son 3

63問 • 1年前

問題一覧

Which of the following techniques would most likely be used as a part of an insider threat reduction strategy to uncover relevant indicators?

C. Implementing impossible travel alerts

A governance, risk, and compliance team created a report that notes the existence of a chlorine processing facility two miles from one of the company offices. Which of the following describes this type of documentation?

A. Site risk assessment

When a newly developed application was tested a specific internal resource was unable to be accessed. Which of the following should be done to ensure the application works correctly?

A. Modify the allow/deny list for those specific resources

An analyst is reviewing log data from a SIEM alert about a suspicious event Threat intelligence indicates threats from domains originating in known malicious countries The analyst examines the following data. The Chief Information Security Officer asks the analyst to determine whether the SIEM alerts can be attributed to the domains of the threat intelligence report. Which of the following tools would allow the analyst to make this determination?

A. nslookup

An organization is upgrading its wireless system and wants to require MFA in order for users to connect to Wi-Fi. New access points were installed and connected to the controller. Which of the following is the next piece of technology that will be required to enable MFA?

A. RADIUS

A security administrator is reviewing reports about suspicious network activity occurring on a subnet Users on the network report that connectivity to various websites is intermittent. The administrator logs in to a workstation and reviews the following command output: Which of the following best describes what is occurring on the network?

A. ARP poisoning

A security administrator analyzes server logs and sees multiple lines of the following format: The administrator is concerned about whether the request is valid. Which of the following attacks should the administrator evaluate?

D. LDAP injection

A company wants to improve its access standards to prevent threat actors from logging in to the corporate network with compromised credentials in addition to MFA. the Chief Information Security Officer wants an additional layer of protection enabled based on certain criteria. Which of the following is the best way to provide additional protection?

A. Conditional access policies

Which of the following assists in training employees on the importance of cybersecurity?

A. Phishing campaigns

A company policy states that all new SaaS applications must authenticate users through a centralized service. Which of the following authentication types should most likely be configured in order to comply with this policy?

A. SSO

A systems administrator is concerned about the output from web server logs Given the following snippet of the web server log file: Which of the following attacks occurred?

C. Directory traversal

In order to save on expenses Company A and Company B agree to host each other's computer and storage disaster recovery sites at their primary data centers The two data centers are about a mile apart, and they each have their own power source When necessary, one company will escort the other company to its data center. Which of the following is the greatest risk with this arrangement?

A. The data center sites are not geographically dispersed

A developer recently launched a new log-in page for a customer-facing website. Multiple customers are unable to log in because email address and password combinations are failing. The web servers begin to perform slowly and eventually crash. Which of the following would most likely have prevented this issue?

A. Input validation

A security administrator is hardening corporate systems and applying appropriate mitigations by consulting a real-world knowledge base for adversary behavior. Which of the following would be best for the administrator to reference?

A. MITRE ATT&CK

The cybersecurity investigation team is requesting a budget increase in order to purchase and implement a commercial tool for collecting information. The information might include disk images and volatile memory from computers used by remote employees. Which of the following digital forensic categories does the company want to implement?

C. Acquisition

An analyst in the human resources organization is responsible for the quality of the company's personnel data. The analyst maintains a data dictionary and ensures it is correct and up to date Which of the following best describes the role of the analyst?

A. Data steward

A security analyst at an organization observed several user logins from outside the organization's network. The analyst determined that these logins were not performed by individuals within the organization. Which of the following recommendations would reduce the likelihood of future attacks? (Select two).

B. Conditional access policies, D. Implementation of additional authentication factors

Which of the following is most likely to include a SCADA system?

A. Water treatment plant

A network analyst is performing a signal strength check to ensure the company's guest wireless network adequately covers the lobby where customers usually arrive. The analyst discovers that at the far end of the lobby a second guest network is broadcasting at full strength while the original network strength is quite weak. Which of the following is most likely happening?

A. Evil twin attack

A company's security policy states that only the production servers should have bidirectional internet access. Which of the following needs to be configured to comply with this policy?

A. Firewall rule

Which of the following is a method used by some organizations to recognize and compensate security researchers for finding exploits and vulnerabilities?

C. Bug bounty

An organization developed a virtual thin client running in kiosk mode that is used to access various software depending on the users' roles. During a security evaluation, the test team identified the ability to exit kiosk mode and access system-level resources which led to privilege escalation. Which of the following mitigations addresses this finding?

A. Using application approved/dented lists

A security analyst reviews web server logs and notices the following line: Which of the following vulnerabilities is the attacker trying to exploit?

D. Cross-site scripting

An audit identified Pll being utilized in the development environment of a critical application The Chief Privacy Officer (CPO) is adamant that this data must be removed; however, the developers state that they require real data to perform developmental and functionality tests. Which of the following should a security professional implement to best satisfy both the CPO's and the development team's requirements?

C. Data masking

Which of the following best describes the tolerances a security architect follows when designing a control environment?

C. Risk appetite

Which of the following technologies can better utilize computer and memory resources for on-premises application workloads?

A. Containers

Which of the following secure coding practices involves keeping business logic within a database?

A. Stored procedures

A company was notified that a breach occurred within its network. During the investigation the security team identified a sophisticated exploit that could not be identified or resolved using existing patching, vendor resources or remediation methods. Which of the following best describes this type of exploit?

B. Zero-day

A user reports performance issues when accessing certain network fileshares. The network team determines endpoint traffic is reaching one of the filestores but is being dropped on the return traffic. Which of the following should be corrected to solve this issue?

A. Host-based firewall settings

A utility company is designing a new platform that will host all the virtual machines used by business applications. The requirements include • A starting baseline of 50% memory utilization • Storage scalability • Single circuit failure residence Which of the following best meets all of these requirements?

B. Transitioning the platform to an laaS provider

An organization with high security needs is concerned about unauthorized exfiltration of data via Wi-Fi from within a secure facility. Which of the following security controls should the company implement?

B. Faraday cage

An auditor discovered multiple insecure ports on some server’s. Other servers were found to have legacy protocols enabled. Which of the following tools did the auditor use to discover these issues?

A. Nessus

The SOC detected an increase in failed authentication attempts over the weekend. An engineer reviewed the following log output: Which of the following is the most likely attack based on the log information?

B. Brute-force

Which of the following is used to describe discrete characteristics of a potential weakness that results in a severity number?

A. CVSS

An analyst observed an unexpected high number of deauthentication requests being sent from an unidentified device on the network. Which of the following attacks was most likely executed in this scenario?

D. Disassociation

A network team segmented a critical, end-of-life server to a VLAN that can only be reached by specific devices but cannot be reached by the perimeter network. Which of the following test describe the controls the team implemented? (Select two).

E. Compensating, F. Technical

The Chief Information Security Officer (CISO) wants a product manager to include the following tasks as part of the deployment plans: • Delete test accounts • Delete test data • Share administrative passwords securely during the transition to production. Which of the following concepts will best enable the product manager to incorporate these tasks?

A. Secrets management

An incident response team for a media streaming provider is investigating a data exfiltration event of licensed video content that was able to circumvent advanced monitoring analytics. The team has identified the following: ● The analytics use machine learning with classifiers to label network data transfers. ● Transfers labeled as "authenticated media stream’’ are permitted to egress, all others are interrupted/dropped ● The most recent attempt was erroneously labeled as an "authenticated media stream." ● An earlier attempt from the same threat actor was unsuccessful and labeled as "unauthorized media transfer." ● The PCAP from the most recent event looks identical with the exception of a few bytes that had been modified Which of the following most likely occurred?

A. Susceptibilities in the classifier enabled counter-AI techniques.

Which of the following provides guidelines for the management and reduction of information security risk?

B. NIST CSF

Which of the following attributes would be the most appropriate to apply when implementing MFA?

A. Validating the user's location

A manufacturing organization wants to control and monitor access from the internal business network to the segregated production network, while ensuring minimal exposure of the production network to devices. Which of the following solutions would best accomplish this goal?

D. Jump server

During an investigation, events from two affected servers in the same subnetwork occurred at the same time: Server 1: 192.168.10.1 [01/Apr/2021:06:00:00 PST] SAN access denied for user 'admin' Server 2: 192.168.10.6 [01/Apr/2021:06:01:01 CST] SAN access successful for user 'admin Which of the following should be consistently configured to prevent the issue seen in the logs?

C. NTP

Which of the following requirements apply to a CYOD policy? (Select two).

B. The user can request to customize the device., C. The company retains ownership of the phone.

Which of the following strategies shifts risks that are not covered in an organization's risk strategy?

A. Risk transference

A security administrator checks the security logs of a Linux server and sees a lot of the following lines: Which of the following is most likely being attempted?

D. Brute-force attack

A company located in an area prone to hurricanes is developing a disaster recovery plan and looking at site considerations that allow the company to quickly continue operations. Which of the following is the best type of site for this company?

D. Hot

Which of the following is performed to gain a better understanding of how specific devices are set up by identifying the arrangement of settings?

C. Configuration review

A security analyst is looking for a way to categorize and share a threat actor's TTPs with colleagues at a partner organization. Which of the following would be the best method to achieve this goal?

B. Using the MITRE ATT&CK framework

An organization purchased and configured spare devices for all critical network infrastructure. Which of the following best describes the organization's reason for these actions?

C. High availability

Adding a value to the end of a password to create a different password hash is called

Salting.

An administrator reviewed the log files after a recent ransomware attack on a company's system and discovered vulnerabilities that resulted in the loss of a database server. The administrator applied a patch to the server to resolve the CVE score. Which of the following controls did the administrator use?

A. Corrective

An employee finds a USB flash drive labeled "Salary Info" in an office parking lot. The employee picks up the USB flash drive, goes into the office, and plugs it into a laptop. Later, a technician inspects the laptop and realizes it has been compromised by malware. Which of the following types of social engineering attacks has occurred?

B. Baiting

Which of the following types of data are most likely to be subject to regulations and laws? (Select two).

A. PHI, E. Pll

A security analyst is working with the IT group to define appropriate procedures for the destruction of media and assets in the enterprise environment. Which of the following methods provides the strongest level of assurance that the data has been disposed of properly?

E. Shredding

A hosting provider needs to prove that its security controls have been in place over the last six months and have sufficiently protected customer data. Which of the following would provide the best proof that the hosting provider has met the requirements?

B. SOC 2 Type 2 report

A security analyst needs to centrally manage credentials and permissions to the company's network devices. The following security requirements must be met: • All actions performed by the network staff must be logged. • Per-command permissions must be possible. • The authentication server and the devices must communicate through TCP. Which of the following authentication protocols should the analyst choose?

C. TACACS+

An endpoint protection application contains critical elements that are used to protect a system from infection. Which of the following must be updated before completing a weekly endpoint check?

D. Policy signatures

A company is experiencing a web services outage on the public network. The services are up and available but inaccessible. The network logs show a sudden increase in network traffic that is causing the outage. Which of the following attacks is the organization experiencing?

D. DDoS

Which of the following does an air-gapped system provide?

A. Security through physical disconnection

An incident analyst finds several image files on a hard disk. The image files may contain geolocation coordinates. Which of the following best describes the type of information the analyst is trying to extract from the image files?

B. Metadata

Which of the following has the ability to physically verify individuals who enter and exit a restricted area?

B. Access control vestibule

A malicious actor compromised an entire cluster by exploiting a zero-day vulnerability in a unique container. The malicious actor then engaged in a lateral movement and compromised other containers and the host system. Which of the following container security practices has the GREATEST chance of preventing this attack from reoccurring?

D. Executing containers using unprivileged credentials

A systems administrator needs to set up a secure, cloud-based file transfer environment between two data centers. Which of the following architecture models would meet this requirement?

D. PKI

CNL_CH_1

Son Cagrı · 3回閲覧 · 185問 · 2年前

CNL_CH_1