MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: A security engineer estimates the company's popular web application experiences 100 attempted breaches per day. In the past four years, the company's data has been breached two times.Which of the following should the engineer report as the ARO for successful breaches?
Question2: A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following.* Transactions being required by unauthorized individual* Complete discretion regarding client names, account numbers, and investment information.* Malicious attacker using email to distribute malware and ransom ware.* Exfiltration of sensitivity company information.The cloud-based email solution will provide an6-malware, reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the board's concerns for this email migration?
Question3: While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?
Question4: A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?
Question5: A developer implement the following code snippet.Which of the following vulnerabilities does the code snippet resolve?
Question6: A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?
Question7: Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure. Which of the must occur to ensure the integrity of the image?
Question8: A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility.Which of the following systems should the consultant review before making a recommendation?
Question9: A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location.Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?
Question10: A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company's website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company?
Question11: A vulnerability scanner detected an obsolete version of an open-source file-sharing application on one of a company's Linux servers. While the software version is no longer supported by the OSS community, the company's Linux vendor backported fixes, applied them for all current vulnerabilities, and agrees to support the software in the future.Based on this agreement, this finding is BEST categorized as a:
Question12: A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic.When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the OT network?
Question13: A security architect is given the following requirements to secure a rapidly changing enterprise with an increasingly distributed and remote workforce* Cloud-delivered services* Full network security stack* SaaS application security management* Minimal latency for an optimal user experience* Integration with the cloud 1AM platformWhich of the following is the BEST solution?
Question14: A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.Which of the following should the security analyst perform?
Question15: An organization is researching the automation capabilities for systems within an OT network. A security analyst wants to assist with creating secure coding practices and would like to learn about the programming languages used on the PLCs. Which of the following programming languages is the MOST relevant for PLCs?
Question16: A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable.Which of the following should the security team recommend FIRST?
Question17: A vulnerability analyst identified a zero-day vulnerability in a company's internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one.Which of the following would be BEST suited to meet these requirements?
Question18: A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:Which of the following is an appropriate security control the company should implement?
Question19: An organization's existing infrastructure includes site-to-site VPNs between datacenters. In the past year, a sophisticated attacker exploited a zero-day vulnerability on the VPN concentrator. Consequently,the Chief Information Security Officer (CISO) is making infrastructure changes to mitigate the risk of service loss should another zero-day exploit be used against the VPN solution.Which of the following designs would be BEST for the CISO to use?
Question20: A security auditor needs to review the manner in which an entertainment device operates. The auditor is analyzing the output of a port scanning tool to determine the next steps in the security review. Given the following log output.The best option for the auditor to use NEXT is:
Question21: A security analyst notices a number of SIEM events that show the following activity:Which of the following response actions should the analyst take FIRST?
Question22: A networking team was asked to provide secure remote access to all company employees. The team decided to use client-to-site VPN as a solution. During a discussion, the Chief Information Security Officer raised a security concern and asked the networking team to route the Internet traffic of remote users through the main office infrastructure. Doing this would prevent remote users from accessing the Internet through their local networks while connected to the VPN.Which of the following solutions does this describe?
Question23: A company is repeatedly being breached by hackers who valid credentials. The company's Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token-based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls. Which of the following recommendation would MOST likely reduce the risk of unauthorized access?
Question24: Which of the following technologies allows CSPs to add encryption across multiple data storages?
Question25: A company's Chief Information Security Officer is concerned that the company's proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC.Which of the following compensating controls would be BEST to implement in this situation?
Question26: A software house is developing a new application. The application has the following requirements:Reduce the number of credential requests as much as possibleIntegrate with social networksAuthenticate usersWhich of the following is the BEST federation method to use for the application?
Question27: A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?
Question28: An organization mat provides a SaaS solution recently experienced an incident involving customer data loss. The system has a level of sell-healing that includes monitoring performance and available resources. When me system detects an issue, the self-healing process is supposed to restart pans of me software.During the incident, when me self-healing system attempted to restart the services, available disk space on the data drive to restart all the services was inadequate. The self-healing system did not detect that some services did not fully restart and declared me system as fully operational. Which of the following BEST describes me reason why the silent failure occurred?
Question29: A security analyst observes the following while looking through network traffic in a company's cloud log:Which of the following steps should the security analyst take FIRST?
Question30: After a security incident, a network security engineer discovers that a portion of the company's sensitive external traffic has been redirected through a secondary ISP that is not normally used.Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?
Question31: A software house is developing a new application. The application has the following requirements:Reduce the number of credential requests as much as possibleIntegrate with social networksAuthenticate usersWhich of the following is the BEST federation method to use for the application?
Question32: A recent data breach stemmed from unauthorized access to an employee's company account with a cloud-based productivity suite. The attacker exploited excessive permissions granted to a third-party OAuth application to collect sensitive information.Which of the following BEST mitigates inappropriate access and permissions issues?
Question33: An organization recently experienced a ransomware attack. The security team leader is concerned about the attack reoccurring. However, no further security measures have been implemented.Which of the following processes can be used to identify potential prevention recommendations?
Question34: A financial institution has several that currently employ the following controls:* The severs follow a monthly patching cycle.* All changes must go through a change management process.* Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.* The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?
Question35: Which of the following protocols is a low power, low data rate that allows for the creation of PAN networks?
Question36: A systems administrator is preparing to run a vulnerability scan on a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produce accurate information especially regarding configuration settings.Which of the following scan types will provide the systems administrator with the MOST accurate information?
Question37: Given the following log snippet from a web server:Which of the following BEST describes this type of attack?
Question38: The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to a bank's risk committee is to ensure:
Question39: A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line.Which of the following commands would be the BEST to run to view only active Internet connections?
Question40: A company processes data subject to NDAs with partners that define the processing and storage constraints for the covered data. The agreements currently do not permit moving the covered data to the cloud, and the company would like to renegotiate the terms of the agreements.Which of the following would MOST likely help the company gain consensus to move the data to the cloud?
Question41: A security engineer needs to recommend a solution that will meet the following requirements:Identify sensitive data in the provider's networkMaintain compliance with company and regulatory guidelinesDetect and respond to insider threats, privileged user threats, and compromised accountsEnforce datacentric security, such as encryption, tokenization, and access controlWhich of the following solutions should the security engineer recommend to address these requirements?
Question42: A security analyst detected a malicious PowerShell attack on a single server. The malware used the Invoke-Expression function to execute an external malicious script. The security analyst scanned the disk with an antivirus application and did not find any IOCs. The security analyst now needs to deploy a protection solution against this type of malware.Which of the following BEST describes the type of malware the solution should protect against?
Question43: Which of the following is the MOST important cloud-specific risk from the CSP's viewpoint?
Question44: A threat analyst notices the following URL while going through the HTTP logs.Which of the following attack types is the threat analyst seeing?
Question45: Which of the following is required for an organization to meet the ISO 27018 standard?
Question46: A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.Which of the following techniques would BEST support this?
Question47: Which of the following is a benefit of using steganalysis techniques in forensic response?
Question48: Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility.Which of the following would be the BEST option to implement?
Question49: A cybersecurity analyst discovered a private key that could have been exposed.Which of the following is the BEST way for the analyst to determine if the key has been compromised?
Question50: A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.Which of the following sources could the architect consult to address this security concern?
Question51: An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should:* Be based on open-source Android for user familiarity and ease.* Provide a single application for inventory management of physical assets.* Permit use of the camera be only the inventory application for the purposes of scanning* Disallow any and all configuration baseline modifications.* Restrict all access to any device resource other than those requirement ?
Question52: A security engineer is reviewing a record of events after a recent data breach incident that Involved the following:* A hacker conducted reconnaissance and developed a footprint of the company s Internet-facing web application assets.* A vulnerability in a third-party horary was exploited by the hacker, resulting in the compromise of a local account.* The hacker took advantage of the account's excessive privileges to access a data store and exfilltrate the data without detection.Which of the following is the BEST solution to help prevent this type of attack from being successful in the future?
Question53: A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information. Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?
Question54: An organization's hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?
Question55: A company's SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is vulnerable to this active campaign.Which of the following should the company use to make this determination?
Question56: A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals.Which of the following does the business's IT manager need to consider?
Question57: A company's product site recently had failed API calls, resulting in customers being unable to check out and purchase products. This type of failure could lead to the loss of customers and damage to the company's reputation in the market.Which of the following should the company implement to address the risk of system unavailability?
Question58: The OS on several servers crashed around the same time for an unknown reason. The servers were restored to working condition, and all file integrity was verified. Which of the following should the incident response team perform to understand the crash and prevent it in the future?
Question59: A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.Which of the following should be the analyst's FIRST action?
Question60: A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer's laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.Which of the following solutions should the security architect recommend?
Question61: A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?
Question62: The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight.Which of the following testing methods would be BEST for the engineer to utilize in this situation?
Question63: A security engineer needs 10 implement a CASB to secure employee user web traffic. A Key requirement is mat relevant event data must be collected from existing on-premises infrastructure components and consumed by me CASB to expand traffic visibility. The solution must be nighty resilient to network outages. Which of the following architectural components would BEST meet these requirements?
Question64: Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?
Question65: A security analyst is investigating a possible buffer overflow attack. The following output was found on a user's workstation:graphic.linux_randomization.prgWhich of the following technologies would mitigate the manipulation of memory segments?
Question66: A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation's. Given the following output:The penetration testers MOST likely took advantage of:
Question67: A security engineer is hardening a company's multihomed SFTP server. When scanning a public-facing network interface, the engineer finds the following ports are open:2225110137138139445Internal Windows clients are used to transferring files to the server to stage them for customer download as part of the company's distribution process.Which of the following would be the BEST solution to harden the system?
Question68: A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:Which of the following MOST appropriate corrective action to document for this finding?
Question69: A security engineer has been asked to close all non-secure connections from the corporate network. The engineer is attempting to understand why the corporate UTM will not allow users to download email via IMAPS. The engineer formulates a theory and begins testing by creating the firewall ID 58, and users are able to download emails correctly by using IMAP instead. The network comprises three VLANs:The security engineer looks at the UTM firewall rules and finds the following:Which of the following should the security engineer do to ensure IMAPS functions properly on the corporate user network?