MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?
Question2: A security engineer has been asked to close all non-secure connections from the corporate network. The engineer is attempting to understand why the corporate UTM will not allow users to download email via IMAPS. The engineer formulates a theory and begins testing by creating the firewall ID 58, and users are able to download emails correctly by using IMAP instead. The network comprises three VLANs:The security engineer looks at the UTM firewall rules and finds the following:Which of the following should the security engineer do to ensure IMAPS functions properly on the corporate user network?
Question3: A systems administrator is preparing to run a vulnerability scan on a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produce accurate information especially regarding configuration settings.Which of the following scan types will provide the systems administrator with the MOST accurate information?
Question4: Which of the following is the MOST important cloud-specific risk from the CSP's viewpoint?
Question5: A security analyst is validating the MAC policy on a set of Android devices. The policy was written to ensure non-critical applications are unable to access certain resources. When reviewing dmesg, the analyst notes many entries such as:Despite the deny message, this action was still permit following is the MOST likely fix for this issue?
Question6: A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.Which of the following encryption methods should the cloud security engineer select during the implementation phase?
Question7: A vulnerability scanner detected an obsolete version of an open-source file-sharing application on one of a company's Linux servers. While the software version is no longer supported by the OSS community, the company's Linux vendor backported fixes, applied them for all current vulnerabilities, and agrees to support the software in the future.Based on this agreement, this finding is BEST categorized as a:
Question8: A company in the financial sector receives a substantial number of customer transaction requests via email. While doing a root-cause analysis conceding a security breach, the CIRT correlates an unusual spike in port 80 traffic from the IP address of a desktop used by a customer relations employee who has access to several of the compromised accounts. Subsequent antivirus scans of the device do not return an findings, but the CIRT finds undocumented services running on the device. Which of the following controls would reduce the discovery time for similar in the future.
Question9: A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line.Which of the following commands would be the BEST to run to view only active Internet connections?
Question10: A developer implement the following code snippet.Which of the following vulnerabilities does the code snippet resolve?
Question11: A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment.Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant?
Question12: A forensic expert working on a fraud investigation for a US-based company collected a few disk images as evidence.Which of the following offers an authoritative decision about whether the evidence was obtained legally?
Question13: A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company's Chief Financial Officer loses a phone multiple times a year.Which of the following will MOST likely secure the data on the lost device?
Question14: A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee' PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address. Which of the following is MOST likely the problem?
Question15: The Chief information Officer (CIO) wants to establish a non-banding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a format partnership. Which of the follow would MOST likely be used?
Question16: After a security incident, a network security engineer discovers that a portion of the company's sensitive external traffic has been redirected through a secondary ISP that is not normally used.Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?
Question17: A cybersecurity analyst discovered a private key that could have been exposed.Which of the following is the BEST way for the analyst to determine if the key has been compromised?
Question18: A security administrator configured the account policies per security implementation guidelines. However, the accounts still appear to be susceptible to brute-force attacks. The following settings meet the existing compliance guidelines:Must have a minimum of 15 charactersMust use one numberMust use one capital letterMust not be one of the last 12 passwords usedWhich of the following policies should be added to provide additional security?
Question19: A company's SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is vulnerable to this active campaign.Which of the following should the company use to make this determination?
Question20: A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals.Which of the following does the business's IT manager need to consider?
Question21: Clients are reporting slowness when attempting to access a series of load-balanced APIs that do not require authentication. The servers that host the APIs are showing heavy CPU utilization. No alerts are found on the WAFs sitting in front of the APIs.Which of the following should a security engineer recommend to BEST remedy the performance issues in a timely manner?
Question22: Technicians have determined that the current server hardware is outdated, so they have decided to throw it out.Prior to disposal, which of the following is the BEST method to use to ensure no data remnants can be recovered?
Question23: A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer's company. The network already includes a SEIM and a NIPS and requires 2FA for all user access. Which of the following system should the engineer consider NEXT to mitigate the associated risks?
Question24: A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application.Which of the following is the MOST likely cause?
Question25: An organization is planning for disaster recovery and continuity of operations.INSTRUCTIONSReview the following scenarios and instructions. Match each relevant finding to the affected host.After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.Each finding may be used more than once.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question26: A customer reports being unable to connect to a website at www.test.com to consume services. The customer notices the web application has the following published cipher suite:Which of the following is the MOST likely cause of the customer's inability to connect?
Question27: A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack.Which of the following is the NEXT step of the incident response plan?
Question28: An organization recently experienced a ransomware attack. The security team leader is concerned about the attack reoccurring. However, no further security measures have been implemented.Which of the following processes can be used to identify potential prevention recommendations?
Question29: A security is assisting the marketing department with ensuring the security of the organization's social media platforms. The two main concerns are:The Chief marketing officer (CMO) email is being used department wide as the username The password has been shared within the department Which of the following controls would be BEST for the analyst to recommend?
Question30: Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure. Which of the must occur to ensure the integrity of the image?
Question31: A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system:Which of the following meets the budget needs of the business?
Question32: A security analyst is reviewing the following output:Which of the following would BEST mitigate this type of attack?
Question33: A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots.Which of the following would provide the BEST boot loader protection?
Question34: A host on a company's network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.Which of the following steps would be best to perform FIRST?
Question35: A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs.Which of the following should the company use to prevent data theft?
Question36: An organization developed a social media application that is used by customers in multiple remote geographic locations around the world. The organization's headquarters and only datacenter are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application:Low latency for all mobile users to improve the users' experienceSSL offloading to improve web server performanceProtection against DoS and DDoS attacksHigh availabilityWhich of the following should the organization implement to BEST ensure all requirements are met?
Question37: A security engineer estimates the company's popular web application experiences 100 attempted breaches per day. In the past four years, the company's data has been breached two times.Which of the following should the engineer report as the ARO for successful breaches?
Question38: In preparation for the holiday season, a company redesigned the system that manages retail sales and moved it to a cloud service provider. The new infrastructure did not meet the company's availability requirements. During a postmortem analysis, the following issues were highlighted:1. International users reported latency when images on the web page were initially loading.2. During times of report processing, users reported issues with inventory when attempting to place orders.3. Despite the fact that ten new API servers were added, the load across servers was heavy at peak times.Which of the following infrastructure design changes would be BEST for the organization to implement to avoid these issues in the future?
Question39: A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes.Which of the following should a security architect recommend?
Question40: A threat hunting team receives a report about possible APT activity in the network.Which of the following threat management frameworks should the team implement?
Question41: As part of the customer registration process to access a new bank account, customers are required to upload a number of documents, including their passports and driver's licenses. The process also requires customers to take a current photo of themselves to be compared against provided documentation.Which of the following BEST describes this process?
Question42: A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online. Which of the following be the FIRST step taken by the team?
Question43: A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration:Which of the following ciphers should the security analyst remove to support the business requirements?
Question44: A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility.Which of the following systems should the consultant review before making a recommendation?
Question45: A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic.When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the OT network?
Question46: A company requires a task to be carried by more than one person concurrently. This is an example of:
Question47: An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should:* Be based on open-source Android for user familiarity and ease.* Provide a single application for inventory management of physical assets.* Permit use of the camera be only the inventory application for the purposes of scanning* Disallow any and all configuration baseline modifications.* Restrict all access to any device resource other than those requirement ?
Question48: A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.Which of the following sources could the architect consult to address this security concern?
Question49: A company is repeatedly being breached by hackers who valid credentials. The company's Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token-based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls. Which of the following recommendation would MOST likely reduce the risk of unauthorized access?
Question50: A networking team was asked to provide secure remote access to all company employees. The team decided to use client-to-site VPN as a solution. During a discussion, the Chief Information Security Officer raised a security concern and asked the networking team to route the Internet traffic of remote users through the main office infrastructure. Doing this would prevent remote users from accessing the Internet through their local networks while connected to the VPN.Which of the following solutions does this describe?
Question51: A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?
Question52: A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:Which of the following would BEST mitigate this vulnerability?
Question53: An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?
Question54: During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels.Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?
Question55: A Chief Information Officer is considering migrating all company data to the cloud to save money on expensive SAN storage.Which of the following is a security concern that will MOST likely need to be addressed during migration?
Question56: During a remodel, a company's computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.Which of the following processes would BEST satisfy this requirement?
Question57: A vulnerability analyst identified a zero-day vulnerability in a company's internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one.Which of the following would be BEST suited to meet these requirements?