Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Sec+ > 301-325 > Flashcards

301-325 Flashcards

1
Q

A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop. The analyst reviews the following SIEM log:

PC1

Which of the following describes the method that was used to compromise the laptop?

A. An attacker was able to move laterally from PC1 to PC2 using a pass-the-hash attack.
B. An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an embedded PowerShell in the file.
C. An attacker was able to install malware to the C:\asdf234 folder and use it to gain administrator rights and launch Outlook.
D. An attacker was able to phish user credentials successfully from an Outlook user profile

A

B. An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an embedded PowerShell in the file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A security analyst discovers that a company’s username and password database was posted on an Internet forum. The usernames and passwords are stored in plain text. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

A. Create DLP controls that prevent documents from leaving the network.
B. Implement salting and hashing.
C. Configure the web content filter to block access to the forum.
D. Increase password complexity requirements.

A

B. Implement salting and hashing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Joe, an employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm Joe’s identity before sending him the prize. Which of the following BEST describes this type of email?

A. Spear phishing
B. Whaling
C. Phishing
D. Vishing

A

C. Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A company deployed a WiFi access point in a public area and wants to harden the configuration to make it more secure. After performing an assessment, an analyst identifies that the access point is configured to use WPA3, AES, WPS, and RADIUS. Which of the following should the analyst disable to enhance the access point security?

A. WPA3
B. AES
C. RADIUS
D. WPS

A

D. WPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following would be used to find the MOST common web-application vulnerabilities?

A. OWASP
B. MITRE ATT&CK
C. Cyber Kill Chain
D. SDLC

A

A. OWASP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A network engineer is troubleshooting wireless network connectivity issues that were reported by users. The issues are occurring only in the section of the building that is closest to the parking lot. Users are intermittently experiencing slow speeds when accessing websites and are unable to connect to network drives. The issues appear to increase when laptop users return to their desks after using their devices in other areas of the building. There have also been reports of users being required to enter their credentials on web pages in order to gain access to them. Which of the following is the MOST likely cause of this issue?

A. An external access point is engaging in an evil-twin attack.
B. The signal on the WAP needs to be increased in that section of the building.
C. The certificates have expired on the devices and need to be reinstalled.
D. The users in that section of the building are on a VLAN that is being blocked by the firewall

A

A. An external access point is engaging in an evil-twin attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions?

A. Nmap
B. Wireshark
C. Autopsy
D. DNSEnum

A

A. Nmap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A vulnerability has been discovered and a known patch to address the vulnerability does not exist. Which of the following controls works BEST until a proper fix is released?

A. Detective
B. Compensating
C. Deterrent
D. Corrective

A

B. Compensating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network switches. Which of the following is the security analyst MOST likely observing?

A. SNMP traps
B. A Telnet session
C. An SSH connection
D. SFTP traffic

A

B. A Telnet session

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An attacker replaces a digitally signed document with another version that goes unnoticed. Upon reviewing the document’s contents, the author notices some additional verbiage that was not originally in the document but cannot validate an integrity issue. Which of the following attacks was used?

A. Cryptomalware
B. Hash substitution
C. Collision
D. Phishing

A

C. Collision

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A security analyst notices that specific files are being deleted each time a systems administrator is on vacation. Which of the following BEST describes the type of malware that is running?

A. Fileless virus
B. Logic bomb
C. Keylogger
D. Ransomware

A

B. Logic bomb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following involves the inclusion of code in the main codebase as soon as it is written?

A. Continuous monitoring
B. Continuous deployment
C. Continuous validation
D. Continuous integration

A

D. Continuous integration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following can reduce vulnerabilities by avoiding code reuse?

A. Memory management
B. Stored procedures
C. Normalization
D. Code obfuscation

A

D. Code obfuscation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The technology department at a large global company is expanding its Wi-Fi network infrastructure at the headquarters building. Which of the following should be closely coordinated between the technology, cybersecurity, and physical security departments? Select 1

A. Authentication protocol
B. Encryption type
C. WAP placement
D. VPN configuration

A

C. WAP placement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following is an example of risk avoidance?

A. Installing security updates directly in production to expedite vulnerability fixes
B. Buying insurance to prepare for financial loss associated with exploits
C. Not installing new software to prevent compatibility errors
D. Not taking preventive measures to stop the theft of equipment

A

C. Not installing new software to prevent compatibility errors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A security administrator needs to block a TCP connection using the corporate firewall. Because this connection is potentially a threat, the administrator does not want to send back an RST. Which of the following actions in the firewall rule would work BEST?

A. Drop
B. Reject
C. Log alert
D. Permit

A

A. Drop

17
Q

A security team discovered a large number of company-issued devices with non-work-related software installed. Which of the following policies would MOST likely contain language that would prohibit this activity?

A. NDA
B. BPA
C. AUP
D. SLA

A

C. AUP

18
Q

Which of the following BEST describes data streams that are compiled through artificial intelligence that provides insight on current cyberintrusions, phishing, and other malicious cyberactivity?

A. Intelligence fusion
B. Review reports
C. Log reviews
D. Threat feeds

A

D. Threat feeds

19
Q

Which of the following would be the BEST resource for a software developer who is looking to improve secure coding practices for web applications?

A. OWASP
B. Vulnerability scan results
C. NIST CSF
D. Third-party libraries

A

A. OWASP

20
Q

Ann, a customer, received a notification from her mortgage company stating her PII may be shared with partners, affiliates, and associates to maintain day-to-day business operations. Which of the following documents did Ann receive?

A. An annual privacy notice
B. A non-disclosure agreement
C. A privileged-user agreement
D. A memorandum of understanding

A

A. An annual privacy notice

21
Q

A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system for the company. The CISO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system. Which of the following is the CISO using to evaluate the environment for this new ERP system?

A. The Diamond Model of Intrusion Analysis
B. CIS Critical Security Controls
C. NIST Risk Management Framework
D. ISO 27002

A

C. NIST Risk Management Framework

22
Q

A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The OSs are still supported by the vendor, but the industrial software is no longer supported. The Chief Information Security Officer has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, while also creating backups of the systems for recovery. Which of the following resiliency techniques will provide these capabilities?

A. Redundancy
B. RAID 1+5
C. Virtual machines
D. Full backups

A

C. Virtual machines

23
Q

A retail store has a business requirement to deploy a kiosk computer in an open area. The kiosk computer’s operating system has been hardened and tested. A security engineer is concerned that someone could use removable media to install a rootkit. Which of the following should the security engineer configure to BEST protect the kiosk computer?

A. Measured boot
B. Boot attestation
C. UEFI
D. EDR

A

A. Measured boot

24
Q

A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly. Which of the following technologies should the IT manager use when implementing MFA?

A. One-time passwords
B. Email tokens
C. Push notifications
D. Hardware authentication

A

C. Push notifications

25
Q

A security engineer is reviewing the logs from a SAML application that is configured to use MFA. During this review, the engineer notices a high volume of successful logins that did not require MFA from users who were traveling internationally. The application, which can be accessed without a VPN, has a policy that allows time-based tokens to be generated. Users who change locations should be required to reauthenticate but have been able to log in without doing so. Which of the following statements BEST explains the issue?

A. OpenID is mandatory to make the MFA requirements work.
B. An incorrect browser has been detected by the SAML application.
C. The access device has a trusted certificate installed that is overwriting the session token.
D. The user’s IP address is changing between logins, but the application is not invalidating the token.

A

D. The user’s IP address is changing between logins, but the application is not invalidating the token.

Sec+ (30 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions