551-575

Question 1

A security analyst was asked to evaluate a potential attack that occurred on a publicly accessible section of the company’s website. The malicious actor posted an entry in an attempt to trick users into clicking the following:

https://www.c0mpt1a.com/contact-us/%3Fname%3D%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E

Which of the following was most likely observed?

A. DLL injection
B. Session replay
C. SQLi
D. XSS

Answer 1

D. XSS

Question 2

A company’s Chief Information Security Officer (CISO) recently warned the security manager that the company’s Chief Executive Officer (CEO) is planning to publish a controversial opinion article in a national newspaper, which may result in new cyberattacks. Which of the following would be best for the security manager to use in a threat model?

A. Hacktivists
B. White-hat hackers
C. Script kiddies
D. Insider threats

Answer 2

A. Hacktivists

Question 3

Which of the following provides a catalog of security and privacy controls related to the United States federal information systems?

A. GDPR
B. PCI DSS
C. ISO 27000
D. NIST 800-53

Answer 3

D. NIST 800-53

Question 4

An analyst is concerned about data leaks and wants to restrict access to internet services to authorized users only. The analyst also wants to control the actions each user can perform on each service. Which of the following would be the best technology for the analyst to consider Implementing?

A. DLP
B. VPC
C. CASB
D. Content filtering

Answer 4

C. CASB

Question 5

A grocery store is expressing security and reliability concerns regarding the on-site backup strategy currently being performed by locally attached disks. The main concerns are the physical security of the backup media and the durability of the data stored on these devices. Which of the following is a cost-effective approach to address these concerns?

A. Enhance resiliency by adding a hardware RAID.
B. Move data to a tape library and store the tapes off-site.
C. Install a local network-attached storage.
D. Migrate to a cloud backup solution.

Answer 5

D. Migrate to a cloud backup solution.

Question 6

Question #556Topic 1
A security engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses. Which of the following will the engineer most likely recommend?

A. A content filter
B. A WAF
C. A next-generation firewall
D. An IDS

Answer 6

C. A next-generation firewall

Question 7

A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

A. Data masking
B. Encryption
C. Geolocation policy
D. Data sovereignty regulation

Answer 7

C. Geolocation policy

Question 8

An organization suffered numerous multiday power outages at its current location. The Chief Executive Officer wants to create a disaster recovery strategy to resolve this issue. Which of the following options offer low-cost solutions? (Choose two.)

A. Warm site
B. Generator
C. Hot site
D. Cold site
E. Cloud backups
F. UPS

Answer 8

D. Cold site
E. Cloud backups

Question 9

A security analyst is reviewing the following logs:

[10:00:00 AM] Login rejected - username administrator - password Spring 2023
[10:00:01 AM] Login rejected - username jsmith - password Spring2023
[10:00:01 AM] Login rejected - username guest - password Spring2023
[10:00:02 AM] Login rejected - username cpolk - password Spring2023
[10:00:03 AM] Login rejected - username fmartin - password Spring2023

Which of the following attacks is most likely occurring?

A. Password spraying
B. Account forgery
C. Pass-the-hash
D. Brute-force

Answer 9

A. Password spraying

Question 10

A security analyst discovers that one of the web APIs is being abused by an unknown third party. Logs indicate that the third party is attempting to manipulate the parameters being passed to the API endpoint. Which of the following solutions would best help to protect against the attack?

A. DLP
B. SIEM
C. NIDS
D. WAF

Answer 10

D. WAF

Question 11

An application owner reports suspicious activity on an internal financial application from various internal users within the past 14 days. A security analyst notices the following:

• Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users.
• Internal users in question were changing their passwords frequently during that time period.
• A jump box that several domain administrator users use to connect to remote devices was recently compromised.
• The authentication method used in the environment is NTLM.

Which of the following types of attacks is most likely being used to gain unauthorized access?

A. Pass-the-hash
B. Brute-force
C. Directory traversal
D. Replay

Answer 11

A. Pass-the-hash

Question 12

During an incident, an EDR system detects an increase in the number of encrypted outbound connections from multiple hosts. A firewall is also reporting an increase in outbound connections that use random high ports. An analyst plans to review the correlated logs to find the source of the incident. Which of the following tools will best assist the analyst?

A. A vulnerability scanner
B. A NGFW
C. The Windows Event Viewer
D. A SIEM

Answer 12

D. A SIEM

Question 13

A company recently suffered a breach in which an attacker was able to access the internal mail servers and directly access several user inboxes. A large number of email messages were later posted online. Which of the following would best prevent email contents from being released should another breach occur?

A. Implement S/MIME to encrypt the emails at rest.
B. Enable full disk encryption on the mail servers.
C. Use digital certificates when accessing email via the web.
D. Configure web traffic to only use TLS-enabled channels.

Answer 13

A. Implement S/MIME to encrypt the emails at rest.

Question 14

A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering. Which of the following teams will conduct this assessment activity?

A. White
B. Purple
C. Blue
D. Red

Answer 14

D. Red

Question 15

Which of the following exercises should an organization use to improve its incident response process?

A. Tabletop
B. Replication
C. Failover
D. Recovery

Answer 15

A. Tabletop

Question 16

An attacker is attempting to harvest user credentials on a client’s website. A security analyst notices multiple attempts of random usernames and passwords. When the analyst types in a random username and password, the logon screen displays the following message:

The username you entered does not exist.

Which of the following should the analyst recommend be enabled?

A. Input valuation
B. Obfuscation
C. Error handling
D. Username lockout

Answer 16

C. Error handling

Question 17

An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?

A. Exception
B. Segmentation
C. Risk transfer
D. Compensating controls

Answer 17

D. Compensating controls

Question 18

Which of the following describes the ability of code to target a hypervisor from inside a guest OS?

A. Fog computing
B. VM escape
C. Software-defined networking
D. Image forgery
E. Container breakout

Answer 18

B. VM escape

Question 19

A local server recently crashed and the team is attempting to restore the server from a backup. During the restore process, the team notices the file size of each daily backup is large and will run out of space at the current rate. The current solution appears to do a full backup every night.

Which of the following would use the least amount of storage space for backups?

A. A weekly, incremental backup with daily differential backups
B. A weekly, full backup with daily snapshot backups
C. A weekly, full backup with daily differential backups
D. A weekly, full backup with daily incremental backups

Answer 19

D. A weekly, full backup with daily incremental backups

Question 20

A security analyst discovers several jpg photos from a cellular phone during a forensics investigation involving a compromised system. The analyst runs a forensics tool to gather file metadata. Which of the following would be part of the images if all the metadata is still intact?

A. The GPS location
B. When the file was deleted
C. The total number of print jobs
D. The number of copies made

Answer 20

A. The GPS location

Question 21

A financial analyst is expecting an email containing sensitive information from a client. When the email arrives the analyst receives an error and is unable to open the encrypted message. Which of the following is the most likely cause of the issue?

A. The S/MIME plug-in is not enabled
B. The SSL certificate has expired
C. Secure IMAP was not implemented
D. POP3S is not supported

Answer 21

A. The S/MIME plug-in is not enabled

Question 22

A company develops a complex platform that is composed of a single application. After several issues with upgrades, the systems administrator recommends breaking down the application into unique, independent modules. Which of the following best identifies the systems administrator’s recommendation?

A. Virtualization
B. Serverless
C. Microservices
D. API gateway

Answer 22

C. Microservices

Question 23

Which of the following would be the best way to block unknown programs from executing?

A. Access control list
B. Application allow list
C. Host-based firewall
D. DLP solution

Answer 23

B. Application allow list

Question 24

A company is planning to install a guest wireless network so visitors will be able to access the internet. The stakeholders want the network to be easy to connect to so time is not wasted during meetings. The WAPs are configured so that power levels and antennas cover only the conference rooms where visitors will attend meetings. Which of the following would best protect the company’s internal wireless network against visitors accessing company resources?

A. Configure the guest wireless network to be on a separate VLAN from the company’s internal wireless network.
B. Change the password for the guest wireless network every month.
C. Decrease the power levels of the access points for the guest wireless network.
D. Enable WPA2 using 802.1X for logging on to the guest wireless network.

Answer 24

A. Configure the guest wireless network to be on a separate VLAN from the company’s internal wireless network.

Question 25

An organization relies on third-party videoconferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources. Which of the following would best maintain high-quality videoconferencing while minimizing latency when connected to the VPN?

A. Using geographic diversity to have VPN terminators closer to end users
B. Utilizing split tunneling so only traffic for corporate resources is encrypted
C. Purchasing higher bandwidth connections to meet the increased demand
D. Configuring QoS properly on the VPN accelerators

Answer 25

B. Utilizing split tunneling so only traffic for corporate resources is encrypted