pass4future

330問 • 1年前

問題一覧

An important patch for a critical application has just been released, and a systems administrator is identifying all of the systems requiring the patch. Which of the following must be maintained in order to ensure that all systems requiring the patch are updated?

Asset inventory

An IT manager is increasing the security capabilities of an organization after a data classification initiative determined that sensitive data could be exfiltrated from the environment. Which of the following solutions would mitigate the risk?

DLP

A new employee logs in to the email system for the first time and notices a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company. Which of the following attack vectors is most likely being used?

Social engineering

Which of the following threat vectors is most commonly utilized by insider threat actors attempting data exfiltration?

Unidentified removable devices

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

To track the status of patching installations

An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in. so the security team wants to reduce the number of credentials each employee must maintain. Which of the following is the first step the security team should take?

Select an IdP

A systems administrator notices that one of the systems critical for processing customer transactions is running an end-of-life operating system. Which of the following techniques would increase enterprise security?

Placing the system in an isolated VLAN

The Chief Information Security Officer (CISO) at a large company would like to gain an understanding of how the company's security policies compare to the requirements imposed by external regulators. Which of the following should the CISO use?

External examination

Which of the following alert types is the most likely to be ignored over time?

False positive

Employees located off-site must have access to company resources in order to complete their assigned tasks These employees utilize a solution that allows remote access without interception concerns. Which of the following best describes this solution?

VPN

A legacy device is being decommissioned and is no longer receiving updates or patches. Which of the following describes this scenario?

End of life

A bank set up a new server that contains customers' Pll. Which of the following should the bank use to make sure the sensitive data is not modified?

File integrity monitoring

A security analyst developed a script to automate a trivial and repeatable task. Which of the following best describes the benefits of ensuring other team members understand how the script works?

To prevent a single point of failure

Which of the following best describes the practice of researching laws and regulations related to information security operations within a specific industry?

Due diligence

A business needs a recovery site but does not require immediate failover. The business also wants to reduce the workload required to recover from an outage. Which of the following recovery sites is the best option?

Warm

Which of the following phases of an incident response involves generating reports?

Lessons learned

A security team is setting up a new environment for hosting the organization's on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices?

Visualization and isolation of resources

A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next?

Firewall

An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. Which of the following best describes the tool the administrator is using?

DLP

Which of the following should a security operations center use to improve its incident response procedure?

Playbooks

An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Select two).

DHCP, Firewall

During a penetration test, a vendor attempts to enter an unauthorized area using an access badge Which of the following types of tests does this represent?

Physical

A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company's network. Which of the following should be configured on the existing network infrastructure to best prevent this activity?

Port security

An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?

Hashing

A security engineer is installing an IPS to block signature-based attacks in the environment. Which of the following modes will best accomplish this task?

Active

Which of the following examples would be best mitigated by input sanitization?

Which of the following control types is AUP an example of?

Managerial

An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?

Implement security awareness training.

A recent penetration test identified that an attacker could flood the MAC address table of network switches. Which of the following would best mitigate this type of attack?

Port security

A user would like to install software and features that are not available with a smartphone's default software. Which of the following would allow the user to install unauthorized software and enable new features?

Jailbreaking

Client files can only be accessed by employees who need to know the information and have specified roles in the company. Which of the following best describes this security concept?

Confidentiality

Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?

Role as controller or processor

Which of the following methods would most likely be used to identify legacy systems?

Vulnerability scan

Which of the following describes an executive team that is meeting in a board room and testing the company's incident response plan?

Tabletop exercise

Which of the following describes the understanding between a company and a client about what will be provided and the accepted time needed to provide the company with the resources?

SLA

Which of the following topics would most likely be included within an organization's SDLC?

Information security policy

An IT manager is putting together a documented plan describing how the organization will keep operating in the event of a global incident. Which of the following plans is the IT manager creating?

Business continuity

An organization recently started hosting a new service that customers access through a web portal. A security engineer needs to add to the existing security devices a new solution to protect this new service. Which of the following is the engineer most likely to deploy?

WAF

Which of the following environments utilizes a subset of customer data and is most likely to be used to assess the impacts of major system upgrades and demonstrate system features?

Staging

While investigating a recent security breach an analyst finds that an attacker gained access by SOL infection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

Input sanitization

Which of the following is the final step of the modem response process?

Lessons learned

Which of the following is the first step to take when creating an anomaly detection process?

Building a baseline

A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report: Which of the following is the most likely way a rogue device was allowed to connect?

A user performed a MAC cloning attack with a personal device.

A security analyst needs to propose a remediation plan 'or each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution. Which of the following implementation plans will most likely resolve this security issue?

Integrating each SaaS solution with the Identity provider

A company implemented an MDM policy 10 mitigate risks after repealed instances of employees losing company-provided mobile phones. In several cases. The lost phones were used maliciously to perform social engineering attacks against other employees. Which of the following MDM features should be configured to best address this issue? (Select two).

Screen locks, Remote wipe

A systems administrator is redesigning now devices will perform network authentication. The following requirements need to be met: * An existing Internal certificate must be used. * Wired and wireless networks must be supported * Any unapproved device should be Isolated in a quarantine subnet * Approved devices should be updated before accessing resources Which of the following would best meet the requirements?

802.IX

A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required tor the security analysts. Which of the following would best enable the reduction in manual work?

SOAR

An organization has too many variations of a single operating system and needs to standardize the arrangement prior to pushing the system image to users. Which of the following should the organization implement first?

Baseline configuration

In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following best describes the security engineer's response?

Risk appetite

A company recently decided to allow employees to work remotely. The company wants to protect us data without using a VPN. Which of the following technologies should the company Implement?

Secure web gateway

Which of the following best describe why a process would require a two-person integrity security control?

To reduce the risk that the procedures are performed incorrectly or by an unauthorized user

The Chief Information Security Officer of an organization needs to ensure recovery from ransomware would likely occur within the organization's agreed-upon RPOs end RTOs. Which of the following backup scenarios would best ensure recovery?

Weekly full backups with daily incremental stored on a NAS drive

A financial institution would like to store its customer data m the cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution Is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would best meet the requirement?

Homomorphic

A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can Integrate easily into a user's workflow, and can utilize employee-owned devices. Which of the following will meet these requirements?

Push notifications

Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?

Salting

The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address: Which of the following most likely describes attack that took place?

Spraying

An external vendor recently visited a company's headquarters tor a presentation. Following the visit a member of the hosting team found a file that the external vendor left behind on a server. The file contained detailed architecture information and code snippets. Which of the following data types best describes this file?

Proprietary

Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster. Which of the following best describes this meeting

Tabletop exercise

Which of the following data roles is responsible for identifying risks and appropriate access to data?

Owner

A vendor needs to remotely and securely transfer files from one server to another using the command line. Which of the following protocols should be Implemented to allow for this type of access? (Select two).

SSH, SFTP

A security administrator recently reset local passwords and the following values were recorded in the system: Which of the following in the security administrator most likely protecting against?

Pass-the-hash attacks

In which of the following scenarios is tokenization the best privacy technique 10 use?

Enabling established customers to safely store credit card Information

A security analyst is creating base for the server team to follow when hardening new devices for deployment. Which of the following beet describes what the analyst is creating?

Secure configuration guide

Which of the following is a reason why a forensic specialist would create a plan to preserve data after an modem and prioritize the sequence for performing forensic analysis?

Order of volatility

A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops No known Indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

Contain the Impacted hosts

A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach end does not have an on-premises IT infrastructure. Which of the following would best secure the organization?

Deploying an appropriate in-line CASB solution

A website user is locked out of an account after clicking an email link and visiting a different website Web server logs show the user's password was changed, even though the user did not change the password. Which of the following is the most likely cause?

ACross-sue request forgery

Which of the following best describes why me SMS DIP authentication method is more risky to implement than the TOTP method?

The SMS OTP is more likely to be intercepted and lead to unauthorized disclosure of the code than the TOTP method.

A company wants to get alerts when others are researching and doing reconnaissance on the company One approach would be to host a part of the Infrastructure online with known vulnerabilities that would appear to be company assets. Which of the following describes this approach?

Honeypot

A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security learn propose to resolve the findings in the most complete way?

Securing domain administrator credentials in a PAM vault and controlling access with role-based access control

Which of the following is a common source of unintentional corporate credential leakage in cloud environments?

Code repositories

A software developer would like to ensure. The source code cannot be reverse engineered or debugged. Which of the following should the developer consider?

Obfuscation toolkit

During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers. Which of the following describes an attack method that relates to printing centers?

Dumpster diving

A systems administrator is auditing all company servers to ensure. They meet the minimum security baseline While auditing a Linux server, the systems administrator observes the /etc/shadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?

chmod

An IT security team is concerned about the confidentiality of documents left unattended in MFPs. Which of the following should the security team do to mitigate the situation?

Deploy an authentication factor that requires ln-person action before printing.

Cadets speaking a foreign language are using company phone numbers to make unsolicited phone calls lo a partner organization. A security analyst validates through phone system logs that the calls are occurring and the numbers are not being spoofed. Which of the following is the most likely explanation?

The company's SIP server security settings are weak.

Which of the following is die most important security concern when using legacy systems to provide production service?

Lack of vendor support

Which of the following is the most effective way to protect an application server running software that is no longer supported from network threats?

Air gap

Which of the following can a security director use to prioritize vulnerability patching within a company's IT environment?

CVSS

A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system. Which of the following would detect this behavior?

Monitoring outbound traffic

A security analyst is assessing several company firewalls. Which of the following cools would The analyst most likely use to generate custom packets to use during the assessment?

hping

While considering the organization's cloud-adoption strategy, the Chief Information Security Officer sets a goal to outsource patching of firmware, operating systems, and applications to the chosen cloud vendor. Which of the following best meets this goal?

laaS

An employee in the accounting department receives an email containing a demand for payment tot services performed by a vendor However, the vendor is not in the vendor management database. Which of the following in this scenario an example of?

Invoice scam

Sine a recent upgrade (o a WLAN infrastructure, several mobile users have been unable to access the internet from the lobby. The networking team performs a heat map survey of the building and finds several WAPs in the are a. The WAPs are using similar frequencies with high power settings. Which of the following installation considerations should the security team evaluate next?

Channel overlap

The Cruel Information Security Officer (CISO) asks a security analyst to install an OS update to a production VM that has a 99% uptime SL AThe CISO tells me analyst the installation must be done as quickly as possible. Which of the following courses of action should the security analyst take first?

Take a snapshot of the VM.

An analyst is reviewing an incident in which a user clicked on a link in a phishing email. Which of the following log sources would the analyst utilize to determine whether the connection was successful?

Network

The Chief Information Security Officer wants to put security measures in place to protect PlI. The organization needs to use its existing labeling and classification system to accomplish this goal. Which of the following would most likely be configured to meet the requirements?

DLP

A spoofed identity was detected for a digital certificate. Which of the following are the type of unidentified key and the certificate mat could be in use on the company domain?

Private key and self-signed certificate

A systems administrate wants to implement a backup solution. the solution needs to allow recovery of the entire system, including the operating system, in case of a disaster. Which of the following backup types should the administrator consider?

Image

Which of the following is best used to detect fraud by assigning employees to different roles?

Job rotation

A network administrator deployed a DNS logging tool that togs suspicious websites that are visited and then sends a daily report based on various weighted metrics. Which of the following best describes the type of control the administrator put in place?

Detective

Two companies are in the process of merging. The companies need to decide how to standardize their information security programs. Which of the following would best align the security programs?

Both companies following the same CSF

Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

Shadow IT

A business uses Wi-Fi with content filleting enabled. An employee noticed a coworker accessed a blocked sue from a work computer and repotted the issue. While Investigating the issue, a security administrator found another device providing internet access to certain employees. Which of the following best describes the security risk?

A rogue access point Is allowing users to bypass controls.

A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected. Most employees clocked in and out while they were Inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while Inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions. Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet. Which of the following Is the most likely reason for this compromise?

A malicious actor compromised the time-keeping website with malicious code using an unpatched vulnerability on the site, stealing the credentials.

An organization implemented cloud-managed IP cameras to monitor building entry points and sensitive areas. The service provider enables direct TCP/IP connection to stream live video footage from each camer a. The organization wants to ensure this stream is encrypted and authenticated. Which of the following protocols should be implemented to best meet this objective?

SRTP

A security manager is implementing MFA and patch management. Which of the following would best describe the control type and category? (Select two).

Preventative, Technical

An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned. one of the batch jobs talked and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?

Job rotation

Which of the following is an algorithm performed to verify that data has not been modified?

Hash

100

An administrator is Investigating an incident and discovers several users' computers were Infected with malware after viewing files mat were shared with them. The administrator discovers no degraded performance in the infected machines and an examination of the log files does not show excessive failed logins. Which of the following attacks Is most likely the cause of the malware?

Cryptojacking

CNL_CH_1

Son Cagrı · 185問 · 2年前

CNL_CH_1