Category 51-60
A software developer needs to perform code-execution testing, black-box testing, and non-functional testing on a new product before its general release. Which of the following BEST describes the tasks the developer is conducting?
A. Verification
B. Validation
C. Normalization
D. Staging
The correct answer is A: Verification
A security analyst reviews the datacenter access logs for a fingerprint scanner and notices an abundance of errors that correlate with users' reports of issues accessing the facility. Which of the following MOST likely the cause of the cause of the access issues?
A. False rejection
B. Cross-over error rate
C. Efficacy rale
D. Attestation
The correct answer is B: Cross-over error rate
An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the MOST acceptable?
A. SED
B. HSM
C. DLP
D. TPM
The correct answer is A: SED
A root cause analysis reveals that a web application outage was caused by one of the company’s developers uploading a newer version of the third-party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent the issue from reoccurring?
A. CASB
B. SWG
C. Containerization
D. Automated failover
The correct answer is C: Containerization
A company uses wireless tor all laptops and keeps a very detailed record of its assets, along with a comprehensive list of devices that are authorized to be on the wireless network. The Chief Information Officer (CIO) is concerned about a script kiddie potentially using an unauthorized device to brute force the wireless PSK and obtain access to the internal network. Which of the following should the company implement to BEST prevent this from occurring?
A. A BPDU guard
B. WPA-EAP
C. IP filtering
D. A WIDS
The correct answer B: WPA-EAP
A security manager for a retailer needs to reduce the scope of a project to comply with PCI DSS. The PCI data is located in different offices than where credit cards are accepted. All the offices are connected via MPLS back to the primary datacenter. Which of the following should the security manager implement to achieve the objective?
A. Segmentation
B. Containment
C. Geofencing
D. Isolation
The correct answer is A: Segmentation
An attacker was easily able to log in to a company's security camera by performing a baste online search for a setup guide for that particular camera brand and model. Which of the following BEST describes the configurations the attacker exploited?
A Weak encryption
B. Unsecure protocols
C. Default settings
D. Open permissions
The correct answer is C: Default settings
Under GDPR, which of the following is MOST responsible for the protection of privacy and website user rights?
A. The data protection officer
B. The data processor
C. The data owner
D. The data controller
The correct answer is C: The data owner
A security analyst discovers that a company username and password database was posted on an internet forum. The username and passwords are stored in plan text. Which of the following would mitigate the damage done by this type of data exfiltration in the future?
A. Create DLP controls that prevent documents from leaving the network
B. Implement salting and hashing
C. Configure the web content filter to block access to the forum.
D. Increase password complexity requirements
The correct answer is A: Create DLP controls that prevent documents from leaving the network.
A retail executive recently accepted a job with a major competitor. The following week, a security analyst reviews the security logs and identifies successful logon attempts to access the departed executive's accounts. Which of the following security practices would have addressed the issue?
A. A non-disclosure agreement
B. Least privilege
C. An acceptable use policy
D. Ofboarding
The correct answer is D: Ofboarding
A security analyst needs to produce a document that details how a security incident occurred, the steps that were taken for recovery, and how future incidents can be avoided. During which of the following stages of the response process will this activity take place?
A. Recovery
B. Identification
C. Lessons learned
D. Preparation
The correct answer is C: Lessons learned
A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly. Which of the following technologies should the IT manager use when implementing MFA?
A. One-time passwords
B. Email tokens
C. Push notifications
D. Hardware authentication
The correct answer is C: Push notifications
An analyst is trying to identify insecure services that are running on the internal network After performing a port scan the analyst identifies that a server has some insecure services enabled on default ports Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them' (Select THREE)
A. SFTP FTPS
B. SNMPv2 SNMPv3
C. HTTP, HTTPS
D. TFTP FTP
E. SNMPv1, SNMPv2
F. Telnet SSH
G. TLS, SSL
H. POP, IMAP
I. Login, rlogin
The correct answers are B, C, and F
SNMPv2 SNMPv3
HTTP, HTTPS
Telnet SSH
Local guidelines require that all information systems meet a minimum-security baseline to be compliant. Which of the following can security administrators use to assess their system configurations against the baseline?
A. SOAR playbook
B. Security control matrix
C. Risk management framework
D. Benchmarks
The correct answer D: Benchmarks
A user recently attended an exposition and received some digital promotional materials The user later noticed blue boxes popping up and disappearing on the computer, and reported receiving several spam emails, which the user did not open Which of the following is MOST likely the cause of the reported issue?
A. There was a drive-by download of malware
B. The user installed a cryptominer
C. The OS was corrupted
D. There was malicious code on the USB drive
The correct answer is D: There was malicious code on the USB drive.
Which of the following should be put in place when negotiating with a new vendor about the timeliness of the response to a significant outage or incident?
A. MOU
B. MTTR
C. SLA
D. NDA
The correct answer is C: SLA
Which of the following ISO standards is certified for privacy?
A. ISO 9001
B. ISO 27002
C. ISO 27701
D. ISO 31000
The correct answer is C: ISO 27701
A cybersecurity analyst needs to implement secure authentication to third-party websites without users’ passwords. Which of the following would be the BEST way to achieve this objective?
A. OAuth
B. SSO
C. SAML
D. PAP
The correction answer is C: SAML
A cybersecurity administrator has a reduced team and needs to operate an on-premises network and security infrastructure efficiently. To help with the situation, the administrator decides to hire a service provider. Which of the following should the administrator use?
A. SDP
B. AAA
C. IaaS
D. MSSP
E. Micro services
The correct answer is D: MSSP
A development team employs a practice of bringing all the code changes from multiple team members into the same development project through automation. A tool is utilized to validate the code and track source code through version control. Which of the following BEST describes this process?
A. Continuous delivery
B. Continuous integration
C. Continuous validation
D. Continuous monitoring
The correct answer is B: Continuous integration
An organization’s help desk is flooded with phone calls from users stating they can no longer access certain websites. The help desk escalates the issue to the security team, as these websites were accessible the previous day. The security analysts run the following command: ipconfig /flushdns, but the issue persists. Finally, an analyst changes the DNS server for an impacted machine, and the issue goes away. Which of the following attacks MOST likely occurred on the original DNS server?
A. DNS cache poisoning
B. Domain hijacking
C. Distributed denial-of-service
D. DNS tunneling
The correct answer is B: Domain hijacking
Which of the following scenarios BEST describes a risk reduction technique?
A. A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches.
B. A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.
C. A security control objective cannot be met through a technical change, so the company changes as method of operation
D. A security control objective cannot be met through a technical change, so the Chief Information Officer (CIO) decides to sign off on the risk
The correct answer is B: A security control objective cannot be met through a technical change, so the company implements a policy to train users on a more secure method of operation.
An employee has been charged with fraud and is suspected of using corporate assets. As authorities collect evidence, and to preserve the admissibility of the evidence, which of the following forensic techniques should be used?
A. Order of volatility
B. Data recovery
C. Chain of custody
D. Non-Repudiation
The correct answer is C: Chain of custody
A startup company is using multiple SaaS and IaaS platforms to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms?
A. SIEM
B. DLP
C. CASB
D. SWG
The correct answer is C: CASB
A security analyst discovers several .jpg photos from a cellular phone during a forensics investigation involving a compromised system. The analyst runs a forensics tool to gather file metadata. Which of the following would be part of the images if all the metadata is still intact?
A. The GPS location
B. When the file was deleted
C. The total number of print jobs
D. The number of copies made
The correct answer is A: The GPS location