Practise Questions Flashcards by Thomas Davis

Which security concept is accomplished when granting access after an individual has logged into a computer network.

A. Authorization
B. Identification
C. Non-repudiation
D. Authentication

Authorisation

How well did you know this?

Not at all

Perfectly

A systems administrator is concerned users are accessing emails through a duplicate site that is not run by the company. Which of the following is used in this scenario?

A. Impersonation
B. Replication
C. Phishing
D. Smishing

Phishing

How well did you know this?

Not at all

Perfectly

Employees sign an agreement that restricts specific activities when leaving the company. Violating the agreement can result in legal consequences. Which of the following agreements does this best describe?

A. SLA
B. BPA
C. NDA
D. MOA

NDA

How well did you know this?

Not at all

Perfectly

A company is considering an expansion of access controls for an application that contractors and internal employees use to reduce costs. Which of the following risk elements should the implementation team understand before granting access to the application?

A. Threshold
B. Appetite
C. Avoidance
D. Register

Appetite

How well did you know this?

Not at all

Perfectly

To which of the following security categories does an EDR solution belong?

A. Physical
B. Operational
C. Managerial
D. Technical

Technical

How well did you know this?

Not at all

Perfectly

An organization has a new regulatory requirement to implement corrective controls on a financial system. Which of the following is the most likely reason for the new requirement?

A. To defend against insider threats altering banking details
B. To ensure that errors are not passed to other systems
C. To allow for business insurance to be purchased
D. To prevent unauthorised changes to financial data

B. To ensure that errors are not passed to other systems

How well did you know this?

Not at all

Perfectly

Which of the following is the stage in an investigating when forensic images are obtained?

A. Acquisition
B. Preservation
C. Reporting
D. E-discovery

A. Acquistion

How well did you know this?

Not at all

Perfectly

A Chief Information Security Officer (CISO) has developed information security policies that relate to the software development methodology. Which of the following would the CISO most likely include in the organization’s documentation?

A. Peer review requirements
B. Multifactor authentication
C. Branch protection tests
D. Secrets management configurations

A. Peer review requirements

How well did you know this?

Not at all

Perfectly

RAT

Remote Access Trojan

How well did you know this?

Not at all

Perfectly

ATTACK: RAT

DEFENCE: Implement a host based IPS

How well did you know this?

Not at all

Perfectly

A company discovers suspicious transactions that were entered into the company’s database and attached to a user account that was created as a trap for malicious activity. Which of the following is the user account an example of?

A. Honeytoken
B. Honeynet
C. Honeypot
D. Honeyfile

A. Honeytoken

How well did you know this?

Not at all

Perfectly

An analyst is reviewing job postings to ensure sensitive company information is not being shared with the general public. Which of the following is the analyst most likely looking for?

A. Office addresses
B. Software versions
C. List of board members
D. Government identification numbers

Software Versions

How well did you know this?

Not at all

Perfectly

A security team is in the process of hardening the network against externally crafted malicious packets. Which of the following is the most secure method to protect the internal network?

A. Anti-malware solutions
B. Host-based firewalls
C. Intrusion prevention systems
D. Network access control
E. Network allow list

Intrusion Prevention Systems

How well did you know this?

Not at all

Perfectly

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

A. Application
B. IPS/IDS
C. Network
D. Endpoint

Endpoint

How well did you know this?

Not at all

Perfectly

A security administrator would like to protect data on employees’ laptops. Which of the following encryption techniques should the security administrator use?

A. Partition
B. Asymmetric
C. Full disk
D. Database

Full Disk

How well did you know this?

Not at all

Perfectly

Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

A. Risk tolerance
B. Risk transfer
C. Risk register
D. Risk analysis

Risk Register

How well did you know this?

Not at all

Perfectly

Which of the following enables the use of an input field to run commands that can view or manipulate data?

A. Cross-site scripting
B. Side loading
C. Buffer overflow
D. SQL injection

SQL Injection

How well did you know this?

Not at all

Perfectly

A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?

A. MSA
B. SLA
C. BPA
D. SOW

SOW

How well did you know this?

Not at all

Perfectly

Which of the following should a security team do first before a new web server goes live?

A. Harden the virtual host.
B. Create WAF rules.
C. Enable network intrusion detection.
D. Apply patch management.

Harden the virtual host.

How well did you know this?

Not at all

Perfectly

A company discovered its data was advertised for sale on the dark web. During the initial investigation, the company determined the data was proprietary data. Which of the following is the next step the company should take?

A. Identify the attacker’s entry methods.
B. Report the breach to the local authorities.
C. Notify the applicable parties of the breach.
D. Implement vulnerability scanning of the company’s systems.

Notify the applicable parties of the breach.

How well did you know this?

Not at all

Perfectly

Which of the following types of vulnerabilities is primarily caused by improper use and management of cryptographic certificates?

A. Misconfiguration
B. Resource reuse
C. Insecure key storage
D. Weak cipher suites

Insecure key storage

How well did you know this?

Not at all

Perfectly

A user’s workstation becomes unresponsive and displays a ransom note demanding payment to decrypt files. Before the attack, the user opened a resume they received in a message, browsed the company’s website, and installed OS updates. Which of the following is the most likely vector of this attack?

A. Spear-phishing attachment
B. Watering hole
C. Infected website
D. Typosquatting

Spear-phishing attachment

How well did you know this?

Not at all

Perfectly

Which of the following describes the category of data that is most impacted when it is lost?

A. Confidential
B. Public
C. Private
D. Critical

Confidential

How well did you know this?

Not at all

Perfectly

A new employee logs in to the email system for the first time and notices a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company. Which of the following attack vectors is most likely being used?

A. Business email
B. Social engineering
C. Unsecured network
D. Default credentials

Social Engineering

How well did you know this?

Not at all

Perfectly

Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program? A. Reporting structure for the data privacy officer B. Request process for data subject access C. Role as controller or processor D. Physical location of the company

Role as controller or processor

A security team is setting up a new environment for hosting the organization's on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices? A. Virtualization and isolation of resources B. Network segmentation C. Data encryption D. Strong authentication policies

Virtualisation and isolation of resources

An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do? A. Deploy multifactor authentication. B. Decrease the level of the web filter settings. C. Implement security awareness training. D. Update the acceptable use policy.

Implement Security Awareness Training

An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks? A. ACL B. DLP C. IDS D. IPS

IPS

Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up? A. Remote access points should fail closed. B. Logging controls should fail open. C. Safety controls should fail open. D. Logical security controls should fail closed.

Safety Controls Should Fail Open,

Which of the following would be best suited for constantly changing environments? A. RTOS B. Containers C. Embedded systems D. SCADA

Containers

An accounting clerk sent money to an attacker's bank account after receiving fraudulent instructions to use a new account. Which of the following would most likely prevent this activity in the future? A. Standardizing security incident reporting B. Executing regular phishing campaigns C. Implementing insider threat detection measures D. Updating processes for sending wire transfers

Updating processes for sending wire transfers

A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task? A. Off-the-shelf software B. Orchestration C. Baseline D. Policy enforcement

Orchestration

Which of the following involves an attempt to take advantage of database misconfigurations? A. Buffer overflow B. SQL injection C. VM escape D. Memory injection

SQL Injection

Which of the following is used to validate a certificate when it is presented to a user? A. OCSP B. CSR C. CA D. CRC

OCSP Online Status Certification Protocol

Which of the following should an internal auditor check for first when conducting an audit of the organization’s risk management program? A. Policies and procedures B. Asset management C. Vulnerability assessment D. Business impact analysis

Policies and Procedures

Which of the following activities are associated with vulnerability management? (Choose two.) A. Reporting B. Prioritization C. Exploiting D. Correlation E. Containment F. Tabletop exercise

Reporting Prioritisation

A systems administrator is concerned about vulnerabilities within cloud computing instances. Which of the following is most important for the administrator to consider when architecting a cloud computing environment? A. SQL injection B. TOC/TOU C. VM escape D. Tokenization E. Password spraying

VM Escape

A database administrator is updating the company’s SQL database, which stores credit card information for pending purchases. Which of the following is the best method to secure the data against a potential breach? A. Hashing B. Obfuscation C. Tokenization D. Masking

Tokenization

Which of the following tasks is typically included in the BIA process? A. Estimating the recovery time of systems B. Identifying the communication strategy C. Evaluating the risk management plan D. Establishing the backup and recovery procedures E. Developing the incident response plan

Estimating the recovery time of systems

Which of the following is a risk of conducting a vulnerability assessment? A. A disruption of business operations B. Unauthorized access to the system C. Reports of false positives D. Finding security gaps in the system

A disruption of business operations

Which of the following techniques would attract the attention of a malicious attacker in an insider threat scenario? A. Creating a false text file in /docs/salaries B. Setting weak passwords in /etc/shadow C. Scheduling vulnerable jobs in /etc/crontab D. Adding a fake account to /etc/passwd

Creating a text file in /doc/salaries

An organization maintains intellectual property that it wants to protect. Which of the following concepts would be most beneficial to add to the company’s security awareness training program? A. Insider threat detection B. Simulated threats C. Phishing awareness D. Business continuity planning

Insider threat detection

An organization plans to expand its operations internationally and needs to keep data at the new location secure. The organization wants to use the most secure architecture model possible. Which of the following models offers the highest level of security? A. Cloud-based B. Peer-to-peer C. On-premises D. Hybrid

On-premise

Which of the following should an organization use to protect its environment from external attacks conducted by an unauthorized hacker? A. ACL B. IDS C. HIDS D. NIPS

NIPS Network Intrusion Prevention System

Which of the following architectures is most suitable to provide redundancy for critical business processes? A. Network-enabled B. Server-side C. Cloud-native D. Multitenant

Cloud Native

An organization issued new laptops to all employees and wants to provide web filtering both in and out of the office without configuring additional access to the network. Which of the following types of web filtering should a systems administrator configure? A. Agent-based B. Centralized proxy C. URL scanning D. Content categorization

Agent-based

Which of the following provides the best protection against unwanted or insecure communications to and from a device? A. System hardening B. Host-based firewall C. Intrusion detection system D. Anti-malware software

Host-based Firewall

A company plans to secure its systems by: * Preventing users from sending sensitive data over corporate email * Restricting access to potentially harmful websites Which of the following features should the company set up? (Choose two.) A. DLP software B. DNS filtering C. File integrity monitoring D. Stateful firewall E. Guardrails F. Antivirus signatures

DLP Software DNS Filtering

Which of the following definitions best describes the concept of log correlation? A. Combining relevant logs from multiple sources into one location B. Searching and processing data to identify patterns of malicious activity C. Making a record of the events that occur in the system D. Analyzing the log files of the system components

Searching and processing data to identify patterns of malicious activity

The internal audit team determines a software application is no longer in scope for external reporting requirements. Which of the following will confirm that the application is no longer applicable? A. Data inventory and retention B. Right to be forgotten C. Due care and due diligence D. Acknowledgement and attestation

Data inventory and retention

Which of the following are the first steps an analyst should perform when developing a heat map? (Choose two.) A. Methodically walk around the office noting Wi-Fi signal strength. B. Log in to each access point and check the settings. C. Create or obtain a layout of the office. D. Measure cable lengths between access points. E. Review access logs to determine the most active devices. F. Remove possible impediments to radio transmissions.

Methodically walk around the office noticing Wi-Fi signal strength Create or obtain a layout of the office

An organization designs an inbound firewall with a fail-open configuration while implementing a website. Which of the following would the organization consider to be the highest priority? A. Confidentiality B. Non-repudiation C. Availability D. Integrity

Availability

A security analyst needs to improve the company’s authentication policy following a password audit. Which of the following should be included in the policy? (Choose two.) A. Length B. Complexity C. Least privilege D. Something you have E. Security keys F. Biometrics

Length Complexity

Which of the following is an example of a treatment strategy for a continuous risk? A. Email gateway to block phishing attempts B. Background checks for new employees C. Dual control requirements for wire transfers D. Branch protection as part of the CI/CD pipeline

Branch protection as part of the CI/CD pipeline

An organization wants to deploy software in a container environment to increase security. Which of the following would limit the organization's ability to achieve this goal? A. Regulatory compliance B. Patch availability C. Kernel version D. Monolithic code

Monolithic code

After a series of account compromises and credential misuse, a company hires a security manager to develop a security program. Which of the following steps should the security manager take first to increase security awareness? A. Evaluate tools that identify risky behavior and distribute reports on the findings. B. Send quarterly newsletters that explain the importance of password management. C. Develop phishing campaigns and notify the management team of any successes. D. Update policies and handbooks to ensure all employees are informed of the new procedures.

Update policies and handbooks to ensure all employees are informed of the new procedures.

A company has yearly engagements with a service provider. The general terms and conditions are the same for all engagements. The company wants to simplify the process and revisit the general terms every three years. Which of the following documents would provide the best way to set the general terms? A. MSA B. NDA C. MOU D. SLA

MSA

As part of new compliance audit requirements, multiple servers need to be segmented on different networks and should be reachable only from authorized internal systems. Which of the following would meet the requirements? A. Configure firewall rules to block external access to Internal resources. B. Set up a WAP to allow internal access from public networks. C. Implement a new IPSec tunnel from internal resources. D. Deploy an internal jump server to access resources.

Configure firewall rules to block external access to internal resources

Which of the following activities should be performed first to compile a list of vulnerabilities in an environment? A. Automated scanning B. Penetration testing C. Threat hunting D. Log aggregation E. Adversarial emulation

Automated Scanning

Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed? A. A full inventory of all hardware and software B. Documentation of system classifications C. A list of system owners and their departments D. Third-party risk assessment documentation

A full inventory of all hardware and software.

While updating the security awareness training, a security analyst wants to address issues created if vendors' email accounts are compromised. Which of the following recommendations should the security analyst include in the training? A. Refrain from clicking on images included in emails from new vendors B. Delete emails from unknown service provider partners. C. Require that invoices be sent as attachments D. Be alert to unexpected requests from familiar email addresses

Be alert to unexpected requests from familiar email addresses

The number of tickets the help desk has been receiving has increased recently due to numerous false-positive phishing reports. Which of the following would be best to help to reduce the false positives? A. Performing more phishing simulation campaigns B. Improving security awareness training C. Hiring more help desk staff D. Implementing an incident reporting web page

Improving security awareness training.

Which of the following actions best addresses a vulnerability found on a company's web server? A. Patching B. Segmentation C. Decommissioning D. Monitoring

patching

A company is changing its mobile device policy. The company has the following requirements: * Company-owned devices * Ability to harden the devices * Reduced security risk * Compatibility with company resources Which of the following would best meet these requirements? A. BYOD B. CYOD C. COPE D. COBO

COBO Company Owned Business Only

A penetration test identifies that an SMBv1 is enabled on multiple servers across an organization. The organization wants to remediate this vulnerability in the most efficient way possible. Which of the following should the organization use for this purpose? A. GPO B. ACL C. SFTP D. DLP

GPO

Which of the following best ensures minimal downtime and data loss for organizations with critical computing equipment located in earthquake-prone areas? A. Generators and UPS B. Off-site replication C. Redundant cold sites D. High availability networking

Off-site Replication

A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider? A. Geographic dispersion B. Platform diversity C. Hot site D. Load balancing

Geographic Dispersion

A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture? A. Patch availability B. Product software compatibility C. Ease of recovery D. Cost of replacement

Patch Availability

Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts? A. Impact analysis B. Scheduled downtime C. Backout plan D. Change management boards

Scheduled Downtime

A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format. Which of the following should the administrator apply to the site recovery resource group? A. RBAC B. ACL C. SAML D. GPO

RBAC Role Based Access Control

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Choose two.) A. Federation B. Identity proofing C. Password complexity D. Default password changes E. Password manager F. Open authentication

Federation Password Complexity

Which of the following is the best reason an organization should enforce a data classification policy to help protect its most sensitive information? A. End users will be required to consider the classification of data that can be used in documents. B. The policy will result in the creation of access levels for each level of classification. C. The organization will have the ability to create security requirements based on classification levels. D. Security analysts will be able to see the classification of data within a document before opening it.

The organization will have the ability to create security requirements based on classification levels.

A security administrator is performing an audit on a stand-alone UNIX server, and the following message is immediately displayed: (Error 13): /etc/shadow: Permission denied. Which of the following best describes the type of tool that is being used? A. Pass-the-hash monitor B. File integrity monitor C. Forensic analysis D. Password cracker

Password Cracker

Which of the following types of vulnerabilities is primarily caused by improper use and management of cryptographic certificates? A. Misconfiguration B. Resource reuse C. Insecure key storage D. Weak cipher suites

Insecure key storage

Which of the following best describe the benefits of a microservices architecture when compared to a monolithic architecture? (Choose two.) A. Easier debugging of the system B. Reduced cost of ownership of the system C. Improved scalability of the system D. Increased compartmentalization of the system E. Stronger authentication of the system F. Reduced complexity of the system

Increased compartmentalization of the system Improved scalability of the system

Which of the following must be considered when designing a high-availability network? (Choose two). A. Ease of recovery B. Ability to patch C. Physical isolation D. Responsiveness E. Attack surface F. Extensible authentication

Ease of Recovery Responsiveness

Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment? A. Fines B. Audit findings C. Sanctions D. Reputation damage

Audit Findings

While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue? A. Documenting the new policy in a change request and submitting the request to change management B. Testing the policy in a non-production environment before enabling the policy in the production network C. Disabling any intrusion prevention signatures on the “deny any” policy prior to enabling the new policy D. Including an “allow any” policy above the “deny any” policy

Testing the policy in a non-production environment before enabling the policy in the production network

A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data? A. Private B. Critical C. Sensitive D. Public

Sensitive

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process? A. Analysis B. Lessons learned C. Detection D. Containment

Analysis

A security practitioner completes a vulnerability assessment on a company’s network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next? A. Conduct an audit. B. Initiate a penetration test. C. Rescan the network. D. Submit a report.

Rescan the network

Which of the following is the best way to securely store an encryption key for a data set in a manner that allows multiple entities to access the key when needed? A. Public key infrastructure B. Open public ledger C. Public key encryption D. Key escrow

Key Escrow

A company is developing a critical system for the government and storing project information on a fileshare. Which of the following describes how this data will most likely be classified? (Choose two.) A. Private B. Confidential C. Public D. Operational E. Urgent F. Restricted

Confidential Restricted

Executives at a company are concerned about employees accessing systems and information about sensitive company projects unrelated to the employees’ normal job duties. Which of the following enterprise security capabilities will the security team most likely deploy to detect that activity? A. UBA B. EDR C. NAC D. DLP

UBA User Behaviour Analysis

A university employee logged on to the academic server and attempted to guess the system administrators’ log-in credentials. Which of the following security measures should the university have implemented to detect the employee’s attempts to gain access to the administrators’ accounts? A. Two-factor authentication B. Firewall C. Intrusion prevention system D. User activity logs

User Activity Logs

An employee emailed a new systems administrator a malicious web link and convinced the administrator to change the email server’s password. The employee used this access to remove the mailboxes of key personnel. Which of the following security awareness concepts would help prevent this threat in the future? A. Recognizing phishing B. Providing situational awareness training C. Using password management D. Reviewing email policies

Recognizing phishing

A group of developers has a shared backup account to access the source code repository. Which of the following is best way to secure the backup account if there is an SSO failure? A. RAS B. EAP C. SAML D. PAM

PAM

Which of the following can be used to compromise a system that is running an RTOS? A. Cross-site scripting B. Memory injection C. Replay attack D. Ransomware

Memory Injection

Which of the following is a compensating control for providing user access to a high-risk website? A. Enabling threat prevention features on the firewall B. Configuring a SIEM tool to capture all web traffic C. Setting firewall rules to allow traffic from any port to that destination D. Blocking that website on the endpoint protection software

Enabling threat prevention features on the firewall

A security administrator observed the following in a web server log while investigating an incident: "GET ../../../../etc/passwd" Which of the following attacks did the security administrator most likely see? A. Privilege escalation B. Credential replay C. Brute force D. Directory traversal

Directory Traversal

An organization is developing a security program that conveys the responsibilities associated with the general operation of systems and software within the organization. Which of the following documents would most likely communicate these expectations? A. Business continuity plan B. Change management procedure C. Acceptable use policy D. Software development life cycle policy

AUP

Which of the following documents details how to accomplish a technical security task? A. Standard B. Policy C. Guideline D. Procedure

Procedure

A security analyst learns that an attack vector, which was used as a part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of initial exploit. Which of the following logs should the analyst review first? A. Endpoint B. Application C. Firewall D. NAC

Firewall

A SOC analyst establishes a remote control session on an end user’s machine and discovers the following in a file: gmail.com[ENT]my.name@gmail.com[ENT]NoOneCanGuessThis123! [ENT]Hello Susan, it was great to see you the other day! Let’s plan a followup[BACKSPACE]follow-up meeting soon. Here is the link to register. [RTN][CTRL]c [CTRL]v [RTN]after[BACKSPACE]After you register give me a call on my cellphone. Which of the following actions should the SOC analyst perform first? A. Advise the user to change passwords. B. Reimage the end user’s machine. C. Check the policy on personal email at work. D. Check host firewall logs.

Advise the user to change passwords.

Practise Questions Flashcards

Potential Questions (95 cards)