MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: Audit findings indicate several user endpoints are not utilizing full disk encryption During me remediation process, a compliance analyst reviews the testing details for the endpoints and notes the endpoint device configuration does not support full disk encryption Which of the following is the most likely reason me device must be replaced'
Question2: During a forensic review of a cybersecurity incident, a security engineer collected a portion of the payload used by an attacker on a comprised web server Given the following portion of the code:Which of the following best describes this incident?
Question3: An organization is developing on Al-enabled digital worker to help employees complete common tasks such as template development, editing, research, and scheduling. As part of the Al workload the organization wants to Implement guardrails within the platform. Which of the following should the company do to secure the Al environment?
Question4: A security analyst is troubleshooting the reason a specific user is having difficulty accessing company resources The analyst reviews the following information:Which of the following is most likely the cause of the issue?
Question5: A company hosts a platform-as-a-service solution with a web-based front end, through which customer interact with data sets. A security administrator needs to deploy controls to prevent application-focused attacks. Which of the following most directly supports the administrator's objective'
Question6: A company reduced its staff 60 days ago, and applications are now starting to fail. The security analyst is investigating to determine if there is malicious intent for the application failures. The security analyst reviews the following logs:Mar 5 22:09:50 akj3 sshd[21502]: Success login for userOl from 192.168.2.5 Mar 5 22:10:00 akj3 sshd[21502]: Failed login for userID from 192.168.2.5 Which of the following is the most likely reason for the application failures?
Question7: An organization mat performs real-time financial processing is implementing a new backup solution Given the following business requirements?* The backup solution must reduce the risk for potential backup compromise* The backup solution must be resilient to a ransomware attack.* The time to restore from backups is less important than the backup data integrity* Multiple copies of production data must be maintainedWhich of the following backup strategies best meets these requirement?
Question8: A company finds logs with modified time stamps when compared to other systems. The security team decides to improve logging and auditing for incident response. Which of the following should the team do to best accomplish this goal?
Question9: A company must build and deploy security standards for all servers in its on-premises and cloud environments based on hardening guidelines. Which of the following solutions most likely meets the requirements?
Question10: A systems administrator wants to reduce the number of failed patch deployments in an organization. The administrator discovers that system owners modify systems or applications in an ad hoc manner. Which of the following is the best way to reduce the number of failed patch deployments?
Question11: A company's internal network is experiencing a security breach, and the threat actor is still active. Due to business requirements, users in this environment are allowed to utilize multiple machines at the same time.Given the following log snippet:Which of the following accounts should a security analyst disable to best contain the incident without impacting valid users?
Question12: A developer makes a small change to a resource allocation module on a popular social media website and causes a memory leak. During a peak utilization period, several web servers crash, causing the website to go offline. Which of the following testing techniques is the most efficient way to prevent this from reoccurring?
Question13: A building camera is remotely accessed and disabled from the remote console application during off-hours. A security analyst reviews the following logs:Which of the following actions should the analyst take to best mitigate the threat?
Question14: A security analyst needs to ensure email domains that send phishing attempts without previous communications are not delivered to mailboxes The following email headers are being reviewedWhich of the following is the best action for the security analyst to take?
Question15: A security analyst reviews the following report:Which of the following assessments is the analyst performing?
Question16: An organization wants to create a threat model to identity vulnerabilities in its infrastructure. Which of the following, should be prioritized first?
Question17: An organization is looking for gaps in its detection capabilities based on the APTs that may target the industry Which of the following should the security analyst use to perform threat modeling?
Question18: An analyst reviews a SIEM and generates the following report:Only HOST002 is authorized for internet traffic. Which of the following statements is accurate?
Question19: Third parties notified a company's security team about vulnerabilities in the company's application. The security team determined these vulnerabilities were previously disclosed in third-party libraries. Which of the following solutions best addresses the reported vulnerabilities?
Question20: You are a security analyst tasked with interpreting an Nmap scan output from company's privileged network.The company's hardening guidelines indicate the following:There should be one primary server or service per device.Only default ports should be used.Non-secure protocols should be disabled.INSTRUCTIONSUsing the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:The IP address of the deviceThe primary server or service of the device (Note that each IP should by associated with one service/port only) The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines) If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Question21: A senior security engineer flags me following log file snippet as hawing likely facilitated an attacker's lateral movement in a recent breach:Which of the following solutions, if implemented, would mitigate the nsk of this issue reoccurnnp?
Question22: A systems engineer is configuring a system baseline for servers that will provide email services. As part of the architecture design, the engineer needs to improve performance of the systems by using an access vector cache, facilitating mandatory access control and protecting against:* Unauthorized reading and modification of data and programs* Bypassing application security mechanisms* Privilege escalation* interference with other processesWhich of the following is the most appropriate for the engineer to deploy?
Question23: A company recently experienced a ransomware attack. Although the company performs systems and data backup on a schedule that aligns with its RPO (Recovery Point Objective) requirements, the backup administrator could not recover critical systems and data from its offline backups to meet the RPO.Eventually, the systems and data were restored with information that was six months outside of RPO requirements.Which of the following actions should the company take to reduce the risk of a similar attack?
Question24: A security analyst received a notification from a cloud service provider regarding an attack detected on a web server The cloud service provider shared the following information about the attack:* The attack came from inside the network.* The attacking source IP was from the internal vulnerability scanners.* The scanner is not configured to target the cloud servers.Which of the following actions should the security analyst take first?
Question25: You are tasked with integrating a new B2B client application with an existing OAuth workflow that must meet the following requirements:. The application does not need to know the users' credentials.. An approval interaction between the users and the HTTP service must be orchestrated.. The application must have limited access to users' data.INSTRUCTIONSUse the drop-down menus to select the action items for the appropriate locations. All placeholders must be filled.
Question26: A news organization wants to implement workflows that allow users to request that untruthful data be retraced and scrubbed from online publications to comply with the right to be forgotten Which of the following regulations is the organization most likely trying to address'
Question27: A security analyst discovered requests associated with IP addresses known for born legitimate 3nd bot-related traffic. Which of the following should the analyst use to determine whether the requests are malicious?
Question28: During a vulnerability assessment, a scan reveals the following finding:Windows Server 2016 Missing hotfix KB87728 - CVSS 3.1 Score: 8.1 [High] - Affected host 172.16.15.2 Later in the review process, the remediation team marks the finding as a false positive. Which of the following is the best way to avoid this issue on future scans?
Question29: A security review revealed that not all of the client proxy traffic is being captured. Which of the following architectural changes best enables the capture of traffic for analysis?
Question30: A security officer performs due diligence activities before implementing a third-party solution into the enterprise environment. The security officer needs evidence from the third party that a data subject access request handling process is in place. Which of the following is the security officer most likely seeking to maintain compliance?
Question31: A software engineer is creating a CI/CD pipeline to support the development of a web application The DevSecOps team is required to identify syntax errors Which of the following is the most relevant to the DevSecOps team's task'
Question32: A company wants to invest in research capabilities with the goal to operationalize the research output. Which of the following is the best option for a security architect to recommend?
Question33: A cybersecurity architect is reviewing the detection and monitoring capabilities for a global company that recently made multiple acquisitions. The architect discovers that the acquired companies use different vendors for detection and monitoring The architect's goal is to:* Create a collection of use cases to help detect known threats* Include those use cases in a centralized library for use across all of the companies Which of the following is the best way to achieve this goal?
Question34: An organization wants to manage specialized endpoints and needs a solution that provides the ability to* Centrally manage configurations* Push policies.* Remotely wipe devices* Maintain asset inventoryWhich of the following should the organization do to best meet these requirements?
Question35: Which of the following best explains the business requirement a healthcare provider fulfills by encrypting patient data at rest?
Question36: An organization found a significant vulnerability associated with a commonly used package in a variety of operating systems. The organization develops a registry of software dependencies to facilitate incident response activities. As part of the registry, the organization creates hashes of packages that have been formally vetted. Which of the following attack vectors does this registry address?
Question37: A systems administrator wants to use existing resources to automate reporting from disparate security appliances that do not currently communicate. Which of the following is the best way to meet this objective?
Question38: During the course of normal SOC operations, three anomalous events occurred and were flagged as potential IoCs. Evidence for each of these potential IoCs is provided.INSTRUCTIONSReview each of the events and select the appropriate analysis and remediation options for each IoC.
Question39: An organization determines existing business continuity practices are inadequate to support critical internal process dependencies during a contingency event. A compliance analyst wants the Chief Information Officer (CIO) to identify the level of residual risk that is acceptable to guide remediation activities. Which of the following does the CIO need to clarify?
Question40: Asecuntv administrator is performing a gap assessment against a specific OS benchmark The benchmark requires the following configurations be applied to endpomts:* Full disk encryption* Host-based firewall* Time synchronization* Password policies* Application allow listing* Zero Trust application accessWhich of the following solutions best addresses the requirements? (Select two).
Question41: A company's help desk is experiencing a large number of calls from the finance department slating access issues to www bank com The security operations center reviewed the following security logs:Which of the following is most likely the cause of the issue?
Question42: A hospital provides tablets to its medical staff to enable them to more quickly access and edit patients' charts.The hospital wants to ensure that if a tablet is Identified as lost or stolen and a remote command is issued, the risk of data loss can be mitigated within seconds. The tablets are configured as follows to meet hospital policy* Full disk encryption is enabled* "Always On" corporate VPN is enabled* ef-use-backed keystore is enabled'ready.* Wi-Fi 6 is configured with SAE.* Location services is disabled.*Application allow list is configured
Question43: A security officer received several complaints from users about excessive MPA push notifications at night The security team investigates and suspects malicious activities regarding user account authentication Which of the following is the best way for the security officer to restrict MI~A notifications''
Question44: A company that relies on an COL system must keep it operating until a new solution is available Which of the following is the most secure way to meet this goal?
Question45: An organization is required to* Respond to internal and external inquiries in a timely manner* Provide transparency.* Comply with regulatory requirementsThe organization has not experienced any reportable breaches but wants to be prepared if a breach occurs in the future. Which of the following is the best way for the organization to prepare?
Question46: An organization recently implemented a new email DLP solution. Emails sent from company email addresses to matching personal email addresses generated a large number of alerts, but the content of the emails did not include company data. The security team needs to reduce the number of emails sent without blocking all emails to common personal email services. Which of the following should the security team implement first?
Question47: A security engineer performed a code scan that resulted in many false positives. The security engineer must find a solution that improves the quality of scanning results before application deployment. Which of the following is the best solution?
Question48: A security analyst is reviewing the following log:Which of the following possible events should the security analyst investigate further?
Question49: An IPSec solution is being deployed. The configuration files for both the VPN concentrator and the AAA server are shown in the diagram.Complete the configuration files to meet the following requirements:* The EAP method must use mutual certificate-based authentication (With issued client certificates).* The IKEv2 Cipher suite must be configured to the MOST secureauthenticated mode of operation,* The secret must contain at least one uppercase character, one lowercase character, one numeric character, and one special character, and it must meet a minimum length requirement of eight characters, INSTRUCTIONS Click on the AAA server and VPN concentrator to complete the configuration.Fill in the appropriate fields and make selections from the drop-down menus.VPN Concentrator:AAA Server:
Question50: A company wants to implement hardware security key authentication for accessing sensitive information systems The goal is to prevent unauthorized users from gaining access with a stolen password Which of the following models should the company implement to best solve this issue?
Question51: A company's SIEM is designed to associate the company's asset inventory with user events. Given the following report:Which of the following should a security engineer investigate first as part of a log audit?
Question52: An organization is implementing advanced security controls associated with the execution of software applications on corporate endpoints. The organization must implement a deny-all, permit-by-exception approach to software authorization for all systems regardless of OS. Which of the following should be implemented to meet these requirements?
Question53: A systems administrator wants to introduce a newly released feature for an internal application. The administrate docs not want to test the feature in the production environment. Which of the following locations is the best place to test the new feature?
Question54: A security professional is investigating a trend in vulnerability findings for newly deployed cloud systems Given the following output:Which of the following actions would address the root cause of this issue?
Question55: A software company deployed a new application based on its internal code repository Several customers are reporting anti-malware alerts on workstations used to test the application Which of the following is the most likely cause of the alerts?
Question56: An organization has noticed an increase in phishing campaigns utilizing typosquatting. A security analyst needs to enrich the data for commonly used domains against the domains used in phishing campaigns. The analyst uses a log forwarder to forward network logs to the SIEM. Which of the following would allow the security analyst to perform this analysis?
Question57: Company A acquired Company B and needs to determine how the acquisition will impact the attack surface of the organization as a whole. Which of the following is the best way to achieve this goal? (Select two).Implementing DLP controls preventing sensitive data from leaving Company B's network
Question58: A security team is responding to malicious activity and needs to determine the scope of impact the malicious activity appears to affect certain version of an application used by the organization Which of the following actions best enables the team to determine the scope of Impact?
Question59: A central bank implements strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin. Which of the following best describes the cyberthreat to the bank?
Question60: A security engineer needs to review the configurations of several devices on the network to meet the following requirements:* The PostgreSQL server must only allow connectivity in the 10.1.2.0/24 subnet.* The SSH daemon on the database server must be configured to listento port 4022.* The SSH daemon must only accept connections from a Singleworkstation.* All host-based firewalls must be disabled on all workstations.* All devices must have the latest updates from within the past eightdays.* All HDDs must be configured to secure data at rest.* Cleartext services are not allowed.* All devices must be hardened when possible.Instructions:Click on the various workstations and network devices to review the posture assessment results. Remediate any possible issues or indicate that no issue is found.Click on Server A to review output data. Select commands in the appropriate tab to remediate connectivity problems to the pOSTGREsql DATABASE VIA sshWAP APC ALaptop ASwitch ASwitch B:Laptop BPC BPC CServer A
Question61: Operational technology often relies upon aging command, control, and telemetry subsystems that were created with the design assumption of:
Question62: After an incident response exercise, a security administrator reviews the following table:Which of the following should the administrator do to beat support rapid incident response in the future?
Question63: A developer needs to improve the cryptographic strength of a password-storage component in a web application without completely replacing the crypto-module. Which of the following is the most appropriate technique?
Question64: A company recently experienced an incident in which an advanced threat actor was able to shim malicious code against the hardware static of a domain controller The forensic team cryptographically validated that com the underlying firmware of the box and the operating system had not been compromised. However, the attacker was able to exfiltrate information from the server using a steganographic technique within LOAP Which of the following is me best way to reduce the risk oi reoccurrence?
Question65: A security analyst Detected unusual network traffic related to program updating processes The analyst collected artifacts from compromised user workstations. The discovered artifacts were binary files with the same name as existing, valid binaries but. with different hashes which of the following solutions would most likely prevent this situation from reoccurring?
Question66: A security analyst is reviewing the following authentication logs:Which of the following should the analyst do first?
Question67: A systems engineer is configuring SSO for a business that will be using SaaS applications for its remote-only workforce. Privileged actions in SaaS applications must be allowed only from corporate mobile devices that meet minimum security requirements, but BYOD must also be permitted for other activity. Which of the following would best meet this objective?
Question68: A global manufacturing company has an internal application mat is critical to making products This application cannot be updated and must Be available in the production area A security architect is implementing security for the application. Which of the following best describes the action the architect should take-?
Question69: Previously intercepted communications must remain secure even if a current encryption key is compromised in the future. Which of the following best supports this requirement?
Question70: A company that uses containers to run its applications is required to identify vulnerabilities on every container image in a private repository The security team needs to be able to quickly evaluate whether to respond to a given vulnerability Which of the following, will allow the security team to achieve the objective with the last effort?
Question71: Audit findings indicate several user endpoints are not utilizing full disk encryption During me remediation process, a compliance analyst reviews the testing details for the endpoints and notes the endpoint device configuration does not support full disk encryption Which of the following is the most likely reason me device must be replaced'
Question72: A security operations engineer needs to prevent inadvertent data disclosure when encrypted SSDs are reused within an enterprise. Which of the following is the most secure way to achieve this goal?