✅ SY EX | 1 MASTER | 暗記メーカー

✅ SY EX | 1 MASTER

250問 • 5ヶ月前

問題一覧

Olivia is considering potential sources for threat intelligence information that she might incorporate into her security program. Which one of the following sources is most likely to be available without a subscription fee?

- Open source

Roger is evaluating threat intelligence information sources and finds that one source results in quite a few false positive alerts. This lowers his confidence level in the source. What criteria for intelligence is not being met by this source?

- Accuracy

Brad is working on a threat classification exercise, analyzing known threats and assessing the possibility of unknown threats. Which one of the following threat actors is most likely to be associated with an advanced persistent threat (APT)?

- Nation-state

What term is used to describe the groups of related organizations that pool resources to share cybersecurity threat information and analyses?

- ISAC

Singh incorporated the Cisco Talos tool into his organization's threat intelligence program. He uses it to automatically look up information about the past activity of IP addresses sending email to his mail servers. What term best describes this intelligence source?

- Reputational

Jamal is assessing the risk to his organization from their planned use of A.W.S. Lambda, a serverless computing service that allows developers to write code and execute functions directly on the cloud platform. What cloud tier best describes this service?

- FaaS

Lauren's honeynet, shown here, is configured to use a segment of unused network space that has no legitimate servers in it. This design is particularly useful for detecting what types of threats?

- Network scans

Fred believes that the malware he is tracking uses a fast flux DNS network, which associates many IP addresses with a single fully qualified domain name as well as using multiple download hosts. How many distinct hosts should he review based on the NetFlow shown here?

- 4

Which one of the following functions is not a common recipient of threat intelligence information?

- Legal counsel

Alfonzo is an IT professional at a Portuguese university who is creating a cloud environment for use only by other Portuguese universities. What type of cloud deployment model is he using?

- Community cloud

As a member of a blue team, Lukas observed the following behavior during an external penetration test. What should he report to his managers at the conclusion of the test?

- No significant issues were observed.

The company that Maria works for is making significant investments in infrastructure-as-a-service hosting to replace its traditional datacenter. Members of her organization's management have Maria's concerns about data remanence when Lauren's team moves from one virtual host to another in their cloud service provider's environment. What should she instruct her team to do to avoid this concern?

- Use full-disk encryption.

Geoff is reviewing logs and sees a large number of attempts to authenticate to his VPN server using many different username and password combinations. The same usernames are attempted several hundred times before moving on to the next one. What type of attack is most likely taking place?

- Password spraying

Kaiden is configuring a SIEM service in his IaaS cloud environment that will receive all of the log entries generated by other devices in that environment. Which one of the following risks is greatest with this approach in the event of a DoS attack or other outage?

- Inability to access logs

Azra believes that one of her users may be taking malicious action on the systems she has access to. When she walks past the user's desktop, she sees the following command on the screen: user12@workstation:/home/user12# ./john -wordfile:/home/user12/mylist.txt -format:lm hash.txt What is the user attempting to do?

- They are attempting to crack hashed passwords.

Lucas believes that an attacker has successfully compromised his web server. Using the following output of ps, identify the process ID he should focus on: root 507 0.0 0.1 258268 3288 ? Ssl 15:52 0:00 /usr/sbin/rsyslogd -n message+ 508 0.0 0.2 44176 5160 ? Ss 15:52 0:00 /usr/bin/dbusdaemon --system --address=systemd: --nofork --nopidfile --systemd-activa root 523 0.0 0.3 281092 6312 ? Ssl 15:52 0:00 /usr/lib/accountsservice/accounts-daemon root 524 0.0 0.7 389760 15956 ? Ssl 15:52 0:00 /usr/sbin/NetworkManager --no-daemon root 527 0.0 0.1 28432 2992 ? Ss 15:52 0:00 /lib/systemd/systemd-logind apache 714 0.0 0.1 27416 2748 ? Ss 15:52 0:00 /www/temp/webmin root 617 0.0 0.1 19312 2056 ? Ss 15:52 0:00 /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid root 644 0.0 0.1 245472 2444 ? Sl 15:52 0:01 /usr/sbin/VBoxService root 653 0.0 0.0 12828 1848 tty1 Ss+ 15:52 0:00 /sbin/agetty --noclear tty1 linux root 661 0.0 0.3 285428 8088 ? Ssl 15:52 0:00 /usr/lib/policykit-1/polkitd --no-debug root 663 0.0 0.3 364752 7600 ? Ssl 15:52 0:00 /usr/sbin/gdm3 root 846 0.0 0.5 285816 10884 ? Ssl 15:53 0:00 /usr/lib/upower/upowerd root 867 0.0 0.3 235180 7272 ? Sl 15:53 0:00 gdm-session-worker [pam/gdm-launch-environment] Debian-+ 877 0.0 0.2 46892 4816 ? Ss 15:53 0:00 /lib/systemd/systemd --user Debian-+ 878 0.0 0.0 62672 1596 ? S 15:53 0:00 (sd-pam)

- 714

Geoff is responsible for hardening systems on his network and discovers that a number of network appliances have exposed services, including telnet, FTP, and web servers. What is his best option to secure these systems?

- Place a network firewall between the devices and the rest of the network.

While conducting reconnaissance of his own organization, Ian discovers that multiple certificates are self-signed. What issue should he report to his management?

- Self-signed certificates will cause warnings or error messages.

Brandon wants to perform a WHOIS query for a system he believes is located in Europe. Which NIC should he select to have the greatest likelihood of success for his query?

- RIPE

While reviewing Apache logs, Janet sees the following entries as well as hundreds of others from the same source IP address. What should Janet report has occurred? [ 21/Jul/2020:02:18:33 -0500] - - 10.0.1.1 "GET /scripts/sample.php" "-" 302 336 0 [ 21/Jul/2020:02:18:35 -0500] - - 10.0.1.1 "GET /scripts/test.php" "-" 302 336 0 [ 21/Jul/2020:02:18:37 -0500] - - 10.0.1.1 "GET /scripts/manage.php" "-" 302 336 0 [ 21/Jul/2020:02:18:38 -0500] - - 10.0.1.1 "GET /scripts/download.php" "-" 302 336 0 [ 21/Jul/2020:02:18:40 -0500] - - 10.0.1.1 "GET /scripts/update.php" "-" 302 336 0 [ 21/Jul/2020:02:18:42 -0500] - - 10.0.1.1 "GET /scripts/new.php" "-" 302 336 0

- A vulnerability scan

Scott is part of the white team that is overseeing his organization's internal red and blue teams during an exercise that requires each team to only perform actions appropriate to the penetration test phase they are in. During the reconnaissance phase, he notes the following behavior as part of a Wireshark capture. What should he report?

- The red team is violating the rules of engagement.

Jennifer analyzes a Wireshark packet capture from a network that she is unfamiliar with. She discovers that a host with IP address 10.11.140.13 is running services on TCP ports 636 and 443. What services is that system most likely running?

- LDAPS and HTTPS

While tracking a potential APT on her network, Cynthia discovers a network flow for her company's central file server. What does this flow entry most likely show if 10.2.2.3 is not a system on her network? Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows 2017-07-11 13:06:46.343 21601804 TCP 10.1.1.1:1151->10.2.2.3:443 9473640 9.1 G 1 2017-07-11 13:06:46.551 21601804 TCP 10.2.2.3:443->10.1.1.1:1151 8345101 514 M 1

- Data exfiltration

During a regularly scheduled PCI compliance scan, Fred has discovered port 3389 open on one of the point-of-sale terminals that he is responsible for managing. What service should he expect to find enabled on the system?

- RDP

Saanvi knows that the organization she is scanning runs services on alternate ports to attempt to reduce scans of default ports. As part of her intelligence-gathering process, she discovers services running on ports 8080 and 8443. What services are most likely running on these ports?

- Web servers

Kwame is reviewing his team's work as part of a reconnaissance effort and is checking Wireshark packet captures. His team reported no open ports on 10.0.2.15. What issue should he identify with their scan based on the capture shown here?

- The scan scanned only UDP ports.

Angela wants to gather network traffic from systems on her network. What tool can she use to best achieve this goal?

- Wireshark

Wang submits a suspected malware file to malwr.com and receives the following information about its behavior. What type of tool is malwr.com?

- A dynamic analysis sandbox

Which sources are most commonly used to gather information about technologies a target organization uses during intelligence gathering?

- OSINT searches of support forums and social engineering

Sarah has been asked to assess the technical impact of suspected reconnaissance performed against her organization. She is informed that a reliable source has discovered that a third party has been performing reconnaissance by querying WHOIS data. How should Sarah categorize the technical impact of this type of reconnaissance?

- Low.

Rick is reviewing flows of a system on his network and discovers the following flow logs. What is the system doing? ICMP "Echo request" Date flow start Duration Proto Src IP Addr:Port->Dst IP Addr:Port Packets Bytes Flows 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.6:8.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.6:0->10.1.1.1:0.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.7:8.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.7:0->10.1.1.1:0.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.8:8.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.8:0->10.1.1.1:0.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.9:8.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.9:0->10.1.1.1:0.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.10:8.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.10:0->10.1.1.1:0.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.6:11.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.11:0->10.1.1.1:0.0 11 924 1

- A ping sweep

Ryan's passive reconnaissance efforts resulted in the following packet capture. Which of the following statements cannot be verified based on the packet capture shown for the host with IP address 10.0.2.4?

- It is a Windows system.

Kevin is concerned that an employee of his organization might fall victim to a phishing attack and wants to redesign his social engineering awareness program. What type of threat is he most directly addressing?

- Unintentional insider m

What purpose does a honeypot system serve when placed on a network as shown in the following diagram?

- It provides information about the techniques attackers are using.

A tarpit, or a system that looks vulnerable but actually is intended to slow down attackers, is an example of what type of technique? We

- An active defense

Susan needs to test thousands of submitted binaries. She needs to ensure that the applications do not contain malicious code. What technique is best suited to this need?

- Sandboxing

Manesh downloads a new security tool and checks its MD5. What does she know about the software she downloaded if she receives the following message? root@demo:~# md5sum -c demo.md5 demo.txt: FAILED md5sum: WARNING: 1 computed checksum did NOT match

- The files do not match.

Aziz needs to provide SSH access to systems behind his datacenter firewall. If Aziz's organization uses the system architecture shown here, what is the system at point A called?

- A jump box

During his analysis of a malware sample, Sahib reviews the malware files and binaries without running them. What type of analysis is this?

- Static analysis

Carol wants to analyze a malware sample that she has discovered. She wants to run the sample safely while capturing information about its behavior and impact on the system it infects. What type of tool should she use?

- A dynamic analysis sandbox tool

Susan is reviewing files on a Windows workstation and believes that cmd.exe has been replaced with a malware package. Which of the following is the best way to validate her theory?

- Submit cmd.exe to VirusTotal.

Nishi is deploying a new application that will process sensitive health information about her organization's clients. To protect this information, the organization is building a new network that does not share any hardware or logical access credentials with the organization's existing network. What approach is Nishi adopting?

- Network segmentation

Bobbi is deploying a single system that will be used to manage a sensitive industrial control process. This system will operate in a stand-alone fashion and not have any connection to other networks. What strategy is Bobbi deploying to protect this SCADA system?

- Airgapping

Geoff has been asked to identify a technical solution that will reduce the risk of captured or stolen passwords being used to allow access to his organization's systems. Which of the following technologies should he recommend?

- Multifactor authentication

The company that Amanda works for is making significant investments in infrastructure-as-a-service hosting to replace their traditional datacenter. Members of her organization's management have expressed concerns about data remanence when Amanda's team moves from one virtual host to another in their cloud service provider's environment. What should she instruct her team to do to avoid this concern?

- Use full-disk encryption.

Which one of the following technologies is not typically used to implement network segmentation?

- Host firewall

Ian has been asked to deploy a secure wireless network in parallel with a public wireless network inside his organization's buildings. What type of segmentation should he implement to do so without adding additional costs and complexity?

- Logical segmentation

Barbara has segmented her virtualized servers using VMware to ensure that the networks remain secure and isolated. What type of attack could defeat her security design?

- Compromise of the underlying VMware host

What major issue would Charles face if he relied on hashing malware packages to identify malware packages?

- Hashing cannot identify unknown malware.

Noriko wants to ensure that attackers cannot access his organization's building automation control network. Which of the following segmentation options provides the strongest level of assurance that this will not happen?

- Air gap

Angela's company has relied on passwords as its authentication factor for years. The current organizational standard is to require an eight-character, complex password and to require a password change every 12 months. What recommendation should Angela make to significantly decrease the likelihood of a similar phishing attack and breach in the future?

- Deploy multifactor authentication.

Angela has decided to roll out a multifactor authentication system. What are the two most common factors used in MFA systems?

- Knowledge and possession

Angela's multifactor deployment includes the ability to use text (SMS) messages to send the second factor for authentication. What issues should she point to?

- VoIP hacks and SIM swapping.

What purpose does the OpenFlow protocol serve in software-defined networks?

- It allows software-defined network controllers to push changes to devices to manage the network.

Rick's security research company wants to gather data about current attacks and sets up a number of intentionally vulnerable systems that allow his team to log and analyze exploits and attack tools. What type of environment has Rick set up?

- A honeynet

Kalea wants to prevent DoS attacks against her serverless application from driving up her costs when using a cloud service. What technique is not an appropriate solution for her need?

- Horizontal scaling

What is the key difference between virtualization and containerization?

- Virtualization lets you run multiple operating systems on a single physical system, whereas containerization lets you run multiple applications on the same system.

Brandon is designing the hosting environment for containerized applications. Application group A has personally identifiable information, application group B has health information with different legal requirements for handling, and application group C has business-sensitive data handling requirements. What is the most secure design for his container orchestration environment given the information he has?

- Run a container host for each application group and secure them based on the data they contain.

Local and domain administrator accounts, root accounts,

- Privileged accounts

Ned has discovered a key logger plugged into one of his workstations, and he believes that an attacker may have acquired usernames and passwords for all of the users of a shared workstation. Since he does not know how long the keylogger was in use or if it was used on multiple workstations, what is his best security option to prevent this and similar attacks from causing issues in the future?

- Multifactor authentication

Facebook Connect, CAS, Shibboleth, and AD FS are all examples of what type of technology?

- Single sign-on implementations

Which of the following is not a common identity protocol for federation?

- Kerberos

Naomi wants to enforce her organization's security policies on cloud service users. What technology is best suited to this?

- CASB

Elliott wants to encrypt data sent between his servers. What protocol is most commonly used for secure web communications over a network?

- TLS

What occurs when a website's certificate expires?

- Web browsers will report an expired certificate to users.

What term is used to describe defenses that obfuscate the attack surface of an organization by deploying decoys and attractive targets to slow down or distract an attacker?

- An active defense

What technology is most commonly used to protect data in transit for modern web applications?

- TLS

Anja is assessing the security of a web service implementation. Which of the following web service security requirements should she recommend to reduce the likelihood of a successful on-path/man-in-the-middle attack?

- Use TLS.

What type of access is typically required to compromise a physically isolated and air-gapped system?

- Physical access m

Amanda's organization uses an air-gap design to protect the HSM device that stores its root encryption certificate. How will Amanda need to access the device if she wants to generate a new certificate?

- From a system on the air-gapped network

Which of the following parties directly communicate with the end user during a SAML transaction?

- Both the relying party and the identity provider

Support for AES, 3DES, ECC, and SHA-256 are all examples of what?

- Processor security extensions

Which of the following is not a benefit of physical segmentation?

- Reduced cost

Which of the following options is most effective in preventing known password attacks against a web application?

- Multifactor authentication

Which of the following is not a common use case for network segmentation?

- Creating a shared network

What three layers make up a software-defined network?

- Application, Control, and Infrastructure layers

Micah is designing a containerized application security environment and wants to ensure that the container images he is deploying do not introduce security issues due to vulnerable applications. What can he integrate into the CI/CD pipeline to help prevent this?

- Automated vulnerability scanning

Camille wants to integrate with a federation. What will she need to authenticate her users to the federation?

- An IDP

Brandon needs to deploy containers with different purposes, data sensitivity levels, and threat postures to his container environment. How should he group them?

- All of the above

What issues should Brandon consider before choosing to use the vulnerability management tools he has in his non-container-based security environment?

- Both A and B.

What key functionality do enterprise privileged account management tools provide?

- Entitlement management across multiple systems

Amira wants to deploy an open standard–based single sign-on (SSO) tool that supports both authentication and authorization. What open standard should she look for if she wants to federate with a broad variety of identity providers and service providers?

- SAML

Adam is testing code written for a client-server application that handles financial information and notes that traffic is sent between the client and server via TCP port 80. What should he check next?

- If the traffic is unencrypted

Faraj wants to use statistics gained from live analysis of his network to programmatically change its performance, routing, and optimization. Which of the following technologies is best suited to his needs?

- Software-defined networking

Elaine's team has deployed an application to a cloud-hosted serverless environment. Which of the following security tools can she use in that environment?

- None of the above

Lucca needs to explain the benefits of network segmentation to the leadership of his organization. Which of the following is not a common benefit of segmentation?

- Increasing the number of systems in a network segment

Kubernetes and Docker are examples of what type of technology?

- Containerization

Nathan is designing the logging infrastructure for his company and wants to ensure that a compromise of a system will not result in the loss of that system's logs. What should he do to protect the logs?

- Send the logs to a remote server.

Ansel knows he wants to use federated identities in a project he is working on. Which of the following should not be among his choices for a federated identity protocol?

- Authman

//////////////////////// James uploads a file that he believes is potentially a malware package to VirusTotal and receives positive results, but the file is identified with multiple different malware package names. What has most likely occurred?

- Different antimalware engines call the same malware package by different names.

Isaac wants to monitor live memory usage on a Windows system. What tool should he use to see memory usage in a graphical user interface?

- Performance Monitor

Abul wants to identify typical behavior on a Windows system using a built-in tool to understand memory, CPU, and disk utilization. What tool can he use to see both real-time performance and over a period of time?

- resmon

The automated malware analysis tool that Jose is using uses a disassembler and performs binary diffing across multiple malware binaries. What information is the tool looking for?

- Building a similarity graph of similar functions across binaries

What does execution of wmic.exe, powershell.exe, or winrm.vbs most likely indicate if you discover one or more was run on a typical end user's workstation?

- Remote execution of code

Ben is reviewing network traffic logs and notices HTTP and HTTPS traffic originating from a workstation. What TCP ports should he expect to see this traffic sent to under most normal circumstances?

- 80 and 443

While Lucy is monitoring the SIEM, she notices that all of the log sources from her organization's New York branch have stopped reporting for the past 24 hours. What type of detection rules or alerts should she configure to make sure she is aware of this sooner next time?

- Availability

After her discovery in the previous question, Lucy is tasked with configuring alerts that are sent to system administrators. She builds a rule that can be represented in pseudocode as follows: Send an SMS alert every 30 seconds when systems do not send logs for more than 1 minute. The average administrator at Lucy's organization is responsible for 150–300 machines. What danger does Lucy's alert create?

- Administrators may ignore or filter the alerts

Lucy configures an alert that detects when users who do not typically travel log in from other countries. What type of analysis is this?

- Behavior

Disabling unneeded services is an example of what type of activity?

- Reducing the threat attack surface area

100

Suki notices inbound traffic to a Windows system on TCP port 3389 on her corporate network. What type of traffic is she most likely seeing?

- An RDP connection m

THE P.T: 1 CHRONICLE: ( ex.9 )

The R.S.S.H Delivery Company · 90問 · 6ヶ月前

THE P.T: 1 CHRONICLE: ( ex.9 )