Mystery
A user connects to a third-party website and receives this message:
Your connection is not private.
NET::ERR_CERT_INVALID
Which of the following attacks would be the MOST likely reason for this message?
❍ A. Brute force
❍ B. DoS
❍ C. On-path
❍ D. Disassociation
On-path
The embedded OS in a company’s time clock appliance is configured to reset the file system and reboot when a file system error occurs. On one of the time clocks, this file system error occurs during the startup process and causes the system to constantly reboot. Which of the following BEST describes this issue?
❍ A. DLL injection
❍ B. Resource exhaustion
❍ C. Race condition
❍ D. Weak configuration
Race condition
A network administrator would like each user to authenticate with their personal username and password when connecting to the company's wireless network. Which of the following should the network administrator configure on the wireless access points?
❍ A. WPA2-PSK
❍ B. 802.1X
❍ C. WPS
❍ D. WPA2-AES
802.1X
A security administrator needs to identify all references to a Javascript file in the HTML of a web page. Which of the following tools should be used to view the source of the web page and search through the file for a specific filename? (Select TWO)
❍ A. tail
❍ B. openssl
❍ C. scanless
❍ D. grep
❍ E. Nmap
❍ F. curl
❍ G. head
grep and curl
A company has just purchased a new application server, and the security director wants to determine if the system is secure. The system is currently installed in a test environment and will not be available to users until the rollout to production next week. Which of the following would be the BEST way to determine if any part of the system can be exploited?
❍ A. Tabletop exercise
❍ B. Vulnerability scanner
❍ C. Password cracker
❍ D. Penetration test
Penetration test
Rodney, a security engineer, is viewing this record from the firewall logs:
UTC 04/05/2018 03:09:15809 AV Gateway Alert
136.127.92.171 80 -> 10.16.10.14 60818
Gateway Anti-Virus Alert:
XPACK.A_7854 (Trojan) blocked.
Which of the following can be observed from this log information?
❍ A. The victim's IP address is 136.127.92.171
❍ B. A download was blocked from a web server
❍ C. A botnet DDoS attack was blocked
❍ D. The Trojan was blocked, but the file was not
A download was blocked from a web server
A system administrator, Daniel, is working on a contract that will specify a minimum required uptime for a set of Internet-facing firewalls. Daniel needs to know how often the firewall hardware is expected to fail between repairs. Which of the following would BEST describe this information?
❍ A. MTBF
❍ B. RTO
❍ C. MTTR
❍ D. MTTF
MTBF
A security team has been provided with a non-credentialed vulnerability scan report created by a third-party. Which of the following would they expect to see on this report?
❍ A. A summary of all files with invalid group assignments
❍ B. A list of all unpatched operating system files
❍ C. The version of web server software in use
❍ D. A list of local user accounts
The version of web server software in use
A security administrator is adding additional authentication controls to the existing infrastructure. Which of the following should be added by the security administrator? (Select TWO)
❍ A. TOTP
❍ B. Least privilege
❍ C. Role-based awareness training
❍ D. Separation of duties
❍ E. Job rotation
❍ F. Smart Card
TOTP and Smart Card
A company would like to securely deploy applications without the overhead of installing a virtual machine for each system. Which of the following would be the BEST way to deploy these applications?
❍ A. Containerization
❍ B. IaaS
❍ C. Proxies
❍ D. CASB
Containerization
Elizabeth, a security administrator, is concerned about the potential for data exfiltration using external storage drives. Which of the following would be the BEST way to prevent this method of data exfiltration?
❍ A. Create an operating system security policy to prevent the use of removable media
❍ B. Monitor removable media usage in host-based firewall logs
❍ C. Only allow applications that do not use removable media
❍ D. Define a removable media block rule in the UTM
Create an operating system security policy to prevent the use of removable media
Which of the following would be the BEST way to provide a website login using existing credentials from a third-party site?
❍ A. Federation
❍ B. 802.1X
❍ C. PEAP
❍ D. EAP-FAST
Federation
A security administrator has been using EAP-FAST wireless authentication since the migration from WEP to WPA2. The company’s network team now needs to support additional authentication protocols inside of an encrypted tunnel. Which of the following would meet the network team’s requirements?
❍ A. EAP-TLS
❍ B. PEAP
❍ C. EAP-TTLS
❍ D. EAP-MSCHAPv2
EAP-TTLS
A company would like to protect the data stored on laptops used in the field. Which of the following would be the BEST choice for this requirement?
❍ A. MAC
❍ B. SED
❍ C. CASB
❍ D. SOAR
SED
A company's outgoing email server currently uses SMTP with no encryption. The security administrator would like to implement encryption between email clients without changing the existing server-to-server communication. Which of the following would be the BEST way to implement this requirement?
❍ A. Implement Secure IMAP
❍ B. Require the use of S/MIME
❍ C. Install an SSL certificate on the email server
❍ D. Use a VPN tunnel between email clients
Require the use of S/MIME
An IPS at your company has found a sharp increase in traffic from all-in-one printers. After researching, your security team has found a vulnerability associated with these devices that allows the device to be remotely controlled by a third-party. Which category would BEST describe these devices?
❍ A. IoT
❍ B. RTOS
❍ C. MFD
❍ D. SoC
MFD
A CISO (Chief Information Security Officer) would like to decrease the response time when addressing security incidents. Unfortunately, the company does not have the budget to hire additional security engineers. Which of the following would assist the CISO with this requirement?
❍ A. ISO 27701
❍ B. PKI
❍ C. IaaS
❍ D. SOAR
SOAR
A business manager is documenting a set of steps for processing orders if the primary Internet connection fails. Which of these would BEST describe these steps?
❍ A. Communication plan
❍ B. Continuity of operations
❍ C. Stakeholder management
❍ D. Tabletop exercise
Continuity of operations
A company would like to protect the data stored on laptops used in the field. Which of the following would be the BEST choice for this requirement?
❍ A. MAC
❍ B. SED
❍ C. CASB
❍ D. SOAR
SED
A user has assigned individual rights and permissions to a file on their network drive. The user adds three additional individuals to have read-only access to the file. Which of the following would describe this access control model?
❍ A. DAC
❍ B. MAC
❍ C. ABAC
❍ D. RBAC
DAC
A security incident has occurred on a file server. Which of the following data sources should be gathered to address file storage volatility? (Select TWO)
❍ A. Partition data
❍ B. Kernel statistics
❍ C. ROM data
❍ D. Temporary file systems
❍ E. Process table
Partition data, Temporary file systems
Which of the following standards provides information on privacy and managing PII?
❍ A. ISO 31000
❍ B. ISO 27002
❍ C. ISO 27701
❍ D. ISO 27001
ISO 27701
A security administrator is concerned about data exfiltration resulting
from the use of malicious phone charging stations. Which of the
following would be the BEST way to protect against this threat?
❍ A. USB data blocker
❍ B. Personal firewall
❍ C. MFA
❍ D. FDE
USB data blocker
A company is creating a security policy that will protect all corporate mobile devices:
• All mobile devices must be automatically locked after a predefined time period.
• Some mobile devices will be used by the remote sales teams, so the location of each device needs to be traceable.
• All of the user’s information should be completely separated from company data.
Which of the following would be the BEST way to establish these security policy rules?
❍ A. Containerization
❍ B. Biometrics
❍ C. COPE
❍ D. VDI
❍ E. Geofencing
❍ F. MDM
MDM
A department store policy requires that a floor manager approves each transaction when a gift certificate is used for payment. The security team has found that some of these transactions have been processed without the approval of a manager. Which of the following would provide a separation of duties to enforce this store policy?
❍ A. Use a WAF to monitor all gift certificate transactions
❍ B. Disable all gift certificate transactions for cashiers
❍ C. Implement a discretionary access control policy
❍ D. Require an approval PIN for the cashier and a separate approval PIN for the manager
Require an approval PIN for the cashier and a separate approval PIN for the manager