Category 26-30
An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network traffic to the server and transfer the pcap back to the machine for analysis. Which of the following tools should the analyst use to further review the pcap?
A. Nmap
B. cURL
C. Netcat
D. Wireshark
Correct answer: D. Wireshark
Employees are having issues accessing the company's website. Some employees report very slow performance, while others cannot the website at all. The web and security administrators search the logs and find millions of half-open connections to port 443 on the web server. Further analysis reveals thousands of different source IPs initiating this traffic. Which of the following attacks is MOST likely occurring?
A. DDoS
B. Man-in-the-middle
C. MAC flooding
D. Domain hijacking
Correct answer: A. DDoS
A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions?
A. Nmap
B. Wireshark
C. Autopsy
D. DNSEnum
Correct answer: A. Nmap
The process of passively gathering information prior to launching a cyberattack is called:
A. tailgating
B. reconnaissance
C. pharming
D. prepending
Correct answer: B. Reconnaissance
A pharmaceutical sales representative logs on to a laptop and connects to the public WiFi to check emails and update reports. Which of the following would be BEST to prevent other devices on the network from directly accessing the laptop? (Choose two.)
A. Trusted Platform Module
B. A host-based firewall
C. A DLP solution
D. Full disk encryption
E. A VPN
F. Antivirus software
Correct answers: A & B
A. Trusted Platform Module
B. A host-based firewall
Which of the following would MOST likely support the integrity of a voting machine?
A. Asymmetric encryption
B. Blockchain
C. Transport Layer Security
D. Perfect forward secrecy
Correct answer: D. Perfect forward secrecy
Which of the following is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization?
A. To provide data to quantity risk based on the organization's systems.
B. To keep all software and hardware fully patched for known vulnerabilities
C. To only allow approved, organization-owned devices onto the business network
D. To standardize by selecting one laptop model for all users in the organization
Correct answer: B. To keep all software and hardware fully patched for known vulnerabilities
Which of the following refers to applications and systems that are used within an organization without consent or approval?
A. Shadow IT
B. OSINT
C. Dark web
D. Insider threats
Correct answer: A. Shadow IT
An analyst has determined that a server was not patched and an external actor exfiltrated data on port 139. Which of the following sources should the analyst review to BEST ascertain how the Incident could have been prevented?
A. The vulnerability scan output
B. The security logs
C. The baseline report
D. The correlation of events
Correct answer: B. The security logs
A forensics examiner is attempting to dump password cached in the physical memory of a live system but keeps receiving an error message. Which of the following BEST describes the cause of the error?
A. The examiner does not have administrative privileges to the system
B. The system must be taken offline before a snapshot can be created
C. Checksum mismatches are invalidating the disk image
D. The swap file needs to be unlocked before it can be accessed
Correct answer: A. The examiner does not have administrative privileges to the system
A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been revoked. Which of the following would BEST these requirement?
A. RA
B. OCSP
C. CRL
D. CSR
Correct answer: C. CRL
A Chief Security Officer (CSO) is concerned about the amount of PII that is stored locally on each salesperson’s laptop. The sales department has a higher-than-average rate of lost equipment. Which of the following recommendations would BEST address the CSO’s concern?
A. Deploy an MDM solution.
B. Implement managed FDE.
C. Replace all hard drives with SEDs.
D. Install DLP agents on each laptop.
Correct answer: B. Implement managed FDE
The Chief Financial Officer (CFO) of an insurance company received an email from Ann, the company’s Chief Executive Officer (CEO), requesting a transfer of $10,000 to an account. The email states Ann is on vacation and has lost her purse, containing cash and credit cards. Which of the following social-engineering techniques is the attacker using?
A. Phishing
B. Whaling
C. Typo squatting
D. Pharming
Correct answer: B. Whaling
When selecting a technical solution for identity management, an architect chooses to go from an in-house to a third-party SaaS provider. Which of the following risk management strategies is this an example of?
A. Acceptance
B. Mitigation
C. Avoidance
D. Transference
Correct answer: D. Transference
Which of the following scenarios would make a DNS sinkhole effective in thwarting an attack?
A. An attacker is sniffing traffic to port 53, and the server is managed using unencrypted usernames and passwords.
B. An organization is experiencing excessive traffic on port 53 and suspects an attacker is trying to DoS the domain name server.
C. Malware trying to resolve an unregistered domain name to determine if it is running in an isolated sandbox
D. Routing tables have been compromised, and an attacker is rerouting traffic to malicious websites
Correct answer: A. An attacker is sniffing traffic to port 53, and the server is managed using unencrypted usernames and passwords.
A symmetric encryption algorithm Is BEST suited for:
A. key-exchange scalability.
B. protecting large amounts of data.
C. providing hashing capabilities,
D. implementing non-repudiation.
Correct answer: D. Implementing non-repudiation
A manufacturer creates designs for very high security products that are required to be protected and controlled by the government regulations. These designs are not accessible by corporate networks or the Internet. Which of the following is the BEST solution to protect these designs?
A. An air gap
B. A Faraday cage
C. A shielded cable
D. A demilitarized zone
Correct answer: A. An air gap
On which of the following is the live acquisition of data for forensic analysis MOST dependent? (Choose two.)
A. Data accessibility
B. Legal hold
C. Cryptographic or hash algorithm
D. Data retention legislation
E. Value and volatility of data
F. Right-to-audit clauses
Correct answers: E & F
E. Value and volatility of data
F. Right-to-audit clauses
A security analyst needs to be proactive in understand the types of attacks that could potentially target the company's execute. Which of the following intelligence sources should to security analyst review?
A. Vulnerability feeds
B. Trusted automated exchange of indicator information
C. Structured threat information expression
D. Industry information-sharing and collaboration groups
Correct answer: D. Industry information-sharing and collaboration groups
A security analyst needs to generate a server certificate to be used for 802.1X and secure RDP connections. The analyst is unsure what is required to perform the task and solicits help from a senior colleague. Which of the following is the FIRST step the senior colleague will most likely tell the analyst to perform to accomplish this task?
A. Create an OCSP
B. Generate a CSR
C. Create a CRL
D. Generate a .pfx file
Correct answer: B. Generate a CSR
The Chief Security Officer (CSO) at a major hospital wants to implement SSO to help improve in the environment patient data, particularly at shared terminals. The Chief Risk Officer (CRO) is concerned that training and guidance have been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO’s concerns?
A. SSO would simplify username and password management, making it easier for hackers to pass guess accounts.
B. SSO would reduce password fatigue, but staff would still need to remember more complex passwords.
C. SSO would reduce the password complexity for frontline staff.
D. SSO would reduce the resilience and availability of system if the provider goes offline.
Correct answer: D. SSO would reduce the resilience and availability of system if the provider goes offline
A security assessment determines DES and 3DES at still being used on recently deployed production servers. Which of the following did the assessment identify?
A. Unsecme protocols
B. Default settings
C. Open permissions
D. Weak encryption
Correct answer: D. Weak encryption
A security analyst is configuring a large number of new company-issued laptops. The analyst received the following requirements:
• The devices will be used internationally by staff who travel extensively.
• Occasional personal use is acceptable due to the travel requirements.
• Users must be able to install and configure sanctioned programs and productivity suites.
• The devices must be encrypted
• The devices must be capable of operating in low-bandwidth environments.
Which of the following would provide the GREATEST benefit to the security posture of the devices?
A. Configuring an always-on VPN
B. Implementing application whitelisting
C. Requiring web traffic to pass through the on-premises content filter
D. Setting the antivirus DAT update schedule to weekly
Correct answer: A. Configuring an always-on VPN
A website developer is working on a new e-commerce website and has asked an information security expert for the most appropriate way to store credit card numbers to create an easy reordering process. Which of the following methods would BEST accomplish this goal?
A. Salting the magnetic strip information
B. Encrypting the credit card information in transit.
C. Hashing the credit card numbers upon entry.
D. Tokenizing the credit cards in the database
Correct answer: C. Hashing the credit card numbers upon entry
An organization wants to implement a third factor to an existing multifactor authentication. The organization already uses a smart card and password. Which of the following would meet the organization’s needs for a third factor?
A. Date of birth
B. Fingerprints
C. PIN
D. TPM
Correct answer: B. Fingerprints