626-650

Question 1

Which of the following security concepts should an e-commerce organization apply for protection against erroneous purchases?

A. Privacy
B. Availability
C. Integrity
D. Confidentiality

Answer 1

C. Integrity

Question 2

A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of the following would BEST meet this objective? (Choose two.)

A. Dual power supply
B. Off-site backups
C. Automatic OS upgrades
D. NIC teaming
E. Scheduled penetration testing
F. Network-attached storage

Answer 2

A. Dual power supply
B. Off-site backups

Question 3

A company’s Chief Information Officer (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company’s developers. Which of the following would be MOST suitable for training the developers?

A. A capture-the-flag competition
B. A phishing simulation
C. Physical security training
D. Basic awareness training

Answer 3

A. A capture-the-flag competition

Question 4

A cybersecurity administrator has a reduced team and needs to operate an on-premises network and security infrastructure efficiently. To help with the situation, the administrator decides to hire a service provider. Which of the following should the administrator use?

A. SDP
B. AAA
C. IaaS
D. MSSP
E. Microservices

Answer 4

D. MSSP

Question 5

Which of the following threat vectors would appear to be the most legitimate when used by a malicious actor to impersonate a company?

A. Phone call
B. Instant message
C. Email
D. Text message

Answer 5

A. Phone call

Question 6

The SOC is reviewing processes and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. This allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process?

A. Updating the playbooks with better decision points
B. Dividing the network into trusted and untrusted zones
C. Providing additional end-user training on acceptable use
D. Implementing manual quarantining of infected hosts

Answer 6

A. Updating the playbooks with better decision points

Question 7

A security administrator checks the table of a network switch, which shows the following output:

1 001a:42ff:5113 dynamic GE0/5
1 0faa:abcf:ddee dynamic GE0/5
1 c6a9:6b16:758e dynamic GE0/5
1 a3aa:b6a3:1212 dynamic GE0/5
1 8025:2ad8:bfac dynamic GE0/5
1 b839:f995:a00a dynamic GE0/5

Which of the following is happening to this switch?

A. MAC flooding
B. DNS poisoning
C. MAC cloning
D. ARP poisoning

Answer 7

A. MAC flooding

Question 8

An organization just experienced a major cyberattack incident. The attack was well coordinated, sophisticated, and highly skilled. Which of the following targeted the organization?

A. Shadow IT
B. An insider threat
C. A hacktivist
D. An advanced persistent threat

Answer 8

D. An advanced persistent threat

Question 9

A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patching routine. Which of the following steps should also be taken to harden the smart switch?

A. Set up an air gap for the switch.
B. Change the default password for the switch
C. Place the switch in a Faraday cage.
D. Install a cable lock on the switch.

Answer 9

B. Change the default password for the switch

Question 10

A company recently set up an e-commerce portal to sell its products online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard. Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?

A. PCI DSS
B. ISO 22301
C. ISO 27001
D. NIST CSF

Answer 10

A. PCI DSS

Question 11

A security analyst is investigating an incident that was first reported as an issue connecting to network shares and the Internet. While reviewing logs and tool output, the analyst sees the following:

IP Physical Address
10.0.0.1 00-18-21-ad-24-bc
10.0.0.114 01-31-a3-cd-23-ab
10.0.0.115 00-18-21-ad-24-bc
10.0.0.116 00-19-08-ba-07-da
10.0.0.117 01-12-21-ca-11-ad

Which of the following attacks has occurred?

A. IP conflict
B. Pass-the-hash
C. MAC flooding
D. Directory traversal
E. ARP poisoning

Answer 11

E. ARP poisoning

Question 12

Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the real data?

A. Data encryption
B. Data masking
C. Data deduplication
D. Data minimization

Answer 12

B. Data masking

Question 13

A company recently moved sensitive videos between on-premises, company-owned websites. The company then learned the videos had been uploaded and shared to the Internet. Which of the following would MOST likely allow the company to find the cause?

A. Checksums
B. Watermarks
C. Order of volatility
D. A log analysis
E. A right-to-audit clause

Answer 13

D. A log analysis

Question 14

A public relations team will be taking a group of guests on a tour through the facility of a large e- commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against:

A. loss of proprietary information.
B. damage to the company’s reputation.
C. social engineering.
D. credential exposure.

Answer 14

A. loss of proprietary information.

Question 15

Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?

A. The document is a honeyfile and is meant to attract the attention of a cyberintruder.
B. The document is a backup file if the system needs to be recovered.
C. The document is a standard file that the OS needs to verify the login credentials.
D. The document is a keylogger that stores all keystrokes should the account be compromised

Answer 15

A. The document is a honeyfile and is meant to attract the attention of a cyberintruder.

Question 16

A security analyst needs to generate a server certificate to be used for 802.1X and secure RDP connections. The analyst is unsure what is required to perform the task and solicits help from a senior colleague. Which of the following is the FIRST step the senior colleague will most likely tell the analyst to perform to accomplish this task?

A. Create an OCSP.
B. Generate a CSR.
C. Create a CRL.
D. Generate a .pfx file.

Answer 16

B. Generate a CSR.

Question 17

When selecting a technical solution for identity management, an architect chooses to go from an in-house solution to a third-party SaaS provider. Which of the following risk management strategies is this an example of?

A. Acceptance
B. Mitigation
C. Avoidance
D. Transference

Answer 17

D. Transference

Question 18

Which of the following describes the BEST approach for deploying application patches?

A. Apply the patches to systems in a testing environment, then to systems in a staging environment, and finally to production systems.
B. Test the patches in a staging environment, develop against them in the development environment, and then apply them to the production systems.
C. Test the patches in a test environment, apply them to the production systems, and then apply them to a staging environment.
D. Apply the patches to the production systems, apply them in a staging environment, and then test all of them in a testing environment.

Answer 18

A. Apply the patches to systems in a testing environment, then to systems in a staging environment, and finally to production systems.

Question 19

A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the attackers. The issue was triggered by a phishing email and the IT administrator wants to ensure it does not happen again. Which of the following should the IT administrator do FIRST after recovery?

A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.
B. Restrict administrative privileges and patch all systems and applications.
C. Rebuild all workstations and install new antivirus software.
D. Implement application whitelisting and perform user application hardening.

Answer 19

A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.

Question 20

After entering a username and password, an administrator must draw a gesture on a touch screen. Which of the following demonstrates what the administrator is providing?

A. Multifactor authentication
B. Something you can do
C. Biometrics
D. Two-factor authentication

Answer 20

B. Something you can do

Question 21

An analyst visits an Internet forum looking for information about a tool. The analyst finds a thread that appears to contain relevant information. One of the posts says the following:

Hello everyone
I’m having the same problem with my server. Can you help me?

<script type=”text/javascript” src=http://website.com/user.js>
Onload=sqlexec
</script>

Thank you,

Joe

Which of the following BEST describes the attack that was attempted against the forum readers?

A. SQLi attack
B. DLL attack
C. XSS attack
D. API attack

Answer 21

C. XSS attack

Question 22

A root cause analysis reveals that a web application outage was caused by one of the company’s developers uploading a newer version of the third-party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent this issue from reoccurring?

A. CASB
B. SWG
C. Containerization
D. Automated failover

Answer 22

C. Containerization

Question 23

The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve security in the environment and protect patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO’s concerns?

A. SSO would simplify username and password management, making it easier for hackers to guess accounts.
B. SSO would reduce password fatigue, but staff would still need to remember more complex passwords.
C. SSO would reduce the password complexity for frontline staff.
D. SSO would reduce the resilience and availability of systems if the identity provider goes offline.

Answer 23

D. SSO would reduce the resilience and availability of systems if the identity provider goes offline.

Question 24

A software developer needs to perform code-execution testing, black-box testing, and non- functional testing on a new product before its general release. Which of the following BEST describes the tasks the developer is conducting?

A. Verification
B. Validation
C. Normalization
D. Staging

Answer 24

D. Staging

Question 25

Joe, a user at a company, clicked an email link that led to a website that infected his workstation. Joe was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and it has continued to evade detection. Which of the following should a security administrator implement to protect the environment from this malware?

A. Install a definition-based antivirus.
B. Implement an IDS/IPS.
C. Implement a heuristic behavior-detection solution.
D. Implement CASB to protect the network shares.

Answer 25

C. Implement a heuristic behavior-detection solution.