MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking.After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?
Question2: A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements:Support all phases of the SDLC.Use tailored website portal software.Allow the company to build and use its own gateway software.Utilize its own data management platform.Continue using agent-based security tools.Which of the following cloud-computing models should the CIO implement?
Question3: A systems administrator is preparing to run a vulnerability scan on a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produce accurate information especially regarding configuration settings.Which of the following scan types will provide the systems administrator with the MOST accurate information?
Question4: An organization's hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?
Question5: A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system:Which of the following meets the budget needs of the business?
Question6: A forensic expert working on a fraud investigation for a US-based company collected a few disk images as evidence.Which of the following offers an authoritative decision about whether the evidence was obtained legally?
Question7: A company wants to improve Its active protection capabilities against unknown and zero-day malware. Which of the following Is the MOST secure solution?
Question8: As part of the customer registration process to access a new bank account, customers are required to upload a number of documents, including their passports and driver's licenses. The process also requires customers to take a current photo of themselves to be compared against provided documentation.Which of the following BEST describes this process?
Question9: A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log.Which of the following actions would BEST address the potential risks by the activity in the logs?
Question10: A networking team was asked to provide secure remote access to all company employees. The team decided to use client-to-site VPN as a solution. During a discussion, the Chief Information Security Officer raised a security concern and asked the networking team to route the Internet traffic of remote users through the main office infrastructure. Doing this would prevent remote users from accessing the Internet through their local networks while connected to the VPN.Which of the following solutions does this describe?
Question11: An organization recently experienced a ransomware attack. The security team leader is concerned about the attack reoccurring. However, no further security measures have been implemented.Which of the following processes can be used to identify potential prevention recommendations?
Question12: An application developer is including third-party background security fixes in an application. The fixes seem to resolve a currently identified security issue. However, when the application is released to the public, report come In that a previously vulnerability has returned. Which of the following should the developer integrate into the process to BEST prevent this type of behavior?
Question13: The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight.Which of the following testing methods would be BEST for the engineer to utilize in this situation?
Question14: A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following.* Transactions being required by unauthorized individual* Complete discretion regarding client names, account numbers, and investment information.* Malicious attacker using email to distribute malware and ransom ware.* Exfiltration of sensitivity company information.The cloud-based email solution will provide an6-malware, reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the board's concerns for this email migration?
Question15: A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee' PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address. Which of the following is MOST likely the problem?
Question16: Leveraging cryptographic solutions to protect data that is in use ensures the data is encrypted:
Question17: A forensic investigator would use the foremost command for:
Question18: An organization requires a legacy system to incorporate reference data into a new system. The organization anticipates the legacy system will remain in operation for the next 18 to 24 months. Additionally, the legacy system has multiple critical vulnerabilities with no patches available to resolve them. Which of the following is the BEST design option to optimize security?
Question19: During a remodel, a company's computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.Which of the following processes would BEST satisfy this requirement?
Question20: An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact.Which of the following should the organization perform NEXT?
Question21: A large telecommunications equipment manufacturer needs to evaluate the strengths of security controls in a new telephone network supporting first responders. Which of the following techniques would the company use to evaluate data confidentiality controls?
Question22: A security engineer was auditing an organization's current software development practice and discovered that multiple open-source libraries were Integrated into the organization's software. The organization currently performs SAST and DAST on the software it develops.Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?
Question23: A company's finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access. Which of the following risk techniques did the department use in this situation?
Question24: An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?
Question25: Over the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CIASO) has asked the security officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem.Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort?
Question26: An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation. The environment has back-to-back firewalls separating the corporate and OT systems. Which of the following is the MOST likely security consequence of this attack?
Question27: A company is looking for a solution to hide data stored in databases. The solution must meet the following requirements:Be efficient at protecting the production environmentNot require any change to the applicationAct at the presentation layerWhich of the following techniques should be used?
Question28: A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location.Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?
Question29: A company's product site recently had failed API calls, resulting in customers being unable to check out and purchase products. This type of failure could lead to the loss of customers and damage to the company's reputation in the market.Which of the following should the company implement to address the risk of system unavailability?
Question30: Which of the following agreements includes no penalties and can be signed by two entities that are working together toward the same goal?
Question31: A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated.Which of the following techniques would be BEST suited for this requirement?
Question32: A company recently acquired a SaaS provider and needs to integrate its platform into the company's existing infrastructure without impact to the customer's experience. The SaaS provider does not have a mature security program A recent vulnerability scan of the SaaS provider's systems shows multiple critical vulnerabilities attributed to very old and outdated Oss. Which of the following solutions would prevent these vulnerabilities from being introduced into the company's existing infrastructure?
Question33: A developer wants to develop a secure external-facing web application. The developer is looking for an online community that produces tools, methodologies, articles, and documentation in the field of web-application security Which of the following is the BEST option?
Question34: An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?
Question35: Technicians have determined that the current server hardware is outdated, so they have decided to throw it out.Prior to disposal, which of the following is the BEST method to use to ensure no data remnants can be recovered?
Question36: A security is assisting the marketing department with ensuring the security of the organization's social media platforms. The two main concerns are:The Chief marketing officer (CMO) email is being used department wide as the username The password has been shared within the department Which of the following controls would be BEST for the analyst to recommend?
Question37: An attack team performed a penetration test on a new smart card system. The team demonstrated that by subjecting the smart card to high temperatures, the secret key could be revealed.Which of the following side-channel attacks did the team use?
Question38: SIMULATIONYou are a security analyst tasked with interpreting an Nmap scan output from company's privileged network.The company's hardening guidelines indicate the following:There should be one primary server or service per device.Only default ports should be used.Non-secure protocols should be disabled.INSTRUCTIONSUsing the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:The IP address of the deviceThe primary server or service of the device (Note that each IP should by associated with one service/port only) The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines) If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question39: A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user's actions. An investigator took a forensic image of the VM an downloaded the image to a secured USB drive to share with the government. Which of the following should be taken into consideration during the process of releasing the drive to the government?
Question40: The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:* Transaction being requested by unauthorized individuals.* Complete discretion regarding client names, account numbers, and investment information.* Malicious attackers using email to malware and ransomeware.* Exfiltration of sensitive company information.The cloud-based email solution will provide anti-malware reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the boar's concerns for this email migration?
Question41: A security engineer needs to recommend a solution that will meet the following requirements:Identify sensitive data in the provider's networkMaintain compliance with company and regulatory guidelinesDetect and respond to insider threats, privileged user threats, and compromised accounts Enforce datacentric security, such as encryption, tokenization, and access control Which of the following solutions should the security engineer recommend to address these requirements?
Question42: An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items.Which of the following phases establishes the identification and prioritization of critical systems and functions?
Question43: Company A acquired Company B.During an audit, a security engineer found Company B's environment was inadequately patched.In response, Company A placed a firewall between the two environments until Company B's infrastructure could be integrated into Company A's security program.Which of the following risk-handling techniques was used?
Question44: A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the for the time surrounding the identified all the assets on the network at the time of the data loss. The analyst suspects the key to finding the source was obfuscated in an application. Which of the following tools should the analyst use NEXT?
Question45: A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?
Question46: A security team received a regulatory notice asking for information regarding collusion and pricing from staff members who are no longer with the organization. The legal department provided the security team with a list of search terms to investigate.This is an example of:
Question47: A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment.Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant?
Question48: A company Is adopting a new artificial-intelligence-based analytics SaaS solution. This Is the company's first attempt at using a SaaS solution, and a security architect has been asked to determine any future risks. Which of the following would be the GREATEST risk In adopting this solution?
Question49: A security analyst is investigating a possible buffer overflow attack. The following output was found on a user's workstation:graphic.linux_randomization.prgWhich of the following technologies would mitigate the manipulation of memory segments?
Question50: A vulnerability analyst identified a zero-day vulnerability in a company's internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one.Which of the following would be BEST suited to meet these requirements?
Question51: Device event logs sources from MDM software as follows:Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?
Question52: A security engineer is hardening a company's multihomed SFTP server. When scanning a public-facing network interface, the engineer finds the following ports are open:2225110137138139445Internal Windows clients are used to transferring files to the server to stage them for customer download as part of the company's distribution process.Which of the following would be the BEST solution to harden the system?
Question53: A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:1. The network supports core applications that have 99.99% uptime.2. Configuration updates to the SD-WAN routers can only be initiated from the management service.3. Documents downloaded from websites must be scanned for malware.Which of the following solutions should the network architect implement to meet the requirements?
Question54: A company's finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access. Which of the following risk techniques did the department use in this situation?
Question55: An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root access.Which of the following describes the administrator's discovery?
Question56: An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors. Which of the following categories BEST describes this type of vendor risk?
Question57: A threat analyst notices the following URL while going through the HTTP logs.Which of the following attack types is the threat analyst seeing?
Question58: A company launched a new service and created a landing page within its website network for users to access the service. Per company policy, all websites must utilize encryption for any authentication pages. A junior network administrator proceeded to use an outdated procedure to order new certificates. Afterward, customers are reporting the following error when accessing a new web page: NET:ERR_CERT_COMMON_NAME_INVALID. Which of the following BEST describes what the administrator should do NEXT?
Question59: A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application.Which of the following is the MOST likely cause?
Question60: An organization developed a social media application that is used by customers in multiple remote geographic locations around the world. The organization's headquarters and only datacenter are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application:Low latency for all mobile users to improve the users' experienceSSL offloading to improve web server performanceProtection against DoS and DDoS attacksHigh availabilityWhich of the following should the organization implement to BEST ensure all requirements are met?
Question61: A company is repeatedly being breached by hackers who valid credentials. The company's Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token-based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls. Which of the following recommendation would MOST likely reduce the risk of unauthorized access?
Question62: An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.Which of the following historian server locations will allow the business to get the required reports in an OT and IT environment?
Question63: An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications. The security team has concerns about the following:Unstructured data being exfiltrated after an employee leaves the organization Data being exfiltrated as a result of compromised credentials Sensitive information in emails being exfiltrated Which of the following solutions should the security team implement to mitigate the risk of data loss?
Question64: The OS on several servers crashed around the same time for an unknown reason. The servers were restored to working condition, and all file integrity was verified. Which of the following should the incident response team perform to understand the crash and prevent it in the future?
Question65: Company A is establishing a contractual with Company B.The terms of the agreement are formalized in a document covering the payment terms, limitation of liability, and intellectual property rights. Which of the following documents will MOST likely contain these elements
Question66: A host on a company's network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.Which of the following steps would be best to perform FIRST?
Question67: An organization's finance system was recently attacked. A forensic analyst is reviewing the contents of the compromised files for credit card dat a. Which of the following commands should the analyst run to BEST determine whether financial data was lost?
Question68: Based on PCI DSS v3.4, One Particular database field can store data, but the data must be unreadable. which of the following data objects meets this requirement?
Question69: A vulnerability scanner detected an obsolete version of an open-source file-sharing application on one of a company's Linux servers. While the software version is no longer supported by the OSS community, the company's Linux vendor backported fixes, applied them for all current vulnerabilities, and agrees to support the software in the future.Based on this agreement, this finding is BEST categorized as a:
Question70: Given the following log snippet from a web server:Which of the following BEST describes this type of attack?
Question71: A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility.Which of the following systems should the consultant review before making a recommendation?
Question72: A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:Which of the following would BEST mitigate this vulnerability?
Question73: A security administrator configured the account policies per security implementation guidelines. However, the accounts still appear to be susceptible to brute-force attacks. The following settings meet the existing compliance guidelines:Must have a minimum of 15 charactersMust use one numberMust use one capital letterMust not be one of the last 12 passwords usedWhich of the following policies should be added to provide additional security?
Question74: A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company's Chief Financial Officer loses a phone multiple times a year.Which of the following will MOST likely secure the data on the lost device?
Question75: A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.Which of the following is the BEST solution to meet these objectives?
Question76: A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources.Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?
Question77: A security analyst detected a malicious PowerShell attack on a single server. The malware used the Invoke-Expression function to execute an external malicious script. The security analyst scanned the disk with an antivirus application and did not find any IOCs. The security analyst now needs to deploy a protection solution against this type of malware.Which of the following BEST describes the type of malware the solution should protect against?
Question78: A security engineer has been asked to close all non-secure connections from the corporate network. The engineer is attempting to understand why the corporate UTM will not allow users to download email via IMAPS. The engineer formulates a theory and begins testing by creating the firewall ID 58, and users are able to download emails correctly by using IMAP instead. The network comprises three VLANs:The security engineer looks at the UTM firewall rules and finds the following:Which of the following should the security engineer do to ensure IMAPS functions properly on the corporate user network?
Question79: Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.Based on RPO requirements, which of the following recommendations should the management team make?
Question80: A security architect was asked to modify an existing internal network design to accommodate the following requirements for RDP:* Enforce MFA for RDP* Ensure RDP connections are only allowed with secure ciphers.The existing network is extremely complex and not well segmented. Because of these limitations, the company has requested that the connections not be restricted by network-level firewalls Of ACLs.Which of the following should the security architect recommend to meet these requirements?
Question81: A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company's website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company?
Question82: A security consultant needs to set up wireless security for a small office that does not have Active Directory. Despite the lack of central account management, the office manager wants to ensure a high level of defense to prevent brute-force attacks against wireless authentication.Which of the following technologies would BEST meet this need?
Question83: A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:Which of the following would BEST mitigate this vulnerability?
Question84: A company provides guest WiFi access to the internet and physically separates the guest network from the company's internal WIFI. Due to a recent incident in which an attacker gained access to the compay's intend WIFI, the company plans to configure WPA2 Enterprise in an EAP- TLS configuration. Which of the following must be installed on authorized hosts for this new configuration to work properly?
Question85: A cybersecurity analyst discovered a private key that could have been exposed.Which of the following is the BEST way for the analyst to determine if the key has been compromised?
Question86: Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts partial responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?