MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: Given the following log snippet from a web server:Which of the following BEST describes this type of attack?
Question2: An organization mat provides a SaaS solution recently experienced an incident involving customer data loss. The system has a level of sell-healing that includes monitoring performance and available resources. When me system detects an issue, the self-healing process is supposed to restart pans of me software.During the incident, when me self-healing system attempted to restart the services, available disk space on the data drive to restart all the services was inadequate. The self-healing system did not detect that some services did not fully restart and declared me system as fully operational. Which of the following BEST describes me reason why the silent failure occurred?
Question3: A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.Which of the following techniques would BEST support this?
Question4: A company's claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee's laptop when was opened.
Question5: Which of the following is the MOST important cloud-specific risk from the CSP's viewpoint?
Question6: A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?
Question7: A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility.Which of the following systems should the consultant review before making a recommendation?
Question8: Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following should Ann use to gather the required information?
Question9: A security analyst notices a number of SIEM events that show the following activity:Which of the following response actions should the analyst take FIRST?
Question10: A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.Which of the following sources could the architect consult to address this security concern?
Question11: During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels.Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?
Question12: A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line.Which of the following commands would be the BEST to run to view only active Internet connections?
Question13: An HVAC contractor requested network connectivity permission to remotely support/troubleshoot equipment issues at a company location. Currently, the company does not have a process that allows vendors remote access to the corporate network Which of the following solutions represents the BEST course of action to allow the contractor access?
Question14: A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells.Which of the following techniques will MOST likely meet the business's needs?
Question15: An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications. The security team has concerns about the following:Unstructured data being exfiltrated after an employee leaves the organization Data being exfiltrated as a result of compromised credentials Sensitive information in emails being exfiltrated Which of the following solutions should the security team implement to mitigate the risk of data loss?
Question16: Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?
Question17: A threat analyst notices the following URL while going through the HTTP logs.Which of the following attack types is the threat analyst seeing?
Question18: As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents.Which of the following BEST describes this kind of risk response?
Question19: A financial institution has several that currently employ the following controls:* The severs follow a monthly patching cycle.* All changes must go through a change management process.* Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.* The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?
Question20: A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online. Which of the following be the FIRST step taken by the team?
Question21: An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment's notice.Which of the following should the organization consider FIRST to address this requirement?
Question22: Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.Based on RPO requirements, which of the following recommendations should the management team make?
Question23: In preparation for the holiday season, a company redesigned the system that manages retail sales and moved it to a cloud service provider. The new infrastructure did not meet the company's availability requirements. During a postmortem analysis, the following issues were highlighted:1. International users reported latency when images on the web page were initially loading.2. During times of report processing, users reported issues with inventory when attempting to place orders.3. Despite the fact that ten new API servers were added, the load across servers was heavy at peak times.Which of the following infrastructure design changes would be BEST for the organization to implement to avoid these issues in the future?
Question24: An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following:ERR_SSL_VERSION_OR_CIPHER_MISMATCHWhich of the following is MOST likely the root cause?
Question25: A security engineer is reviewing a record of events after a recent data breach incident that Involved the following:* A hacker conducted reconnaissance and developed a footprint of the company s Internet-facing web application assets.* A vulnerability in a third-party horary was exploited by the hacker, resulting in the compromise of a local account.* The hacker took advantage of the account's excessive privileges to access a data store and exfilltrate the data without detection.Which of the following is the BEST solution to help prevent this type of attack from being successful in the future?
Question26: Which of the following BEST sets expectation between the security team and business units within an organization?
Question27: A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.The technician will define this threat as:
Question28: Based on PCI DSS v3.4, One Particular database field can store data, but the data must be unreadable. which of the following data objects meets this requirement?
Question29: A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots.Which of the following would provide the BEST boot loader protection?
Question30: A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that an important legacy embedded system gathers SNMP information from various devices. The system can only be managed through a web browser running Flash. The embedded system will be replaced within the year but is still critical at the moment.Which of the following should the security administrator do to mitigate the risk?
Question31: A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.Which of the following is the BEST solution to meet these objectives?
Question32: A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive.Based on the output above, from which of the following process IDs can the analyst begin an investigation?
Question33: An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should:* Be based on open-source Android for user familiarity and ease.* Provide a single application for inventory management of physical assets.* Permit use of the camera be only the inventory application for the purposes of scanning* Disallow any and all configuration baseline modifications.* Restrict all access to any device resource other than those requirement ?
Question34: A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application.Which of the following is the MOST likely cause?
Question35: An organization is implementing a new identity and access management architecture with the following objectives:Supporting MFA against on-premises infrastructureImproving the user experience by integrating with SaaS applicationsApplying risk-based policies based on locationPerforming just-in-time provisioningWhich of the following authentication protocols should the organization implement to support these requirements?
Question36: A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.Which of the following would BEST secure the company's CI/CD pipeline?
Question37: A security team received a regulatory notice asking for information regarding collusion and pricing from staff members who are no longer with the organization. The legal department provided the security team with a list of search terms to investigate.This is an example of:
Question38: A company launched a new service and created a landing page within its website network for users to access the service. Per company policy, all websites must utilize encryption for any authentication pages. A junior network administrator proceeded to use an outdated procedure to order new certificates. Afterward, customers are reporting the following error when accessing a new web page: NET:ERR_CERT_COMMON_NAME_INVALID. Which of the following BEST describes what the administrator should do NEXT?
Question39: The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight.Which of the following testing methods would be BEST for the engineer to utilize in this situation?
Question40: An organization is planning for disaster recovery and continuity of operations.INSTRUCTIONSReview the following scenarios and instructions. Match each relevant finding to the affected host.After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.Each finding may be used more than once.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question41: A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log.Which of the following actions would BEST address the potential risks by the activity in the logs?
Question42: A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:Which of the following is an appropriate security control the company should implement?
Question43: An organization requires a contractual document that includes* An overview of what is covered* Goals and objectives* Performance metrics for each party* A review of how the agreement is managed by all partiesWhich of the following BEST describes this type of contractual document?
Question44: An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?
Question45: A company is looking for a solution to hide data stored in databases. The solution must meet the following requirements:Be efficient at protecting the production environmentNot require any change to the applicationAct at the presentation layerWhich of the following techniques should be used?
Question46: Which of the following controls primarily detects abuse of privilege but does not prevent it?
Question47: As part of the customer registration process to access a new bank account, customers are required to upload a number of documents, including their passports and driver's licenses. The process also requires customers to take a current photo of themselves to be compared against provided documentation.Which of the following BEST describes this process?
Question48: An organization recently started processing, transmitting, and storing its customers' credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers' information.Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?
Question49: An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact.Which of the following should the organization perform NEXT?
Question50: A security engineer needs 10 implement a CASB to secure employee user web traffic. A Key requirement is mat relevant event data must be collected from existing on-premises infrastructure components and consumed by me CASB to expand traffic visibility. The solution must be nighty resilient to network outages. Which of the following architectural components would BEST meet these requirements?
Question51: An organization's existing infrastructure includes site-to-site VPNs between datacenters. In the past year, a sophisticated attacker exploited a zero-day vulnerability on the VPN concentrator. Consequently, the Chief Information Security Officer (CISO) is making infrastructure changes to mitigate the risk of service loss should another zero-day exploit be used against the VPN solution.Which of the following designs would be BEST for the CISO to use?
Question52: A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes.Which of the following should a security architect recommend?
Question53: A company publishes several APIs for customers and is required to use keys to segregate customer data sets.Which of the following would be BEST to use to store customer keys?
Question54: A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements:Support all phases of the SDLC.Use tailored website portal software.Allow the company to build and use its own gateway software.Utilize its own data management platform.Continue using agent-based security tools.Which of the following cloud-computing models should the CIO implement?
Question55: A company's product site recently had failed API calls, resulting in customers being unable to check out and purchase products. This type of failure could lead to the loss of customers and damage to the company's reputation in the market.Which of the following should the company implement to address the risk of system unavailability?
Question56: A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs.Which of the following should the company use to prevent data theft?
Question57: A security administrator configured the account policies per security implementation guidelines. However, the accounts still appear to be susceptible to brute-force attacks. The following settings meet the existing compliance guidelines:Must have a minimum of 15 charactersMust use one numberMust use one capital letterMust not be one of the last 12 passwords usedWhich of the following policies should be added to provide additional security?
Question58: After a security incident, a network security engineer discovers that a portion of the company's sensitive external traffic has been redirected through a secondary ISP that is not normally used.Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?
Question59: A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user's actions. An investigator took a forensic image of the VM an downloaded the image to a secured USB drive to share with the government. Which of the following should be taken into consideration during the process of releasing the drive to the government?
Question60: A small company recently developed prototype technology for a military program. The company's security engineer is concerned about potential theft of the newly developed, proprietary information.Which of the following should the security engineer do to BEST manage the threats proactively?
Question61: Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?
Question62: A company wants to quantify and communicate the effectiveness of its security controls but must establish measures. Which of the following is MOST likely to be included in an effective assessment roadmap for these controls?
Question63: The Chief information Officer (CIO) wants to establish a non-banding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a format partnership. Which of the follow would MOST likely be used?
Question64: A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:Which of the following would BEST mitigate this vulnerability?
Question65: Which of the following represents the MOST significant benefit of implementing a passwordless authentication solution?
Question66: A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system:Which of the following meets the budget needs of the business?
Question67: Which of the following is required for an organization to meet the ISO 27018 standard?
Question68: A security engineer estimates the company's popular web application experiences 100 attempted breaches per day. In the past four years, the company's data has been breached two times.Which of the following should the engineer report as the ARO for successful breaches?