30 Mayis

209問 • 1年前

問題一覧

1. After conducting a vulnerability scan a systems administrator notices that one of the identified vulnerabilities is not present on the systems that were scanned. Which of the following describes this example?

A. False positive

2. A company is decommissioning its physical servers and replacing them with an architecture that will reduce the number of individual operating systems. Which of the following strategies should the company use to achieve this security requirement?

B. Containerization

3. An organization hired a third party to test its internal server environment for any exploitable vulnerabilities and to gain privileged access. The tester compromised several servers, and the organization was unable to detect any of the compromises. Which of the following actions would be best for the company to take to address these findings?

A. Implement a SIEM to correlate logs from multiple sources looking for alterable incidents.

4. Which of the following is the best resource to consult for information on the most common application exploitation methods?

A. OWASP

5. A company would like to implement a secure process for managing headless servers remotely. Which of the following should the company most likely implement?

A. SSH

6. A spoofed identity was detected for a digital certificate. Which of the following are the type of unidentified key and the certificate that could be in use on the company domain?

C. Private key and self-signed certificate

An administrator receives the following network requirements for a data integration with a third-party vendor: Which of the following is the most appropriate response for the administrator to send?

B. Port 8080 is a non-standard port and should be blocked.

8. A security analyst receives reports of widespread password login attempts for most of the administrator accounts in the environment. Logs indicate that a successful login occurred and the same credentials are being used to attempt to gain access to other resources. Which of the following would best prevent this type of attack from being successful?

A. Multi Factor authentication

9. A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required for the security analysts Which of the following would best enable the reduction in manual work?

A. SOAR

10. Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats?

A. Air gap

11. An application server is published directly on the internet with a public IP address. Which of the following should the administrator use to monitor the application traffic?

A. WAF

12. Which of the following is the final step of the incident response process?

A. Lessons learned

13. Which of the following best describes why the SMS OTP authentication method is more risky to implement than the TOTP method?

The SMS OTP is more likely to be intercepted and lead to unauthorized disclosure of the code than the TOTP method.

14. Which of the following is the most important security concern when using legacy systems to provide production service?

B. Lack of vendor support

15. During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers. Which of the following describes an attack method that relates to printing centers?

D. Dumpster diving

16. Which of the following best describes the process of adding a secret value to extend the length of stored passwords?

C. Salting

17. During the past year, an organization has experienced several intellectual property leaks by an unidentified source. Which of the following risk management policies will help the company identify the source of this issue?

B. Implementing mandatory vacations

18. Which of the following would most likely mitigate the impact of an extended power outage on a company’s environment?

A. Hot site

19. A security team discovers a vulnerability that does not have a patch available. The team determines the vulnerability is critical. Which of the following should the security engineers do to address the vulnerability?

C. Inform the vendor of this discovery in a secure manner and apply appropriate mitigations.

20. Which of the following involves embedding malware in routers procured from a third-party vendor?

C. Supply chain attack

21. A security analyst needs to propose a remediation plan for each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution. Which of the following implementation plans will most likely resolve this security issue?

B. Integrating each SaaS solution with the identity provider

22. A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security team propose to resolve the findings in the most complete way?

B. Reviewing the domain administrator group, removing all unnecessary administrators, and rotating all passwords

23. Which of the following should a security operations center use to improve its incident response procedure?

A. Playbooks

24. Which of the following would be used to detect an employee emailing a customer list to a personal account before leaving the company?

A. DLP

25. A company recently decided to allow employees to work remotely. The company wants to protect its data without using a VPN. Which of the following technologies should the company implement?

A. Secure web gateway

26. A company would like to implement a network security solution to inspect traffic on the network and generate an alert when specific traffic patterns are observed. The solution should never block legitimate network traffic. Which of the following will the company most likely implement?

A. NIDS

27. Which of the following best describes a social engineering attack that uses a targeted electronic messaging campaign aimed at a Chief Executive Officer?

B. Whaling

28. A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach and does not have an on-premises IT infrastructure. Which of the following would best secure the organization?

B. Deploying an appropriate in-line CASB solution

29. A company hired a security manager from outside the organization to lead security operations. Which of the following actions should the security manager perform first in this new role? A. Establish a security baseline.

B. Review security policies.

30. Which of the following would best enable a systems administrator to easily determine which devices are located at a remote facility and allow policy to be pushed to only those devices?

C. Standard naming conventions

31. Which of the following best describes a legal hold?

A. It occurs during litigation and requires retention of both electronic and physical documents.

32. An analyst is providing feedback on an incident that involved an unauthorized zone transfer and an on-path attack in a corporate network. The analyst's recommendation is to implement secure DNS. Which of the following would be the most beneficial result of this action?

C. Preventing unauthenticated clients access to the server

33. Following a recent security breach, an analyst discovered that user permissions were added when joining another part of the organization but were not removed from existing groups. Which of the following policies would help to correct these issues in the future?

B. Account audits

34. A systems administrator is considering switching from tape backup to an alternative backup solution that would allow data to be readily available in the event of a disaster. Which of the following backup types should the administrator implement?

C. Cloud

35. Which of the following describes a social engineering technique that may include scam emails addressed directly to the Chief Financial Officer?

Spear phishing

36. A web application for a bank displays the following output when showing details about a customer's bank account: Which of the following techniques is most likely implemented in this web application?

C. Data masking

37. A security administrator manages five on-site APs. Each AP uses different channels on a 5GHz network. The administrator notices that another access point with the same corporate SSID on an overlapping channel was created. Which of the following attacks most likely occurred?

E. Evil twin

38. In a tabletop exercise a simulated group of disgruntled employees deleted all of their work from the file server on their last day at the company. Which of the following actions would a security engineer take to mitigate this risk?

A. Perform nightly snapshots.

39. An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC's memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

D. Pass-the-hash

40. An administrator needs to perform server hardening before deployment. Which of the following steps should the administrator take? (Select two).

Disable default accounts., C. Remove unnecessary services.

41. A systems administrator is redesigning how devices will perform network authentication. The following requirements need to be met: ● An existing internal certificate must be used. ● Wired and wireless networks must be supported. ● Any unapproved device should be isolated in a quarantine subnet. ● Approved devices should be updated before accessing resources. Which of the following would best meet the requirements?

A. 802.1X

42. A business uses Wi-Fi with content filtering enabled. An employee noticed a coworker accessed a blocked site from a work computer and reported the issue. While investigating the issue, a security administrator found another device providing internet access to certain employees. Which of the following best describes the security risk?

B. A rogue access point is allowing users to bypass controls.

43. A security analyst is reviewing the following system command history on a computer that was recently utilized in a larger attack on the corporate infrastructure; Which of the following best describes what the analyst has discovered?

A. A successful privilege escalation attack by a local user

44. While investigating a recent security breach an analyst finds that an attacker gained access by SQL injection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

B. Input sanitization

45. A security administrator needs to improve the security at an entry kiosk. Currently, employees enter an employee number and PIN at a PC to enter the building. Which of the following is the best solution to improve security at the entry kiosk?

B. Smart card

46. A company would like to provide employees with computers that do not have access to the internet in order to prevent information from being leaked to online forums. Which of the following would be best for the systems administrator to implement?

A. Air gap

47. Since a recent upgrade to a WLAN infrastructure, several mobile users have been unable to access the internet from the lobby. The networking team performs a heat map survey of the building and finds several WAPs in the area. The WAPs are using similar frequencies with high power settings. Which of the following installation considerations should the security team evaluate next?

A. Channel overlap

48. A security analyst inspects the following log: Which of the following was attempted?

D. Directory traversal

49. A security analyst needs to harden access to a network. One of the requirements is to authenticate users with smart cards. Which of the following should the analyst enable to best meet this requirement?

D. EAP-TLS

50. The CIRT is reviewing an incident that involved a human resources recruiter exfiltrating sensitive company data. The CIRT found that the recruiter was able to use HTTP over port 53 to upload documents to a web server. Which of the following security infrastructure devices could have identified and blocked this activity?

B. NGFW utilizing application inspection

51. Two companies are in the process of merging. The companies need to decide how to standardize the information security programs. Which of the following would best align the security programs?

C. Both companies following the same CSF

52. A company has implemented a policy that requires two people to agree in order to push any changes from the test codebase repository into production. Which of the following best describes this control type?

D. Operational

53. A user, who is waiting for a flight at an airport, logs in to the airline website using the public Wi-Fi, ignores a security warning, and purchases an upgraded seat. When the flight lands, the user finds unauthorized credit card charges. Which of the following attacks most likely occurred?

D. On-path attack

54. A recent vulnerability scan revealed multiple servers have non-standard ports open for applications that are no longer in use. The security team is working to ensure all devices are patched and hardened. Which of the following would the security team perform to ensure the task is completed with minimal impact to production?

B. Disable unnecessary services.

55. A security administrator is reissuing a former employee's laptop. Which of the following is the best combination of data handling activities for the administrator to perform? (Select two).

C. Destruction, E. Sanitization

56. A company is implementing a vendor's security tool in the cloud. The security director does not want to manage users and passwords specific to this tool but would rather utilize the company's standard user directory. Which of the following should the company implement?

B. SAML

57. Which of the following environments utilizes a subset of customer data and is most likely to be used to assess the impacts of major system upgrades and demonstrate system features?

D. Staging

58. Which of the following, if compromised, can indirectly impact systems’ availability by imposing inadequate environmental conditions for the hardware to operate properly?

D. HVAC

59. An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned, one of the batch jobs failed and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?

D. Separation of duties

60. During a recent breach, employee credentials were compromised when a service desk employee issued an MFA bypass code to an attacker who called and posed as an employee. Which of the following should be used to prevent this type of incident in the future?

C. Identity proofing

61. A systems administrator sets up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?

A. Host-based firewall

62. After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

C. Social engineering

63. A security team received the following requirements for a new BYOD program that will allow employees to use personal smartphones to access business email: ● Sensitive customer data must be safeguarded ● Documents from managed sources should not be opened in unmanaged destinations. ● Sharing of managed documents must be disabled, ● Employees should not be able to download emailed images to their devices. ● Personal photos and contact lists must be kept private. ● IT must be able to remove data from lost/stolen devices or when an employee no longer works for the company. Which of the following are the best features to enable to meet these requirements? (Select two).

A. Remote wipe, G. Containerization

64. A network administrator deployed a DNS logging tool that logs suspicious websites that are visited and then sends a daily report based on various weighted metrics. Which of the following best describes the type of control the administrator put in place?

D. Detective

65. An audit report showed that a former employee saved the following files to an external USB drive before the employee's termination date: ● Annual_tax_form.pdf ● encrypted_passwords.db ● team_picture.jpg ● contactjist.db ● human_resources.txt Which of the following could the former employee do to potentially compromise corporate credentials?

Perform an offline brute-force attack.

66. A company would like to implement a daily backup solution. The backup will be stored on a NAS appliance, and capacity is not a limiting factor. Which of the following will the company most likely implement to ensure complete restoration?

A. Full

67. A security analyst is assessing several company firewalls. Which of the following tools would the analyst most likely use to generate custom packets to use during the assessment?

A. hping

68. Which of the following risks can be mitigated by HTTP headers?

B. XSS

69. The security operations center is researching an event concerning a suspicious IP address. A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced failed log-in attempts when authenticating event logs and discovers that a significant portion of the user accounts have experienced failed log-in attempts when authenticating from the same IP address: Which of the following most likely describes the attack that took place?

A. Spraying

70. A company needs to keep the fewest records possible, meet compliance needs, and ensure destruction of records that are no longer needed. Which of the following best describes the policy that meets these requirements?

C. Retention policy

71. Users are reporting performance issues from a specific application server. Which of the following types of log files should be used to capture this information?

B. Syslog data

72. A security analyst is working with a vendor to get a new SaaS application deployed to an enterprise. The analyst wants to ensure role-based security policies are correctly applied as users access the application. Which of the following is most likely to solve the issue?

A. CASB

73. Which of the following describes an executive team that is meeting in a boardroom and testing the company's incident response plan?

C. Tabletop exercise

74. A security analyst is reviewing a secure website that is generating TLS certificate errors. The analyst determines that the browser is unable to receive a response from the OCSP for the certificate. Which of the following actions would most likely resolve the issue?

C. Unblock the OCSP protocol in the host-based firewall.

75. An administrator identifies some locations on the third floor of the building that have a poor wireless signal. Multiple users confirm the incident and report it is not an isolated event. Which of the following should the administrator use to find the areas with a poor or nonexistent wireless signal?

A. Heat map

76. Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

D. Shadow IT

77. Which of the following utilizes public and private keys to secure data?

C. Asymmetric encryption

78. A third-party vendor is moving a particular application to the end-of-life stage at the end of the current year. Which of the following is the most critical risk if the company chooses to continue running the application?

A. Lack of security updates

79. Which of the following best describes why a process would require a two-person integrity security control?

C. To reduce the risk that the procedures are performed incorrectly or by an unauthorized user

80. Which of the following threat actors is most likely to use a high level of sophistication and potentially zero-day exploits to target organizations and systems?

A. APT groups

81. A municipality implements an loT device discovery scanner and finds a legacy controller for a critical internal utility SCADA service that is running firmware with multiple vulnerabilities. Unfortunately, the controller cannot be upgraded, and a replacement for it is not available for at least a year. Which of the following is the best action to take to mitigate the risk posed by this controller in the meantime?

A. Isolate the controller from the rest of the network and constrain connectivity.

82. During a forensic investigation, an analyst uses software to create a checksum of the affected subject's email file. Which of the following is the analyst practicing?

D. Integrity

83. An external vendor recently visited a company's headquarters for a presentation. Following the visit, a member of the hosting team found a file that the external vendor left behind on a server. The file contained detailed architecture information and code snippets. Which of the following data types best describes this file?

C. Proprietary

84. An organization would like to gain actionable intelligence about real attacker techniques used against its systems. Which of the following should the organization use to best achieve this objective?

Honeypot

85. In order to strengthen a password and prevent a hacker from cracking it, a random string of 36 characters was added to the password. Which of the following best describes this technique?

D. Salting

86. Which of the following best explains why physical security controls are important in creating a secure environment?

To ensure only authorized users have the ability to obtain direct access to systems or data

87. Which of the following threat vectors is most commonly utilized by insider threat actors attempting data exfiltration?

A. Unidentified removable devices

88. Which of the following security concepts is accomplished with the installation of a RADIUS server?

B. AAA

89. One of the company's vendors sent an analyst a security bulletin that recommends a BIOS update. Which of the following vulnerability types is being addressed by the patch?

B. Firmware

90. A systems administrator notices that one of the systems critical for processing customer transactions is running an end-of-life operating system. Which of the following techniques would increase enterprise security?

C. Decommissioning the system

91. Which of the following alert types is the most likely to be ignored over time?

C. False positive

92. An organization would like to calculate the time needed to resolve a hardware issue with a server. Which of the following risk management processes describes this example?

D. Mean time to repair

93. Which of the following is considered a preventive control?

D. Segregation of duties

94. In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following BEST describes the security engineer's response?

B. Risk acceptance

95. A company executive experienced a security issue at an airport Photos taken during a strategy meeting were stolen when the executive used a free smartphone-charging station. Which of the following can be used to prevent this from occurring in the future?

D. Data blockers

96. A company is required to perform a risk assessment on an annual basis. Which of the following types of risk assessments does this requirement describe?

C. Recurring

97. A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next?

B. Firewall

98. Which of the following best describes a use case for a DNS sinkhole?

C. A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers.

99. A security analyst is investigating a SIEM event concerning invalid log-ins The system logs that match the time frame of the event show the following: Which of the following best describes this type of attack?

B. Spraying

100

100. A systems administrator would like to set up a system that will make it difficult or impossible to deny that someone has performed an action. Which of the following is the administrator trying to accomplish?

A. Non-repudiation

CNL_CH_1

Son Cagrı · 3回閲覧 · 185問 · 2年前

CNL_CH_1