son 2

113問 • 1年前

問題一覧

An organization hired a third party to test its internal server environment for any exploitable vulnerabilities and to gain privileged access. The tester compromised several servers, and the organization was unable to detect any of the compromises. Which of the following actions would be best for the company to take to address these findings?

A. Implement a SIEM to correlate logs from multiple sources looking for alterable incidents.

Which of the following is the best resource to consult for information on the most common application exploitation methods?

A. OWASP

A company would like to implement a secure process for managing headless servers remotely. Which of the following should the company most likely implement?

A. SSH

An administrator receives the following network requirements for a data integration with a third-party vendor: Which of the following is the most appropriate response for the administrator to send?

FTP is an insecure protocol and should not be used.

A security analyst receives reports of widespread password login attempts for most of the administrator accounts in the environment. Logs indicate that a successful login occurred and the same credentials are being used to attempt to gain access to other resources. Which of the following would best prevent this type of attack from being successful?

A. Multi Factor authentication

An application server is published directly on the internet with a public IP address. Which of the following should the administrator use to monitor the application traffic?

A. WAF

Which of the following best describes the process of adding a secret value to extend the length of stored passwords?

C. Salting

During the past year, an organization has experienced several intellectual property leaks by an unidentified source. Which of the following risk management policies will help the company identify the source of this issue?

B. Implementing mandatory vacations

A security team discovers a vulnerability that does not have a patch available. The team determines the vulnerability is critical. Which of the following should the security engineers do to address the vulnerability?

C. Inform the vendor of this discovery in a secure manner and apply appropriate mitigations

Which of the following involves embedding malware in routers procured from a third-party vendor?

C. Supply chain attack

A company would like to implement a network security solution to inspect traffic on the network and generate an alert when specific traffic patterns are observed. The solution should never block legitimate network traffic. Which of the following will the company most likely implement?

A. NIDS

Which of the following best describes a social engineering attack that uses a targeted electronic messaging campaign aimed at a Chief Executive Officer?

B. Whaling

Which of the following would best enable a systems administrator to easily determine which devices are located at a remote facility and allow policy to be pushed to only those devices?

C. Standard naming conventions

Which of the following best describes a legal hold?

A. It occurs during litigation and requires retention of both electronic and physical documents.

An analyst is providing feedback on an incident that involved an unauthorized zone transfer and an on-path attack in a corporate network. The analyst's recommendation is to implement secure DNS. Which of the following would be the most beneficial result of this action?

C. Preventing unauthenticated clients access to the server

Following a recent security breach, an analyst discovered that user permissions were added when joining another part of the organization but were not removed from existing groups. Which of the following policies would help to correct these issues in the future?

B. Account audits

. A systems administrator is considering switching from tape backup to an alternative backup solution that would allow data to be readily available in the event of a disaster. Which of the following backup types should the administrator implement?

C. Cloud

Which of the following describes a social engineering technique that may include scam emails addressed directly to the Chief Financial Officer

B. Spear phishing

A web application for a bank displays the following output when showing details about a customer's bank account: Which of the following techniques is most likely implemented in this web application?

C. Data masking

. A security administrator manages five on-site APs. Each AP uses different channels on a 5GHz network. The administrator notices that another access point with the same corporate SSID on an overlapping channel was created. Which of the following attacks most likely occurred?

E. Evil twin

In a tabletop exercise a simulated group of disgruntled employees deleted all of their work from the file server on their last day at the company. Which of the following actions would a security engineer take to mitigate this risk?

Perform nightly snapshots.

A security analyst is reviewing the following system command history on a computer that was recently utilized in a larger attack on the corporate infrastructure; Which of the following best describes what the analyst has discovered?

A. A successful privilege escalation attack by a local user

A security administrator needs to improve the security at an entry kiosk. Currently, employees enter an employee number and PIN at a PC to enter the building. Which of the following is the best solution to improve security at the entry kiosk?

B. Smart card

A security analyst inspects the following log: Which of the following was attempted?

D. Directory traversal

A security analyst needs to harden access to a network. One of the requirements is to authenticate users with smart cards. Which of the following should the analyst enable to best meet this requirement?

D. EAP-TLS

A company has implemented a policy that requires two people to agree in order to push any changes from the test codebase repository into production. Which of the following best describes this control type?

D. Operational

A user, who is waiting for a flight at an airport, logs in to the airline website using the public Wi-Fi, ignores a security warning, and purchases an upgraded seat. When the flight lands, the user finds unauthorized credit card charges. Which of the following attacks most likely occurred?

D. On-path attack

A recent vulnerability scan revealed multiple servers have non-standard ports open for applications that are no longer in use. The security team is working to ensure all devices are patched and hardened. Which of the following would the security team perform to ensure the task is completed with minimal impact to production?

B. Disable unnecessary services.

A security administrator is reissuing a former employee's laptop. Which of the following is the best combination of data handling activities for the administrator to perform? (Select two).

C. Destruction, E. Sanitization

Which of the following, if compromised, can indirectly impact systems’ availability by imposing inadequate environmental conditions for the hardware to operate properly?

D. HVAC

Which of the following ensures an organization can continue to do business with minimal interruption in the event of a major disaster?

D. Continuity of operations plan

A security department wants to conduct an exercise that will make many experimental changes to the main virtual server. After the exercise is completed, the IT director would like to be able to rollback to the state prior to the exercise. Which of the following backup types will allow for the fastest rollback?

B. Snapshot

A security team received the following requirements for a new BYOD program that will allow employees to use personal smartphones to access business email: ● Sensitive customer data must be safeguarded ● Documents from managed sources should not be opened in unmanaged destinations. ● Sharing of managed documents must be disabled, ● Employees should not be able to download emailed images to their devices. ● Personal photos and contact lists must be kept private. ● IT must be able to remove data from lost/stolen devices or when an employee no longer works for the company. Which of the following are the best features to enable to meet these requirements? (Select two).

A. Remote wipe, G. Containerization

An audit report showed that a former employee saved the following files to an external USB drive before the employee's termination date: ● Annual_tax_form.pdf ● encrypted_passwords.db ● team_picture.jpg ● contactjist.db ● human_resources.txt Which of the following could the former employee do to potentially compromise corporate credentials?

A. Perform an offline brute-force attack.

A company would like to implement a daily backup solution. The backup will be stored on a NAS appliance, and capacity is not a limiting factor. Which of the following will the company most likely implement to ensure complete restoration?

A. Full

A company needs to keep the fewest records possible, meet compliance needs, and ensure destruction of records that are no longer needed. Which of the following best describes the policy that meets these requirements?

C. Retention policy

Users are reporting performance issues from a specific application server. Which of the following types of log files should be used to capture this information?

B. Syslog data

A security analyst is working with a vendor to get a new SaaS application deployed to an enterprise. The analyst wants to ensure role-based security policies are correctly applied as users access the application. Which of the following is most likely to solve the issue?

A. CASB

A security analyst is reviewing a secure website that is generating TLS certificate errors. The analyst determines that the browser is unable to receive a response from the OCSP for the certificate. Which of the following actions would most likely resolve the issue?

C. Unblock the OCSP protocol in the host-based firewall.

An administrator identifies some locations on the third floor of the building that have a poor wireless signal. Multiple users confirm the incident and report it is not an isolated event. Which of the following should the administrator use to find the areas with a poor or nonexistent wireless signal?

A. Heat map

Which of the following utilizes public and private keys to secure data?

C. Asymmetric encryption

A third-party vendor is moving a particular application to the end-of-life stage at the end of the current year. Which of the following is the most critical risk if the company chooses to continue running the application?

A. Lack of security updates

Which of the following threat actors is most likely to use a high level of sophistication and potentially zero-day exploits to target organizations and systems?

A. APT groups

A company would like to enhance the authentication technologies being used by remote employees. Which of the following should the company most likely choose?

A. Token key

Which of the following best describes a threat actor who is attempting to use commands found on a public code repository?

A. Script kiddie

After a web server was migrated to a cloud environment, user access to that server was blocked. Even though an on-premises firewall configuration has been modified to reflect the cloud infrastructure, users are still experiencing access issues. Which of the following most likely needs to be configured?

Security group

Which of the following security program audits includes a comprehensive evaluation of the security controls in place at an organization over a six- to 12-month time period?

B. SOC 2 Type II

A municipality implements an loT device discovery scanner and finds a legacy controller for a critical internal utility SCADA service that is running firmware with multiple vulnerabilities. Unfortunately, the controller cannot be upgraded, and a replacement for it is not available for at least a year. Which of the following is the best action to take to mitigate the risk posed by this controller in the meantime?

A. Isolate the controller from the rest of the network and constrain connectivity.

During a forensic investigation, an analyst uses software to create a checksum of the affected subject's email file. Which of the following is the analyst practicing?

D. Integrity

An organization would like to gain actionable intelligence about real attacker techniques used against its systems. Which of the following should the organization use to best achieve this objective?

B. Honeypot

A company wants to implement MFA. Which of the following enables the additional factor while using a smart card?

A. PIN

Which of the following best explains why physical security controls are important in creating a secure environment?

To ensure only authorized users have the ability to obtain direct access to systems or data

An organization is concerned about hackers bypassing MFA through social engineering of phone carriers. Which of the following would most likely protect against such an attack?

C. Receiving a push notification to a mobile application

While performing digital forensics, which of the following is considered the most volatile and should have the contents collected first?

B. RAM

Which of the following is considered a preventive control?

D. Segregation of duties

A company executive experienced a security issue at an airport Photos taken during a strategy meeting were stolen when the executive used a free smartphone-charging station. Which of the following can be used to prevent this from occurring in the future?

D. Data blockers

. A company is required to perform a risk assessment on an annual basis. Which of the following types of risk assessments does this requirement describe?

C. Recurring

Which of the following best describes a use case for a DNS sinkhole?

C. A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers.

A security analyst is investigating a SIEM event concerning invalid log-ins The system logs that match the time frame of the event show the following: Which of the following best describes this type of attack?

B. Spraying

A systems administrator would like to set up a system that will make it difficult or impossible to deny that someone has performed an action. Which of the following is the administrator trying to accomplish?

Non-repudiation

A penetration test revealed that several Linux servers were misconfigured at the file level and access was granted incorrectly. A security analyst is referencing the instructions in the incident response runbook for remediation information. Which of the following is the best command to use to resolve the issue?

A. chmod

A company wants to ensure that all devices are secured properly through the MDM solution so that, if remote wipe fails, access to the data will still be inaccessible offline. Which of the following would need to be configured?

A. Full device encryption

Earlier in the week, the CSIRT was alerted to a cyber-incident. The CSIRT is now interacting with the affected systems in an attempt to stop further damage. Which of the following best describes this phase of the incident response process?

B. Containment

An enterprise has hired an outside security firm to conduct penetration testing on its network and applications. The firm has been given all the developer's documentation about the internal architecture. Which of the following best represents the type of testing that will occur?

B. White-box

A bank was recently provided a new version of an executable that was used to launch its core banking platform. During the upgrade process, a remote code execution exploit was publicly released that targeted the old version. Which of the following would best prevent a security incident?

B. Completing the upgrade process immediately on all devices

Which of the following describes how applications are built, configured, and deployed?

A. Provisioning

A food delivery service gives its drivers mobile devices that enable customers to track orders. Some drivers forget to leave the devices at the store when their shifts end. Which of the following would help remind the drivers to leave the devices at the store?

A. Geofencing alerts

An organization is building a single virtual environment that will host customer applications and data that require availability at all times. The data center that is hosting the environment will provide generator power and ISP services. Which of the following is the best solution to support the organization's requirement?

D. UPS

A company requires that all user authentication against a core directory service must be secure. Which of the following should the company implement to meet this requirement?

C. LDAPS

A penetration-testing firm is working with a local community bank to create a proposal that best fits the needs of the bank. The bank's information security manager would like the penetration test to resemble a real attack scenario, but it cannot afford the hours required by the penetration-testing firm. Which of the following would best address the bank's desired scenario and budget?

Limit the scope of the penetration test to only the system that is used for teller workstations

Which of the following threat actors is the most likely to use common hacking tools found on the internet to attempt to remotely compromise an organization's web server?

C. Unskilled attacker

An organization wants to reduce the likelihood that a data breach could result in reputational, financial, or regulatory consequences. The organization needs an enterprise-wide solution that does not require new technology or specialized roles. Which of the following describes the best way to achieve these goals?

C. Incorporating the principle of data minimization throughout business processes

Which of the following best describes an environment where a business owns the application and operating system but requires the resources to host them in the cloud?

A. laaS

A company wants to move one of its environments to the cloud. The biggest requirement is to have as much control as possible regarding the environment. Which of the following would most likely satisfy this requirement?

B. laaS

A company uses a SaaS vendor to host its customer database. The company would like to reduce the risk of customer data exposure if the systems are breached. Which of the following risks should the company focus on to achieve this objective?

A. Weak encryption

A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources. Which of the following risks would this training help to prevent?

A. Hoaxes

A security team is conducting a review of the company's SaaS and PaaS security postures. Which of the following is the best source of secure architecture guidance for these environments?

B. CSA (Cloud Security Alliance)

A security analyst is responding to a malware incident at a company. The malware connects to a command-and-control server on the internet in order to function. Which of the following should the security analyst implement first?

B. IP-based firewall rules

A security administrator is working to secure company data on corporate laptops in case the laptops are stolen. Which of the following solutions should the administrator consider?

A. Disk encryption

A certificate vendor notified a company that recently invalidated certificates may need to be updated. Which of the following mechanisms should a security administrator use to determine whether the certificates installed on the company's machines need to be updated?

D. CRL

A company wants to begin taking online orders for products but has decided to outsource payment processing to limit risk. Which of the following best describes what the company should request from the payment processor?

B. Proof of PCI DSS compliance

A security analyst finds that a user's name appears in a database entry at a time when the user was on vacation. The analyst reviews the logs from the authentication server that is being used by the database: Which of the following can the security analyst conclude based on the review?

A. A brute-force attack occurred.

A vulnerability scan returned the following results: ➔ 2 Critical ➔ 5 High ➔ 15 Medium ➔ 98 Low Which of the following would the information security team most likely use to decide if all discovered vulnerabilities must be addressed and the order in which they should be addressed?

C. Risk matrix

A network engineer deployed a redundant switch stack to increase system availability. However, the budget can only cover the cost of one ISP connection. Which of the following best describes the potential risk factor?

D. There is a single point of failure.

Which of the following permits consistent, automated deployment rather than manual provisioning of data centers?

D. Infrastructure as code

A software company has a shared codebase for multiple projects using the following strategy: ● Unused features are deactivated but still present on the code. ● New customer requirements trigger additional development work. Which of the following will most likely occur when the company uses this strategy?

B. Dead code

Which of the following best describes the risk present after controls and mitigating factors have been applied?

Residual

While assessing the security of a web application, a security analyst was able to introduce unsecure strings through the application input fields by bypassing client-side controls. Which of the following solutions should the analyst recommend?

D. Server-side validation

A server administrator is reporting performance issues when accessing all internal resources. Upon further investigation, the security team notices the following: ● A user’s endpoint has been compromised and is broadcasting its MAC as the default gateway's MAC throughout the LAN. ● Traffic to and from that endpoint is significantly greater than all other similar endpoints on the LAN. ● Network ports on the LAN are not properly configured. ● Wired traffic is not being encrypted properly. Which of the following attacks is most likely occurring?

C. ARP poisoning

A security analyst is reviewing an IDS alert and sees the following: Which of the following triggered the IDS alert?

C. Fileless malware execution

An analyst examines the web server logs after a compromise and finds the following: Which of the following most likely indicates a successful attack on server credentials?

C. GET https://comptia.org/../../../etc/passwd HTTP/1.1 200

A systems administrator at a healthcare organization is setting up a server to securely store patient data. Which of the following must be ensured when storing PHI?

C. Confidentiality

An organization wants to minimize the recovery time from backups in case of a disaster. Backups must be retained for one month, while minimizing the storage space used for backups. Which of the following is the best approach for a backup strategy?

B. Full weekly and incremental daily

Which of the following is the most likely way a rogue device was allowed to connect'?

A. A user performed a MAC cloning attack with a personal device.

Which of the following methods can be used to detect attackers who have successfully infiltrated a network? (Select two).

C. Honeypots, E. DNS sinkhole

A company is providing laptops to all employees and the Chief Information Security Officer is concerned about protecting information if devices are lost or stolen. Which of the following would help mitigate the threat of unauthorized access to unencrypted data?

D. TPM

A system administrator performs a quick scan of an organization's domain controller and finds the following: Which of the following vulnerabilities does this output represent?

A. Unnecessary open ports

A new company wants to avoid channel interference when building a WLAN. The company needs to know the radio frequency behavior, identify dead zones, and determine the best place for access points. Which of the following should be done first?

C. Conduct a site survey.

A newly implemented wireless network is designed so that visitors can connect to the wireless network for business activities. The legal department is concerned that visitors might connect to the network and perform illicit activities. Which of the following should the security team implement to address this concern?

C. Add a guest captive portal requiring visitors to accept terms and conditions.

100

A security operations center would like to be able to test and observe the behavior of new software executables for malicious activity. Which of the following should the security operations center implement?

C. Sandboxing

CNL_CH_1

Son Cagrı · 3回閲覧 · 185問 · 2年前

CNL_CH_1