ExamT 6

Question 1

A security analyst has received an alert about PII being sent via email. The analyst's Chief Information Security Officer (CISO) has made it clear that PII must be handled with extreme care. From which of the following did the alert MOST likely originate?
A. S/MIME
B. DLP
C. IMAP
D. HIDS

Answer 1

B. DLP

Question 2

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developerג€™s documentation about the internal architecture. Which of the following BEST represents the type of testing that will occur?
A. Bug bounty
B. White-box
C. Black-box
D. Gray-box

Answer 2

B. White-box - Know environment

Question 3

A security engineer has enabled two-factor authentication on all workstations. Which of the following approaches are the MOST secure? (Choose two.)
A. Password and security question
B. Password and CAPTCHA
C. Password and smart card
D. Password and fingerprint
E. Password and one-time token
F. Password and voice

Answer 3

C. Password and smart card

D. Password and fingerprint

Question 4

A security analyst needs to determine how an attacker was able to use User3 to gain a foothold within a companyג€™s network. The companyג€™s lockout policy requires that an account be locked out for a minimum of 15 minutes after three unsuccessful attempts. While reviewing the log files, the analyst discovers the following:

Which of the following attacks MOST likely occurred?
A. Dictionary
B. Credential-stuffing
C. Password-spraying
D. Brute-force

Answer 4

D. Brute-force

Question 5

Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?
A. DLP
B. HIDS
C. EDR
D. NIPS

Answer 5

C. EDR

Question 6

A Chief Information Security Officer (CISO) is concerned about the organizationג€™s ability to continue business operations in the event of a prolonged DDoS attack on its local datacenter that consumes database resources. Which of the following will the CISO MOST likely recommend to mitigate this risk?
A. Upgrade the bandwidth available into the datacenter.
B. Implement a hot-site failover location.
C. Switch to a complete SaaS offering to customers.
D. Implement a challenge response test on all end-user queries.

Answer 6

B. Implement a hot-site failover location.

Question 7

A local coffee shop runs a small WiFi hotspot for its customers that utilizes WPA2-PSK. The coffee shop would like to stay current with security trends and wants to implement WPA3 to make its WiFi even more secure. Which of the following technologies will the coffee shop MOST likely use in place of PSK?
A. WEP
B. MSCHAP
C. WPS
D. SAE

Answer 7

D. SAE

Simultaneous Authentication of Equals

Question 8

A company is designing the layout of a new datacenter so it will have an optimal environmental temperature. Which of the following must be included? (Choose two.)
A. An air gap
B. A cold aisle
C. Removable doors
D. A hot aisle
E. An IoT thermostat
F. A humidity monitor

Answer 8

B. A cold aisle

D. A hot aisle

Question 9

Which of the following will MOST likely cause machine learning and AI-enabled systems to operate with unintended consequences?
A. Stored procedures
B. Buffer overflows
C. Data bias
D. Code reuse

Answer 9

C. Data bias

Question 10

The process of passively gathering information prior to launching a cyberattack is called:
A. tailgating.
B. reconnaissance.
C. pharming.
D. prepending.

Answer 10

B. reconnaissance.

Question 11

During a routine scan of a wireless segment at a retail company, a security administrator discovers several devices are connected to the network that do not match the companyג€™s naming convention and are not in the asset inventory. WiFi access is protected with 256-bit encryption via WPA2. Physical access to the companyג€™s facility requires two-factor authentication using a badge and a passcode. Which of the following should the administrator implement to find and remediate the issue? (Choose two.)
A. Check the SIEM for failed logins to the LDAP directory.
B. Enable MAC filtering on the switches that support the wireless network.
C. Run a vulnerability scan on all the devices in the wireless network.
D. Deploy multifactor authentication for access to the wireless network.
E. Scan the wireless network for rogue access points.
F. Deploy a honeypot on the network.

Answer 11

B. Enable MAC filtering on the switches that support the wireless network.
E. Scan the wireless network for rogue access points.

Question 12

An organization has various applications that contain sensitive data hosted in the cloud. The companyג€™s leaders are concerned about lateral movement across applications of different trust levels. Which of the following solutions should the organization implement to address the concern?
A. ISFW
B. UTM
C. SWG
D. CASB

Answer 12

D. CASB

Question 13

A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked. Which of the following would BEST meet these requirements?
A. RA
B. OCSP
C. CRL
D. CSR

Answer 13

C. CRL

Certificate Revocation List

Question 14

A small retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing. The business owner now needs to ensure two things:
✑ Protection from power outages
✑ Always-available connectivity in case of an outage
The owner has decided to implement battery backups for the computer equipment. Which of the following would BEST fulfill the ownerג€™s second need?
A. Lease a point-to-point circuit to provide dedicated access.
B. Connect the business router to its own dedicated UPS.
C. Purchase services from a cloud provider for high availability.
D. Replace the businessג€™s wired network with a wireless network.

Answer 14

C. Purchase services from a cloud provider for high availability.

Question 15

A user reports constant lag and performance issues with the wireless network when working at a local coffee shop. A security analyst walks the user through an installation of Wireshark and gets a five-minute pcap to analyze. The analyst observes the following output:

Which of the following attacks does the analyst MOST likely see in this packet capture?
A. Session replay
B. Evil twin
C. Bluejacking
D. ARP poisoning

Answer 15

B. Evil twin

Question 16

Which of the following would be BEST to establish between organizations to define the responsibilities of each party, outline the key deliverables, and include monetary penalties for breaches to manage third-party risk?
A. An ARO
B. An MOU
C. An SLA
D. A BPA

Answer 16

C. An SLA

Question 17

Users at an organization have been installing programs from the Internet on their workstations without first receiving proper authorization. The organization maintains a portal from which users can install standardized programs. However, some users have administrative access on their workstations to enable legacy programs to function properly. Which of the following should the security administrator consider implementing to address this issue?
A. Application code signing
B. Application whitelisting
C. Data loss prevention
D. Web application firewalls

Answer 17

B. Application whitelisting

Question 18

A security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their devices, the following requirements must be met:
✑ Mobile device OSs must be patched up to the latest release.
✑ A screen lock must be enabled (passcode or biometric).
✑ Corporate data must be removed if the device is reported lost or stolen.
Which of the following controls should the security engineer configure? (Choose two.)
A. Containerization
B. Storage segmentation
C. Posturing
D. Remote wipe
E. Full-device encryption
F. Geofencing

Answer 18

D. Remote wipe

E. Full-device encryption

Question 19

The facilities supervisor for a government agency is concerned about unauthorized access to environmental systems in the event the staff WiFi network is breached. Which of the following would BEST address this security concern?
A. Install a smart meter on the staff WiFi.
B. Place the environmental systems in the same DHCP scope as the staff WiFi.
C. Implement Zigbee on the staff WiFi access points.
D. Segment the staff WiFi network from the environmental systems network.

Answer 19

D. Segment the staff WiFi network from the environmental systems network.

Question 20

A security analyst is reviewing information regarding recent vulnerabilities. Which of the following will the analyst MOST likely consult to validate which platforms have been affected?
A. OSINT
B. SIEM
C. CVSS
D. CVE

Answer 20

D. CVE

Question 21

A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks. Which of the following methods would BEST prevent the exfiltration of data? (Choose two.)
A. VPN
B. Drive encryption
C. Network firewall
D. File-level encryption
E. USB blocker
F. MFA

Answer 21

B. Drive encryption

E. USB blocker