security+2

100問 • 2年前

問題一覧

Which of the following is a valid multifactor authentication combination?

OTP token combined with password

A security analyst is investigating a call from a user regarding one of the websites receiving a 503: Service Unavailable error. The analyst runs a netstat-an command to discover if the web server is up and listening. The analyst receives the following output: TCP 10.1.5.2:80 192.168.2.112:60973 TIME WAIT TCP 10.1.5.2:80 192.168.2.112:60974 TIME WAIT TCP 10.1.5.2:80 192.168.2.112:60975 TIME WAIT TCP 10.1.5.2:80 192.168.2.112:60976 TIME WAIT TCP 10.1.5.2:80 192.168.2.112:60977 TIME WAIT TCP 10.1.5.2:80 192.168.2.112:60978 TIME WAIT Which of the following types of attack is the analyst seeing?

Denial of service

Which of the following serves to warn users against downloading and installing pirated software on company devices?

AUP

An employee opens a web browser and types a URL into the address bar. Instead of reaching the requested site, the browser opens a completely different site. Which of the following types of attacks have MOST likely occurred? (Choose two.)

DNS hijacking, Man-in-the-browser

A company is experiencing an increasing number of systems that are locking up on Windows startup. The security analyst clones a machine, enters into safe mode, and discovers a file in the startup process that runs Wstart.bat. @echo off : asdhbawdhbasdhbawdhb start notepad.exe start notepad.exe start calculator.exe start calculator.exe goto asdhbawdhbasdhbawdhb Given the file contents and the system's issues, which of the following types of malware is present?

Logic bomb

Which of the following attacks can be mitigated by proper data retention policies?

Dumpster diving

A company employee recently retired, and there was a schedule delay because no one was capable of filling the employee's position. Which of the following practices would BEST help to prevent this situation in the future?

Job rotation

During a security audit of a company’s network, insecure protocols were found to be use. A network administrator wants to ensure browser-based access to company switches is using the most secure protocol. Which of the following protocols should be implemented?

TLS1.2

A healthcare company is revamping its IT strategy in light of recent regulations. The company is concerned about compliance and wants to use a pay-per-use model. Which of the following is the BEST solution?

Public SaaS

Which of the following represents a multifactor authentication system?

A digital certificate on a physical token that is unlocked with a secret passcode

A preventive control differs from a compensating control in that a preventive control is:

designed to specifically mitigate risk.

The exploitation of a buffer-overrun vulnerability in an application will MOST like lead to:

arbitrary code execution.

The president of a company that specializes in military contracts receives a request for an interview. During the interview, the reporter seems more interested in discussing the president's family life and personal history than the details of a recent company success. Which of the following security concerns is this MOST likely an example of?

Social engineering

Which of the following is an example of federated access management?

Using a popular website login to provide access to another website

A company network is currently under attack. Although security controls are in place to stop the attack, the security administrator needs more information about the types of attacks being used. Which of the following network types would BEST help the administrator gather this information?

Honeynet

An organization's policy requires users to create passwords with an uppercase letter, lowercase letter, number, and symbol. This policy is enforced with technical controls, which also prevents users from using any of their previous 12 passwords. The quantization does not use single sign-on, nor does it centralize storage of passwords. The incident response team recently discovered that passwords for one system were compromised. Passwords for a completely separate system have NOT been compromised, but unusual login activity has been detected for that separate system. Account login has been detected for users who are on vacation. Which of the following BEST describes what is happening?

Some users are reusing passwords, and some of the compromised passwords are valid on multiple systems.

A company recently implemented a new security system. In the course of configuration, the security administrator adds the following entry: #Whitelist USB\VID13FE&PID_4127&REV_0100 Which of the following security technologies is MOST likely being configured?

Removable media control

A security analyst needs to be proactive in understand the types of attacks that could potentially target the company's execute. Which of the following intelligence sources should to security analyst review?

Industry information-sharing and collaboration groups

A cybersecurity department purchased o new PAM solution. The team is planning to randomize the service account credentials of the Windows server first. Which of the following would be the BEST method to increase the security on the Linux server? A. Randomize the shared credentials B. Use only guest accounts to connect. D. Remove all user accounts.

Use SSH keys and remove generic passwords

A security audit has revealed that a process control terminal is vulnerable to malicious users installing and executing software on the system. The terminal is beyond end-of-life support and cannot be upgraded, so it is placed on a projected network segment. Which of the following would be MOST effective to implement to further mitigate the reported vulnerability?

Application whitelisting

An organization has decided to host its web application and database in the cloud. Which of the following BEST describes the security concerns for this decision?

The cloud vendor is a new attack vector within the supply chain

Look at image!

Evil twin

A user recently attended an exposition and received some digital promotional materials. The user later noticed blue boxes popping up and disappearing on the computer, and reported receiving several spam emails, which the user did not open. Which of the following is MOST likely the cause of the reported issue?

There was malicious code on the USB drive

A security analyst is performing a packet capture on a series of SOAP HTTP requests for a security assessment. The analyst redirects the output to a file After the capture is complete, the analyst needs to review the first transactions quickly and then search the entire series of requests for a particular string. Which of the following would be BEST to use to accomplish the task? (Choose two.)

head, grep

The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, incident during a pandemic or crisis, However, the CEO is concerned that some staff members may take advantage of the of the flexibility and work from high-risk countries while on holidays work to a third-party organization in another country. The Chief information Officer (CIO) believes the company can implement some basic to mitigate the majority of the risk. Which of the following would be BEST to mitigate CEO's concern? (Choose two.)

Geolocation, Time-of-day restrictions

A company is implementing a DLP solution on the file server. The file server has PII, financial information, and health information stored on it. Depending on what type of data that is hosted on the file server, the company wants different DLP rules assigned to the data. Which of the following should the company do to help to accomplish this goal?

Classify the data

Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the read data?

Data masking

A nuclear plant was the victim of a recent attack, and all the networks were air gapped. A subsequent investigation revealed a worm as the source of the issue. Which of the following BEST explains what happened?

A malicious USB was introduced by an unsuspecting employee

Under GDPR, which of the following is MOST responsible for the protection of privacy and website user rights?

The data controller

A user recent an SMS on a mobile phone that asked for bank delays. Which of the following social-engineering techniques was used in this case?

Smishing

A security administrator needs to create a RAID configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drivers will fail simultaneously. Which of the following RAID configurations should the administration use?

RAID 5

A user is concerned that a web application will not be able to handle unexpected or random input without crashing. Which of the following BEST describes the type of testing the user should perform?

Fuzzing

A security administrator checks the table of a network switch, which shows the following output: (Go to image)

MAC Flooding

A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective?

Security information and event management

The SOC is reviewing process and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. The allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process?

Updating the playbooks with better decision points

An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sale systems. The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load. Which of the following are the BEST options to accomplish this objective? (Select TWO)

Load balancing, RAID

In the middle of a cybersecurity, a security engineer removes the infected devices from the network and lock down all compromised accounts. In which of the following incident response phases is the security engineer currently operating?

Containment

An organization has a growing workforce that is mostly driven by additions to the sales department. Each newly hired salesperson relies on a mobile device to conduct business. The Chief Information Officer (CIO) is wondering it the organization may need to scale down just as quickly as it scaled up. The CIO is also concerned about the organization's security and customer privacy. Which of the following would be BEST to address the CIO's concerns?

Implement BYOD for the sates department while leveraging the MDM

A public relations team will be taking a group of guests on a tour through the facility of a large e-commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against:

Loss of proprietary information

A network engineer needs to create a plan for upgrading the wireless infrastructure in a large office Priority must be given to areas that are currently experiencing latency and connection issues. Which of the following would be the BEST resource for determining the order of priority?

Network diagrams

A security analyst is preparing a threat for an upcoming internal penetration test. The analyst needs to identify a method for determining the tactics, techniques, and procedures of a threat against the organization's network. Which of the following will the analyst MOST likely use to accomplish the objective?

MTRE ATT$CK

A security analyst has received an alert about PlI being sent via email. The analyst's Chief Information Security Officer (CISO) has made it clear that PlI must be handled with extreme care. From which of the following did the alert MOST likely originate?

DLP

A document that appears to be malicious has been discovered in an email that was sent to a company's Chief Financial Officer (CFO). Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?

Detonate the document in an analysis sandbox

A network engineer notices the VPN concentrator overloaded and crashes on days when there are a lot of remote workers. Senior management has placed greater importance on the availability of VPN resources for the remote workers than the security of the end users' traffic. Which of the following would be BEST to solve this issue?

Split tunneling

A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would BEST detect the presence of a rootkit in the future?

EDR

A security administrator currently spends a large amount of time on common security tasks, such as report generation, phishing investigations, and user provisioning and deprovisioning. This prevents the administrator from spending time on other security projects. The business does not have the budget to add more staff members. Which of the following should the administrator implement?

SOAR

A security analyst sees the following log output while reviewing web logs: [02/Feb2019:03:39:21 -0000] 23.35.212.99 12.59.34.58 - "OEr/421/ingut.action/query-425.921.921.42Eetc82EgaseurdNITP/2.0"80200200 [02/Feb2019:03:39:05 -0000) 23.35.212.93 12.59.34.08 - 4987 /wa/Amput.aceton?query=/.././../etc/password#7TP/1.0"80200200 Which of the following mitigation strategies would be BEST to prevent this attack from being successful?

Input validation

A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operation in the event of a prolonged DDoS attack on its local datacenter that consumes database resources. Which of the following will the CISO MOST likely recommend to mitigate this risk?

Implement a hot-site failover location

Which of the following secure coding techniques makes compromised code more difficult for hackers to use?

Obfuscation

An incident response technician collected a mobile device during an investigation. Which of the following should the technician do to maintain chain of custody?

Document the collection and require a sign-off when possession changes.

An organization's RPO for a critical system is two hours. The system is used Monday through Friday, from 9:00 am to 5:00 pm. Currently, the organization performs a full backup every Saturday that takes four hours to complete. Which of the following additional backup implementations would be the BEST way for the analyst to meet the business requirements?

Incremental backups Monday through Friday at 6:00 p.m and differential backups hourly

A security analyst discovers that a company username and password database was posted on an internet forum. The username and passwords are stored in plan text. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

Implement salting and hashing

After a ransomware attack a forensics company needs to review a cryptocurrency transaction between the victim and the attacker. Which of the following will the company MOST likely review to trace this transaction?

The public ledger

Which of the following is a team of people dedicated testing the effectiveness of organizational security programs by emulating the techniques of potential attackers?

Red team

Which of the following job roles would sponsor data quality and data entry initiatives that ensure business and regulatory requirements are met?

The data steward

A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?

Offboarding

A network administrator would like to configure a site-to-site VPN utilizing iPSec. The administrator wants the tunnel to be established with data integrity encryption, authentication and anti- replay functions. Which of the following should the administrator use when configuring the VPN?

ESP

The following is an administrative control that would be MOST effective to reduce the occurrence of malware execution?

Security awareness training

The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve in the environment patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO's concerns?

SSO would reduce the resilience and availability of system if the provider goes offline.

A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patch routine. Which of the following steps should also be taken to harden the smart switch?

Change the default password for the switch.

Which of the following describes the BEST approach for deploying application patches?

Apply the patches to systems in a testing environment then to systems in a staging environment, and finally to production systems.

A security engineer needs to enhance MFA access to sensitive areas in a building. A key card and fingerprint scan are already in use. Which of the following would add another factor of authentication?

Keypad PIN

A symmetric encryption algorithm is BEST suited for:

protecting large amounts of data

A company has limited storage space available and an online presence that cannot be down for more than four hours. Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time in the event of a failure, while being mindful of the limited available storage space?

Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m.

A security analyst is reviewing information regarding recent vulnerabilities. Which of the following will the analyst MOST likely consult to validate which platforms have been affected?

CVE

A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place?

LESSONS LEARNED

critical file server is being upgraded and the systems administrator must determine which RAID level the new server will need to achieve parity and handle two simultaneous disk failures. Which of the following RAID levels meets this requirements?

RAID 6

Which of the following provides the BEST protection for sensitive information and data stored in cloud-based services but still allows for full functionality and searchability of data within the cloud-based services?

Data encryption

A company uses wireless for all laptops and keeps a very detailed record of its assets, along with a comprehensive list of devices that are authorized to be on the wireless network. The Chief Information Officer (CIO) is concerned about a script kiddie potentially using an unauthorized device to brute force the wireless PSK and obtain access to the internal network. Which of the following should the company implement to BEST prevent this from occurring?

A WIDS

Which of the following would be BEST to establish between organizations that have agreed cooperate and are engaged in early discussion to define the responsibilities of each party, but do not want to establish a contractually binding agreement?

An MOU

A Chief Executive Officer's (CEO) personal information was stolen in a social engineering attack. Which of the following sources would reveal if the CEO's personal information is for sale?

The dark web

An organization suffered an outage and a critical system took 90 minutes to come back online. Though there was no data loss during the outage, the expectation was that the critical system would be available again within 60 minutes. Which of the following is the 60- minute expectation an example of:

RTO

A smart retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the business and the local ISP, resulting in several hours of lost sales and delayed order processing. The business owner now needs to ensure two things: - Protection from power outages - Always-available connectivity In case of an outage The owner has decided to implement battery backups for the computer equipment Which of the following would BEST fulfill the owner's second need?

Purchase services from a cloud provider for high availability

A company recently moved sensitive videos between on-premises, company-owned websites. The company then learned the videos had been uploaded and shared to the Internet. Which of the following would MOST likely allow the company to find the cause?

A log analysis

A company's Chief Information Officer (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company's developers. Which of the following would be MOST suitable for training the developers?

A capture-the-flag competition

Look at image.

An attacker temporarily pawned a name server

Local guidelines require that all information systems meet a minimum-security baseline to be compliant. Which of the following can security administrators use to assess their system configurations against the baseline?

Benchmarks

Which of the following would be BEST to establish between organizations to define the responsibilities of each party, outline the key deliverables, and include monetary penalties for breaches to manage third-party risk?

An SLA

A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

Segmentation

Which of the following ISO standards is certified for privacy?

ISO 27701

Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?

EDR

A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers the company is unable to upgrade the encryption standard. Which of the following types of controls should be used to reduce the risk created by this scenario?

Compensating

A security assessment determines DES and 3DES at still being used on recently deployed production servers. Which of the following did the assessment identify?

Weak encryption

A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to account to the account and pivot through the global network. Which of the following would be BEST to help mitigate this concern?

Create different accounts for each region. limit their logon times, and alert on risky logins

A security modern may have occurred on the desktop PC of an organization's Chief Executive Officer (CEO) A duplicate copy of the CEO's hard drive must be stored securely to ensure appropriate forensic processes and the chain of custody are followed. Which of the following should be performed to accomplish this task?

Connect a write blocker to the hard drive Then leveraging a forensic workstation, utilize the dd command m a live Linux environment to create a duplicate copy

A security analyst needs to implement an MDM solution for BYOD users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration that might occur if the devices are lost or stolen. Which of the following would BEST meet these requirements? (Choose two.)

Containerization, Remote control

A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet. Which of the following should the analyst implement to authenticate the entire packet?

ESP

Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?

Watering-hole attack

Employees are having issues accessing the company's website. Some employees report very slow performance, while others cannot the website at all. The web and security administrators search the logs and find millions of half-open connections to port 443 on the web server. Further analysis reveals thousands of different source IPs initiating this traffic. Which of the following attacks is MOST likely occurring?

DDOS

An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network traffic to the server and transfer the pcap back to the machine for analysis. Which of the following tools should the analyst use to further review the pcap?

Wireshark

A security analyst is investigation an incident that was first reported as an issue connecting to network shares and the internet, While reviewing logs and tool output, the analyst sees the following:

ARP poisoning

An engineer wants to access sensitive data from a corporate-owned mobile device. Personal data is not allowed on the device. Which of the following MDM configurations must be considered when the engineer travels for business?

Containerization

An organization's Chief Security Officer (CSO) wants to validate the business's involvement in the incident response plan to ensure its validity and thoroughness. Which of the following will the CSO MOST likely use?

A tabletop exercise

A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area. Which of the following would MOST likely have prevented this breach?

A USB data blocker

A cybersecurity analyst reviews the log files from a web server and sees a series of files that indicates a directory-traversal attack has occurred. Which of the following is the analyst MOST likely seeing?

http://sample.url.com/someotherpageonsite/…/…/…/etc/shadow

A workwide manufacturing company has been experiencing email account compromised. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would BEST prevent this type of attack?

Impossible travel time

A network administrator has been asked to design a solution to improve a company's security posture The administrator is given the following, requirements? - The solution must be inline in the network - The solution must be able to block known malicious traffic - The solution must be able to stop network-based attacks Which of the following should the network administrator implement to BEST meet these requirements?

NIPS

An analyst visits an internet forum looking for information about a tool. The analyst finds a threat that appears to contain relevant information. One of the posts says the following: Hello everyone, I am having the same problem with my server. Can you help me? <script type-"text/javascript" src-http://website.com/user.js> Onload=sqlexec () ; </script> Thank you, Joe Which of the following BEST describes the attack that was attempted against the forum readers?

XSS attack

Which of the following organizational policies are MOST likely to detect fraud that is being conducted by existing employees? (Choose two.)

Mandatory vacation, Job rotation

100

When selecting a technical solution for identity management, an architect chooses to go from an in-house to a third-party SaaS provider. Which of the following risk management strategies is this an example of?

Transference

security+1

security+1

security+6

security+6

security+7

security+7

security+8

security+8

security+9

security+9

security+10

security+10

security+11

security+11

security+12

security+12

cysa+1

cysa+1

cysa+2

cysa+2

cysa+3

cysa+3

A+1

A+1

問題一覧

Which of the following is a valid multifactor authentication combination?

OTP token combined with password

Denial of service

Which of the following serves to warn users against downloading and installing pirated software on company devices?

AUP

DNS hijacking, Man-in-the-browser

Logic bomb

Which of the following attacks can be mitigated by proper data retention policies?

Dumpster diving

Job rotation

TLS1.2

Public SaaS

Which of the following represents a multifactor authentication system?

A digital certificate on a physical token that is unlocked with a secret passcode

A preventive control differs from a compensating control in that a preventive control is:

designed to specifically mitigate risk.

The exploitation of a buffer-overrun vulnerability in an application will MOST like lead to:

arbitrary code execution.

Social engineering

Which of the following is an example of federated access management?

Using a popular website login to provide access to another website

Honeynet

Some users are reusing passwords, and some of the compromised passwords are valid on multiple systems.

Removable media control

Industry information-sharing and collaboration groups

Use SSH keys and remove generic passwords

Application whitelisting

An organization has decided to host its web application and database in the cloud. Which of the following BEST describes the security concerns for this decision?

The cloud vendor is a new attack vector within the supply chain

Look at image!

Evil twin

There was malicious code on the USB drive

head, grep

Geolocation, Time-of-day restrictions

Classify the data

Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the read data?

Data masking

A malicious USB was introduced by an unsuspecting employee

Under GDPR, which of the following is MOST responsible for the protection of privacy and website user rights?

The data controller

A user recent an SMS on a mobile phone that asked for bank delays. Which of the following social-engineering techniques was used in this case?

Smishing

RAID 5

A user is concerned that a web application will not be able to handle unexpected or random input without crashing. Which of the following BEST describes the type of testing the user should perform?

Fuzzing

A security administrator checks the table of a network switch, which shows the following output: (Go to image)

MAC Flooding

A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective?

Security information and event management

Updating the playbooks with better decision points

Load balancing, RAID

Containment

Implement BYOD for the sates department while leveraging the MDM

Loss of proprietary information

Network diagrams

MTRE ATT$CK

DLP

Detonate the document in an analysis sandbox

Split tunneling

EDR

SOAR

Input validation

Implement a hot-site failover location

Which of the following secure coding techniques makes compromised code more difficult for hackers to use?

Obfuscation

An incident response technician collected a mobile device during an investigation. Which of the following should the technician do to maintain chain of custody?

Document the collection and require a sign-off when possession changes.

Incremental backups Monday through Friday at 6:00 p.m and differential backups hourly

Implement salting and hashing

The public ledger

Which of the following is a team of people dedicated testing the effectiveness of organizational security programs by emulating the techniques of potential attackers?

Red team

Which of the following job roles would sponsor data quality and data entry initiatives that ensure business and regulatory requirements are met?

The data steward

Offboarding

ESP

The following is an administrative control that would be MOST effective to reduce the occurrence of malware execution?

Security awareness training

SSO would reduce the resilience and availability of system if the provider goes offline.

Change the default password for the switch.

Which of the following describes the BEST approach for deploying application patches?

Apply the patches to systems in a testing environment then to systems in a staging environment, and finally to production systems.

Keypad PIN

A symmetric encryption algorithm is BEST suited for:

protecting large amounts of data

Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m.

A security analyst is reviewing information regarding recent vulnerabilities. Which of the following will the analyst MOST likely consult to validate which platforms have been affected?

CVE

LESSONS LEARNED

RAID 6

Data encryption

A WIDS

An MOU

A Chief Executive Officer's (CEO) personal information was stolen in a social engineering attack. Which of the following sources would reveal if the CEO's personal information is for sale?

The dark web

RTO

Purchase services from a cloud provider for high availability

A log analysis

A capture-the-flag competition

Look at image.

An attacker temporarily pawned a name server

Benchmarks

An SLA

Segmentation

Which of the following ISO standards is certified for privacy?

ISO 27701

Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?

EDR

Compensating

A security assessment determines DES and 3DES at still being used on recently deployed production servers. Which of the following did the assessment identify?

Weak encryption

Create different accounts for each region. limit their logon times, and alert on risky logins

Connect a write blocker to the hard drive Then leveraging a forensic workstation, utilize the dd command m a live Linux environment to create a duplicate copy

Containerization, Remote control

ESP

Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?

Watering-hole attack

DDOS

Wireshark

ARP poisoning

Containerization

A tabletop exercise

A USB data blocker

http://sample.url.com/someotherpageonsite/…/…/…/etc/shadow

Impossible travel time

NIPS

XSS attack

Which of the following organizational policies are MOST likely to detect fraud that is being conducted by existing employees? (Choose two.)

Mandatory vacation, Job rotation

100

Transference