Multiple Choice 3

Question 1

Which of the following would be the BEST method for creating a detailed diagram of wireless
access points and hotspots?

Answer 1

Footprinting

Footprinting is an ethical hacking technique used to gather as much data as possible about a specific targeted computer system, an infrastructure and networks to identify opportunities to penetrate them.

Question 2

Which of the following will MOST likely adversely impact the operations of unpatched traditional

programmable-logic controllers, running a back-end LAMP server and OT systems with human-
management interfaces that are accessible over the Internet via a web interface? (Choose two.)

Answer 2

Weak encryption & Server-side request forgery

Question 3

A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or
damaged corporate-owned mobile devices. Which of the following technologies would be BEST
to balance the BYOD culture while also protecting the company’s data?

Answer 3

Containerization

You cannot run a Full Disk Encryption on a Staff’s Device. Rather you place the official
application in a container.

Question 4

A Chief Security Office’s (CSO’s) key priorities are to improve preparation, response, and
recovery practices to minimize system downtime and enhance organizational resilience to
ransomware attacks. Which of the following would BEST meet the CSO’s objectives?

Answer 4

Implement application whitelisting and centralized event-log management, and perform regular
testing and validation of full backups.

Question 5

A network engineer has been asked to investigate why several wireless barcode scanners and
wireless computers in a warehouse have intermittent connectivity to the shipping server. The
barcode scanners and computers are all on forklift trucks and move around the warehouse during
their regular use. Which of the following should the engineer do to determine the issue? (Choose
two.)

Answer 5

Perform a site survey & Create a heat map

Heat map; a graphical representation of cyber risk data

Question 6

A security administrator suspects an employee has been emailing proprietary information to a
competitor. Company policy requires the administrator to capture an exact copy of the
employee’s hard disk. Which of the following should the administrator use?

Answer 6

dd

duplicate disk/data dump show sources

DD file is a disk image file and replica of a hard disk drive

Question 7

Which of the following is MOST likely to outline the roles and responsibilities of data controllers
and data processors?

Answer 7

GDPR

Question 8

Phishing and spear-phishing attacks have been occurring more frequently against a company’s
staff. Which of the following would MOST likely help mitigate this issue?

Answer 8

Exact mail exchanger records in the DNS

A Mail Exchanger record (MX record) is a type of resource record in the Domain Name System that specifies a mail server responsible for accepting email messages on behalf of a recipient’s domain

Question 9

On which of the following is the live acquisition of data for forensic analysis MOST dependent?
(Choose two.)

Answer 9

Value and volatility of data & Right-to-audit clauses

Data volatility measures how quickly data disappears from a system

A right to audit clause entitles your organization to review your vendor’s work product and reporting

Question 10

Which of the following incident response steps involves actions to protect critical systems while
maintaining business operations?

Answer 10

Containment

Question 11

A security auditor is reviewing vulnerability scan data provided by an internal security team.
Which of the following BEST indicates that valid credentials were used?

Answer 11

The scan enumerated software versions of installed programs

Enumeration is defined as a process which establishes an active connection to the target hosts to discover potential attack vectors in the system

Question 12

Which of the following BEST explains the difference between a data owner and a data custodian?

Answer 12

The data owner is responsible for determining how the data may be used, while the data
custodian is responsible for implementing the protection to the data

Question 13

A network engineer needs to build a solution that will allow guests at the company’s headquarters
to access the Internet via WiFi. This solution should not allow access to the internal corporate
network, but it should require guests to sign off on the acceptable use policy before accessing the
Internet. Which of the following should the engineer employ to meet these requirements?

Answer 13

Install a captive portal

A captive portal is a Web page that the user of a public-access network is obliged to view and interact with before access is granted

Question 14

An organization with a low tolerance for user inconvenience wants to protect laptop hard drives
against loss or data theft. Which of the following would be the MOST acceptable?

Answer 14

SED

Self-Encrypting Devices

Question 15

A security analyst receives a SIEM alert that someone logged in to the appadmin test account,
which is only used for the early detection of attacks. The security analyst then reviews the
following application log:
Which of the following can the security analyst conclude?

(SIEM) Security Information and Event Management

Answer 15

An injection attack is being conducted against a user authentication system.

An injection flaw is a vulnerability which allows an attacker to relay malicious code through an application to another system

Question 16

An organization needs to implement more stringent controls over administrator/root credentials
and service accounts. Requirements for the project include:
- Check-in/checkout of credentials
- The ability to use but not know the password
- Automated password changes
- Logging of access to credentials
Which of the following solutions would meet the requirements?

Answer 16

A privileged access management system

Question 17

The IT department’s on-site developer has been with the team for many years. Each time an
application is released, the security team is able to identify multiple vulnerabilities. Which of the
following would BEST help the team ensure the application is ready to be released to production?

Answer 17

Submit the application to QA before releasing it.

Quality Assurance

Quality assurance teams work to fill the gaps to minimize risks to the end quality of the product or user experience.

Question 18

A cybersecurity analyst needs to implement secure authentication to third-party websites without
users’ passwords. Which of the following would be the BEST way to achieve this objective?

Answer 18

SAML

Security Assertion Markup Language

is an open federation standard that allows an identity provider (IdP) to authenticate users and then pass an authentication token to another application known as a service provider (SP).

Question 19

An analyst needs to identify the applications a user was running and the files that were open
before the user’s computer was shut off by holding down the power button. Which of the following
would MOST likely contain that information?

Answer 19

Pagefile

In storage, a pagefile is a reserved portion of a hard disk that is used as an extension of random access memory (RAM) for data in RAM that hasn’t been used recently.

Question 20

A remote user recently took a two-week vacation abroad and brought along a corporate-owned
laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN.
Which of the following is the MOST likely reason for the user’s inability to connect the laptop to
the VPN?

Answer 20

Due to foreign travel, the user’s laptop was isolated from the network.