MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: CORRECT TEXTYou have just received some room and WiFi access control recommendations from a security consulting company. Click on each building to bring up available security controls.Please implement the following requirements:* The Chief Executive Officer's (CEO) office had multiple redundant security measures installed on the door to the office. Remove unnecessary redundancies to deploy three- factor authentication, while retaining the expensive iris render.* The Public Cafe has wireless available to customers. You need to secure the WAP with WPA and place a passphrase on the customer receipts.* In the Data Center you need to include authentication from the "something you know" category and take advantage of the existing smartcard reader on the door.* In the Help Desk Office you need to require single factor authentication through the use of physical tokens given to guests by the receptionist.* The PII Office has redundant security measures in place. You need to eliminate the redundancy while maintaining three-factor authentication and retaining the more expensive controls.Instructions: The original security controls for each office can be reset at anytime by selecting the Reset button. Once you have met the above requirements for each office, select the Save button.When you have completed the entire simulation, please select the Done button to submit.Once the simulation is submitted, please select the Next button to continue.
Question2: A company has a data system with definitions for "Private" and "Public". The company's security policy outlines how data should be protected based on type. The company recently added the data type "Proprietary". Which of the following is the MOST likely reason the company added this data type?
Question3: A company has a data system with definitions for "Private" and "Public". The company's security policy outlines how data should be protected based on type. The company recently added the data type "Proprietary". Which of the following is the MOST likely reason the company added this data type?
Question4: A systems administrator is reviewing the following information from a compromised server:Given the above information, which of the following processes was MOST likely exploited via a remote buffer overflow attack?
Question5: An administrator is replacing a wireless router. The configuration of the old wireless router was not documented before it stopped functioning. The equipment connecting to the wireless network uses older legacy equipment that was manufactured prior to the release of the 802.11i standard. Which of the following configuration options should the administrator select for the new wireless router?
Question6: In a corporation where compute utilization spikes several times a year, the Chief Information Officer (CIO) has requested a cost-effective architecture to handle the variable capacity demand. Which of the following characteristics BEST describes what the CIO has requested?
Question7: Which of the following cryptographic attacks would salting of passwords render ineffective?
Question8: DRAG DROPDetermine the types of attacks below by selecting an option from the dropdown list.Determine the types of Attacks from right to specific action.
Question9: A company has a data system with definitions for "Private" and "Public". The company's security policy outlines how data should be protected based on type. The company recently added the data type "Proprietary". Which of the following is the MOST likely reason the company added this data type?
Question10: A security analyst is hardening an authentication server. One of the primary requirements is to ensure there is mutual authentication and delegation. Given these requirements, which of the following technologies should the analyst recommend and configure?
Question11: When trying to log onto a company's new ticketing system, some employees receive the following message: Access denied: too many concurrent sessions. The ticketing system was recently installed on a small VM with only the recommended hardware specifications.Which of the following is the MOST likely cause for this error message?
Question12: A security analyst is hardening an authentication server. One of the primary requirements is to ensure there is mutual authentication and delegation. Given these requirements, which of the following technologies should the analyst recommend and configure?
Question13: Which of the following types of cloud infrastructures would allow several organizations with similar structures and interests to realize the benefits of shared storage and resources?
Question14: Joe, an employee, wants to show his colleagues how much he knows about smartphones.Joe demonstrates a free movie application that he installed from a third party on his corporate smartphone. Joe's colleagues were unable to find the application in the app stores. Which of the following allowed Joe to install the application? (Select two.)
Question15: A security administrator is reviewing the following network capture:192.168.20.43:2043 -> 10.234.66.21:80POST "192.168.20.43https://www.banksite.com<ENTER>JoeUsr<BackSPACE>erPassword<ENTER>"Which of the following malware is MOST likely to generate the above information?
Question16: DRAG DROPDetermine the types of attacks below by selecting an option from the dropdown list.Determine the types of Attacks from right to specific action.
Question17: DRAG DROPYou have been tasked with designing a security plan for your company. Drag and drop the appropriate security controls on the floor plan.Instructions: All objects must be used and all place holders must be filled. Order does not matter. When you have completed the simulation, please select the Done button to submit.
Question18: Which of the following can be provided to an AAA system for the identification phase?
Question19: A company is developing a new secure technology and requires computers being used for development to be isolated. Which of the following should be implemented to provide the MOST secure environment?
Question20: A network administrator at a small office wants to simplify the configuration of mobile clients connecting to an encrypted wireless network. Which of the following should be implemented in the administrator does not want to provide the wireless password or he certificate to the employees?
Question21: HOTSPOTSelect the appropriate attack from each drop down list to label the corresponding illustrated attack.Instructions: Attacks may only be used once, and will disappear from drop down list if selected. When you have completed the simulation, please select the Done button to submit.
Question22: A security analyst is hardening an authentication server. One of the primary requirements is to ensure there is mutual authentication and delegation. Given these requirements, which of the following technologies should the analyst recommend and configure?
Question23: An attacker compromises a public CA and issues unauthorized X.509 certificates for Company.com. In the future, Company.com wants to mitigate the impact of similar incidents. Which of the following would assist Company.com with its goal?
Question24: DRAG DROPDetermine the types of attacks below by selecting an option from the dropdown list.Determine the types of Attacks from right to specific action.
Question25: A company has a data system with definitions for "Private" and "Public". The company's security policy outlines how data should be protected based on type. The company recently added the data type "Proprietary". Which of the following is the MOST likely reason the company added this data type?
Question26: DRAG DROPDetermine the types of attacks below by selecting an option from the dropdown list.Determine the types of Attacks from right to specific action.
Question27: Multiple employees receive an email with a malicious attachment that begins to encrypt their hard drives and mapped shares on their devices when it is opened. The network and security teams perform the following actions:Next, the teams want to re-enable the network shares. Which of the following BEST describes this phase of the incident response process?
Question28: A network technician is setting up a segmented network that will utilize a separate ISP to provide wireless access to the public area for a company. Which of the following wireless security methods should the technician implement to provide basic accountability for access to the public network?
Question29: A security analyst is hardening an authentication server. One of the primary requirements is to ensure there is mutual authentication and delegation. Given these requirements, which of the following technologies should the analyst recommend and configure?
Question30: A security analyst is hardening a server with the directory services role installed. The analyst must ensure LDAP traffic cannot be monitored or sniffed and maintains compatibility with LDAP clients. Which of the following should the analyst implement to meet these requirements? (Select two.)
Question31: An auditor wants to test the security posture of an organization by running a tool that will display the following:Which of the following commands should be used?
Question32: DRAG DROPDetermine the types of attacks below by selecting an option from the dropdown list.Determine the types of Attacks from right to specific action.
Question33: A company has a data system with definitions for "Private" and "Public". The company's security policy outlines how data should be protected based on type. The company recently added the data type "Proprietary". Which of the following is the MOST likely reason the company added this data type?
Question34: Which of the following is an important step to take BEFORE moving any installation packages from a test environment to production?
Question35: A security analyst captures forensic evidence from a potentially compromised system for further investigation. The evidence is documented and securely stored to FIRST:
Question36: Which of the following would a security specialist be able to determine upon examination of a server's certificate?
Question37: DRAG DROPYou have been tasked with designing a security plan for your company. Drag and drop the appropriate security controls on the floor plan-Instructions: All objects must be used and all place holders must be filled. Order does not matter. When you have completed the simul- ation, please select the Done button to submit.
Question38: Which of the following network vulnerability scan indicators BEST validates a successful, active scan?
Question39: DRAG DROPA security administrator is given the security and availability profiles for servers that are being deployed.Match each RAID type with the correct configuration and MINIMUM number of drives.Review the server profiles and match them with the appropriate RAID type based on integrity, availability, I/O, storage requirements. Instructions:All drive definitions can be dragged as many times as necessaryNot all placeholders may be filled in the RAID configuration boxesIf parity is required, please select the appropriate number of parity checkboxes Server profiles may be dragged only once Instructions: If at any time you would like to bring back the initial state of the simul-ation, please select the Reset button. When you have completed the simul-ation, please select the Done button to submit. Once the simul-ation is submitted, please select the Next button to continue.
Question40: Which of the following is an important step to take BEFORE moving any installation packages from a test environment to production?
Question41: A security administrator has found a hash in the environment known to belong to malware.The administrator then finds this file to be in in the preupdate area of the OS, which indicates it was pushed from the central patch system.File: winx86_adobe_flash_upgrade.exeHash: 99ac28bede43ab869b853ba62c4ea243The administrator pulls a report from the patch management system with the following output:Given the above outputs, which of the following MOST likely happened?
Question42: A user suspects someone has been accessing a home network without permission by spoofing the MAC address of an authorized system. While attempting to determine if an authorized user is logged into the home network, the user reviews the wireless router, which shows the following table for systems that are currently on the home network.Which of the following should be the NEXT step to determine if there is an unauthorized user on the network?
Question43: A company hires a consulting firm to crawl its Active Directory network with a non-domain account looking for unpatched systems. Actively taking control of systems is out of scope, as is the creation of new administrator accounts. For which of the following is the company hiring the consulting firm?
Question44: Multiple organizations operating in the same vertical wants to provide seamless wireless access for their employees as they visit the other organizations. Which of the following should be implemented if all the organizations use the native 802.1x client on their mobile devices?
Question45: An organization has determined it can tolerate a maximum of three hours of downtime.Which of the following has been specified?
Question46: A company is terminating an employee for misbehavior. Which of the following steps is MOST important in the process of disengagement from this employee?
Question47: Which of the following threat actors is MOST likely to steal a company's proprietary information to gain a market edge and reduce time to market?
Question48: Which of the following attacks specifically impact data availability?
Question49: An incident responder receives a call from a user who reports a computer is exhibiting symptoms consistent with a malware infection. Which of the following steps should the responder perform NEXT?
Question50: DRAG DROPDetermine the types of attacks below by selecting an option from the dropdown list.Determine the types of Attacks from right to specific action.
Question51: Malicious traffic from an internal network has been detected on an unauthorized port on an application server.Which of the following network-based security controls should the engineer consider implementing?
Question52: A security analyst is hardening an authentication server. One of the primary requirements is to ensure there is mutual authentication and delegation. Given these requirements, which of the following technologies should the analyst recommend and configure?
Question53: DRAG DROPDetermine the types of attacks below by selecting an option from the dropdown list.Determine the types of Attacks from right to specific action.
Question54: A security analyst is hardening an authentication server. One of the primary requirements is to ensure there is mutual authentication and delegation. Given these requirements, which of the following technologies should the analyst recommend and configure?
Question55: DRAG DROPDetermine the types of attacks below by selecting an option from the dropdown list.Determine the types of Attacks from right to specific action.
Question56: A senior incident response manager receives a call about some external IPs communicating with internal computers during off hours. Which of the following types of malware is MOST likely causing this issue?
Question57: Despite having implemented password policies, users continue to set the same weak passwords and reuse old passwords. Which of the following technical controls would help prevent these policy violations? (Select two.)