CNL_CH_6

100問 • 2年前

問題一覧

An engineer wants to inspect traffic to a cluster of web servers in a cloud environment. Which of the following solutions should the engineer implement?

WAF

A company wants the ability to restrict web access and monitor the websites that employees visit. Which of the following would BEST meet these requirements?

Internet proxy

An organization routes all of its traffic through a VPN Most users are remote and connect into a corporate data center that houses confidential information There is a firewall at the Internet border followed by a DLP appliance, the VPN server and the datacenter itself. Which of the following is the WEAKEST design element?

Encrypted VPN traffic will not be inspected when entering or leaving the network

A Chief Security Officer is looking for a solution that can provide increased scalability and flexibility for back-end infrastructure, allowing it to be updated and modified without disruption to services. The security architect would like the solution selected to reduce the back-end server resources and has highlighted that session persistence is not important for the applications running on the back-end servers. Which of the following would BEST meet the requirements?

Reverse proxy

A Chief Security Officer is looking for a solution that can reduce the occurrence of customers receiving errors from back-end infrastructure when systems go offline unexpectedly. The security architect would like the solution to help maintain session persistence. Which of the following would BEST meet the requirements?

Load balancer

Joe, a user at a company, clicked an email linked to a website that infected his workstation. Joe was connected to the network, and the virus spread to the network shares. The protective measures failed to stop this virus, and it has continued to evade detection. Which of the following should the administrator implement to protect the environment from this malware?

Implement a heuristic behavior-detection solution

In which of the following situations would it be BEST to use a detective control type for mitigation?

A company purchased an IPS system, but after reviewing the requirements, the appliance was supposed to monitor, not block, any traffic.

A data center has experienced an increase in under-voltage events following electrical grid maintenance outside the facility. These events are leading to occasional losses of system availability. Which of the following would be the most cost-effective solution for the data center to implement?

Uninterruptible power supplies with battery backup

Which of the following is the MOST effective control against zero-day vulnerabilities?

Network segmentation

A security administrator needs to add fault tolerance and load balancing to the connection from the file server to the backup storage. Which of the following is the best choice to achieve this objective?

Multipathing

An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding the credit card statement with unusual purchases. Which of the following attacks took place?

On-path attack

Security analysts are conducting an investigation of an attack that occurred inside the organization’s network. An attacker was able to connect network traffic between workstations throughout the network. The analysts review the following logs: The layer 2 address table has hundreds of entries similar to the ones above. Which of the following attacks has MOST likely occurred?

MAC flooding

An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be used to accomplish this task?

Host-based firewall

A company has a flat network in the cloud. The company needs to implement a solution to segment its production and non-production servers without migrating servers to a new network. Which of the following solutions should the company implement?

VLAN segmentation

A network engineer created two subnets that will be used for production and development servers. Per security policy, production and development servers must each have a dedicated network that cannot communicate with one another directly. Which of the following should be deployed so that server administrators can access these devices?

Jump servers

An analyst receives multiple alerts for beaconing activity for a host on the network, After analyzing the activity, the analyst observes the following activity: ● A user enters comptia.org into a web browser. ● The website that appears is not the comptia.org site. ● The website is a malicious site from the attacker. ● Users in a different office are not having this issue. Which of the following types of attacks was observed?

DNS poisoning

An administrator is configuring a firewall rule set for a subnet to only access DHCP, web pages, and SFTP, and to specifically block FTP. Which of the following would BEST accomplish this goal?

Which of the following processes will eliminate data using a method that will allow the storage device to be reused after the process is complete?

Overwriting

A security analyst is investigation an incident that was first reported as an issue connecting to network shares and the internet, While reviewing logs and tool output, the analyst sees the following: Which of the following attacks has occurred?

ARP poisoning

Which of the following controls would BEST identify and report malicious insider activities?

An intrusion detection system

While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor?

Utilizing SIEM correlation engines

A security engineer needs to create a network segment that can be used for servers that require connections from untrusted networks. Which of the following should the engineer implement?

A screened subnet (DMZ)

A security analyst needs to make a recommendation for restricting access to certain segments of the network using only data-link layer security. Which of the following controls will the analyst MOST likely recommend?

MAC

After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

An ACL

After a recent security incident, a security analyst discovered that unnecessary ports were open on a firewall policy for a web server. Which of the following firewall policies would be MOST secure for a web server?

Option D

A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?

Segmentation

To mitigate the impact of a single VM being compromised by another VM on the same hypervisor, an administrator would like to utilize a technical control to further segregate the traffic. Which of the following solutions would BEST accomplish this objective?

Add more VLANs to the hypervisor network switches.

A company recently experienced an attack during which its main website was directed to the attacker’s web server, allowing the attacker to harvest credentials from unsuspecting customers. Which of the following should the company implement to prevent this type of attack from occurring in the future?

DNSSEC

A security engineer needs to build a solution to satisfy regulatory requirements that state certain critical servers must be accessed using MFA. However, the critical servers are older and are unable to support the addition of MFA. Which of the following will the engineer MOST likely use to achieve this objective?

A jump server

All security analysts workstations at a company have network access to a critical server VLAN. The information security manager wants to further enhance the controls by requiring that all access to the secure VLAN be authorized only from a given single location. Which of the following will the information security manager MOST likely implement?

A jump server

A company is receiving emails with links to phishing sites that look very similar to the company's own website address and content. Which of the following is the BEST way for the company to mitigate this attack?

Generate a list of domains similar to the company's own and implement a DNS sinkhole for each.

A security manager is attempting to meet multiple security objectives in the next fiscal year. The security manager has proposed the purchase of the following four items: Vendor A: 1- Firewall 1-12 switch Vendor B: 1- Firewall 1-12 switch Which of the following security objectives is the security manager attempting to meet? (Select two).

Scalability, Redundancy

Historically a company has had issues with users plugging in personally owned removable media devices into corporate computers. As a result, the threat of malware incidents is almost constant. Which of the following would BEST help prevent the malware from being installed on the computers?

EDR

A security administrator has discovered that workstations on the LAN are becoming infected with malware. The cause of the infections appears to be users receiving phishing emails that are bypassing the current email-filtering technology. As a result, users are being tricked into clicking on malicious URLs, as no internal controls currently exist in the environment to evaluate their safety. Which of the following would be BEST to implement to address the issue?

Awareness training

An organization has expanded its operations by opening a remote office. The new office is fully furnished with office resources to support up to 50 employees working on any given day. Which of the following VPN solutions would BEST support the new office?

Site-to-site

A network engineer notices the VPN concentrator is overloaded and crashes on days when there are a lot of remote workers. Senior management has placed greater importance on the availability of VPN resources for the remote workers than the security of the end users’ traffic. Which of the following would be BEST to solve this issue?

Split tunneling

A SOC is implementing an insider-threat-detection program. The primary concern is that users may be accessing confidential data without authorization. Which of the following should be deployed to detect a potential insider threat?

Ahoneyfile

Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?

The document is a honeyfile and is meant to attract the attention of a cyber intruder.

A security analyst is configuring a large number of new company-issued laptops. The analyst received the following requirements: • The devices will be used internationally by staff who travel extensively. • Occasional personal use is acceptable due to the travel requirements. • Users must be able to install and configure sanctioned programs and productivity suites. • The devices must be encrypted • The devices must be capable of operating in low-bandwidth environments. Which of the following would provide the GREATEST benefit to the security posture of the devices?

Configuring an always-on VPN

A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet. Which of the following should the analyst implement to authenticate the entire packet?

An organization relies on third-party video conferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources. Which of the following would BEST maintain high-quality video conferencing while minimizing latency when connected to the VPN?

Configuring QoS properly on the VPN accelerators

A network administrator would like to configure a site-to-site VPN utilizing iPSec. The administrator wants the tunnel to be established with data integrity encryption, authentication and anti-replay functions. Which of the following should the administrator use when configuring the VPN?

C. ESP

A security researcher is attempting to gather data on the widespread use of a Zero-day exploit. Which of the following will the researcher MOST likely use to capture this data?

A honeypot

A network administrator has been asked to design a solution to improve a company's security posture The administrator is given the following requirements: • The solution must be inline in the network • The solution must be able to block (IPS) known malicious traffic • The solution must be able to stop network-based attacks Which of the following should the network administrator implement to BEST meet these requirements?

NIPS (Network-based intrusion prevention system)

An organization plans to transition the intrusion detection and prevention techniques on a critical subnet to an anomaly-based system. Which of the following does the organization need to determine for this to be successful?

The baseline

While reviewing the wireless router, the systems administrator of a small business determines someone is spoofing the MAC address of an authorized device. Given the table below: Which of the following should be the administrator's NEXT step to detect if there is a rogue system without impacting availability?

Physically check each system

An analyst needs to set up a method for securely transferring files between systems. One of the requirements is to authenticate the IP header and the payload. Which of the following services would BEST meet the criteria?

AH (Authentication Header)

A company wants to deploy decoy systems alongside production systems in order to entice threat actors and to learn more about attackers. Which of the following BEST describe these systems?

Honeypots

Which of the following would be MOST effective to contain a rapidly spreading attack that is affecting a large number of organizations?

DNS sinkhole

Administrators have allowed employee to access their company email from personal computers. However, the administrators are concerned that these computes are another attach surface and can result in user accounts being breached by foreign actors. Which of the following actions would provide the MOST secure solution?

Enforce a policy that allows employees to be able to access their email only while they are connected to the internet via VPN

Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?

EDR

A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would BEST detect the presence of a rootkit in the future?

EDR

A security analyst is hardening a network infrastructure. The analyst is given the following requirements; ● Preserve the use of public IP addresses assigned to equipment on the core router ● Enable "in transport encryption protection” to the web server with the strongest ciphers. Which of the following should the analyst implement to meet these requirements? (Select TWO)

Configure NAT on the core router, Enable TLSv2 encryption on the web server

The cost of removable media and the security risks of transporting data have become too great for a laboratory. The laboratory has decided to interconnect with partner laboratories to make data transfers easier and more secure. The Chief Security Officer (CISO) has several concerns about proprietary data being exposed once the interconnections are established. Which of the following security features should the network administrator implement lo prevent unwanted data exposure to users in partner laboratories?

VPN with full tunneling and NAS authenticating through the Active Directory

The CSIRT is reviewing the lessons learned from a recent incident. A worm was able to spread unhindered throughout the network and infect a large number of computers and servers. Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in the future?

Segment the network with firewalls.

A pharmaceutical sales representative logs on to a laptop and connects to the public WiFi to check emails and update reports. Which of the following would be BEST to prevent other devices on the network from directly accessing the laptop? (Choose two)

A host-based firewall, AVPN

A researcher has been analyzing large data sets for the last ten months. The researcher works with colleagues from other institutions and typically connects via SSH to retrieve additional data. Historically, this setup has worked without issue, but the researcher recently started getting the following message: Which of the following network attacks is the researcher MOST likely experiencing?

Man-in-the-middle

A security administrator checks the table of a network switch, which shows the following output: Which of the following is happening to this switch?

MAC Flooding

A security analyst is reviewing the following command-line output: Which of the following is the analyst observing?

MAC address cloning

A company network is currently under attack. Although security controls are in place to stop the attack, the security administrator needs more information about the types of attacks being used. Which of the following network types would BEST help the administrator gather this information?

Honeynet

A network analyst is investigating compromised corporate information. The analyst leads to a theory that network traffic was intercepted before being transmitted to the internet. The following output was captured on an internal host: Based on the IoCs, which of the following was the MOST likely attack used to compromise the network communication?

ARP poisoning

A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credential twice to log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs the analyst decades to run some commands on the gateway and obtains the following output: Which of the following BEST describes the attack the company is experiencing?

ARP poisoning

Security analysts are conducting an investigation of an attack that occurred inside the organization’s network. An attacker was able to connect network traffic between workstation throughout the network. The analysts review the following logs: The layer 2 address table has hundred of entries similar to the ones above. Which of the following attacks has MOST likely occurred?

MAC flooding

A penetration tester successfully gained access to a company's network The investigating analyst determines malicious traffic connected through the WAP despite filtering rules being in place. Logging in to the connected switch, the analyst sees the following in the ARP table: Which of the following did the penetration tester MOST likely use?

MAC cloning

Local guidelines require that all information systems meet a minimum-security baseline to be compliant. Which of the following can security administrators use to assess their system configurations against the baseline?

Benchmarks

A security manager for a retailer needs to reduce the scope of a project to comply with PCI DSS. The PCI data is located in different offices than where credit cards are accepted. All the offices are connected via MPLS back to the primary datacenter. Which of the following should the security manager implement to achieve the objective?

Segmentation

A security analyst notices several attacks are being blocked by the NIPS but does not see anything on the boundary firewall logs. The attack seems to have been thwarted. Which of the following resiliency techniques was applied to the network to prevent this attack?

Defense in depth

A company's cybersecurity department is looking for a new solution to maintain high availability. Which of the following can be utilized to build a solution? (Select Two)

A VLAN, ADMZ

A network engineer at a company with a web server is building a new web environment with the following requirements: ▪ Only one web server at a time can service requests. ▪ If the primary web server fails, a failover needs to occur to ensure the secondary web server becomes the primary. Which of the following load-balancing options BEST fits the requirements?

Active-passive

Which of the following scenarios would make a DNS sinkhole effective in thwarting an attack?

Routing tables have been compromised, and an attacker is rerouting traffic to malicious websites

Which of the following is the BEST use of a WAF?

To protect sites on web servers that are publicly accessible

During an incident, a company's CIRT determines it is necessary to observe the continued network-based transactions between a callback domain and the malware running on an enterprise PC. Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?

Create and apply micro segmentation rules.

An organization wants to host an externally accessible web server that will not contain sensitive user information. Any sensitive information will be hosted on file servers. Which of the following is the BEST architecture configuration for this organization?

Host the web server in a DMZ and the file servers behind a firewall

Which of the following would BEST provide a systems administrator with the ability to more efficiently identify systems and manage permissions and policies based on location, role, and service level?

Standard naming conventions

A company's public-facing website, https://www.organization.com, has an IP address of 166.18.75.6. However, over the past hour the SOC has received reports of the site's homepage displaying incorrect information. A quick nslookup search shows: https://www.organization.com is pointing to 151.191.122.115. Which of the following is occurring?

DNS spoofing

A user attempts to load a web-based application, but the expected login screen does not appear A help desk analyst troubleshoots the issue by running the following command and reviewing the output on the user's PC. Which of the following BEST describes the attack that is being detected?

DNS poisoning

A security architect is designing the new outbound internet for a small company. The company would like all 50 users to share the same single Internet connection. In addition, users will not be permitted to use social media sites or external email services while at work. Which of the following should be included in this design to satisfy these requirements? (Select TWO).

NAT, Content filter

The findings in a consultant's report indicate the most critical risk to the security posture from an incident response perspective is a lack of workstation and server investigation capabilities. Which of the following should be implemented to remediate this risk?

EDR

A security administrator is evaluating remote access solutions for employees who are geographically dispersed. Which of the following would provide the MOST secure remote access? (Select TWO).

IPSec, SSL VPN

Which of the following would provide guidelines on how to label new network devices as part of the initial Configuration?

Standard naming convention policy

A security administrator is seeking a solution to prevent unauthorized access to the internal network. Which of the following security solutions should the administrator choose?

VPN

Which of the following are the BEST ways to implement remote home access to a company's intranet systems if establishing an always-on VPN is not an option? (Select Two)

Establish SSH access to a jump server, Enable MFA for intranet systems

A network engineer receives a call regarding multiple LAN-connected devices that are on the same switch. The devices have suddenly been experiencing speed and latency issues while connecting to network resources. The engineer enters the command show mac address-table and reviews the following output. Which of the following best describes the attack that is currently in progress?

ARP poisoning

A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the company's mobile application. After reviewing the back-end server logs, the security analyst finds the following entries Which of the following is the most likely cause of the security control bypass?

user-agent spoofing

Unauthorized devices have been detected on the internal network. The devices’ locations were traced to Ether ports located in conference rooms. Which of the following would be the best technical controls to implement to prevent these devices from accessing the internal network?

NAC

A security administrator is integrating several segments onto a single network. One of the segments, which includes legacy devices, presents a significant amount of risk to the network. Which of the following would allow users to access the legacy devices without compromising the security of the entire network?

Jump server

An employee used a corporate mobile device during a vacation Multiple contacts were modified in the device vacation. Which of the following methods did the attacker used to insert the contacts without having physical access to the device?

BlueJacking

A security administrator needs to provide secure access to internal networks for external partners The administrator has given the PSK and other parameters to the third-party security administrator. Which of the following is being used to establish this connection?

IPSec

A security analyst received the following requirements for the deployment of a security camera solution: ● The cameras must be viewable by the on-site security guards. ● The cameras must be able to communicate with the video storage server. ● The cameras must have the time synchronized automatically. ● The cameras must not be reachable directly via the internet. ● The servers for the cameras and video storage must be available for remote maintenance via the company VPN. Which of the following should the security analyst recommend to securely meet the remote connectivity requirements?

Deploying a jump server that is accessible via the internal network that can communicate with the servers

An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated hardening standards the company is using. Which of the following would be BEST to use to update and reconfigure the OS-level security configurations?

CIS benchmarks

A recent security assessment revealed that an actor exploited a vulnerable workstation within an organization and has persisted on the network for several months. The organization realizes the need to reassess its security strategy for mitigating risks within the perimeter. Which of the following solutions would BEST support the organization's strategy?

UTM

During a security incident the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9 A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

A technician is setting up a new firewall on a network segment to allow web traffic to the internet while hardening the network. After the firewall is configured, users receive errors stating the website could not be located. Which of the following would best correct the issue?

Ensuring that port 53 has been explicitly allowed in the rule set

While troubleshooting a firewall configuration, a technician determines that a "deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?

Testing the policy in a non-production environment before enabling the policy in the production network

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Network segmentation

An audit report indicates multiple suspicious attempts to access company resources were made. These attempts were not detected by the company. Which of the following would be the best solution to implement on the company's network?

Intrusion prevention system

A security analyst discovers that one of the web APIs is being abused by an unknown third party. Logs indicate that the third party is attempting to manipulate the parameters being passed to the API endpoint. Which of the following solutions would best help to protect against the attack?

WAF

A security analyst is creating baselines for the server team to follow when hardening new devices for deployment. Which of the following best describes what the analyst is creating?

Secure configuration guide

A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.Most employees clocked in and out while they were inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions. Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet. Which of the following is the most likely reason for this compromise?

The internal DNS servers were poisoned and were redirecting acmetimekeeping.com to a malicious domain that intercepted the credentials and then passed them through to the real site.

100

A company is looking to move completely to a remote work environment. The Chief Information Security Officer is concerned about the improper use of company-owned devices when employees are working from home. Which of the following could be implemented to ensure that devices are on the company-owned network?

Always-on VPN

CNL_CH_1

Son Cagrı · 3回閲覧 · 185問 · 2年前

CNL_CH_1