MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: A security controls assessor intends to perform a holistic configuration compliance test of networked assets.The assessor has been handed a package of definitions provided in XML format, and many of the files have two common tags within them: "<object object_ref=... />" and "<state state_ref=... />". Which of the following tools BEST supports the use of these definitions?
Question2: A recent security assessment revealed a web application may be vulnerable to clickjacking. According to the application developers, a fix may be months away. Which of the following should a security engineer configure on the web server to help mitigate the issue?
Question3: A recent CRM upgrade at a branch office was completed after the desired deadline. Several technical issues were found during the upgrade and need to be discussed in depth before the next branch office is upgraded.Which of the following should be used to identify weak processes and other vulnerabilities?
Question4: A Chief Information Security Officer (CISO is reviewing and revising system configuration and hardening guides that were developed internally and have been used several years to secure the organization's systems.The CISO knows improvements can be made to the guides.Which of the following would be the BEST source of reference during the revision process?
Question5: A security engineer is deploying an IdP to broker authentication between applications. These applications all utilize SAML 2.0 for authentication. Users log into the IdP with their credentials and are given a list of applications they may access. One of the application's authentications is not functional when a user initiates an authentication attempt from the IdP. The engineer modifies the configuration so users browse to the application first, which corrects the issue. Which of the following BEST describes the root cause?
Question6: Given the following output from a security tool in Kali:
Question7: A penetration tester is given an assignment lo gain physical access to a secure facility with perimeter cameras.The secure facility does not accept visitors and entry is available only through a door protected by an RFID key and a guard stationed inside the door Which of the following would be BEST for the penetration tester to attempt?
Question8: A financial consulting firm recently recovered from some damaging incidents that were associated with malware installed via rootkit. Post-incident analysis is ongoing, and the incident responders and systems administrators are working to determine a strategy to reduce the risk of recurrence. The firm's systems are running modern operating systems and feature UEFI and TPMs. Which of the following technical options would provide the MOST preventive value?
Question9: A core router was manipulated by a credentialed bypass to send all network traffic through a secondary router under the control of an unauthorized user connected to the network by WiFi.Which of the following would BEST reduce the risk of this attack type occurring?
Question10: A vendor develops a mobile application for global customers. The mobile application supports advanced encryption of data between the source (the mobile device) and the destination (the organization's ERP system).As part of the vendor's compliance program, which of the following would be important to take into account?
Question11: A company wants to secure a newly developed application that is used to access sensitive information and data from corporate resources The application was developed by a third-party organization, and it is now being used heavily despite lacking the following controls:* Certificate pinning* Tokenization* Biometric authenticationThe company has already implemented the following controls:* Full device encryption* Screen lock* Device password* Remote wipeThe company wants to defend against interception of data attacks Which of the following compensating controls should the company implement NEXT?
Question12: A newly hired systems administrator is trying to connect a new and fully updated, but very customized, Android device to access corporate resources. However, the MDM enrollment process continually fails. The administrator asks a security team member to look into the issue.Which of the following is the MOST likely reason the MDM is not allowing enrollment?
Question13: A security administrator is reviewing the following output from an offline password audit:Which of the following should the systems administrator implement to BEST address this audit finding?(Choose two.)
Question14: As part of incident response, a technician is taking an image of a compromised system and copying the image to a remote image server (192.168.45.82). The system drive is very large but does not contain the sensitive data. The technician has limited time to complete this task. Which of the following is the BEST command for the technician to run?
Question15: A security architect has been assigned to a new digital transformation program. The objectives are to provide better capabilities to customers and reduce costs. The program has highlighted the following requirements:* Long-lived sessions are required, as users do not log in very often.* The solution has multiple SPs, which include mobile and web applications.* A centralized IdP is utilized for all customer digital channels.* The applications provide different functionality types such as forums and customer portals.* The user experience needs to be the same across both mobile and web-based applications.Which of the following would BEST improve security while meeting these requirements?
Question16: During a recent incident, sensitive data was disclosed and subsequently destroyed through a properly secured, cloud-based storage platform. An incident response technician is working with management to develop an after action report that conveys critical metrics regarding the incident.Which of the following would be MOST important to senior leadership to determine the impact of the breach?
Question17: A recent penetration test identified that a web server has a major vulnerability. The web server hosts a critical shipping application for the company and requires 99.99% availability. Attempts to fix the vulnerability would likely break the application. The shipping application is due to be replaced in the next three months. Which of the following would BEST secure the web server until the replacement web server is ready?
Question18: Following a merger, the number of remote sites for a company has doubled to 52. The company has decided to secure each remote site with an NGFW to provide web filtering, NIDS/NIPS, and network antivirus. The Chief Information Officer (CIO) has requested that the security engineer provide recommendations on sizing for the firewall with the requirements that it be easy to manage and provide capacity for growth.The tables below provide information on a subset of remote sites and the firewall options:Which of the following would be the BEST option to recommend to the CIO?
Question19: A company is transitioning to a new VDI environment, and a system engineer is responsible for developing a sustainable security strategy for the VDIs.Which of the following is the MOST appropriate order of steps to be taken?
Question20: A newly hired security analyst has joined an established SOC team. Not long after going through corporate orientation, a new attack method on web-based applications was publicly revealed. The security analyst immediately brings this new information to the team lead, but the team lead is not concerned about it.Which of the following is the MOST likely reason for the team lead's position?
Question21: During the migration of a company's human resources application to a PaaS provider, the Chief Privacy Officer (CPO) expresses concern the vendor's staff may be able to access data within the migrating applications. The application stack includes a multitier architecture and uses commercially available, vendor-supported software packages. Which of the following BEST addresses the CPO's concerns?
Question22: A Chief Information Security Officer (CISO) is developing a new BIA for the organization. The CISO wants to gather requirements to determine the appropriate RTO and RPO for the organization's ERP. Which of the following should the CISO interview as MOST qualified to provide RTO/RPO metrics?
Question23: A security administrator wants to stand up a NIPS that is multilayered and can incorporate many security technologies into a single platform The product should have diverse capabilities, such as antivirus, VPN, and firewall services, and be able to be updated in a timely manner to meet evolving threats. Which of the following network prevention system types can be used to satisfy the requirements?
Question24: An infrastructure team within an energy organization is at the end of a procurement process and has selected a vendor's SaaS platform to deliver services. As part of the legal negotiation, there are a number of outstanding risks, including:* There are clauses that confirm a data retention period in line with what is in the energy organization's security policy.* The data will be hosted and managed outside of the energy organization's geographical location.The number of users accessing the system will be small, and no sensitive data will be hosted in the SaaS platform. Which of the following should the project's security consultant recommend as the NEXT step?
Question25: You are a security analyst tasked with interpreting an Nmap scan output from Company A's privileged network.The company's hardening guidelines indicate the following:* There should be one primary server or service per device.* Only default ports should be used.* Non-secure protocols should be disabled.INSTRUCTIONSUsing the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed. For each device found, add a device entry to the Devices Discovered list, with the following information:* The IP address of the device* The primary server or service of Che device* The protocol(s) that should be disabled based on the hardening guidelines
Question26: An internal application has been developed to increase the efficiency of an operational process of a global manufacturer. New code was implemented to fix a security bug, but it has caused operations to halt. The executive team has decided fixing the security bug is less important than continuing operations.Which of the following would BEST support immediate rollback of the failed fix? (Choose two.)
Question27: A security engineer is analyzing an application during a security assessment to ensure it is configured to protect against common threats. Given the output below:Which of the following tools did the security engineer MOST likely use to generate this output?
Question28: During a sprint, developers are responsible for ensuring the expected outcome of a change is thoroughly evaluated for any security impacts. Any impacts must be reported to the team lead. Before changes are made to the source code, which of the following MUST be performed to provide the required information to the team lead?
Question29: An electric car company hires an IT consulting company to improve the cybersecurity of us vehicles. Which of the following should achieve the BEST long-term result for the company?
Question30: A security engineer is working to secure an organization's VMs. While reviewing the workflow for creating VMs on demand, the engineer raises a concern about the integrity of the secure boot process of the VM guest.Which of the following would BEST address this concern?
Question31: An organization is engaged in international business operations and is required to comply with various legal frameworks. In addition to changes in legal frameworks, which of the following is a primary purpose of a compliance management program?
Question32: A penetration tester is trying to gain access to a remote system. The tester is able to see the secure login page and knows one user account and email address, but has not yet discovered a password.Which of the following would be the EASIEST method of obtaining a password for the known account?
Question33: When reviewing KRIs of the email security appliance with the Chief Information Security Officer (CISO) of an insurance company, the security engineer notices the following:Which of the following measures should the security engineer take to ensure PII is not intercepted in transit while also preventing interruption to business?
Question34: An organization, which handles large volumes of PII, allows mobile devices that can process, store, and transmit PII and other sensitive data to be issued to employees. Security assessors can demonstrate recovery and decryption of remnant sensitive data from device storage after MDM issues a successful wipe command.Assuming availability of the controls, which of the following would BEST protect against the loss of sensitive data in the future?
Question35: Several days after deploying an MDM for smartphone control, an organization began noticing anomalous behavior across the enterprise Security analysts observed the following:* Unauthorized certificate issuance* Access to mutually authenticated resources utilizing valid but unauthorized certificates* Granted access to internal resources via the SSL VPNTo address the immediate problem security analysts revoked the erroneous certificates. Which of the following describes the MOST likely root cause of the problem and offers a solution?
Question36: A new corporate policy requires that all employees have access to corporate resources on personal mobile devices The information assurance manager is concerned about the potential for inadvertent and malicious data disclosure if a device is lost, while users are concerned about corporate overreach. Which of the following controls would address these concerns and should be reflected in the company's mobile device policy?
Question37: Following the merger of two large companies the newly combined security team is overwhelmed by the volume of logs flowing from the IT systems The company's data retention schedule complicates the issue by requiring detailed logs to be collected and available for months Which of the following designs BEST meets the company's security and retention requirement?
Question38: An internal penetration tester finds a legacy application that takes measurement input made in a text box and outputs a specific string of text related to industry requirements. There is no documentation about how this application works, and the source code has been lost. Which of the following would BEST allow the penetration tester to determine the input and output relationship?
Question39: A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs, the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?
Question40: Legal authorities notify a company that its network has been compromised for the second time in two years.The investigation shows the attackers were able to use the same vulnerability on different systems in both attacks. Which of the following would have allowed the security team to use historical information to protect against the second attack?
Question41: A company has entered into a business agreement with a business partner for managed human resources services. The Chief Information Security Officer (CISO) has been asked to provide documentation that is required to set up a business-to-business VPN between the two organizations.Which of the following is required in this scenario?
Question42: An information security manager is concerned that connectivity used to configure and troubleshoot critical network devices could be attacked. The manager has tasked a network security engineer with meeting the following requirements:* Encrypt all traffic between the network engineer and critical devices.* Segregate the different networking planes as much as possible.* Do not let access ports impact configuration tasks.Which of the following would be the BEST recommendation for the network security engineer to present?
Question43: An analyst is investigating behavior on a corporate-owned, corporate-managed mobile device with application whitelisting enabled, based on a name string. The employee to whom the device is assigned reports the approved email client is displaying warning messages that can launch browser windows and is adding unrecognized email addresses to the "compose" window.Which of the following would provide the analyst the BEST chance of understanding and characterizing the malicious behavior?
Question44: A security administrator adding a NAC requirement for all VPN users to ensure the connecting devices are compliant with company policy. Which of the following items provides the HIGHEST assurance to meet this requirement?
Question45: A security consultant is attempting to discover if the company is utilizing databases on client machines to store the customer data. The consultant reviews the following information:Which of the following commands would have provided this output?
Question46: A security engineer is making certain URLs from an internal application available on the Internet The development team requires the following* The URLs are accessible only from internal IP addresses* Certain countries are restricted* TLS is implemented.* System users transparently access internal application services in a round robin to maximize performance Which of the following should the security engineer deploy7
Question47: The Chief Information Security Officer (CISO) of an established security department, identifies a customer who has been using a fraudulent credit card. The CISO calls the local authorities, and when they arrive on-site, the authorities ask a security engineer to create a point-in-time copy of the running database in their presence.This is an example of:
Question48: A consultant is planning an assessment of a customer-developed system. The system consists of a custom-engineered board with modified open-source drivers and a one-off management GUI The system relies on two- factor authentication for interactive sessions, employs strong certificate-based data-in-transit encryption, and randomly switches ports for each session. Which of the following would yield the MOST useful information'?
Question49: An external red team member conducts a penetration test, attempting to gain physical access to a large organization's server room in a branch office. During reconnaissance, the red team member sees a clearly marked door to the server room, located next to the lobby, with a tumbler lock.Which of the following is BEST for the red team member to bring on site to open the locked door as quickly as possible without causing significant damage?
Question50: A company is purchasing an application that will be used to manage all IT assets as well as provide an incident and problem management solution for IT activity The company narrows the search to two products.Application A and Application B; which meet all of its requirements. Application A is the most cost-effective product, but it is also the riskiest so the company purchases Application B.Which of the following types of strategies did the company use when determining risk appetite?
Question51: A systems administrator at a medical imaging company discovers protected health information (PHI) on a general purpose file server. Which of the following steps should the administrator take NEXT?
Question52: A security analyst is attempting to identify code that is vulnerable to butler and integer overflow attacks.Which of the following code snippets is safe from these types of attacks?A)B)C)D)
Question53: Ann, a security administrator, is conducting an assessment on a new firewall, which was placed at the perimeter of a network containing PII. Ann runs the following commands on a server (10.0.1.19) behind the firewall:From her own workstation (192.168.2.45) outside the firewall, Ann then runs a port scan against the server and records the following packet capture of the port scan:Connectivity to the server from outside the firewall worked as expected prior to executing these commands.Which of the following can be said about the new firewall?
Question54: A developer emails the following output to a security administrator for review:Which of the following tools might the security administrator use to perform further security assessment of this issue?
Question55: Following the most recent patch deployment, a security engineer receives reports that the ERP application is no longer accessible. The security engineer reviews the situation and determines a critical security patch that was applied to the ERP server is the cause. The patch is subsequently backed out Which of the following security controls would be BEST to implement to mitigate the threat caused by the missing patch?
Question56: An enterprise is configuring an SSL client-based VPN for certificate authentication. The trusted root certificate from the CA is imported into the firewall, and the VPN configuration in the firewall is configured for certificate authentication. Signed certificates from the trusted CA are distributed to user devices. The CA certificate is set as trusted on the end-user devices, and the VPN client is configured on the end-user devices When the end users attempt to connect however, the firewall rejects the connection after a brief period Which of the following is the MOST likely reason the firewall rejects the connection?
Question57: A cybersecurity analyst has received an alert that well-known "call home" messages are continuously observed by network sensors at the network boundary. The proxy firewall successfully drops the massages. After determining the alert was a true positive, which of the following represents OST likely cause?
Question58: A security analyst has been asked to create a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external actors, their attack vectors, and the types of vulnerabilities that would cause business impact. The Chief Information Security Officer (CISO) will then present this list to the board to request funding for controls in areas that have insufficient coverage.Which of the following exercise types should the analyst perform?
Question59: A smart switch has the ability to monitor electrical levels and shut off power to a building in the event of power surge or other fault situation. The switch was installed on a wired network in a hospital and is monitored by the facilities department via a cloud application. The security administrator isolated the switch on a separate VLAN and set up a patching routine. Which of the following steps should also be taken to harden the smart switch?
Question60: An external red team is brought into an organization to perform a penetration test of a new network-based application. The organization deploying the network application wants the red team to act like remote, external attackers, and instructs the team to use a black-box approach. Which of the following is the BEST methodology for the red team to follow?
Question61: A security analyst is inspecting pseudocode of the following multithreaded application:1. perform daily ETL of data1.1 validate that yesterday's data model file exists1.2 validate that today's data model file does not exist1.2 extract yesterday's data model1.3 transform the format1.4 load the transformed data into today's data model file1.5 exitWhich of the following security concerns is evident in the above pseudocode?
Question62: A system engineer is reviewing output from a web application vulnerability scan. The engineer has determined data is entering the application from an untrusted source and is being used to construct a query dynamically.Which of the following code snippets would BEST protect the application against an SQL injection attack?A)B)C)D)
Question63: A security administrator is confirming specific ports and IP addresses that are monitored by the IPS-IDS system as well as the firewall placement on the perimeter network between the company and a new business partner Which of the following business documents defines the parameters the security administrator must confirm?
Question64: A pharmacy gives its clients online access to their records and the ability to review bills and make payments.A new SSL vulnerability on a specific platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After the new vulnerability, it was determined that web services provided are being impacted by this new threat. Which of the following data types MOST likely at risk of exposure based on this new threat? (Select Two)
Question65: An organization is facing budget constraints The Chief Technology Officer (CTO) wants to add a new marketing platform but the organization does not have the resources to obtain separate servers to run the new platform. The CTO recommends running the new marketing platform on a virtualized video-conferencing server because video conferencing is rarely used The Chief Information Security Officer (CISO) denies this request Which of the following BEST explains the reason why the CISO has not approved the request?
Question66: A new employee is plugged into the network on a BYOD machine but cannot access the network Which of the following must be configured so the employee can connect to the network?
Question67: During an audit, it was determined from a sample that four out of 20 former employees were still accessing their email accounts An information security analyst is reviewing the access to determine if the audit was valid Which of the following would assist with the validation and provide the necessary documentation to audit?
Question68: A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:Which of the following is an appropriate security control the company should implement?
Question69: A security appliance vendor is reviewing an RFP that is requesting solutions for the defense of a set of web-based applications. This RFP is from a financial institution with very strict performance requirements.The vendor would like to respond with its solutions.Before responding, which of the following factors is MOST likely to have an adverse effect on the vendor's qualifications?
Question70: When implementing a penetration testing program, the Chief Information Security Officer (CISO) designates different organizational groups within the organization as having different responsibilities, attack vectors, and rules of engagement. First, the CISO designates a team to operate from within the corporate environment. This team is commonly referred to as:
Question71: A company wants to implement a cloud-based security solution that will sinkhole malicious DNS requests.The security administrator has implemented technical controls to direct DNS requests to the cloud servers but wants to extend the solution to all managed and unmanaged endpoints that may have user-defined DNS manual settings Which of the following should the security administrator implement to ensure the solution will protect all connected devices?A) Implement firewall ACLs as followsB) Implement NAT as follows:C) Implement DHCP options as follows:D) Implement policy routing as follows:
Question72: A security engineer reviews the table below:The engineer realizes there is an active attack occurring on the network. Which of the following would BEST reduce the risk of this attack reoccurring m the future?
Question73: The Chief Executive Officer (CEO) of a small company decides to use cloud computing to host critical corporate data for protection from natural disasters. The recommended solution is to adopt the public cloud for its cost savings If the CEO insists on adopting the public cloud model, which of the following would be the BEST advice?
Question74: A team is at the beginning stages of designing a new enterprise-wide application. The new application will have a large database and require a capital investment in hardware. The Chief Information Officer (IO) has directed the team to save money and reduce the reliance on the datacenter, and the vendor must specialize in hosting large databases in the cloud. Which of the following cloud-hosting options would BEST meet these needs?
Question75: Drag and drop the cloud deployment model to the associated use-case scenario. Options may be used only once or not at all.
Question76: A product owner is reviewing the output of a web-application penetration test and has identified an application that is presenting sensitive information in cleartext on a page. Which of the following code snippets would be BEST to use to remediate the vulnerability?
Question77: Users have been reporting unusual automated phone calls, including names and phone numbers, that appear to come from devices internal to the company. Which of the following should the systems administrator do to BEST address this problem?
Question78: Ann, a user' brings her laptop to an analyst after noticing it has been operating very slowly. The security analyst examines the laptop and obtains the following output.Which of the following will the analyst most likely use NEXT?
Question79: As part of the development process for a new system, the organization plans to perform requirements analysis and risk assessment. The new system will replace a legacy system, which the organization has used to perform data analytics. Which of the following is MOST likely to be part of the activities conducted by management during this phase of the project?
Question80: An information security officer reviews a report and notices a steady increase in outbound network traffic over the past ten months. There is no clear explanation for the increase The security officer interviews several business units and discovers an unsanctioned cloud storage provider was used to share marketing materials with potential customers. Which of the following services would be BEST for the security officer to recommend to the company?
Question81: Which of the following BEST represents a risk associated with merging two enterprises during an acquisition?
Question82: A security administrator wants to allow external organizations to cryptographically validate the company's domain name in email messages sent by employees. Which of the following should the security administrator implement?
Question83: A software development team is conducting functional and user acceptance testing of internally developed web applications using a COTS solution. For automated testing, the solution uses valid user credentials from the enterprise directory to authenticate to each application. The solution stores the username in plain text and the corresponding password as an encoded string in a script within a file, located on a globally accessible network share. The account credentials used belong to the development team lead.To reduce the risks associated with this scenario while minimizing disruption to ongoing testing, which of the following are the BEST actions to take? (Choose two.)
Question84: The Chief Information Security Officer (CISO) has asked the security team to determine whether the organization is susceptible to a zero-day exploit utilized in the banking industry and whether attribution is possible. The CISO has asked what process would be utilized to gather the information, and then wants to apply signatureless controls to stop these kinds of attacks in the future. Which of the following are the MOST appropriate ordered steps to take to meet the CISO's request?
Question85: A project manager is working with system owners to develop maintenance windows for system pathing and upgrades in a cloud-based PaaS environment. Management has indicated one maintenance windows will be authorized per month, but clients have stated they require quarterly maintenance windows to meet their obligations. Which of the following documents should the project manager review?
Question86: A malware infection spread to numerous workstations within the marketing department. The workstations were quarantined and replaced with machines. Which of the following represents a FINAL step in the prediction of the malware?
Question87: A security administrator is advocating for enforcement of a new policy that would require employers with privileged access accounts to undergo periodic inspections and review of certain job performance data. To which of the following policies is the security administrator MOST likely referring?
Question88: An engineer wants to assess the OS security configurations on a company's servers. The engineer has downloaded some files to orchestrate configuration checks When the engineer opens a file in a text editor, the following excerpt appears:Which of the following capabilities would a configuration compliance checker need to support to interpret this file?
Question89: After a large organization has completed the acquisition of a smaller company, the smaller company must implement new host-based security controls to connect its employees' devices to the network. Given that the network requires 802.1X EAP-PEAP to identify and authenticate devices, which of the following should the security administrator do to integrate the new employees' devices into the network securely?
Question90: A network printer needs Internet access to function. Corporate policy states all devices allowed on the network must be authenticated. Which of the following is the MOST secure method to allow the printer on the network without violating policy?
Question91: The Chief Information Security Officer (CISO) is preparing a requirements matrix scorecard for a new security tool the company plans to purchase Feedback from which of the following documents will provide input for the requirements matrix scorecard during the vendor selection process?
Question92: A government contracting company issues smartphones to employees to enable access to corporate resources. Several employees will need to travel to a foreign country for business purposes and will require access to their phones. However, the company recently received intelligence that its intellectual property is highly desired by the same country's government. Which of the following MDM configurations would BEST reduce the risk of compromise while on foreign soil?
Question93: An organization is in the process of integrating its operational technology and information technology areas.As part of the integration, some of the cultural aspects it would like to see include more efficient use of resources during change windows, better protection of critical infrastructure, and the ability to respond to incidents. The following observations have been identified:* The ICS supplier has specified that any software installed will result in lack of support.* There is no documented trust boundary defined between the SCADA and corporate networks.* Operational technology staff have to manage the SCADA equipment via the engineering workstation.* There is a lack of understanding of what is within the SCADA network.Which of the following capabilities would BEST improve the security position?
Question94: A company has decided to replace all the T-1 uplinks at each regional office and move away from using the existing MPLS network. All regional sites will use high-speed connections and VPNs to connect back to the main campus. Which of the following devices would MOST likely be added at each location?
Question95: A cybersecurity analyst is hired to review the security the posture of a company. The cybersecurity analyst notice a very high network bandwidth consumption due to SYN floods from a small number of IP addresses.Which of the following would be the BEST action to take to support incident response?
Question96: A researcher is working to identify what appears to be a new variant of an existing piece of malware commonly used in ransomware attacks While it is not identical to the malware previously evaluated. it has a number of similarities including language, payload. and algorithms. Which of the following would help the researcher safely compare the code base of the two variants?
Question97: A government entity is developing requirements for an RFP to acquire a biometric authentication system When developing these requirements, which of the following considerations is MOST critical to the verification and validation of the SRTM?
Question98: Compliance with company policy requires a quarterly review of firewall rules. You are asked to conduct a review on the internal firewall sitting between several internal networks. The intent of this firewall is to make traffic more secure. Given the following information perform the tasks listed below:Untrusted zone: 0.0.0.0/0User zone: USR 10.1.1.0/24User zone: USR2 10.1.2.0/24DB zone: 10.1.4.0/24Web application zone: 10.1.5.0/24Management zone: 10.1.10.0/24Web server: 10.1.5.50MS-SQL server: 10.1.4.70MGMT platform: 10.1.10.250Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.Task 1) A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.Task 2) The firewall must be configured so that the SQL server can only receive requests from the web server.Task 3) The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.Task 4) Ensure the final rule is an explicit deny.Task 5) Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.
Question99: A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?
Question100: An organization is in the process of evaluating service providers for an upcoming migration to cloud-based services for the organization's ERP system. As part of the requirements defined by the project team, regulatory requirements specify segmentation and isolation of the organization's data. Which of the following should the vendor management team identify as a requirement during the procurement process?
Question101: Due to a recent acquisition, the security team must find a way to secure several legacy applications. During a review of the applications, the following issues are documented:The applications are considered mission-critical.The applications are written in code languages not currently supported by the development staff.Security updates and patches will not be made available for the applications.Username and passwords do not meet corporate standards.The data contained within the applications includes both PII and PHI.The applications communicate using TLS 1.0.Only internal users access the applications.Which of the following should be utilized to reduce the risk associated with these applications and their current architecture?
Question102: After the departure of a developer under unpleasant circumstances, the company is concerned about the security of the software to which the developer has access. Which of the following is the BEST way to ensure security of the code following the incident?
Question103: In the past, the risk committee at Company A has shown an aversion to even minimal amounts of risk acceptance. A security engineer is preparing recommendations regarding the risk of a proposed introducing legacy ICS equipment. The project will introduce a minor vulnerability into the enterprise. This vulnerability does not significantly expose the enterprise to risk and would be expensive against.Which of the following strategies should the engineer recommended be approved FIRST?
Question104: A technician receives the following security alert from the firewall's automated system:After reviewing the alert, which of the following is the BEST analysis?
Question105: A red team is able to connect a laptop with penetration testing tools directly into an open network port The team then is able to take advantage of a vulnerability on the domain controller to create and promote a new enterprise administrator. Which of the following technologies would MOST likely eliminate this attack vector m the future?
Question106: An attacker exploited an unpatched vulnerability in a web framework, and then used an application service account that had an insecure configuration to download a rootkit The attacker was unable to obtain root privileges Instead the attacker then downloaded a crypto-currency mining program and subsequently was discovered The server was taken offline, rebuilt, and patched. Which of the following should the security engineer suggest to help prevent a similar scenario in the future?
Question107: An organization is integrating an ICS and wants to ensure the system is cyber resilient. Unfortunately, many of the specialized components are legacy systems that cannot be patched. The existing enterprise consists of mission-critical systems that require 99.9% uptime. To assist in the appropriate design of the system given the constraints, which of the following MUST be assumed?
Question108: Due to a recent breach, the Chief Executive Officer (CEO) has requested the following activities be conducted during incident response planning:* Involve business owners and stakeholders* Create an applicable scenario* Conduct a biannual verbal review of the incident response plan* Report on the lessons learned and gaps identifiedWhich of the following exercises has the CEO requested?
Question109: A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes.Which of the following controls would BEST mitigate the identified vulnerability?
Question110: During a security assessment, an organization is advised of inadequate control over network segmentation.The assessor explains that the organization's reliance on VLANs to segment traffic is insufficient to provide segmentation based on regulatory standards.Which of the following should the organization consider implementing along with VLANs to provide a greater level of segmentation?
Question111: An organization based in the United States is planning to expand its operations into the European market later in the year Legal counsel is exploring the additional requirements that must be established as a result of the expansion. The BEST course of action would be to
Question112: An organization implemented a secure boot on its most critical application servers which produce content and capability for other consuming servers A recent incident, however led the organization to implement a centralized attestation service for these critical servers. Which of the following MOST likely explains the nature of the incident that caused the organization to implement this remediation?
Question113: A company is deploying a DIP solution and scanning workstations and network drives for documents that contain potential Pll and payment card data. The results of the first scan are as follows:The security learn is unable to identify the data owners for the specific files in a timely manner and does not suspect malicious activity with any of the detected files. Which of the following would address the inherent risk until the data owners can be formally identified?
Question114: A company wants to extend its help desk availability beyond business hours. The Chief Information Officer (CIO) decides to augment the help desk with a third-party service that will answer calls and provide Tier 1 problem resolution, such as password resets and remote assistance. The security administrator implements the following firewall change:The administrator provides the appropriate path and credentials to the third-party company. Which of the following technologies is MOST likely being used to provide access to the third company?
Question115: A security administrator is investigating an incident involving suspicious word processing documents on an employee's computer, which was found powered off in the employee's office. Which of the following tools is BEST suited for extracting full or partial word processing documents from unallocated disk space?
Question116: Following a recent network intrusion, a company wants to determine the current security awareness of all of its employees. Which of the following is the BEST way to test awareness?
Question117: An analyst has noticed unusual activities in the SIEM to a .cn domain name. Which of the following should the analyst use to identify the content of the traffic?
Question118: A global company has decided to implement a cross-platform baseline of security settings for all company laptops. A security engineer is planning and executing the project. Which of the following should the security engineer recommend?
Question119: Which of the following system would be at the GREATEST risk of compromise if found to have an open vulnerability associated with perfect ... secrecy?
Question120: An attacker has been compromising banking institution targets across a regional area. The Chief Information Security Officer (CISO) at a local bank wants to detect and prevent an attack before the bank becomes a victim. Which of the following actions should the CISO take?
Question121: A security engineer is assessing the controls that are in place to secure the corporate-Internet-facing DNS server. The engineer notices that security ACLs exist but are not being used properly. The DNS server should respond to any source but only provide information about domains it has authority over. Additionally, the DNS administrator have identified some problematic IP addresses that should not be able to make DNS requests. Given the ACLs below:Which of the following should the security administrator configure to meet the DNS security needs?
Question122: A cloud architect needs to isolate the most sensitive portion of the network while maintaining hosting in a public cloud Which of the following configurations can be employed to support this effort?
Question123: An organization is struggling to differentiate threats from normal traffic and access to systems. A security engineer has been asked to recommend a system that will aggregate data and provide metrics that will assist in identifying malicious actors or other anomalous activity throughout the environment. Which of the following solutions should the engineer recommend?
Question124: Given the following output from a local PC:Which of the following ACLs on a stateful host-based firewall would allow the PC to serve an intranet website?
Question125: A company has hired an external security consultant to conduct a thorough review of all aspects of corporate security. The company is particularly concerned about unauthorized access to its physical offices resulting in network compromises. Which of the following should the consultant recommend be performed to evaluate potential risks?
Question126: Joe, a penetration tester, is assessing the security of an application binary provided to him by his client. Which of the following methods would be the MOST effective in reaching this objective?
Question127: Which of the following may indicate a configuration item has reached end-of-life?
Question128: As a security administrator, you are asked to harden a server running Red Hat Enterprise Server 5.5 64-bit.This server is being used as a DNS and time server. It is not used as a database, web server, or print server.There are no wireless connections to the server, and it does not need to print.The command window will be provided along with root access. You are connected via a secure shell with root access.You may query help for a list of commands.Instructions:You need to disable and turn off unrelated services and processes.It is possible to simulate a crash of your server session. The simulation can be reset, but the server cannot be rebooted. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question129: An administrator wants to ensure hard drives cannot be removed from hosts and men installed into and read by unauthorized hosts Which of the following techniques would BEST support this?
Question130: After an employee was terminated, the company discovered the employee still had access to emails and attached content that should have been destroyed during the off-boarding. The employee's laptop and cell phone were confiscated and accounts were disabled promptly. Forensic investigation suggests the company's DLP was effective, and the content in question was not sent outside of work or transferred to removable media. Personality owned devices are not permitted to access company systems or information.Which of the following would be the MOST efficient control to prevent this from occurring in the future?
Question131: A SaaS provider decides to offer data storage as a service. For simplicity, the company wants to make the service available over industry standard APIs, routable over the public Internet. Which of the following controls offers the MOST protection to the company and its customers' information?
Question132: A development team releases updates to an application regularly. The application is compiled with several standard open-source security products that require a minimum version for compatibility. During the security review portion of the development cycle, which of the following should be done to minimize possible application vulnerabilities?
Question133: A project manager is working with a team that is tasked to develop software applications in a structured environment and host them in a vendor's cloud-based infrastructure. The organization will maintain responsibility for the software but will not manage the underlying server applications. Which of the following does the organization plan to leverage?
Question134: A manufacturing company's security engineer is concerned a remote actor may be able to access the ICS that is used to monitor the factory lines. The security engineer recently proposed some techniques to reduce the attack surface of the ICS to the Chief Information Security Officer (CISO). Which of the following would BEST track the reductions to show the CISO the engineer's plan is successful during each phase?
Question135: A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies?
Question136: A security manager is determining the best DLP solution for an enterprise. A list of requirements was created to use during the source selection. The security manager wants to confirm a solution exists for the requirements that have been defined. Which of the following should the security manager use?
Question137: Staff members are reporting an unusual number of device thefts associated with time out of the office. Thefts increased soon after the company deployed a new social networking app. Which of the following should the Chief Information Security Officer (CISO) recommend implementing?
Question138: A development team is testing an in-house-developed application for bugs. During the test, the application crashes several times due to null pointer exceptions. Which of the following tools, if integrated into an IDE during coding, would identify these bugs routinely?
Question139: The Chief Information Officer (CISO) is concerned that certain systems administrators will privileged access may be reading other users' emails. Review of a tool's output shows the administrators have used web mail to log into other users' inboxes.Which of the following tools would show this type of output?
Question140: A Chief Information Security Officer (CISO) requests the following external hosted services be scanned for malware, unsecured PII, and healthcare data:* Corporate intranet site* Online storage application* Email and collaboration suiteSecurity policy also is updated to allow the security team to scan and detect any bulk downloads of corporate data from the company's intranet and online storage site. Which of the following is needed to comply with the corporate security policy and the CISO's request?
Question141: A creative services firm has a limited security budget and staff. Due to its business model, the company sends and receives a high volume of files every day through the preferred method defined by its customers. These include email, secure file transfers, and various cloud service providers. Which of the following would BEST reduce the risk of malware infection while meeting the company's resource requirements and maintaining its current workflow?
Question142: A hospital's security team recently determined its network was breached and patient data was accessed by an external entity. The Chief Information Security Officer (CISO) of the hospital approaches the executive management team with this information, reports the vulnerability that led to the breach has already been remediated, and explains the team is continuing to follow the appropriate incident response plan. The executive team is concerned about the hospital's brand reputation and asks the CISO when the incident should be disclosed to the affected patients. Which of the following is the MOST appropriate response?
Question143: A recent assessment identified that several users' mobile devices are running outdated versions of endpoint security software that do not meet the company's security policy. Which of the following should be performed to ensure the users can access the network and meet the company's security requirements?
Question144: A security assessor is working with an organization to review the policies and procedures associated with managing the organization's virtual infrastructure. During a review of the virtual environment, the assessor determines the organization is using servers to provide more than one primary function, which violates a regulatory requirement. The assessor reviews hardening guides and determines policy allows for this configuration. It would be MOST appropriate for the assessor to advise the organization to:
Question145: An organization enables BYOD but wants to allow users to access the corporate email, calendar, and contacts from their devices. The data associated with the user's accounts is sensitive, and therefore, the organization wants to comply with the following requirements:* Active full-device encryption* Enabled remote-device wipe* Blocking unsigned applications* Containerization of email, calendar, and contactsWhich of the following technical controls would BEST protect the data from attack or loss and meet the above requirements?
Question146: A developer needs to provide feedback on a peer's work during the SDLC. While reviewing the code changes, the developers session ID tokens for a web application will be transmitted over an unsecure connection. Which of the following code snippets should the developer recommend implement to correct the vulnerability?A)B)C)D)
Question147: Following a complete outage of the electronic medical record system for more than 18 hours, the hospital's Chief Executive Officer (CEO) has requested that the Chief Information Security Officer (CISO) perform an investigation into the possibility of a disgruntled employee causing the outage maliciously. To begin the investigation, the CISO pulls all event logs and device configurations from the time of the outage. The CISO immediately notices the configuration of a top-of-rack switch from one day prior to the outage does not match the configuration that was in place at the time of the outage. However, none of the event logs show who changed the switch configuration, and seven people have the ability to change it. Because of this, the investigation is inconclusive.Which of the following processes should be implemented to ensure this information is available for future investigations?
Question148: A security analyst is troubleshooting a scenario in which an operator should only be allowed to reboot remote hosts but not perform other activities. The analyst inspects the following portions of different configuration files:Configuration file 1:Operator ALL=/sbin/rebootConfiguration file 2:Command="/sbin/shutdown now", no-x11-forwarding, no-pty, ssh-dssConfiguration file 3:Operator:x:1000:1000::/home/operator:/bin/bashWhich of the following explains why an intended operator cannot perform the intended action?
Question149: A company's claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee's laptop when was opened.
Question150: A medical device company is implementing a new COTS antivirus solution in its manufacturing plant. All validated machines and instruments must be retested for interoperability with the new software. Which of the following would BEST ensure the software and instruments are working as designed?
Question151: A software development team has spent the last 18 months developing a new web-based front-end that will allow clients to check the status of their orders as they proceed through manufacturing. The marketing team schedules a launch party to present the new application to the client base in two weeks. Before the launch, the security team discovers numerous flaws that may introduce dangerous vulnerabilities, allowing direct access to a database used by manufacturing. The development team did not plan to remediate these vulnerabilities during development.Which of the following SDLC best practices should the development team have followed?
Question152: While conducting online research about a company to prepare for an upcoming penetration test, a security analyst discovers detailed financial information on an investor website the company did not make public. The analyst shares this information with the Chief Financial Officer (CFO), who confirms the information is accurate, as it was recently discussed at a board of directors meeting. Many of the details are verbatim discussion comments captured by the board secretary for purposes of transcription on a mobile device. Which of the following would MOST likely prevent a similar breach in the future?
Question153: A regional business is expecting a severe winter storm next week. The IT staff has been reviewing corporate policies on how to handle various situations and found some are missing or incomplete. After reporting this gap in documentation to the information security manager, a document is immediately drafted to move various personnel to other locations to avoid downtime in operations. This is an example of:
Question154: Click on the exhibit buttons to view the four messages.A security architect is working with a project team to deliver an important service that stores and processes customer banking details. The project, internally known as ProjectX, is due to launch its first set of features publicly within a week, but the team has not been able to implement encryption-at-rest of the customer records. The security architect is drafting an escalation email to senior leadership.Which of the following BEST conveys the business impact for senior leadership?
Question155: A security manager needed to protect a high-security data center, so the manager installed a mantrap that can detect an employee's heartbeat, weight, and badge. Which of the following did the security manager implement?
Question156: A firewall specialist has been newly assigned to participate in red team exercises and needs to ensure the skills represent real-world threats. Which of the following would be the BEST choice to help the new team member learn bleeding-edge techniques?