact analysis
D. An asset value register
E. A disaster recovery plan

A

B. A risk register

24
Q

A worldwide manufacturing company has been experiencing email account compromises. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would BEST prevent this type of attack?

A. Network location
B. Impossible travel time
C. Geolocation
D. Geofencing

A

B. Impossible travel time

25
Q

A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned that servers in the company’s DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Choose two.)

A. 135
B. 139
C. 143
D. 161
E. 443
F. 445

A

B. 139
F. 445

Sec+ (30 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions