Exam Questions Flashcards
(104 cards)
1
Q
753.) A SOC is currently being outsourced. Which of the following is being used?
A. Microservices
B. SaaS
C. MSSP
D. PaaS
A
C. MSSP
2
Q
752.) A security analyst is investigating a phishing email that contains a malicious document directed to the company’s Chief Executive Officer (CEO). Which of the following should the analyst perform to understand the threat and retrieve possible IoCs?
A. Run a vulnerability scan against the CEO’s computer to find possible vulnerabilities
B. Install a sandbox to run the malicious payload in a safe environment
C. Perform a traceroute to identify the communication path
D. Use netstat to check whether communication has been made with a remote host
A
B. Install a sandbox to run the malicious payload in a safe environment
3
Q
751.) A security analyst was deploying a new website and found a connection attempting to authenticate on the site’s portal. While Investigating The incident, the analyst identified the following Input in the username field:
admin’ or 1=1–
Which of the following BEST explains this type of attack?
A. DLL injection to hijack administrator services
B. SQLi on the field to bypass authentication
C. Execution of a stored XSS on the website
D. Code to execute a race condition on the server
A
D. Code to execute a race condition on the server
4
Q
750.) A developer is building a new portal to deliver single-pane-of-glass management capabilities to customers with multiple firewalls. To Improve the user experience, the developer wants to implement an authentication and authorization standard that uses security tokens that contain assertions to pass user Information between nodes. Which of the following roles should the developer configure to meet these requirements? (Select TWO).
A. Identity processor
B. Service requestor
C. Identity provider
D. Service provider
E. Tokenized resource
F. Notarized referral
A
C. Identity provider
E. Tokenized resource
5
Q
749.) A cyberthreat intelligence analyst is gathering data about a specific adversary using OSINT techniques. Which of the following should the analyst use?
A. Internal log files
B. Government press releases
C. Confidential reports
D. Proprietary databases
A
B. Government press releases
6
Q
748.) A security modern may have occurred on the desktop PC of an organization’s Chief Executive Officer (CEO). A duplicate copy of the CEO’s hard drive must be stored securely to ensure appropriate forensic processes and custody chain is followed.
Which of the following should be performed to accomplish this task?
A. Install a new hard drive in the CEO’s PC, and then remove the old hard drive and place it in a tmper-evident bag
B. Connect a write blocker to the hard drive. Then leveraging a forensic workstation, utilize the dd command in a live linux environment to create a duplicate copy
C. Remove the CEO’s hard drive from the PC, connect to the forensic workstation, and copy all the contents onto a remote file share while the CEO watches
D. Refrain from completing forensic analysts of the CEO’s hard drive until after the incident is confirmed; duplicating the hard drive at this stage could destroy evidence.
A
D. Refrain from completing forensic analysts of the CEO’s hard drive until after the incident is confirmed; duplicating the hard drive at this stage could destroy evidence.
7
Q
747.) When planning to build a virtual environment, an administrator needs to achieve the following:
- Establish Policies to limit who can create ne VMs
- Allocate resources according to actual virtualization
- Require justification for requests outside of the standard requirements
- Create standardization categories based on size and resource requirements
Which of the following is the administrator MOST likely trying to do?
A. Implement IaaS replication
B. Protect against VM escape
C. Deploy a PaaS
D. Avoid VM sprawl
A
D. Avoid VM sprawl
8
Q
746.) Several employees return to work the day after attending an industry trade show. That same day, the security manager notices several malware alerts coming from each of the employees’ workstations. The security manager investigates but finds no evidence of attack by reviewing network-based sources like the perimeter firewall or the NIDS. Which of the following is MOST likely causing the malware alerts?
A. A worm that has propagated itself across the intranet, which was initiated by presentation media
B. A malicious PowerShell script that was attached to an email and transmitted to multiple employees
C. A Trojan that has passed through the gateway router and executed malicious code on the hosts
D. A USB flash drive that is trying to run malicious code but is being blocked by the host firewall
A
A. A worm that has propagated itself across the intranet, which was initiated by presentation media
9
Q
745.) A security researcher is tracking an adversary by noting its attacks and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?
A. The Diamond Model of Intrusion Analysis
B. The Cyber Kill Chain
C. The MITRE CVE database
D. The incident response process
A
A. The Diamond Model of Intrusion Analysis
10
Q
744.) A security analyst needs to implement security features across smartphones, laptops, and tablets. Which of the following would be the MOST effective across heterogeneous platforms?
A. Enforcing encryption
B. Deploying GPOs
C. Removing administrative permissions
D. Applying MDM software
A
D. Applying MDM software
11
Q
743.) During a security assessment, a security analyst finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permissions for the existing users and groups and remove the set-user-ID bit from the file?
A. ls
B. chflags
C. chmod
D. lsof
E. setuid
A
E. setuid
12
Q
742.) A financial analyst has been accused of violating the company’s AUP and there is forensic evidence to substantiate the allegation. Which of the following would dispute the analyst’s claim of innocence?
A. Legal hold
B. Order of volatility
C. Non-repudiation
D. Chain of custody
A
C. Non-repudiation
13
Q
741.) Which of the following would BEST identify and remediate a data-loss event in an enterprise using third-party, web-based services and file-sharing platforms?
A. SIEM
B. CASB
C. UTM
D. EDR
A
B. CASB
14
Q
740.) A security administrator is trying to determine whether a server is vulnerable to a range of attacks. After using a tool, the administrator obtains the following output: Which of the following attacks was successfully implemented based on the output?
A. Memory leak
B. Race conditions
C. SQL injection
D. Directory traversal
A
- Memory leak
15
Q
- A recent security assessment revealed that an actor exploited a vulnerable workstation within an organization and has persisted on the network for several months. The organization realizes the need to reassess its security strategy for mitigating risks within the perimeter. Which of the following solutions would BEST support the organization’s strategy?
- FIM
- DLP
- EDR
- UTM
A
- EDR
16
Q
- The SIEM at an organization has detected suspicious traffic coming from a workstation in its internal network. An analyst in the SOC investigates the workstation and discovers malware that is associated with a botnet is installed on the device. A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator. To which of the following groups should the analyst report this real-world event?
- The NOC team
- The vulnerability management team
- The CIRT
- The read team
A
- The CIRT
17
Q
- A company is concerned about its security after a red-team exercise. The report shows the team was able to reach the critical servers due to the SMB being exposed to the internet and running NTLMv1. Which of the following BEST explains the findings?
- Default settings on the servers
- Unsecured administrator accounts
- Open ports and services
- Weak data encryption
A
Weak data encryption
18
Q
- A global company is experiencing unauthorized logins due to credential theft and account lockouts caused by brute-force attacks. The company is considering implementing a third-party identity provider to help mitigate these attacks. Which of the following would be the BEST control for the company to require from prospective vendors?
- IP restrictions
- Multifactor authentication
- A banned password list
- A complex password policy
A
- Multifactor authentication
19
Q
- A systems analyst is responsible for generating a new digital forensics chain-of-custody form. Which of the following should the analyst include in this documentation? (Select TWO)
- The order of volatility
- A CRC32 checksum
- The provenance of the artifacts
- The vendor’s name
- The date and time
- A warning banner
A
- The order of volatility
- The date and time
20
Q
- A security analyst is concerned about traffic initiated to the dark web from the corporate LAN. Which of the following networks should the analyst monitor?
- SFTP
- AIS (automatic identification system. Used for ships)
- Tor (The onion router)
- IoC
A
Tor (The onion router)
21
Q
- A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?
- Asymmetric
- Symmetric
- Homomorphic
- Ephemeral
A
Homomorphic
22
Q
- A forensics investigator is examining a number of unauthorized payments that were reported on the company’s website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to be phishing team, and the forwarded email revealed the link to be: Which of the following will the forensics investigator MOST likely determine has occurred?
- SQL injection
- Broken authentication
- XSS
- XSRF
A
XSRF
23
Q
An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer map to the existing controls? (Select TWO)
- ISO
- PCI DSS
- SOC
- GDPR
- CSA
- NIST
A
B. PCI DSS D. GDPR
24
Q
730
An organization relies on third-party videoconferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources. Which of the following would BEST maintain high-quality videoconferencing while minimizing latency when connected to the VPN?
- Using geographic diversity to have VPN terminators closer to end users
- Utilizing split tunneling so only traffic for corporate resources is encrypted
- Purchasing higher bandwidth connections to meet the increased demand
- Configuring QoS properly on the VPN accelerators
A
Purchasing higher bandwidth connections to meet the increased demand
25
729
1. An organization recently recovered from a data breach. During the root cause anlaysis, the organization determined the source of the breach to be a personal cell phone that had been reported lost. Which of the following solutions should the organization implement to reduce the likelihood of future data breaches?
1. **MDM**
2. **MAM**
3. **VDI**
4. **DLP**
**MDM**
26
728
1. a network administrator is concerned about users being exposed to malicious content when accessing company cloud applications. The administrator wants to be able to block access to sites based on the AUP. The users must also be protected because many of them work from home or at remote locations, providing on-site customer support. Which of the following should the administrator employ to meet these criteria?
1. **Implement NAC**
2. **Implement an SWG**
3. **Implement a URL filter**
4. **Implement an MDM**
**Implement an SWG**
27
727
1. A network manager is concerned that business may be negatively impacted if the firewall in its datacenter goes offline. The manager would like to implement a high availability pair to:
1. **decrease the mean time between failures**
2. **remove the single point of failure**
3. **cut down the mean time to repair**
4. **reduce the recovery time objective**
1. **remove the single point of failure**
28
# 726
726
1. DDos attacks are causing an overload on the cluster of cloud servers. A security architect is researching alternatives to make the cloud environment respond to load fluctuation in a cost-effective way. Which of the following options BEST fulfills the architect’s requirements?
1. **An orchestration solution that can adjust scalability of cloud assets**
2. **Use a multipath by adding more connections to cloud storage**
3. **Cloud assets replicated on geographically distributed regions**
4. **An on-site backup that is deployed and only used when the load increases**
1. **An orchestration solution that can adjust scalability of cloud assets**
29
725
1. Which of the following would cause a Chief Information Security Officer the MOST concern regarding newly installed internet-accessible 4K surveillance cameras?
1. **An inability to monitor 100% of every facility could expose the company to unnecessary risk**
2. **The cameras could be compromised if not patched in a timely manner**
3. **Physical security at the facility may not protect the cameras from theft**
4. **Exported videos may take up excessive space on the file servers**
**The cameras could be compromised if not patched in a timely manner**
30
724
1. A security engineer needs to implement and MDM solution that compiles with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their devices, the following requirements must be met.
* Mobile device Oss must be patched up to the latest release
* A screen lock must be enabled (passcode or biometric)
* Corporate data must be removed if the device is reported lost or stolen
Which of the following controls should the security engineer configure? (Select TWO)
1. **Disable firmware over-the-air**
2. **Storage segmentation**
3. **Posture checking**
4. **Remote wipe**
5. **Full-device encryption**
6. **Geofencing**
**Posture checking**
**Remote wipe**
31
723
1. An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has not received information about the internal architecture. Which of the following BEST represents the type of testing that will occur?
1. **Gray-box**
2. **White-box**
3. **Bug bounty**
4. **Black-box**
**Black-box**
32
722
1. A remote user recently took a two-week vacation abroad and brought along a corporate-owned laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN. Which of the following is the MOST likely reason for the user’s inability to connect the laptop to the VPN? (Select TWO)
1. **Due to foreign travel, the user’s laptop was isolated from the network**
2. **The user’s laptop was quarantined because it missed the latest patch update**
3. **The VPN client was blacklisted**
4. **The user’s account was put on a legal hold**
5. **The laptop is still configured to connect to an international mobile network operator**
6. **The user is unable to authenticate because the user is outside of the organization’s mobile geofencing configuration**
1. **Due to foreign travel, the user’s laptop was isolated from the network**
2. **The user’s laptop was quarantined because it missed the latest patch update**
33
721
1. To mitigate the impact of a single VM being compromised by another VM on the same hypervisor, an administrator would like to utilize a technical control to further segregate the traffic. Which of the following solutions would BEST accomplish this objective?
1. **Install a hypervisor firewall to filter east-west traffic**
2. **Add more VLANS to the hypervisor network switches**
3. **More exposed or vulnerable VMs to the DMZ**
4. **Implement a Zero Trust policy and physically segregate the hypervisor servers**
**Install a hypervisor firewall to filter east-west traffic**
34
720
1. Which of the following allows for functional test to be used in new systems for testing and training purposes to protect the real data?
1. **Data encryption**
2. **Data masking**
3. **Data deduplication**
4. **Data minimization**
**Data masking**
35
719
1. When used at the design stage, which of the following improves the efficiency, accuracy, and speed of a database?
1. **Tokenization**
2. **Data masking**
3. **Normalization**
4. **Obfuscation**
**Normalization**
36
718
1. A security administrator is setting up a SIEM to help monitor for notable events across the enterprise. Which of the following control types does this BEST represent?
1. **Preventive**
2. **Compensating**
3. **Corrective**
4. **Detective**
**Detective**
37
717
A company has decided to move its operations to the cloud. It wants to utilize technology that will prevent users from downloading company applications for personal use, restrict data that is uploaded, and have visibility into which applications are being used across the company. Which of the following solutions will BEST meet these requirements**?**
1. **An NGFW**
2. **A CASB**
3. **Application whitelisting**
4. **An NG-SWG**
**An NG-SWG**
38
716
1. Which of the following disaster recovery tests is the LEAST time consuming for the disaster recovery team?
1. **Tabletop**
2. **Parallel**
3. **Full interruption**
4. **Simulation**
**Tabletop**
39
715
1. A security engineer needs to create a network segment that can be used for servers that require connections from untrusted networks. Which of the following should the engineer implement?
1. **An air gap**
2. **A hot site**
3. **A VLAN**
4. **A screened subnet**
**A VLAN**
40
714
1. An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Select TWO)
1. **MAC filtering**
2. **Zero Trust segmentation**
3. **Network access control**
4. **Access control vestibules**
5. **Guards**
6. **Bollards**
**Network access control**
**Guards**
41
713
Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?
1. **DLP**
2. **HIDS**
3. **EDR**
4. **NIPS**
EDR
42
712
1. A security analyst needs to find real-time data on the latest malware and IoC’s. Which of the following BEST describes the solution the analyst should pursue?
1. **Advisories and bulletins**
2. **Threat feeds**
3. **Security news articles**
4. **Peer-reviewed content**
**Threat feeds**
43
711
1. An organization’s corporate offices were destroyed due to a natural disaster, so the organization is now setting up offices in a temporary work space. Which of the following will the organization MOST likely consult?
1. **The business continuity plan**
2. **The risk management plan**
3. **The communications plan**
4. **The incident response plan**
**The business continuity plan**
44
710
A multinational organization that offers web-based services has datacenters that are located only in the United States; however, a large number of its customers are in Australia, Europe, and China. Payments for services are managed by a third party in the United Kingdom that specializes in payment gateways. The management team is concerned the organizations is not compliant with privacy laws that cover some of its customers. Which of the following frameworks should the management team follow**?**
1. **Payment Card Industry Data Security Standard**
2. **Cloud Security Alliance Best Practices**
3. **ISO/IEC 27302 Cybersecurity Guidelines**
4. **General Data Protection Regulation**
**General Data Protection Regulation**
45
709
1. A user’s PC was recently infected by malware. The user has a legacy printer without vendor support, and the user’s OS is full patched. The user downloaded a driver package from the internet. No threats were found on the downloaded file, but during file installation, a malicious runtime threat was detected. Which of the following is the MOST likely cause of the infection?
1. **The driver had malware installed and was refactored upon download to avoid detection**
2. **The user’s computer had a rootkit installed that had avoided detection until the new driver overwrote key files**
3. **The user’s antivirus software definitions were out of date and were damaged by the installation of the driver**
4. **The user’s computer had been infected with a logic bomb set to run when new driver was installed**
1. **The driver had malware installed and was refactored upon download to avoid detection**
46
708
1. A security analyst reports a company policy violation in a case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized downloads are occurring. The analyst also discovers a couple of WAP’s are using the same SSID, but they have non-standard DHCP configurations and on overlapping channel. Which of the following attacks is being conducted?
1. **Evil twin**
2. **Jamming**
3. **DNS poisoning**
4. **Bluesnarfing**
5. **DDoS**
**Evil twin**
47
707
1. A major clothing company recently lost a large amount of proprietary information. The security officer must find a solution to ensure this never happens again. Which of the following is the BEST technical implementation to prevent this from happening again?
1. **Configure DLP solutions**
2. **Disable peer-to-peer sharing**
3. **Enable role-based access controls**
4. **Mandate job rotation**
5. **Implement content filters**
1. **Configure DLP solutions**
48
706
1. An engineer is setting up a VDI environment for a factory location, and the business wants to deploy a low-cost solution to enable users on the shope floor to log in to the VDI environment directly. Which of the following should the engineer select to meet these requirements?
1. **Laptops**
2. **Containers**
3. **Thin clients**
4. **Workstations**
**Thin clients**
49
705
1. Individual endpoint protection usage is causing inconsistent protection because the protection policy has not been uniformly deployed. Which of the following solutions should be implemented to address this issue?
1. **Host-based firewall**
2. **Web-application firewall**
3. **Network firewall**
4. **Trusted Platform Module**
**Network firewall**
50
704
704
While reviewing the wireless router, a systems administrator of a small business determines someone is spoofing the MAC address of an authorized device. Given the table below: Which of the following should be the administrator’s NEXT step to detect if there is a rogue system without impacting availability?
1. **Conduct a ping sweep**
2. **Physically check each system**
3. **Deny internet access to the UNKNOWN hostname**
4. **Apply MAC filtering**
**Physically check each system**
51
703
1. A desktop support technician recently installed a new document-scanning software program on a computer. However, when the end user tried to launch the program, it did not respond. Which of the following is MOST likely the cause**?**
1. **A new firewall rule is needed to access the application**
2. **The system was quarantined for missing software updates**
3. **The software was not added to the application whitelist**
4. **The system was isolated from the network due to infected software**
**The software was not added to the application whitelist**
52
702
1. The following are the logs of a successful attack: Which of the following controls would be BEST to use to prevent such a breach in the future?
1. **Password history**
2. **Account expiration**
3. **Password complexity**
4. **Account lockout**
**Account lockout**
53
701
1. A external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets**.** It is known that the breach started in the DMZ and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will BEST assist with this investigation?
1. **Perform a vulnerability scan to identify the weak spots**
2. **Use a packet analyzer to investigate the NetFlow traffic**
3. **Check the SIEM to review the correlated logs**
4. **Require access to the routers to view current sessions**
**Check the SIEM to review the correlated logs**
54
700
1. A security administrator needs to create a RAID configuration that is focused on high read/write speeds and fault tolerance. It is unlikely that multiple drives will fail simultaneously. Which of the following RAID configurations should the administrator use?
1. **RAID 0**
2. **RAID 1**
3. **RAID 5**
4. **RAID 10**
1. **RAID 1**
55
699
1. A client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager claimed the reports were previously sent via email, but then quickly generated and backdated the reports before submitting them as plain text within the body of a new email message thread. Which of the following actions MOST likely supports an investigation for fraudulent submission?
1. **Establish chain of custody**
2. **Inspect the file metadata**
3. **Reference the data retention policy**
4. **Review the email event logs**
1. **Review the email event logs**
56
698
1. An organization recently discovered that a purchasing officer approved an invoice for an amount that was different than the original purchase order. After further investigation, a security analyst determines that the digital signature for the fraudulent invoice is exactly the same as the digital signature for the correct invoice that had been approved. Which of the following attacks MOST likely explains the behavior?
1. **Birthday**
2. **Rainbow table**
3. **Impersonation**
4. **Whaling**
**Impersonation**
57
697
1. An attack relies on an end user visiting a website the end user would typically visit, however, the site is compromised and users vulnerabilities in the end user’s browser to deploy malicious software. Which of the following types of attacks does this describe?
1. **Smishing**
2. **Whaling**
3. **Watering hole**
4. **Phishing**
**Watering hole**
58
696
While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network switches. Which of the following is the security analyst MOST likely observing?
1. **SNMP traps**
2. **A Telnet session**
3. **An SSH connection**
4. **SFTP traffic**
**A Telnet session**
59
695
1. A company just developed a new web application for a government agency. The application must be assessed and authorized prior to being deployed. Which of the following is required to assess the vulnerabilities resident in the application?
1. **Repository transaction logs**
2. **Common Vulnerabilities and Exposures**
3. **Static code analysis**
4. **Non-credentialed scans**
1. **Static code analysis**
60
694
A large financial services firm recently released information regarding a security breach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file downloaded from a social media site and subsequently installed it without the user’s knowledge. Since the compromise, the attacker was able to take command and control of the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker MOST likely use to gain access?
1. **A bot**
2. **A fileless virus**
3. **A logic bomb**
4. **A RAT**
1. **A fileless virus**
61
693
1. Which of the following is MOST likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented?
1. **An RTO report**
2. **A risk register**
3. **A business impact analysis**
4. **An asset value register**
5. **A disaster recovery plan**
1. **A business impact analysis**
62
692
1. A company wants to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy to implement?
1. **Incremental backups followed by differential backups**
2. **Full backups followed by incremental backups**
3. **Delta backups followed by differential backups**
4. **Incremental backups followed by delta backups**
5. **Full backups followed by differential backups**
1. **Full backups followed by differential backups**
63
691
A security engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses. Which of the following will the engineer MOST likely recommend?
1. **A content filter**
2. **A WAF**
3. **A next-generation firewall**
4. **An IDS**
1. **A next-generation firewall**
64
690
Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build?
1. **Production**
2. **Test**
3. **Staging**
4. **Development**
1. **Development**
65
689
1. A security analyst is hardening a network infrastructure. The analyst is given the following requirements:
* Preserve the use of public IP addresses assigned to equipment on the core router
* Enable “in transport” encryption protection to the web server with the strongest ciphers
Which of the following should the analyst implement to meet these requirements? (Select TWO)
1. **Configure VLANs on the core router**
2. **Configure NAT on the core router**
3. **Configure BGP on the core router**
4. **Enable AES encryption on the web server**
5. **Enable 3DES encryption on the web server**
6. **Enable TLSv2 encryption on the web server**
1. **Configure NAT on the core router**
2. **Enable TLSv2 encryption on the web server**
66
688
1. A Chief Security Officer (CSO) has asked a technician to devise a solution that can detect unauthorized execution privileges from the OS in both executable and data files and can work in conjunction with proxies or UTM. Which of the following would BEST meet the CSO’s requirements?
1. **Fuzzing**
2. **Sandboxing**
3. **Static code analysis**
4. **Code review**
1. **Code review**
67
687.) Which of the following terms should be included in a contract to help a company monitor the ongoing security of a new vendor?
A. A right-to-audit clause allowing for annual security audits
B. Requirements for event logs to be kept for a minimum of 30 days
C. Integration of threat intelligence in the company’s AV
D. A data-breach clause requiring disclosure of significant data loss
A. A right-to-audit clause allowing for annual security audits
68
686.) A company has been experiencing very brief power outages from its utility company over the last few months. These outages only last for one second each time. The utility company is aware of the issue and is working to replace a faulty transformer. Which of the following BEST describes what the company should purchase to ensure its critical servers and network devices stay online?
A. Dual power supplies
B. A UPS
C. A generator
D. A PDU
B. A UPS
69
685.) Which of the following represents a biometric FRR?
A. Authorized users being denied access
B. Users failing to enter the correct PIN
C. The denied and authorized numbers being equal
D. The number of unauthorized users being granted access
A. Authorized users being denied access
70
684.) A security analyst needs to perform periodic vulnerability scans on production systems. Which of the following types would produce the BEST vulnerability scan report?
A. Port
B. Intrusive
C. Host discovery
D. Credentialed
D. Credentialed
71
683.) Which of the following distributes data among nodes, making it more difficult to manipulate the data while also minimizing downtime?
A. MSSP
B. Public cloud
C. Hybrid cloud
D. Fog computing
72
682 A security analyst sees the following log output while reviewing web logs: Which of the following mitigation strategies would be BEST to prevent this attack from being successful?
1. **Secure cookies**
2. **Input validation**
3. **Code signing**
4. **Stored procedures**
**Input validation**
73
681
An organization’s Chief Security Officer (CSO) wants to validate the business’s involvement in the incident response plan to ensure its validity and thoroughness. Which of the following will the CSO MOST likely use?
1. **An external security assessment**
2. **A bug bounty program**
3. **A tabletop exercise**
4. **A red-team engagemen**t
**A tabletop exercise**
74
680
Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company’s final software releases? (Select TWO).
1. **Unsecure protocols**
2. **Use of penetration-testing utilities**
3. **Weak passwords**
4. **Included third-party libraries**
5. **Vendors/supply chain**
6. **Outdated anti-malware softwa**re
1. **Unsecure protocols**
2. **Weak passwords**
75
679
1. A forensics examiner is attempting to dump passwords cached in the physical memory of a live system but keeps receiving an error message. Which of the following BEST describes the cause of the error?
1. **The examiner does not have administrative privileges to the system**
2. **The system must be taken offline before a snapshot can be created**
3. **Checksum mismatches are invalidating the disk image**
4. **The swap file needs to be unlocked before it can be accessed**
1. **The examiner does not have administrative privileges to the system**
76
678
1. An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan, the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them? (Select THREE).
1. **SFTP, FTPS**
2. **SNMPv2, SNMPv3**
3. **HTTP, HTPS**
4. **TFTP, FTP**
5. **SNMPv1, SNMPv2**
6. **Telnet, SSH**
7. **TLS, SSL**
8. **POP, IMAP**
9. **Login, rlogin**
1. **SNMPv2, SNMPv3**
2. **HTTP, HTPS**
3. **Telnet, SSH**
77
677
1. A security analyst is configuring a large number of new company-issued laptops. The analyst received the following requirements:
* The devices will be used internationally by staff who travel extensively
* Occasional personal use is acceptable due to the travel requirements
* Users must be able to install and configure sanctioned programs and productivity suites
* The devices must be encrypted
* The devices must be capable of operating in low-bandwidth environments
Which of the following would provide the GREATEST benefit to the security posture of the devices?
1. **Configuring an always-on VPN**
2. **Implementing application whitelisting**
3. **Requiring web traffic to pass through the on-premises content filter**
4. **Setting the antivirus DAT update schedule to weekly (DAT=Data file)**
**Setting the antivirus DAT update schedule to weekly (DAT=Data file)**
78
676
1. An attacker is trying to gain access by installing malware on a website that is known to be visited by the target victims. Which of the following is the attacker MOST likely attempting?
1. **A spear-phishing attack**
2. **A watering-hole attack**
3. **Typo squatting**
4. **A phishing attack**
1. **A watering-hole attack**
79
675
1. To reduce costs and overhead, an organization wants to move from an on-promises email solution to a cloud-based email solution. At this time, no other services will be moving. Which of the following cloud models would BEST meet the needs of the organization?
1. **MaaS**
2. **IaaS**
3. **SaaS**
4. **PaaS**
**PaaS**
80
674
1. A security analyst is reviewing information regarding recent vulnerabilities. Which of the following will the analyst MOST likely consult to validate which platforms have been affected?
1. **OSINT**
2. **SIEM**
3. **CVSS**
4. **CVE**
**CVE**
81
673
1. A user reports constant lag and performance issues with the wireless network when working at a local coffee shop. A security analyst walks the user through an installation of Wireshark and gets a five-minute pcap to analyze. The analyst observes the following output: Which of the following attacks does the analyst MOST likely see in this packet capture?
1. **Session replay**
2. **Evil twin**
3. **Bluejacking**
4. **ARP poisoning**
**Evil twin**
82
672
Which of the following types of controls is a CCTV camera that is not being monitored?
1. **Detective**
2. **Deterrent**
3. **Physical**
4. **Preventive**
**Detective**
83
671
1. A cybersecurity department purchased a new PAM solution. The team is planning to randomize the service account credentials of the windows servers first. Which of the following would be the BEST method to increase the security on the Linux servers?
1. **Randomize the shared credentials**
2. **Use only guest accounts to connect**
3. **Use SSH keys and remove generic passwords**
4. **Remove all user accounts**
1. **Use SSH keys and remove generic passwords**
84
670
1. A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies?
1. **PCI DSS**
2. **GDPR**
3. **NIST**
4. **ISO 31000**
**GDPR**
85
669
1. An attacker is attempting to exploit users by creating a fake website with the URL..www.validwebsite.com. The attacker’s intent is to imitate the look and feel of a legitimate website to obtain personal information from unsuspecting users. Which of the following social-engineering attacks does this describe?
1. **Information elicitation**
2. **Typo squatting**
3. **Impersonation**
4. **Watering-hole attack**
**Watering-hole attack**
86
668
1. A security analyst is reviewing logs on a server and observes the following output: Which of the following is the security analyst observing?
1. **A rainbow table attack**
2. **A password-spraying attack**
3. **A dictionary attack**
4. **A keylogger attack**
1. **A dictionary attack**
87
667
1. A security analyst is reviewing the output of a web server log and notices a particular account is attempting to transfer large amounts of money: Which of the following types of attack is MOST likely being conducted?
1. **SQLi**
2. **CSRF**
3. **Session replay**
4. **API**
**Session replay**
88
666
1. Which of the following would be BEST to establish between organizations to define the responsibilities of each party, outline the key deliverables, and include monetary penalties for breaches to manage third-party risk?
1. **An ARO**
2. **An MOU**
3. **An SLA**
4. **An BPA**
1. **An SLA**
89
665
1. After consulting with the Chief Risk Officer (CRO), a manager decides to acquire cybersecurity insurance for the company. Which of the following risk management strategies is the manager adopting?
1. **Risk acceptance**
2. **Risk avoidance**
3. **Risk transference**
4. **Risk mitigation**
**Risk transference**
90
664
1. A database administrator needs to ensure all passwords are stored in a secure manner, so the administrator adds randomly generated data to each password before storing. Which of the following techniques BEST explains this action?
1. **Predictability**
2. **Key stretching**
3. **Salting**
4. **Hashing**
1. **Salting**
91
663
1. An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer’s documentation about the internal architecture. Which of the following BEST represents the type of testing that will occur?
1. **Bug bounty**
2. **White-box**
3. **Black-box**
4. **Gray-box**
1. **White-box**
92
662
1. Which of the following often operates in a client-server architecture to act as a service repository, providing enterprise consumers access to structured threat intelligence data?
1. **STIX**
2. **CIRT**
3. **OSINT**
4. **TAXII**
**STIX**
93
661
1. A university is opening a facility in a location where there is an elevated risk of theft. The university wants to protect the desktops in its classrooms and labs. Which of the following should the university use to BEST protect these assets deployed in the facility?
1. **Visitor logs**
2. **Cable locks**
3. **Guards**
4. **Disk encryption**
5. **Motion detection**
**Cable locks**
94
660
1. An engineer wants to access sensitive data from a corporate-owned mobile device. Personal data is not allowed on the device. Which of the following MDM configurations must be considered when the engineer travels for business?
1. **Screen locks**
2. **Application management**
3. **Geofencing**
4. **Containerization**
**Geofencing**
95
659
A worldwide manufacturing company has been experiencing email account compromises. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would BEST prevent this type of attack?
1. **Network location**
2. **Impossible travel time**
3. **Geolocation**
4. **Geofencing**
1. **Geolocation**
96
658
1. A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet. Which of the following should the analyst implement to authentication the entire packet?
1. **AH**
2. **ESP**
3. **SRTP**
4. **LDAP**
**ESP**
97
657
1. A company has decided to move its operations to the cloud. It wants to utilize technology that will prevent users from downloading company applications for personal use, restrict data that is uploaded, and have visibility into which applications are being used across the company. Which of the following solutions will BEST meet these requirements?
1. **An NGFW**
2. **A CASB**
3. **Application whitelisting**
4. **An NG-SWG**
**A CASB**
98
656
1. A customer called a company’s security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation into the matter reveals the following:
* The manager of the accounts payable department is using the same password across multiple external websites and the corporate account
* One of the websites the manager used recently experienced a data breach
* The manager’s corporate email account was successfully accessed in the last five days by an IP address located in a foreign country
Which of the following attacks has MOST likely been used to compromise the manager’s corporate account?
1. **Remote access Trojan**
2. **Brute-force**
3. **Dictionary**
4. **Credential stuffing**
5. **Password spraying**
**Credential stuffing**
99
655
1. A network administrator has been asked to design a solution to improve a company’s security posture. The administrator is given the following requirements:
* The solution must be inline in the network
* The solution must be able to block known malicious traffic
* The solution must be able to stop network-based attacks
Which of the following should the network administrator implement to BEST meet these requirements?
1. **HIDS**
2. **NIDS**
3. **HIPS**
4. **NIPS**
**NIPS**
100
654
1. A external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the DMZ and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will BEST assist with this investigation?
1. **Perform a vulnerability scan to identify the weak spots**
2. **Use a packet analyzer to investigate the NetFlow traffic**
3. **Check the SIEM to review the correlated logs**
4. **Require access to the routers to view current sessions**
**Check the SIEM to review the correlated logs**
101
653
1. When used at the design stage, which of the following improves the efficiency, accuracy, and speed of a database?
1. **Tokenization**
2. **Data masking**
3. **Normalization**
4. **Obfuscation**
1. **Normalization**
102
652
An organization blocks user access to command-line interpreters, but hackers still managed to invoke interpreters using native administrative tools. Which of the following should the security team do to prevent this from happening in the future?
1. **Implement HIPS to block inbound and outbound SMB ports 139 and 445**
2. **Trigger s SIEM alert whenever the native OS tools are executed by the user**
3. **Disable the built-in OS utilities as long as they are not needed for functionality**
4. **Configure the AV to quarantine the native OS tools whenever they are executed**
**Disable the built-in OS utilities as long as they are not needed for functionality**
103
651
1. Which of the following environments minimizes end-user disruption and is MOST likely to be used to assess the impacts of any database migrations or major system changes by using the final version of the code?
1. **Staging**
2. **Test**
3. **Production**
4. **Development**
**Staging**
104
650
1. A company has determined that if its computer-based manufacturing machinery is not functioning for 12 consecutive hours, it will lose more money than it costs to maintain the equipment. Which of the following must be less than 12 hours to maintain a positive total cost of ownership?
1. **MTBF**
2. **RPO**
3. **RTO**
4. **MTTR**
**MTTR**
