601-625

Question 1

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

A. Compensating control
B. Network segmentation
C. Transfer of risk
D. SNMP traps

Answer 1

A. Compensating control

Question 2

An attacker tricks a user into providing confidential information. Which of the following describes this form of malicious reconnaissance?

A. Phishing
B. Social engineering
C. Typosquatting
D. Smishing

Answer 2

B. Social engineering

Question 3

A large bank with two geographically dispersed data centers is concerned about major power disruptions at both locations. Every day each location experiences very brief outages that last for a few seconds. However, during the summer a high risk of intentional under-voltage events that could last up to an hour exists, particularly at one of the locations near an industrial smelter. Which of the following is the best solution to reduce the risk of data loss?

A. Dual supply
B. Generator
C. PDU
D. Daily backups

Answer 3

B. Generator

Question 4

Which of the following examples would be best mitigated by input sanitization?

A.
B. nmap -p- 10.11.1.130
C. Email message: “Click this link to get your free gift card.”
D. Browser message: “Your connection is not private.”

Answer 4

A. XSS

Question 5

An organization would like to store customer data on a separate part of the network that is not accessible to users on the mam corporate network. Which of the following should the administrator use to accomplish this goal?

A. Segmentation
B. Isolation
C. Patching
D. Encryption

Answer 5

A. Segmentation

Question 6

A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?

A. Cross-site scripting
B. Buffer overflow
C. Jailbreaking
D. Side loading

Answer 6

C. Jailbreaking

Question 7

A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

A. Open-source intelligence
B. Bug bounty
C. Red team
D. Penetration testing

Answer 7

B. Bug bounty

Question 8

An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Choose two.)

A. Application
B. Authentication
C. Error
D. Network
E. Firewall
F. System

Answer 8

D. Network
E. Firewall

Question 9

An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

A. Compromise
B. Retention
C. Analysis
D. Transfer
E. Inventory

Answer 9

B. Retention

Question 10

Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company’s final software releases? (Choose two.)

A. Unsecure protocols
B. Use of penetration-testing utilities
C. Weak passwords
D. Included third-party libraries
E. Vendors/supply chain
F. Outdated anti-malware software

Answer 10

D. Included third-party libraries
E. Vendors/supply chain

Question 11

An organization has a growing workforce that is mostly driven by additions to the sales department. Each newly hired salesperson relies on a mobile device to conduct business. The Chief Information Officer (CIO) is wondering if the organization may need to scale down just as quickly as it scaled up. The CIO is also concerned about the organization’s security and customer privacy. Which of the following would be BEST to address the CIO’s concerns?

A. Disallow new hires from using mobile devices for six months.
B. Select four devices for the sales department to use in a CYOD model.
C. Implement BYOD for the sales department while leveraging the MDM.
D. Deploy mobile devices using the COPE methodology.

Answer 11

C. Implement BYOD for the sales department while leveraging the MDM.

Question 12

A company has limited storage space available and an online presence that cannot be down for more than four hours. Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time in the event of a failure, while being mindful of the limited available storage space?

A. Implement full tape backups every Sunday at 8:00 p.m. and perform nightly tape rotations.
B. Implement differential backups every Sunday at 8:00 p.m. and nightly incremental backups at 8:00 p.m.
C. Implement nightly full backups every Sunday at 8:00 p.m.
D. Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m.

Answer 12

D. Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m.

Question 13

A startup company is using multiple SaaS and IaaS platforms to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?

A. SIEM
B. DLP
C. CASB
D. SWG

Answer 13

C. CASB

Question 14

Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?

A. DLP
B. HIDS
C. EDR
D. NIPS

Answer 14

C. EDR

Question 15

A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to the account and pivot throughout the global network. Which of the following would be BEST to help mitigate this concern?

A. Create different accounts for each region, each configured with push MFA notifications.
B. Create one global administrator account and enforce Kerberos authentication.
C. Create different accounts for each region, limit their logon times, and alert on risky logins.
D. Create a guest account for each region, remember the last ten passwords, and block password reuse.

Answer 15

C. Create different accounts for each region, limit their logon times, and alert on risky logins.

Question 16

While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?

A. Documenting the new policy in a change request and submitting the request to change management
B. Testing the policy in a non-production environment before enabling the policy in the production network
C. Disabling any intrusion prevention signatures on the “deny any” policy prior to enabling the new policy
D. Including an “allow any” policy above the “deny any” policy

Answer 16

B. Testing the policy in a non-production environment before enabling the policy in the production network

Question 17

A network technician is installing a guest wireless network at a coffee shop. When a customer purchases an item, the password for the wireless network is printed on the receipt so the customer can log in. Which of the following will the technician MOST likely configure to provide the highest level of security with the least amount of overhead?

A. WPA-EAP
B. WEP-TKIP
C. WPA-PSK
D. WPS-PIN

Answer 17

C. WPA-PSK

Question 18

Which of the following ISO standards is certified for privacy?

A. ISO 9001
B. ISO 27002
C. ISO 27701
D. ISO 31000

Answer 18

C. ISO 27701

Question 19

An organization suffered an outage, and a critical system took 90 minutes to come back online. Though there was no data loss during the outage, the expectation was that the critical system would be available again within 60 minutes. Which of the following is the 60-minute expectation an example of?

A. MTBF
B. RPO
C. MTTR
D. RTO

Answer 19

D. RTO

Question 20

A security analyst needs to be proactive in understanding the types of attacks that could potentially target the company’s executives. Which of the following intelligence sources should the security analyst review?

A. Vulnerability feeds
B. Trusted automated exchange of indicator information
C. Structured threat information expression
D. Industry information-sharing and collaboration groups

Answer 20

D. Industry information-sharing and collaboration groups

Question 21

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that is discovered. Which of the following BEST represents the type of testing that will occur?

A. Bug bounty
B. Black-box
C. Gray-box
D. White-box
E. Red-team

Answer 21

A. Bug bounty

Question 22

A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a company’s network. The company’s lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts. While reviewing the log files, the analyst discovers the following:

3/16/20 3:31:10 AM Audit Failure: CompanyNetwork\User1 Unknown username or bad password.
3/16/20 3:31:11 AM Audit Failure: CompanyNetwork\User1 Unknown username or bad password.
3/16/20 3:31:12 AM Audit Failure: CompanyNetwork\User1 Unknown username or bad password.
3/16/20 3:31:13 AM Audit Failure: CompanyNetwork\User1 Account locked out
3/16/20 3:31:14 AM Audit Failure: CompanyNetwork\User2 Unknown username or bad password.
3/16/20 3:31:15 AM Audit Failure: CompanyNetwork\User2 Unknown username or bad password.
3/16/20 3:31:16 AM Audit Failure: CompanyNetwork\User2 Unknown username or bad password.
3/16/20 3:31:18 AM Audit Failure: CompanyNetwork\User2 Account locked out
3/16/20 3:31:19 AM Audit Failure: CompanyNetwork\User3 Unknown username or bad password.
3/16/20 3:32:40 AM Audit Failure: CompanyNetwork\User4 Unknown username or bad password.
3/16/20 3:33:25 AM Audit Failure: CompanyNetwork\User4 Successful logon.

Which of the following attacks MOST likely occurred?

A. Dictionary
B. Credential-stuffing
C. Password-spraying
D. Brute-force

Answer 22

C. Password-spraying

Question 23

Users have been issued smart cards that provide physical access to a building. The cards also contain tokens that can be used to access information systems. Users can log in to any thin client located throughout the building and see the same desktop each time. Which of the following technologies are being utilized to provide these capabilities? (Choose two.)

A. COPE
B. VDI
C. GPS
D. TOTP
E. RFID
F. BYOD

Answer 23

B. VDI
F. BYOD

Question 24

A security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their devices, the following requirements must be met:

• Mobile device OSs must be patched up to the latest release.
• A screen lock must be enabled (passcode or biometric).
• Corporate data must be removed if the device is reported lost or stolen.

Which of the following controls should the security engineer configure? (Choose two.)

A. Containerization
B. Storage segmentation
C. Posturing
D. Remote wipe
E. Full-device encryption
F. Geofencing

Answer 24

C. Posturing
D. Remote wipe

Question 25

A systems administrator needs to implement an access control scheme that will allow an object’s access policy to be determined by its owner. Which of the following access control schemes BEST fits the requirements?

A. Role-based access control
B. Discretionary access control
C. Mandatory access control
D. Attribute-based access control

Answer 25

B. Discretionary access control