726 - 750

Question 1

A newly purchased corporate WAP needs to be configured in the MOST secure manner possible.

Please click on the below items on the network diagram and configure them accordingly:

• WAP
• DHCP Server
• AAA Server
• Wireless Controller
• LDAP Server

If at any time you would like to bring back the initial state of the simulation, please dick the Reset All button.

Answer 1

Word Doc

Question 2

A security engineer is setting up passwordless authentication for the first time.

Drag and drop the MINIMUM set of commands to set this up and verify that it works. Commands may only be used once, and not all will be used.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer 2

Word Doc

Question 3

A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?

A. SSO
B. LEAP
C. MFA
D. PEAP

Answer 3

A. SSO

Question 4

Which of the following would be best suited for constantly changing environments?

A. RTOS
B. Containers
C. Embedded systems
D. SCADA

Answer 4

B. Containers

Question 5

A newly identified network access vulnerability has been found in the OS of legacy IoT devices. Which of the following would best mitigate this vulnerability quickly?

A. Insurance
B. Patching
C. Segmentation
D. Replacement

Answer 5

C. Segmentation

Question 6

The local administrator account for a company’s VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have prevented this from happening?

A. Using least privilege
B. Changing the default password
C. Assigning individual user IDs
D. Implementing multifactor authentication

Answer 6

D. Implementing multifactor authentication

Question 7

You are a security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the infection and then identify if each remaining host is clean or infected.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer 7

Word Doc

Question 8

Which of the following describes the exploitation of an interactive process to gain access to restricted areas?

A. Persistence
B. Port scanning
C. Privilege escalation
D. Pharming

Answer 8

C. Privilege escalation

Question 9

A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.

Click on each firewall to do the following:

1. Deny cleartext web traffic.
2. Ensure secure management protocols are used.
3. Resolve issues at the DR site.

The ruleset order cannot be modified due to outside constraints.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer 9

Word Doc

Question 10

A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.

From the options below, drag each item to its appropriate classification as well as the MOST appropriate form of disposal.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer 10

Word Doc

Question 11

A security analyst is assessing several company firewalls. Which of the following tools would the analyst most likely use to generate custom packets to use during the assessment?

A. hping
B. Wireshark
C. PowerShell
D. netstat
Reveal Solution

Answer 11

A. hping

Question 12

A local business was the source of multiple instances of credit card theft. Investigators found that most payments at this business were made at self-service kiosks. Which of the following is the most likely cause of the exposed credit card Information?

A. Insider threat
B. RAT
C. Backdoor
D. Skimming
E. NFC attack

Answer 12

D. Skimming

Question 13

An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned, one of the batch jobs failed and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?

A. Job rotation
B. Retention
C. Outsourcing
D. Separation of duties

Answer 13

A. Job rotation

Question 14

Following a recent security breach, an analyst discovered that user permissions were added when joining another part of the organization but were not removed from existing groups. Which of the following policies would help to correct these issues in the future?

A. Service accounts
B. Account audits
C. Password complexity
D. Lockout policy

Answer 14

B. Account audits

Question 15

Which of the following ensures an organization can continue to do business with minimal interruption in the event of a major disaster?

A. Business recovery plan
B. Incident response plan
C. Communication plan
D. Continuity of operations plan

Answer 15

D. Continuity of operations plan

Question 16

In a rush to meet an end-of-year *business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following BEST describes the security engineer’s response?

A. Risk tolerance
B. Risk acceptance
C. Risk importance
D. Risk appetite

Answer 16

B. Risk acceptance*

Question 17

A security team created a document that details the order in which critical systems should be brought back online after a major outage. Which of the following documents did the team create?

A. Communication plan
B. Incident response plan
C. Data retention policy
D. Disaster recovery plan

Answer 17

D. Disaster recovery plan

Question 18

A company wants to reconfigure an existing wireless infrastructure. The company needs to ensure the projected WAP placement will provide proper signal strength to all workstations. Which of the following should the company use to best fulfill the requirements?

A. Network diagram
B. WPS
C. 802.1X
D. Heat map

Answer 18

D. Heat map

Question 19

Topic 1
A company wants to pragmatically grant access to users who have the same job. Which of the following access controls should the company most likely use?

A. Role-based
B. Need-to-know
C. Mandatory
D. Discretionary

Answer 19

A. Role-based

Question 20

A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach and does not have an on-premises IT infrastructure. Which of the following would best secure the organization?

A. Upgrading to a next-generation firewall
B. Deploying an appropriate in-line CASB solution
C. Conducting user training on software policies
D. Configuring double key encryption in SaaS platforms

Answer 20

B. Deploying an appropriate in-line CASB solution

Question 21

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer’s documentation about the internal architecture. Which of the following best represents the type of testing that will occur?

A. Bug bounty
B. White-box
C. Black-box
D. Gray-box

Answer 21

B. White-box

Question 22

Which of the following are the most likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company’s final software releases? (Choose two).

A. Certificate mismatch
B. Use of penetration-testing utilities
C. Weak passwords
D. Included third-party libraries
E. Vendors/supply chain
F. Outdated anti-malware software

Answer 22

A. Certificate mismatch
D. Included third-party libraries

Question 23

A hosting provider needs to prove that its security controls have been in place over the last six months and have sufficiently protected customer data. Which of the following would provide the best proof that the hosting provider has met the requirements?

A. NIST CSF
B. SOC 2 Type 2 report
C. CIS Top 20 compliance reports
D. Vulnerability report

Answer 23

B. SOC 2 Type 2 report

Question 24

Which of the following are common VoIP-associated vulnerabilities? (Choose two).

A. SPIM
B. Vishing
C. VLAN hopping
D. Phishing
E. DHCP snooping
F. Tailgating

Answer 24

A. SPIM
B. Vishing

Question 25

A security administrator received an alert for a user account with the following log activity:

5/23/22 10:07.16.301 AM 197.42.32.110 Shell_Client US

5/23/22 10:07.16.301 AM 197.42.32.110 Shell_Client US

5/23/22 10:07.16.301 AM 197.42.32.110 Shell_Client US

5/23/22 11:15.16.301 AM 210.167.76.13 Sign In Shell_Client AT

Which of the following best describes the trigger for the alert the administrator received?

A. Number of failed log-in attempts
B. Geolocation
C. Impossible travel time
D. Time-based log-in attempt

Answer 25

Geolocation

Question 26

Which of the following is a reason why a forensic specialist would create a plan to preserve data after an incident and prioritize the sequence for performing forensic analysis?

A. Order of volatility
B. Preservation of event logs
C. Chain of custody
D. Compliance with legal hold

Answer 26

B. Preservation of event logs