Q 201-400 Flashcards
(54 cards)
Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?
A.To track the status of patching installations
B.To find shadow IT cloud deployments
C.To continuously the monitor hardware inventory
D.To hunt for active attackers in the network
Answer: To track the status of patching installations
A security analyst is investigating an application server and discovers that software on the server is behaving abnormally. The software normally runs batch jobs locally and does not generate traffic, but the process is now generating outbound traffic over random high ports. Which of the following vulnerabilities has likely been exploited in this software?
A.Memory injection
B.Race condition
C.Side loading
D.SQL injection
Answer: Memory injection
An important patch for a critical application has just been released, and a systems administrator is identifying all of the systems requiring the patch. Which of the following must be maintained in order to ensure that all systems requiring the patch are updated?
A.Asset inventory
B.Network enumeration
C.Data certification
D.Procurement process
Answer: Asset inventory
A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies. Which of the following is the most important consideration during development?
A.Scalability
B.Availability
C.Cost
D.Ease of deployment
Answer: Availability
Which of the following examples would be best mitigated by input sanitization?
A.
alert("Warning!");
B.nmap - 10.11.1.130
C.Email message: “Click this link to get your free gift card.”
D.Browser message: “Your connection is not private.”
Answer:
alert("Warning!");
A company is decommissioning its physical servers and replacing them with an architecture that will reduce the number of individual operating systems. Which of the following strategies should the company use to achieve this security requirement?
A.Microservices
B.Containerization
C.Virtualization
D.Infrastructure as code
Answer: Containerization
A network engineer deployed a redundant switch stack to increase system availability. However, the budget can only cover the cost of one ISP connection. Which of the following best describes the potential risk factor?
A.The equipment MTBF is unknown.
B.The ISP has no SLA.
C.An RPO has not been determined.
D.There is a single point of failure.
Answer: There is a single point of failure
A recent penetration test identified that an attacker could flood the MAC address table of network switches. Which of the following would best mitigate this type of attack?
A.Load balancer
B.Port security
C.IPS
D.NGFW
Answer: Port Security
A company allows customers to upload PDF documents to its public e-commerce website. Which of the following would a security analyst most likely recommend?
A.Utilizing attack signatures in an IDS
B.Enabling malware detection through a UTM
C.Limiting the affected servers with a load balancer
D.Blocking command injections via a WAF
Answer: Enabling malware detection through a UTM
A security analyst developed a script to automate a trivial and repeatable task. Which of the following best describes the benefits of ensuring other team members understand how the script works?
A.To reduce implementation cost
B.To identify complexity
C.To remediate technical debt
D.To prevent a single point of failure
Answer: To prevent a single point of failure
An administrator needs to perform server hardening before deployment. Which of the following steps should the administrator take? (Choose two.)
A.Disable default accounts.
B.Add the server to the asset inventory.
C.Remove unnecessary services.
D.Document default passwords.
E.Send server logs to the SIEM.
F.Join the server to the corporate domain.
Answer: Disable default accounts AND Remove unnecessary services.
Which of the following methods can be used to detect attackers who have successfully infiltrated a network? (Choose two.)
A.Tokenization
B.CI/CD
C.Honeypots
D.Threat modeling
E.DNS sinkhole
F.Data obfuscation
Answer: Honeypots AND DNS sinkhole
Which of the following most likely describes why a security engineer would configure all outbound emails to use S/MIME digital signatures?
A.To meet compliance standards
B.To increase delivery rates
C.To block phishing attacks
D.To ensure non-repudiation
Answer : To ensure non-repudiation.
An organization completed a project to deploy SSO across all business applications last year. Recently, the finance department selected a new cloud-based accounting software vendor. Which of the following should most likely be configured during the new software deployment?
A.RADIUS
B.SAML
C.EAP
D.OpenID
Answer: SAML (Security Assertion Markup Language)
Easy-to-guess passwords led to an account compromise. The current password policy requires at least 12 alphanumeric characters, one uppercase character, one lowercase character, a password history of two passwords, a minimum password age of one day, and a maximum password age of 90 days. Which of the following would reduce the risk of this incident from happening again? (Choose two.)
A.Increasing the minimum password length to 14 characters.
B.Upgrading the password hashing algorithm from MD5 to SHA-512.
C.Increasing the maximum password age to 120 days.
D.Reducing the minimum password length to ten characters.
E.Reducing the minimum password age to zero days.
F.Including a requirement for at least one special character.
Answer: Increasing the minimum password length to 14 characters AND Including a requirement for at least one special character.
Which of the following best describes a use case for a DNS sinkhole?
A.Attackers can see a DNS sinkhole as a highly valuable resource to identify a company’s domain structure.
B.A DNS sinkhole can be used to draw employees away from known-good websites to malicious ones owned by the attacker.
C.A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers.
D.A DNS sinkhole can be set up to attract potential attackers away from a company’s network resources.
Answer: A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers.
A utility company is designing a new platform that will host all the virtual machines used by business applications. The requirements include:
*A starting baseline of 50% memory utilization
*Storage scalability
*Single circuit failure resilience
Which of the following best meets all of these requirements?
A.Connecting dual PDUs to redundant power supplies
B.Transitioning the platform to an IaaS provider
C.Configuring network load balancing for multiple paths
D.Deploying multiple large NAS devices for each host
Answer: Transitioning the platform to an IaaS provider.
A network team segmented a critical, end-of-life server to a VLAN that can only be reached by specific devices but cannot be reached by the perimeter network. Which of the following best describe the controls the team implemented? (Choose two.)
A.Managerial
B.Physical
C.Corrective
D.Detective
E.Compensating
F.Technical
G.Deterrent
Answer : Compensating AND Technical
A threat actor was able to use a username and password to log in to a stolen company mobile device. Which of the following provides the best solution to increase mobile data security on all employees’ company mobile devices?
A.Application management
B.Full disk encryption
C.Remote wipe
D.Containerization
Answer: Remote Wipe
A user downloaded software from an online forum. After the user installed the software, the security team observed external network traffic connecting to the user’s computer on an uncommon port. Which of the following is the most likely explanation of this unauthorized connection?
A.The software had a hidden keylogger.
B.The software was ransomware.
C.The user’s computer had a fileless virus.
D.The software contained a backdoor.
Answer: The software contained a backdoor.
Which of the following considerations is the most important regarding cryptography used in an IoT device?
A.Resource constraints
B.Available bandwidth
C.The use of block ciphers
D.The compatibility of the TLS version
Answer: The use of block ciphers
A hosting provider needs to prove that its security controls have been in place over the last six months and have sufficiently protected customer data. Which of the following would provide the best proof that the hosting provider has met the requirements?
A.NIST CSF
B.SOC 2 Type 2 report
C.CIS Top 20 compliance reports
D.Vulnerability report
Answer: SOC 2 Type 2 report
