Category 106-110
Following a prolonged datacenter outage that affected web-based sales, a company has decided to move its operations to a private cloud solution. The security team has received the following requirements:
• There must be visibility into how teams are using cloud-based services.
• The company must be able to identify when data related to payment cards is being sent to the cloud.
• Data must be available regardless of the end user's geographic location
• Administrators need a single pane-of-glass view into traffic and trends.
Which of the following should the security analyst recommend?
A. Create firewall rules to restrict traffic to other cloud service providers.
B. Install a DLP solution to monitor data in transit.
C. Implement a CASB solution.
D. Configure a web-based content filter.
Correct Answer: B
Install a DLP solution to monitor data in transit.
An organization is developing an authentication service for use at the entry and exit ports of country borders. The service will use data feeds obtained from passport systems, passenger manifests, and high-definition video feeds from CCTV systems that are located at the ports. The service will incorporate machine-learning techniques to eliminate biometric enrollment processes while still allowing authorities to identify passengers with increasing accuracy over time. The more frequently passengers travel, the more accurately the service will identify them. Which of the following biometrics will MOST likely be used, without the need for enrollment? (Choose two.)
A. Voice
B. Gait
C. Vein
D. Facial
E. Retina
F. Fingerprint
Correct Answer B & D
Gait
Facial
A network engineer has been asked to investigate why several wireless barcode scanners and wireless computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and computers are all on forklift trucks and move around the warehouse during their regular use. Which of the following should the engineer do to determine the issue? (Choose two.)
A. Perform a site survey
B. Deploy an FTK Imager
C. Create a heat map
D. Scan for rogue access points
E. Upgrade the security protocols
F. Install a captive portal
Correct Answers: A & C
Perform a site survey
Create a heat map
A network administrator would like to configure a site-to-site VPN utilizing iPSec. The administrator wants the tunnel to be established with data integrity encryption, authentication and anti- replay functions Which of the following should the administrator use when configuring the VPN?
A. AH
B. EDR
C. ESP
D. DNSSEC
Correct Answer: C
ESP
A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any external networks. Which of the following methods would BEST prevent the exfiltration of data? (Select TWO).
A. VPN
B. Drive encryption
C. Network firewall
D. File level encryption
E. USB blocker
F. MFA
Correct Answers: B & E
Drive encryption
USB blocker
A security analyst needs to implement an MDM solution for BYOD users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration that might occur if the devices are lost or stolen. Which of the following would BEST meet these requirements? (Select TWO).
A. Full-device encryption
B. Network usage rules
C. Geofencing
D. Containerization
E. Application whitelisting
F. Remote control
Correct Answer: A & B
Full-device encryption
Network usage rules
A company's Chief Information Office (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company's developers. Which of the following would be MOST suitable for training the developers'?
A. A capture-the-flag competition
B. A phishing simulation
C. Physical security training
D. Baste awareness training
Correct Answer: B
A phishing simulation
In the middle of a cybersecurity, a security engineer removes the infected devices from the network and lock down all compromised accounts. In which of the following incident response phases is the security engineer currently operating?
A. Identification
B. Preparation
C. Eradiction
D. Recovery
E. Containment
Correct Answer: E
Containment
A financial analyst is expecting an email containing sensitive information from a client. When the email arrives, the analyst receives an error and is unable to open the encrypted message. Which of the following is the MOST likely cause of the issue?
A. The S/MME plug-in is not enabled.
B. The SLL certificate has expired.
C. Secure IMAP was not implemented
D. POP3S is not supported.
Correct Answer: A
The S/MME plug-in is not enabled.
A company has determined that if its computer-based manufacturing is not functioning for 12 consecutive hours, it will lose more money that it costs to maintain the equipment. Which of the following must be less than 12 hours to maintain a positive total cost of ownership?
A. MTBF
B. RPO
C. RTO
D. MTTR
Correct Answer: C
RTO
After entering a username and password, and administrator must gesture on a touch screen. Which of the following demonstrates what the administrator is providing?
A. Multifactor authentication
B. Something you can do
C. Biometric
D. Two-factor authentication
Correct Answer: D
Two-factor authentication
A large enterprise has moved all Hs data to the cloud behind strong authentication and encryption A sales director recently had a laptop stolen and later, enterprise data was round to have been compromised database. Which of the following was the MOST likely cause?
A. Shadow IT
B. Credential stuffing
C. SQL injection
D. Man-in-the-browser
E. Bluejacking
Correct Answer: A
Shadow IT
A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged corporate-owned mobile devices. Which of the following technologies would be BEST to balance the BYOD culture while also protecting the company’s data?
A. Containerization
B. Geofencing
C. Full-disk encryption
D. Remote wipe
Correct Answer: C
Full-disk encryption
A security analyst is performing a forensic investigation compromised account credentials. Using the Event Viewer, the analyst able to detect the following message, "Special privileges assigned to new login.’’ Several of these messages did not have a valid logon associated with the user before these privileges were assigned. Which of the following attacks is MOST likely being detected?
A. Pass-the-hash
B. Buffer overflow
C. Cross-site scripting.
D. Session replay
Correct Answer: A
Pass-the-hash
Which of the following incident response steps involves actions to protect critical systems while maintaining business operations?
A. Investigation
B. Containment
C. Recovery
D. Lessons learned
Correct Answer: B
Containment
A user enters a password to log in to a workstation and is then prompted to enter an authentication code. Which of the following MFA factors or attributes are being utilized in the authentication process? (Select TWO).
A. Something you know
B. Something you have
C. Somewhere you are
D. Someone you are
E. Something you are
F. Something you can do
Correct Answer: B & E
Something you have
Something you are
An attacker was easily able to log in to a company's security camera by performing a basic online search for a setup guide for that particular camera brand and model Which of the following BEST describes the configurations the attacker exploited?
A. Weak encryption
B. Unsecure protocols
C. Default settings
D. Open permissions
Correct Answer: C
Default settings
A cybersecurity administrator needs to add disk redundancy for a critical server. The solution must have a two- drive failure for better fault tolerance. Which of the following RAID levels should the administrator select?
A. 0
B. 1
C. 5
D. 6
Correct Answer: B
1
In which of the following risk management strategies would cybersecurity insurance be used?
A. Transference
B. Avoidance
C. Acceptance
D. Mitigation
Correct Answer: A
Transference
A workwide manufacturing company has been experiencing email account compromised. In one incident, a user logged in from the corporate office in France, but then seconds later, the same user account attempted a login from Brazil. Which of the following account policies would BEST prevent this type of attack?
A. Network location
B. Impossible travel time
C. Geolocation
D. Geofencing
Correct Answer: D
Geofencing
The facilities supervisor for a government agency is concerned about unauthorized access to environmental systems in the event the staff WiFi network is breached. Which of the blowing would BEST address this security concern?
A. install a smart meter on the staff WIFI.
B. Place the environmental systems in the same DHCP scope as the staff WiFi.
C. Implement Zigbee on the staff WiFi access points.
D. Segment the staff WiFi network from the environmental systems network.
Correct Answer: D
Segment the staff WIFI network from the environmental systems network.
A database administrator needs to ensure all passwords are stored in a secure manner, so the administrate adds randomly generated data to each password before string. Which of the following techniques BEST explains this action?
A. Predictability
B. Key stretching
C. Salting
D. Hashing
Correct Answer: C
salting
To secure an application after a large data breach, an e-commerce site will be resetting all users’ credentials. Which of the following will BEST ensure the site’s users are not compromised after the reset?
A. A password reuse policy
B. Account lockout after three failed attempts.
C. Encrypted credentials in transit
D. A geofencing policy based on login history
Correct Answer: C
Encrypted credentials in transit
A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be BEST to help the organization’s executives determine the next course of action?
A. An incident response plan
B. A communications plan
C. A disaster recovery plan
D. A business continuity plan
Correct Answer: D
A business continuity plan
A security engineer is reviewing log files after a third discovered usernames and passwords for the organization’s accounts. The engineer sees there was a change in the IP address for a vendor website one earlier. This change lasted eight hours. Which of the following attacks was MOST likely used?
A. Man-in- the middle
B. Spear-phishing
C. Evil twin
D. DNS poising
Correct Answer: D
DNS poising