security+12

64問 • 2年前

問題一覧

QUESTION 1116 An organization experiences a cybersecurity incident involvina a command-and-control server: Which of the following logs should be analvzed to identify the impacted host? (Cho0se two)

Network, Firewall

QUESTION 1117 An administrator assists the legal and compliance team with ensuring information about Customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

Retention

While troubleshooting a firewall configuration, a technician determines that a deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?

Testing the policy in a non-production environment before enabling the policy in the production network

QUESTION 1119 Which of the following security concepts should an e-commerce organization apply for protection against erroneous purchases?

Integrity

QUESTION 1120 Which of the following threat vectors would appear to be the most legitimate when used by a malicious actor to impersonate a company?

QUESTION 1121 Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

Change management procedure

During an engagement, penetration testers left USB keys that contained specially crafted malware in the company's parking lot. A couple days later, the malware contacted the command- and-control server, giving the penetration testers unauthorized access to the company endpoints. Which of the following will most likely be a recommendation in the engagement report?

Conduct an awareness campaign on the usage of removable media.

QUESTION 1123 A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the best mitigation strategy to prevent this from happening in the future?

CASB

QUESTION 1124 Which of the following roles, according to the shared responsibility model, is responsible for securing the company's database in an laaS model for a cloud environment?

Client

QUESTION 1125 Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer's PIl?

DLP

QUESTION 1126 A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?

Encryption at rest

QUESTION 1127 After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?

Web-based administration

QUESTION 1128 A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?

Sanitization

QUESTION 1129 An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the fllowing techniques is the attacker using?

Impersonating

QUESTION 1130 During the onboarding process, an employee needs to create a password for an intranet account.The password must include ten characters, numbers, and letters, and twO special characters.Once the password is created, the company wl grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Choose two.)

Federation, Password complexity

QUESTION 1131 A manufacturing organization wants to control and monitor access from the internal business network to the segregated production network, while ensuring minimal exposure of the production network to devices. Which of the following solutions would best accomplish this goal?

Jump server

QUESTION 1132 Which of the following best describes a use case for a DNS sinkhole?

A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers.

QUESTION 1133 Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?

Salting

A company reduced the area utilized in its data center by creating virtual networking through automation and by creating provisioning routes and rules through scripting. Which of the following does this example describe?

laC

QUESTION 1135 Historically, a company has had issues with users plugging in personally owned removable media devices into corporate computers. As a result, the threat of malware incidents is almost constant. Which of the following would best help prevent the malware from being installed on the computers?

EDR

QUESTION 1136 While investigating a recent security breach, an analyst finds that an attacker gained access by SQL injection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

Input sanitization

QUESTION 1137 Which of the following best describes the risk that is present once mitigations are applied?

Residual risk

QUESTION 1138 A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicloud provider environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control and management regardless of the data location. Which of the following would best meet the architect's objectives?

HSMaaS

QUESTION 1139 Which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere?

SaaS

QUESTION 1140 During an investigation, events from two affected servers in the same subnetwork occurred at same time: Server 1: 192.168.10.1 [01/Apr/2021:06:00:00 PST] SAN access denied for user 'admin' Server 2: 192.168.10.6 [01/Apr/2021:06:01:01 CST] SAN access successful for user 'admin' Which of the following should be consistently configured to prevent the issue seen in the logs?

NTP

QUESTION 1141 The most recent vulnerability scan flagged the domain controller with a critical vulnerability. The systems administrator researched the vulnerability and discovered the domain controller does not run the associated application with the vulnerability. Which of the following steps should the administrator take next?

Document this is a false positive

QUESTION 1142 A company has decided to move its operations to the cloud. It wants to utilize technology that will prevent users from downloading company applications for personal use, restrict data that is uploaded, and have visibility into which applications are being used across the company. Which of the following solutions will best meet these requirements?

A CASB

QUESTION 1143 An internet company has created a new collaboration application. To expand the user base, the company wants to implement an option that allows users to log in to the application with the credentials of other popular welbsites. Which of the following should the company implement?

OpenlD

QUESTION 1144 Following a prolonged data center outage that affected web-based sales, a company has decided to move its operations to a private cloud solution. The security team has received the following requirements: -There must be visibility into how teams are using cloud-based services. -The company nust be able to identify when data related to payment cards is being sent to the cloud. - Data must be available regardless of the end user's geographic location. - Administrators need a single pane-of-glass View into traffic and trends. Which of the following should the security analyst recommend?

Implement a CASB solution.

QUESTION 1145 A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would best detect the presence of a rootkit in the future?

EDR

QUESTION 1146 An organization is building a single virtual environment that will host customer applications and data that require availability at all times. The data center that is hosting the environment will provide generator power and ISP services. Which of the following is the best solution to support the organization's requirement?

UPS

QUESTION 1147 A new company wants to avoid channel interference when building a WLAN. The company needs to know the radio frequency behavior, identify dead zones, and determine the best place for access points. Which of the following should be done first?

Conduct a site survey.

QUESTION 1148 The following IP information was provided to internal auditors to help assess organizational security: User traffic subnet: 10.2.5.0/16 File Server: 10.2.2.7 Internal Linux Web server: 10.3.9.9 sQL Server: 10.3.15.82 HR server: 10.9.8.14 Firewall: 10.1.1.1 Which of the following tools would most Iikely be used to perform network reconnaissance and help understand what is accessible to all users? (Choose two.)

ping, traceroute

QUESTION 1149 A software company adopted the following processes before releasing software to production: - Peer review -Static code scanning -Signing A considerable number of vulnerabilities are still being detected when code is executed on production. Which of the following security tools can improve vulnerability detection on this environment?

Dynamic code analysis tool

QUESTION 1150 A security analyst needs to harden access to a network. One of the requirements is to authenticate users with smart cards. Which of the following should the analyst enable to best meet this requirement?

EAP-TLS

QUESTION 1151 A penetration-testing firm is working with a local community bank to create a proposal that best fits the needs of the bank. The bank's information security manager would like the penetration test to resemble a real attack scenario, but it cannot afford the hours required by the penetration-testing firm. Which of the following would best address the bank's desired scenario and budget?

Provide limited networking details in a partially known-environment test to reduce reconnaissance efforts.

QUESTION 1152 A security analyst is reviewing SIEM logs during an ongoing attack and notices the following: http://company.com/get.php?f-/etc/passwd http://company.com/..N2F..%2F..%2F..%2Fetck2F shadow http://company, com/./../../.ttetJetc/passwd Which of the following best describes the type of attack?

Directory traversal

QUESTION 1153 A certificate vendor notified a company that recently invalidated certificates may need to be updated. Which of the following mechanisms should a security administrator use to determine whether the certificates installed on the company's machines need to be updated?

CRL

QUESTION 1154 A recent vulnerability scan revealed multiple servers have non-standard ports open for applications that are no longer in use. The security team is working to ensure all devices are patched and hardened. Which of the following would the security team perform to ensure the task is completed with minimal impact to production?

Enable HIDS on all servers and endpoints.

QUESTION 1155 An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC's memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

Pass-the-hash

QUESTION 1156 Which of the following is a common sOurce of unintentional corporate credential leakage in cloud environments?

Code repositories

QUESTION 1157 A company is designing the layout of a new data center so it will have an optimal environmental temperature. Which of the following must be included? (Choose two.)

A cold aisle, A hot aisle

QUESTION 1158 A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident. The systems administrator has just informed investigators that other log files are available for review. Which of the following did the administrator most likely configure that will assist the investigators?

The syslog server

QUESTION 1159 Local guidelines require that all information systems meet a minimum security baseline to be compliant. Which of the following can security administrators use to assess their system configurations against the baseline?

Benchmarks

QUESTION 1160 A company's public-facing website, htps://www.organization.com, has an IP address of 166.18.75.6. However, over the past hour the SOC has received reports of the site's homepage displaying incorrect information. A quick nslookup search shows https//www.organization.com is pointing to 151.191.122.115. Which of the following is occurring?

DNS spoofing

QUESTION 1161 An employee receives an email stating the employee won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm employee's identity before sending the prize. Which of the following best describes this type of email?

Phishing

QUESTION 1162 A company currently uses passwords for logging in to company-owned devices and wants to add a second authentication factor. Per corporate policy, users are not allowed to have smartphones at their desks. Which of the following would meet these requirements?

Smart card

QUESTION 1163 The Chief Technology Officer of a local college wOuld like visitors to utilize the school's Wi-Fi but must be able to associate potential malicious activity to a specific person. Which of the following would best allow this objective to be met?

Deploying a captive portal to capture visitors' MAC addresses and names

QUESTION 1164 Which of the following is most likely associated with introducing vulnerabilities on a Corporate network by the deployment of unapproved software?

Shadow IT

QUESTION 1165 A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops. No known indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

Contain the impacted hosts.

QUESTION 1166 An administrator receives the following network requirements for a data integration with a third- party vendor: Port 443 allowed OUTGOING to www. vendorsite.cor Port 21 allowed OUTGOING to fsl.vendorsite.com Port 22 allowed OUTGOING tofs2.vendorsite.com Port 8080 allowed OUTGOING to Www2.vendorsite,com Which of the following is the most appropriate response for the administrator to send?

FTP is an insecure protocol and should not be used.

QUESTION 1167 A security administrator manages five on-site APs. Each AP uses different channels on a 5GHZ network. The administrator notices that another access point with the same corporate SSID on an overlapping channel was created. Which of the following attacks most likely occurred?

Evil twin

QUESTION 1168 A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link that is redirecting to a dead domain. Which of the following is the best step for the security team to take?

Block the URL shortener domain in the web proxy.

QUESTION 1170 A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?

SSO

QUESTION 1171 Which of the following would be best suited for constantly changing environments?

Containers

QUESTION 1172 A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?

Segmentation

QUESTION 1173 The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have prevented this from happening?

Implementing multifactor authentication

QUESTION 1174 Which of the following describes the exploitation of an interactive process to gain access to restricted areas?

Privilege escalation

QUESTION 1175 A security analyst is assessing several company firewalls. Which of the following tools would the analyst most likely use to generate custom packets to use during the assessment?

hping

QUESTION 1176 A local business was the source of multiple instances of credit card theft. Investigators found that most payments at this business were made at self-service kiosks. Which of the following is the most likely cause of the exposed credit card Information?

Skimming

QUESTION 1177 An employee recently resigned from a company. The employee was responsitble for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned, one of the batch jobs failed and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?

job rotation

QUESTION 1178 Following a recent security breach, an analyst discovered that user permissions were added when joining another part of the organization but were not removed from existing groups. Which of the following policies would help to correct these issues in the future?

Account audits

QUESTION 1179 Which of the following ensures an organization can continue to do business with minimal interruption in the event of a major disaster?

Continuity of operations plan

QUESTION 1180 In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following BEST describes the security engineer's response?

Risk acceptance

security+1

security+1

security+2

security+2

security+6

security+6

security+7

security+7

security+8

security+8

security+9

security+9

security+10

security+10

security+11

security+11

cysa+1

cysa+1

cysa+2

cysa+2

cysa+3

cysa+3

A+1

A+1

問題一覧

QUESTION 1116 An organization experiences a cybersecurity incident involvina a command-and-control server: Which of the following logs should be analvzed to identify the impacted host? (Cho0se two)

Network, Firewall

Retention

Testing the policy in a non-production environment before enabling the policy in the production network

QUESTION 1119 Which of the following security concepts should an e-commerce organization apply for protection against erroneous purchases?

Integrity

QUESTION 1120 Which of the following threat vectors would appear to be the most legitimate when used by a malicious actor to impersonate a company?

QUESTION 1121 Which of the following should a security administrator adhere to when setting up a new set of firewall rules?

Change management procedure

Conduct an awareness campaign on the usage of removable media.

CASB

QUESTION 1124 Which of the following roles, according to the shared responsibility model, is responsible for securing the company's database in an laaS model for a cloud environment?

Client

QUESTION 1125 Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer's PIl?

DLP

QUESTION 1126 A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring?

Encryption at rest

QUESTION 1127 After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?

Web-based administration

QUESTION 1128 A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?

Sanitization

QUESTION 1129 An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the fllowing techniques is the attacker using?

Impersonating

Federation, Password complexity

Jump server

QUESTION 1132 Which of the following best describes a use case for a DNS sinkhole?

A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers.

QUESTION 1133 Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?

Salting

laC

EDR

Input sanitization

QUESTION 1137 Which of the following best describes the risk that is present once mitigations are applied?

Residual risk

HSMaaS

QUESTION 1139 Which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere?

SaaS

NTP

Document this is a false positive

A CASB

OpenlD

Implement a CASB solution.

EDR

UPS

Conduct a site survey.

ping, traceroute

Dynamic code analysis tool

EAP-TLS

Provide limited networking details in a partially known-environment test to reduce reconnaissance efforts.

Directory traversal

CRL

Enable HIDS on all servers and endpoints.

Pass-the-hash

QUESTION 1156 Which of the following is a common sOurce of unintentional corporate credential leakage in cloud environments?

Code repositories

QUESTION 1157 A company is designing the layout of a new data center so it will have an optimal environmental temperature. Which of the following must be included? (Choose two.)

A cold aisle, A hot aisle

The syslog server

Benchmarks

DNS spoofing

Phishing

Smart card

Deploying a captive portal to capture visitors' MAC addresses and names

QUESTION 1164 Which of the following is most likely associated with introducing vulnerabilities on a Corporate network by the deployment of unapproved software?

Shadow IT

Contain the impacted hosts.

FTP is an insecure protocol and should not be used.

Evil twin

Block the URL shortener domain in the web proxy.

SSO

QUESTION 1171 Which of the following would be best suited for constantly changing environments?

Containers

QUESTION 1172 A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?

Segmentation

Implementing multifactor authentication

QUESTION 1174 Which of the following describes the exploitation of an interactive process to gain access to restricted areas?

Privilege escalation

QUESTION 1175 A security analyst is assessing several company firewalls. Which of the following tools would the analyst most likely use to generate custom packets to use during the assessment?

hping

Skimming

job rotation

Account audits

QUESTION 1179 Which of the following ensures an organization can continue to do business with minimal interruption in the event of a major disaster?

Continuity of operations plan

Risk acceptance