Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Sec+ > 701-725 > Flashcards

701-725 Flashcards

1
Q

An organization is building a single virtual environment that will host customer applications and data that require availability at all times. The data center that is hosting the environment will provide generator power and ISP services. Which of the following is the best solution to support the organization’s requirement?

A. NIC teaming
B. Cloud backups
C. A load balancer appliance
D. UPS

A

C. A load balancer appliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would best detect the presence of a rootkit in the future?

A. FDE
B. NIDS
C. EDR
D. DLP

A

C. EDR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The following IP information was provided to internal auditors to help assess organizational security:

User traffic subnet: 10.2.5.0/16
File Server: 10.2.2.7
Internal Linux Web Server: 10.3.9.9
SQL Server: 10.3.15.82
HR Server: 10.9.8.14
Firewall: 10.1.1.1

Which of the following tools would most likely be used to perform network reconnaissance and help understand what is accessible to all users? (Choose two.)

A. ipconfig
B. ping
C. chmod
D. netstat
E. traceroute
F. route

A

B. ping
D. netstat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A new company wants to avoid channel interference when building a WLAN. The company needs to know the radio frequency behavior, identify dead zones, and determine the best place for access points. Which of the following should be done first?

A. Configure heat maps.
B. Utilize captive portals.
C. Conduct a site survey.
D. Install Wi-Fi analyzers.

A

C. Conduct a site survey.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A software company adopted the following processes before releasing software to production:

  • Peer review
  • Static code scanning
  • Signing

A considerable number of vulnerabilities are still being detected when code is executed on production. Which of the following security tools can improve vulnerability detection on this environment?

A. File integrity monitoring for the source code
B. Dynamic code analysis tool
C. Encrypted code repository
D. Endpoint detection and response solution

A

B. Dynamic code analysis tool

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A security analyst needs to harden access to a network. One of the requirements is to authenticate users with smart cards. Which of the following should the analyst enable to best meet this requirement?

A. CHAP
B. PEAP
C. MS-CHAPv2
D. EAP-TLS

A

D. EAP-TLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A penetration-testing firm is working with a local community bank to create a proposal that best fits the needs of the bank. The bank’s information security manager would like the penetration test to resemble a real attack scenario, but it cannot afford the hours required by the penetration-testing firm. Which of the following would best address the bank’s desired scenario and budget?

A. Engage the penetration-testing firm’s rea-team services to fully mimic possible attackers.
B. Give the penetration tester data diagrams of core banking applications in a known-environment test.
C. Limit the scope of the penetration test to only the system that is used for teller workstations.
D. Provide limited networking details in a partially known-environment test to reduce reconnaissance efforts.

A

D. Provide limited networking details in a partially known-environment test to reduce reconnaissance efforts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A security analyst is reviewing SIEM logs during an ongoing attack and notices the following:

http://company.com/get.php?f=/etc/passwd
http://company.com/..%2F..%2F..%2F..%2Fetc%2Fshadow
http://company.com/../../../etc/passwd

Which of the following best describes the type of attack?

A. SQLi
B. CSRF
C. API attacks
D. Directory traversal

A

D. Directory traversal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A certificate vendor notified a company that recently invalidated certificates may need to be updated. Which of the following mechanisms should a security administrator use to determine whether the certificates installed on the company’s machines need to be updated?

A. SCEP
B. OCSP
C. CSR
D. CRL

A

B. OCSP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A recent vulnerability scan revealed multiple servers have non-standard ports open for applications that are no longer in use. The security team is working to ensure all devices are patched and hardened. Which of the following would the security team perform to ensure the task is completed with minimal impact to production?

A. Enable HIDS on all servers and endpoints.
B. Disable unnecessary services.
C. Configure the deny list appropriately on the NGFW.
D. Ensure the antivirus is up to date.

A

B. Disable unnecessary services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

A. Privilege escalation
B. Buffer overflow
C. SQL injection
D. Pass-the-hash

A

D. Pass-the-hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is a common source of unintentional corporate credential leakage in cloud environments?

A. Code repositories
B. Dark web
C. Threat feeds
D. State actors
E. Vulnerability databases

A

A. Code repositories

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A company is designing the layout of a new data center so it will have an optimal environmental temperature. Which of the following must be included? (Choose two.)

A. An air gap
B. A cold aisle
C. Removable doors
D. A hot aisle
E. An IoT thermostat
F. A humidity monitor

A

B. A cold aisle
D. A hot aisle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident. The systems administrator has just informed investigators that other log files are available for review. Which of the following did the administrator most likely configure that will assist the investigators?

A. Memory dumps
B. The syslog server
C. The application logs
D. The log retention policy

A

B. The syslog server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Local guidelines require that all information systems meet a minimum security baseline to be compliant. Which of the following can security administrators use to assess their system configurations against the baseline?

A. SOAR playbook
B. Security control matrix
C. Risk management framework
D. Benchmarks

A

D. Benchmarks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A company’s public-facing website, https://www.organization.com, has an IP address of 166.18.75.6. However, over the past hour the SOC has received reports of the site’s homepage displaying incorrect information. A quick nslookup search shows https://www.organization.com is pointing to 151.191.122.115. Which of the following is occurring?

A. DoS attack
B. ARP poisoning
C. DNS spoofing
D. NXDOMAIN attack

A

C. DNS spoofing

14
Q

An employee receives an email stating the employee won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm employee’s identity before sending the prize. Which of the following best describes this type of email?

A. Spear phishing
B. Whaling
C. Phishing
D. Vishing

A

C. Phishing

15
Q

A company currently uses passwords for logging in to company-owned devices and wants to add a second authentication factor. Per corporate policy, users are not allowed to have smartphones at their desks. Which of the following would meet these requirements?

A. Smart card
B. PIN code
C. Knowledge-based question
D. Secret key

A

A. Smart card

16
Q

The Chief Technology Officer of a local college would like visitors to utilize the school’s Wi-Fi but must be able to associate potential malicious activity to a specific person. Which of the following would best allow this objective to be met?

A. Requiring all new. on-site visitors to configure their devices to use WPS
B. Implementing a new SSID for every event hosted by the college that has visitors
C. Creating a unique PSK for every visitor when they arrive at the reception area
D. Deploying a captive portal to capture visitors’ MAC addresses and names

A

D. Deploying a captive portal to capture visitors’ MAC addresses and names

17
Q

Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

A. Hacktivists
B. Script kiddies
C. Competitors
D. Shadow IT

A

D. Shadow IT

18
Q

A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops. No known indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

A. Contain the impacted hosts.
B. Add the malware to the application blocklist.
C. Segment the core database server.
D. Implement firewall rules to block outbound beaconing.

A

A. Contain the impacted hosts.

19
Q

An administrator receives the following network requirements for a data integration with a third-party vendor:

port 443 allowed OUTGOING to www.vendorsite.com
port 21 allowed outgoing to fs1.vendorsite.com
port 22 allowed OUTGOING to fs2.vendorsite.com
port 8080 allowed OUTGOING to www2.vendorsite.com

Which of the following is the most appropriate response for the administrator to send?

A. FTP is an insecure protocol and should not be used.
B. Port 8080 is a non-standard port and should be blocked.
C. SSH protocol version 1 is obsolete and should not be used.
D. Certificate stapling on port 443 is a security risk that should be mitigated.

A

A. FTP is an insecure protocol and should not be used.

20
Q

A security administrator manages five on-site APs. Each AP uses different channels on a 5GHz network. The administrator notices that another access point with the same corporate SSID on an overlapping channel was created. Which of the following attacks most likely occurred?

A. Jamming
B. NFC attacks
C. Disassociation
D. Bluesnarfing
E. Evil twin

A

E. Evil twin

21
Q

A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link that is redirecting to a dead domain. Which of the following is the best step for the security team to take?

A. Create a blocklist for all subject lines.
B. Send the dead domain to a DNS sinkhole.
C. Quarantine all emails received and notify all employees.
D. Block the URL shortener domain in the web proxy.

A

B. Send the dead domain to a DNS sinkhole.

22
Q

A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.

Please click on the below items on the network diagram and configure them accordingly:

  • WAP
  • DHCP Server
  • AAA Server
  • Wireless Controller
  • LDAP Server

If at any time you would like to bring back the initial state of the simulation, please dick the Reset All button.

A

Mixed
11
WPA Enterpise

Sec+ (30 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions