MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: A security analyst is reviewing the following logs:Which of the following attacks is most likely occurring?
Question2: A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee's corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?
Question3: Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?
Question4: A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies.Which of the following is the most important consideration during development?
Question5: Which of the following would be the best way to handle a critical business application that is running on a legacy server?
Question6: A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?
Question7: After reviewing the following vulnerability scanning report:Server:192.168.14.6Service: TelnetPort: 23 Protocol: TCPStatus: Open Severity: HighVulnerability: Use of an insecure network protocolA security analyst performs the following test:nmap -p 23 192.168.14.6 -script telnet-encryptionPORT STATE SERVICE REASON23/tcp open telnet syn-ackI telnet encryption:| _ Telnet server supports encryptionWhich of the following would the security analyst conclude for this reported vulnerability?
Question8: An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?
Question9: A security administrator would like to protect data on employees' laptops. Which of the following encryption techniques should the security administrator use?
Question10: An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?
Question11: An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a "page not found" error message.Which of the following types of social engineering attacks occurred?
Question12: A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?
Question13: While troubleshooting a firewall configuration, a technician determines that a "deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.Which of the following actions would prevent this issue?
Question14: A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?
Question15: Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.Which of the following changes would allow users to access the site?
Question16: Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?
Question17: A user is attempting to patch a critical system, but the patch fails to transfer. Which of the following access controls is most likely inhibiting the transfer?
Question18: Which of the following agreement types defines the time frame in which a vendor needs to respond?
Question19: A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering.Which of the following teams will conduct this assessment activity?
Question20: A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following methods is most secure?
Question21: Which of the following is a hardware-specific vulnerability?
Question22: Which of the following roles, according to the shared responsibility model, is responsible for securing the company's database in an IaaS model for a cloud environment?
Question23: Which of the following exercises should an organization use to improve its incident response process?
Question24: A business received a small grant to migrate its infrastructure to an off-premises solution. Which of the following should be considered first?
Question25: A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?
Question26: A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints. Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?
Question27: A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?
Question28: Which of the following security concepts is the best reason for permissions on a human resources fileshare to follow the principle of least privilege?
Question29: Which of the following is required for an organization to properly manage its restore process in the event of system failure?
Question30: A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?
Question31: A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?
Question32: A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement. Which of the following reconnaissance types is the tester performing?
Question33: An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?
Question34: A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider.Which of the following is a risk in the new system?
Question35: Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?
Question36: Which of the following is used to add extra complexity before using a one-way data transformation algorithm?
Question37: An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?
Question38: A company is discarding a classified storage array and hires an outside vendor to complete the disposal.Which of the following should the company request from the vendor?
Question39: A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered.Which of the following best describes the program the company is setting up?
Question40: A company prevented direct access from the database administrators' workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?
Question41: After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network.Which of the following is the most appropriate to disable?
Question42: Which of the following security control types does an acceptable use policy best represent?
Question43: Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?
Question44: A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?
Question45: Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?
Question46: Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?
Question47: Which of the following scenarios describes a possible business email compromise attack?
Question48: An organization's internet-facing website was compromised when an attacker exploited a buffer overflow.Which of the following should the organization deploy to best protect against similar attacks in the future?
Question49: An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user. Which of the following best describes the type of attack that occurred?
Question50: After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of the following control types did the administrator use?
Question51: A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks.Which of the following analysis elements did the company most likely use in making this decision?
Question52: An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.Which of the following best describes the user's activity?
Question53: Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?
Question54: Which of the following can be used to identify potential attacker activities without affecting production servers?
Question55: Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?
Question56: An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be the best solution?
Question57: An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?
Question58: A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?
Question59: Which of the following is the best reason to complete an audit in a banking environment?
Question60: A network manager wants to protect the company's VPN by implementing multifactor authentication that uses:. Something you know. Something you have. Something you areWhich of the following would accomplish the manager's goal?
Question61: A company's marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?
Question62: An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?
Question63: An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?
Question64: Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?
Question65: A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?
Question66: After a security incident, a systems administrator asks the company to buy a NAC platform. Which of the following attack surfaces is the systems administrator trying to protect?
Question67: An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?
Question68: A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?
Question69: A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?
Question70: A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider first?
Question71: A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?
Question72: A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?
Question73: Which of the following is the most likely to be included as an element of communication in a security awareness program?