A-2

184問 • 1年前

問題一覧

An organization hired a third party to test its internal server environment for any exploitable vulnerabilities and to gain privileged access. The tester compromised several servers, and the organization was unable to detect any of the compromises. Which of the following actions would be best for the company to take to address these findings?

A. Implement a SIEM to correlate logs from multiple sources looking for alterable incidents.

Which of the following is the best resource to consult for information on the most common application exploitation methods?

A. OWASP

A company would like to implement a secure process for managing headless servers remotely. Which of the following should the company most likely implement?

A. SSH

A spoofed identity was detected for a digital certificate. Which of the following are the type of unidentified key and the certificate that could be in use on the company domain?

C. Private key and self-signed certificate

An administrator receives the following network requirements for a data integration with a third-party vendor: Which of the following is the most appropriate response for the administrator to send?

B. Port 8080 is a non-standard port and should be blocked.

A security analyst receives reports of widespread password login attempts for most of the administrator accounts in the environment. Logs indicate that a successful login occurred and the same credentials are being used to attempt to gain access to other resources. Which of the following would best prevent this type of attack from being successful?

A. Multi Factor authentication

A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required for the security analysts Which of the following would best enable the reduction in manual work?

A. SOAR

Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats?

A. Air gap

An application server is published directly on the internet with a public IP address. Which of the following should the administrator use to monitor the application traffic?

A. WAF

Which of the following is the final step of the incident response process?

A. Lessons learned

Which of the following best describes why the SMS OTP authentication method is more risky to implement than the TOTP method?

C. The SMS OTP is more likely to be intercepted and lead to unauthorized disclosure of the code than the TOTP method.

Which of the following is the most important security concern when using legacy systems to provide production service?

B. Lack of vendor support

During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers. Which of the following describes an attack method that relates to printing centers?

Ç. Dumpster diving

Which of the following best describes the process of adding a secret value to extend the length of stored passwords?

C. Salting

During the past year, an organization has experienced several intellectual property leaks by an unidentified source. Which of the following risk management policies will help the company identify the source of this issue?

B. Implementing mandatory vacations

A security team discovers a vulnerability that does not have a patch available. The team determines the vulnerability is critical. Which of the following should the security engineers do to address the vulnerability?

C. Inform the vendor of this discovery in a secure manner and apply appropriate mitigations

Which of the following involves embedding malware in routers procured from a third-party vendor?

C. Supply chain attack

A security analyst needs to propose a remediation plan for each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution. Which of the following implementation plans will most likely resolve this security issue?

B. Integrating each SaaS solution with the identity provider

A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security team propose to resolve the findings in the most complete way?

B. Reviewing the domain administrator group, removing all unnecessary administrators, and rotating all passwords

Which of the following should a security operations center use to improve its incident response procedure?

A. Playbooks

A company recently decided to allow employees to work remotely. The company wants to protect its data without using a VPN. Which of the following technologies should the company implement?

A. Secure web gateway

A company would like to implement a network security solution to inspect traffic on the network and generate an alert when specific traffic patterns are observed. The solution should never block legitimate network traffic. Which of the following will the company most likely implement?

A. NIDS

Which of the following best describes a social engineering attack that uses a targeted electronic messaging campaign aimed at a Chief Executive Officer?

B. Whaling

A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach and does not have an on-premises IT infrastructure. Which of the following would best secure the organization?

B. Deploying an appropriate in-line CASB solution

Which of the following would best enable a systems administrator to easily determine which devices are located at a remote facility and allow policy to be pushed to only those devices?

C. Standard naming conventions

Which of the following best describes a legal hold?

A. It occurs during litigation and requires retention of both electronic and physical documents

An analyst is providing feedback on an incident that involved an unauthorized zone transfer and an on-path attack in a corporate network. The analyst's recommendation is to implement secure DNS. Which of the following would be the most beneficial result of this action?

C. Preventing unauthenticated clients access to the server

Following a recent security breach, an analyst discovered that user permissions were added when joining another part of the organization but were not removed from existing groups. Which of the following policies would help to correct these issues in the future?

B. Account audits

A systems administrator is considering switching from tape backup to an alternative backup solution that would allow data to be readily available in the event of a disaster. Which of the following backup types should the administrator implement?

C. Cloud

Which of the following describes a social engineering technique that may include scam emails addressed directly to the Chief Financial Officer?

B. Spear phishing

A web application for a bank displays the following output when showing details about a customer's bank account: Which of the following techniques is most likely implemented in this web application?

C. Data masking

A security administrator manages five on-site APs. Each AP uses different channels on a 5GHz network. The administrator notices that another access point with the same corporate SSID on an overlapping channel was created. Which of the following attacks most likely occurred?

Evil twin

In a tabletop exercise a simulated group of disgruntled employees deleted all of their work from the file server on their last day at the company. Which of the following actions would a security engineer take to mitigate this risk?

A. Perform nightly snapshots

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. Saldırgan diğer kimlik bilgilerini bulmak için bilgisayarın belleğini kazımıştır.s. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

Pass-the-hash

A systems administrator is redesigning how devices will perform network authentication. The following requirements need to be met: ● An existing internal certificate must be used. ● Wired and wireless networks must be supported. ● Any unapproved device should be isolated in a quarantine subnet. ● Approved devices should be updated before accessing resources. Which of the following would best meet the requirements?

A. 802.1X

A business uses Wi-Fi with content filtering enabled. An employee noticed a coworker accessed a blocked site from a work computer and reported the issue. While investigating the issue, a security administrator found another device providing internet access to certain employees. Which of the following best describes the security risk?

B. A rogue access point is allowing users to bypass controls.

A security analyst is reviewing the following system command history on a computer that was recently utilized in a larger attack on the corporate infrastructure; Which of the following best describes what the analyst has discovered?

A. A successful privilege escalation attack by a local user

While investigating a recent security breach an analyst finds that an attacker gained access by SQL injection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

B. Input sanitization

A security administrator needs to improve the security at an entry kiosk. Currently, employees enter an employee number and PIN at a PC to enter the building. Which of the following is the best solution to improve security at the entry kiosk?

B. Smart card

Since a recent upgrade to a WLAN infrastructure, several mobile users have been unable to access the internet from the lobby. The networking team performs a heat map survey of the building and finds several WAPs in the area. The WAPs are using similar frequencies with high power settings. Which of the following installation considerations should the security team evaluate next?

A. Channel overlap

A security analyst inspects the following log: Which of the following was attempted?

. Directory traversal

A security analyst needs to harden access to a network. One of the requirements is to authenticate users with smart cards. Which of the following should the analyst enable to best meet this requirement?

Ç. EAP-TLS

Two companies are in the process of merging. The companies need to decide how to standardize the information security programs. Which of the following would best align the security programs?

C. Both companies following the same CSF

A company has implemented a policy that requires two people to agree in order to push any changes from the test codebase repository into production. Which of the following best describes this control type?

Ç. Operational

A user, who is waiting for a flight at an airport, logs in to the airline website using the public Wi-Fi, ignores a security warning, and purchases an upgraded seat. When the flight lands, the user finds unauthorized credit card charges. Which of the following attacks most likely occurred?

On-path attack

A recent vulnerability scan revealed multiple servers have non-standard ports open for applications that are no longer in use. The security team is working to ensure all devices are patched and hardened. Which of the following would the security team perform to ensure the task is completed with minimal impact to production?

B. Disable unnecessary services.

A security administrator is reissuing a former employee's laptop. Which of the following is the best combination of data handling activities for the administrator to perform? (Select two).

C. Destruction, D. SanitizatiKonserton

A company is implementing a vendor's security tool in the cloud. The security director does not want to manage users and passwords specific to this tool but would rather utilize the company's standard user directory. Which of the following should the company implement?

B. SAML

Which of the following environments utilizes a subset of customer data and is most likely to be used to assess the impacts of major system upgrades and demonstrate system features?

Ç. Staging

Which of the following, if compromised, can indirectly impact systems’ availability by imposing inadequate environmental conditions for the hardware to operate properly?

Ç. HVAC

An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned, one of the batch jobs failed and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?

Ç. Separation of duties

A recent penetration test identified that an attacker could flood the MAC address table of network switches. Which of the following would best mitigate this type of attack?

B. Port security

A security department wants to conduct an exercise that will make many experimental changes to the main virtual server. After the exercise is completed, the IT director would like to be able to rollback to the state prior to the exercise. Which of the following backup types will allow for the fastest rollback?

B. Snapshot

A security team received the following requirements for a new BYOD program that will allow employees to use personal smartphones to access business email: ● Sensitive customer data must be safeguarded ● Documents from managed sources should not be opened in unmanaged destinations. ● Sharing of managed documents must be disabled, ● Employees should not be able to download emailed images to their devices. ● Personal photos and contact lists must be kept private. ● IT must be able to remove data from lost/stolen devices or when an employee no longer works for the company. Which of the following are the best features to enable to meet these requirements? (Select two).

A. Remote wipe, Containerization

A network administrator deployed a DNS logging tool that logs suspicious websites that are visited and then sends a daily report based on various weighted metrics. Which of the following best describes the type of control the administrator put in place?

Ç. Detective

An audit report showed that a former employee saved the following files to an external USB drive before the employee's termination date: ● Annual_tax_form.pdf ● encrypted_passwords.db ● team_picture.jpg ● contactjist.db ● human_resources.txt Which of the following could the former employee do to potentially compromise corporate credentials?

A. Perform an offline brute-force attack.

A company would like to implement a daily backup solution. The backup will be stored on a NAS appliance, and capacity is not a limiting factor. Which of the following will the company most likely implement to ensure complete restoration?

A. Full

. A security analyst is assessing several company firewalls. Which of the following tools would the analyst most likely use to generate custom packets to use during the assessment?

hping

The security operations center is researching an event concerning a suspicious IP address. A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced failed log-in attempts when authenticating event logs and discovers that a significant portion of the user accounts have experienced failed log-in attempts when authenticating from the same IP address: Which of the following most likely describes the attack that took place

A. Spraying

A company needs to keep the fewest records possible, meet compliance needs, and ensure destruction of records that are no longer needed. Which of the following best describes the policy that meets these requirements?

C. Retention policy

. Users are reporting performance issues from a specific application server. Which of the following types of log files should be used to capture this information?

B. Syslog data

A security analyst is working with a vendor to get a new SaaS application deployed to an enterprise. The analyst wants to ensure role-based security policies are correctly applied as users access the application. Which of the following is most likely to solve the issue?

A. CASB

Which of the following describes an executive team that is meeting in a boardroom and testing the company's incident response plan?

C. Tabletop exercise

A security analyst is reviewing a secure website that is generating TLS certificate errors. The analyst determines that the browser is unable to receive a response from the OCSP for the certificate. Which of the following actions would most likely resolve the issue?

C. Unblock the OCSP protocol in the host-based firewall.

An administrator identifies some locations on the third floor of the building that have a poor wireless signal. Multiple users confirm the incident and report it is not an isolated event. Which of the following should the administrator use to find the areas with a poor or nonexistent wireless signal?

A. Heat map

Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

Ç. Shadow IT

Which of the following utilizes public and private keys to secure data?

C. Asymmetric encryption

A third-party vendor is moving a particular application to the end-of-life stage at the end of the current year. Which of the following is the most critical risk if the company chooses to continue running the application?

Lack of security updates

Which of the following best describes why a process would require a two-person integrity security control?

C. To reduce the risk that the procedures are performed incorrectly or by an unauthorized user

Which of the following threat actors is most likely to use a high level of sophistication and potentially zero-day exploits to target organizations and systems?

A. APT groups

Which of the following can a security director use to prioritize vulnerability patching within a company's IT Environment?

B. CVSS

An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?

Tokenization

A company would like to enhance the authentication technologies being used by remote employees. Which of the following should the company most likely choose?

A. Token key

Which of the following best describes a threat actor who is attempting to use commands found on a public code repository?

A. Script kiddie

An administrator is investigating an incident and discovers several users' computers were infected with malware after viewing files that were shared with them. The administrator discovers no degraded performance in the infected machines and an examination of the log files does not show excessive failed logins. Which of the following attacks is most likely the cause of the malware?

B. Remote access Trojan

An employee in the accounting department receives an email containing a demand for payment for services performed by a vendor. However, the vendor is not in the vendor management database. Which of the following is this scenario an example of?

Ç. Invoice scam

After a web server was migrated to a cloud environment, user access to that server was blocked. Even though an on-premises firewall configuration has been modified to reflect the cloud infrastructure, users are still experiencing access issues. Which of the following most likely needs to be configured?

A. Security group

A website user is locked out of an account after clicking an email link and visiting a different website. Web server logs show the user’s password was changed, even though the user did not change the password. Which of the following is the most likely cause?

A. Cross-site request forgery

Which of the following security program audits includes a comprehensive evaluation of the security controls in place at an organization over a six- to 12-month time period?

B. SOC 2 Type II

A company wants to get alerts when others are researching and doing reconnaissance on the company. One approach would be to host a part of the infrastructure online with known vulnerabilities that would appear to be company assets. Which of the following describes this approach?

Ç. Honeypot

A municipality implements an loT device discovery scanner and finds a legacy controller for a critical internal utility SCADA service that is running firmware with multiple vulnerabilities. Unfortunately, the controller cannot be upgraded, and a replacement for it is not available for at least a year. Which of the following is the best action to take to mitigate the risk posed by this controller in the meantime?

Isolate the controller from the rest of the network and constrain connectivity.

. During a forensic investigation, an analyst uses software to create a checksum of the affected subject's email file. Which of the following is the analyst practicing?

Integrity

An external vendor recently visited a company's headquarters for a presentation. Following the visit, a member of the hosting team found a file that the external vendor left behind on a server. The file contained detailed architecture information and code snippets. Which of the following data types best describes this file?

C. Proprietary

An organization would like to gain actionable intelligence about real attacker techniques used against its systems. Which of the following should the organization use to best achieve this objective?

B. Honeypot

A company wants to implement MFA. Which of the following enables the additional factor while using a smart card?

A. PIN

Which of the following best explains why physical security controls are important in creating a secure environment?

. To ensure only authorized users have the ability to obtain direct access to systems or data

Which of the following threat vectors is most commonly utilized by insider threat actors attempting data exfiltration?

Unidentified removable devices

An organization is concerned about hackers bypassing MFA through social engineering of phone carriers. Which of the following would most likely protect against such an attack?

C. Receiving a push notification to a mobile application

While performing digital forensics, which of the following is considered the most volatile and should have the contents collected first?

B. RAM

A systems administrator notices that one of the systems critical for processing customer transactions is running an end-of-life operating system. Which of the following techniques would increase enterprise security?

C. Decommissioning the system

Which of the following alert types is the most likely to be ignored over time?

False positive

A company is utilizing an offshore team to help support the finance department. The company wants to keep the data secure by keeping it on a company device but does not want to provide equipment to the offshore team. Which of the following should the company implement to meet this requirement?

VDI

. Which of the following is considered a preventive control?

Ç. Segregation of duties

In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following BEST describes the security engineer's response?

B. Risk acceptance

A company executive experienced a security issue at an airport Photos taken during a strategy meeting were stolen when the executive used a free smartphone-charging station. Which of the following can be used to prevent this from occurring in the future?

Data blockers

A company is required to perform a risk assessment on an annual basis. Which of the following types of risk assessments does this requirement describe?

C. Recurring

A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next?

B. Firewall

Which of the following best describes a use case for a DNS sinkhole?

C. A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers

. A security analyst is investigating a SIEM event concerning invalid log-ins The system logs that match the time frame of the event show the following Which of the following best describes this type of attack?

B. Spraying

100

A systems administrator would like to set up a system that will make it difficult or impossible to deny that someone has performed an action. Which of the following is the administrator trying to accomplish?

A. Non-repudiation

CNL_CH_1

Son Cagrı · 3回閲覧 · 185問 · 2年前

CNL_CH_1