Flashcard Info

Here you can learn everything about this flashcard

T.W.S. 601 T1


Security + Fragen


Multiple choice cards
Normal cards
Cards total
Category
Language
From

6.3. A third party asked a user to share a public key for secure communication.

Which of the following file formats should the user choose to share the key?





5.3. A store receives reports that shoppers' credit card information is being stolen. Upon further analysis, those same shoppers also withdrew money from an ATM in that store. The attackers are using the targeted shoppers' credit card information to make online purchases.

Which of the following attacks is the MOST probable cause?





5.13. A security administrator has discovered that workstations on the LAN are becoming infected with malware. The cause of the infections appears to be users receiving phishing emails that are bypassing the current email-filtering technology. As a result, users are being tricked into clicking on malicious URLs, as no internal controls currently exist in the environment to evaluate their safety.

Which of the following would be BEST to implement to address the issue?






5.14. A company's public-facing website, https://www.organization.com, has an IP address of´166.18.75.6. However, over the past hour the SOC has received reports of the site's homepage displaying incorrect information. A quick nslookup search shows hitps://;www.organization.com is pointing to 151.191.122.115.

Which of the following is occurring?





2.23 An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to implement mitigation techniques to prevent further spread.

Which of the following is the BEST course of action for the analyst to take?





5.24. An employee received multiple messages on a mobile device. The messages instructing the employee to pair the device to an unknown device.

Which of the following BEST describes What a malicious person might be doing to cause this issue to occur?





5.18. A security analyst has been tasked with creating a new WiFi network for the company. The requirements received by the analyst are as follows:
- Must be able to differentiate between users connected to WiFi

- The encryption keys need to change routinely without interrupting the users or forcing reauthentication
- Must be able to integrate with RADIUS
- Must not have any open SSIDs

Which of the following options BEST accommodates these requirements?





3.1. Developers are writing code and merging it into shared repositories several times a day, where it is tested automatically.

Which of the following concepts does this BEST represent?





1.2. During an incident a company CIRT determine it is necessary to observe the continued network-based transaction between a callback domain and the malware running on an enterprise PC.
Which of the following techniques would be BEST to enable this activity while reducing the risk of lateral spread and the risk that the adversary would notice any changes?





4.23. A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?





2.14. A retail company that is launching @ new website to showcase the company's product line and
other information for online shoppers registered the following URLs:
* www companysite com
* shop companysite com
* about-us companysite com
contact-us. companysite com
secure-logon company site com
Which of the following should the company use to secure its website if the company is concerned
with convenience and cost?






5.25. A network engineer and a security engineer are discussing ways to monitor network operations.

Which of the following is the BEST method?





5.6. A Chief Information Officer is concerned about employees using company-issued laptops lo steal data when accessing network shares.

Which of the following should the company Implement?






1.14

 





6.20. A company recently decided to allow its employees to use their personally owned devices for tasks like checking email and messaging via mobile applications. The company would like to use MDM, but employees are concerned about the loss of personal data. 

Which of the following should the IT department implement to BEST protect the company against company data loss while still addressing the employees' concerns?





6.19. During a forensic investigation, a security analyst discovered that the following command was run on a compromised host:


crackmapexec amb 192.168.10.232 -u localadmin -H 0A3CE8D07A46E5C51070F03593E0A5E6


Which of the following attacks occurred?





1.23. A security analyst is investigating multiple hosts that are communicating to external IP addresses during the hours of 2:00 a.m - 4:00 am. The malware has evaded detection by traditional antivirus software.

Which of the following types of malware is MOST likely infecting the hosts?





5.15 A dynamic application vulnerability scan identified code injection could be performed using a web form.

Which of the following will be BEST remediation to prevent this vulnerability?





6.11. A security architect is implementing a new email architecture for a company. Due to security concerns, the Chief Information Security Officer would like the new architecture to support email encryption, as well as provide for digital signatures.

Which of the following should the architect implement?





5.4. Which of the following controls would be the MOST cost-effective and time-efficient to deter
intrusions at the perimeter of a restricted, remote military training area? (Select TWO).








2.12. An organization would like to remediate the risk associated with its cloud service provider not
meeting its advertised 99.999% availability metrics. Which of the following should the organization
consult for the exact requirements for the cloud provider?





5.16. A Chief information Officer is concerned about employees using company-issued laptops to steal data when accessing network shares.

Which of the following should the company implement?






5.10. A company Is planning to install a guest wireless network so visitors will be able to access the Internet. The stakeholders want the network to be easy to connect to so time is not wasted during meetings. The WAPs are configured so that power levels and antennas cover only the conference rooms where visitors will attend meetings.

Which of the following would BEST protect the company's Internal wireless network against visitors accessing company resources?





4.15. A Chief Information Officer receives an email stating a database will be encrypted within 24 hours unless a payment of $20,000 is credited to the account mentioned In the email.

This BEST describes a scenario related to:





5.5. During a security assessment, a security finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permission for the existing users and groups and remove the set-user-ID from the file?






3.27. A security incident has been resolved Which of the following BEST describes the importance of the final phase of the incident response plan?





5.28. Which of the following BEST describes data streams that are compiled through artificial intelligence that provides insight on current cyberintrusions, phishing, and other malicious cyberactivity?





2.28. A security analyst must enforce policies to harden an MDM infrastructure. The requirements are as
follows:
* Ensure mobile devices can be tracked and wiped.
* Confirm mobile devices are encrypted.
Which of the following should the analyst enable on all the devices to meet these requirements?





2.22. A cybersecurity administrator needs to allow mobile BYOD devices to access network resources. As the devices are not enrolled to the domain and do not have policies applied to them, which of the following are best practices for authentication and infrastructure security? (Select TWO).







1.19. A company is required to continue using legacy software to support a critical service.

Which of the following BEST explains a risk of this practice?





4.22. As part of the lessons-learned phase, the SOC is tasked with building methods to detect if a previous incident is happening again.

Which of the following would allow the security analyst to alert the SOC if an event is reoccurring?





4.13. A backdoor was detected on the containerized application environment. The investigation detected that a zero-day vulnerability was introduced when the latest container image version was downloaded from a public registry.

Which of the following is the BEST solution to prevent this type of incident from occurring again?





1.7. 





1.22. Which of the following is the MOST secure but LEAST expensive data destruction method for data that is stored on hard drives?





4.4. A security analyst was deploying a new website and found a connection attempting to authenticate on the site's portal. While Investigating The incident, the analyst identified the following Input in the username field:

Which of the following BEST explains this type of attack?





4.6. After a WiFi scan of a local office was conducted, an unknown wireless signal was identified Upon investigation, an unknown Raspberry Pi device was found connected to an Ethernet port using a single connection.

Which of the following BEST describes the purpose of this device?





2.8. Ann, a customer, received a notification from her mortgage company stating her Pll may be shared with partners, affiliates, and associates to maintain day-to-day business operations.

Which of the following documents did Ann receive?





1.28. 





6.15. A security researcher is using an adversary's infrastructure and TTPs and creating a named group to track those targeted.

Which of the following is the researcher MOST likely using?





2.24 An enterprise needs to keep cryptographic keys in a safe manner. Which of the following network appliances can achieve this goal?





3.17. A developer is building a new portal to deliver single-pane-of-glass management capabilities to customers with multiple firewalls. To Improve the user experience, the developer wants to implement an authentication and authorization standard that uses security tokens that contain assertions to pass user Information between nodes.

Which of the following roles should the developer configure to meet these requirements? (Select TWO).







6.21. The technology department at a large global company is expanding its Wi-Fi network infrastructure at the headquarters building Which of the following should be closely coordinated between the technology, cybersecurity, and physical security departments?





5.11. A Chief Information Officer is concerned about employees using company-issued laptops to steal data when accessing network shares.

Which of the following should the company implement?






3.25.





2.18. A cybersecurity administrator needs to implement a Layer 7 security control on a network and block potential attacks.

Which of the following can block an attack at Layer 7? (Select TWO).








3.29. Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?





4.5. The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access.

Which of the following is the BEST security solution to reduce this risk?





6.23. Which of the following is a cryptographic concept that operates on a fixed length of bits?





4.2. A customer has reported that an organization's website than the expected web page for a short time two days earlier.

A security analyst reviews log tries and sees the following around the lime of the incident:
Which of the following is MOST likely occurring?





4.1. A security analyst is investigating a phishing email that contains a malicious document directed to the company's Chief Executive Officer (CEO).

Which of the following should the analyst perform to understand the threat and retrieve possible loCs?





4.26. Which of the following BEST describes the method a security analyst would use to confirm a file that is downloaded from a trusted security website is not altered in transit or corrupted using a verified checksum?





1.18. The spread of misinformation surrounding the outbreak of a novel virus on election day led to eligible voters choosing not to take the risk of going the polls.

This is an example of:






5.7. An organization is moving away from the use of client-side and server-side certificates for EAR The company would like for the new EAP solution to have the ability to detect rogue access points.

Which of the following would accomplish these requirements?





6.9. An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box.

Which of the following should be the first lines of defense against such an attack? (Select TWO)







2.15. Which of the following disaster recovery tests is the LEAST time consuming for the disaster recovery team?





2.21. A security analyst is responding to an alert from the SIEM. The alert states that malware was discovered on a host and was not automatically deleted.

Which of the following would be BEST for the analyst to perform?





2.2. Which of the following environments utilizes dummy data and is MOST likely to be installed locally
on a system that allows code to be assessed directly and modified easily with each build?





6.12. Which of the following controls would provide the BEST protection against tailgating?





2.17. After a phishing scam fora user's credentials, the red team was able to craft payload to deploy on a server. The attack allowed the installation of malicious software that initiates a new remote session.

Which of the following types of attacks has occurred?





6.5. Which of the following identifies the point in time when an organization will recover data in the event of an outage?





1.10. Which of the following BEST describes a social-engineering attack that relies on an executive at a small business visiting a fake banking website where credit card and account details are harvested?





4.18. A systems analyst determines the source of a high number of connections to a web server that were initiated by ten different IP addresses that belong to a network block in a specific country.

Which of the following techniques will the systems analyst MOST likely implement to address this issue?





4.11. Which of the following are the MOST likely vectors for the unauthorized inclusion of vulnerable
code in a software company's final software releases? (Select TWO.)







4.16. The Chief Information Security Officer wants to pilot a new adaptive, user-based authentication method. The concept Includes granting logical access based on physical location and proximity.

Which of the following Is the BEST solution for the pilot?





1.24. Which of the following would be BEST for a technician to review to determine the total risk an organization can bear when assessing a "cloud-first" adoption strategy?





1.11. If a current private key is compromised, which of the following would ensure it cannot be used to decrypt ail historical data?





3.7. Which of the following uses six initial steps that provide basic control over system security by including hardware and software inventory, vulnerability management, and continuous monitoring to minimize risk in all network environments?





1.20. A security researcher has alerted an organization that its sensitive user data was found for sale on a website.

Which of the following should the organization use to inform the affected parties?





5.22. A security engineer is hardening existing solutions to reduce application vulnerabilities.

Which of the following solutions should the engineer implement FIRST? (Select TWO)








3.2. A company uses a drone for precise perimeter and boundary monitoring.

Which of the following should be MOST concerning to the company?





4.25. Hackers recently attacked a company's network and obtained several unfavorable pictures from the Chief Executive Officer's workstation. The hackers are threatening to send the images to the press if a ransom is not paid.

Which of the following is impacted the MOST?





3.9.





1.13. After segmenting the network, the network manager wants to control the traffic between the segments.

Which of the following should the manager use to control the network traffic?





4.3. Which of the following would produce the closet experience of responding to an actual incident
response scenario?





3.12. A company reduced the area utilized in its datacenter by creating virtual networking through automation and by creating provisioning routes and rules through scripting.

Which of the following does this example describe?





1.26.

 






3.28. Which of the following describes a maintenance metric that measures the average time required to troubleshoot and restore failed equipment?





5.23. A security analyst reviews a company's authentication logs and notices multiple authentication failures. The authentication failures are from different usernames that share the same source IP address.

Which of the password attacks is MOST likely happening?





1.9. A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL.

Which of the following is needed to meet the objective?





3.19. A security analyst is running a vulnerability scan to check for missing patches during a suspected security rodent During which of the following phases of the response process is this activity MOST likely occurring?





3.30.





6.10. A company acquired several other small companies. The company thai acquired the others is transitioning network services to the cloud. The company wants to make sure that performance and security remain intact.

Which of the following BEST meets both requirements?





4.9. An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained.

Which of the following roles would MOST likely include these responsibilities?






3.14. An organization wants to integrate its incident response processes into a workflow with automated decision points and actions based on predefined playbooks.

Which of the following should the organization implement?





5.8. Certain users are reporting their accounts are being used to send unauthorized emails and conduct suspicious activities. After further investigation, a security analyst notices the following:
- All users share workstations throughout the day.
- Endpoint protection was disabled on several workstations throughout the network.

- Travel times on logins from the affected users are impossible.
- Sensitive data is being uploaded to external sites.
- All user account passwords were forced to be reset and the issue continued.

Which of the following attacks is being used to compromise the user accounts?





3.20. A security engineer needs to build @ solution to satisfy regulatory requirements that stale certain critical servers must be accessed using MFA However, the critical servers are older and are unable to support the addition of MFA.

Which of te following will the engineer MOST likely use to achieve this objective?





1.5. A company recently experienced an attack during which its main website was Directed to the attacker's web server, allowing the attacker to harvest credentials from unsuspecting customers,
Which of the following should the company implement to prevent this type of attack from occurring In the future?





3.13. A global company is experiencing unauthorized logging due to credential theft and account lockouts caused by brute-force attacks. The company is considering implementing a third-party identity provider to help mitigate these attacks.

Which of the following would be the BEST control for the company to require from prospective vendors?





4.29. A systems engineer is building a new system for production.

Which of the following is the FINAL step to be performed prior to promoting to production?





5.29. Which of the technologies is used to actively monitor for specific file types being transmitted on the network?





5.21. An information security manager for an organization is completing a PCI DSS self-assessment for the first time.

Which of the is following MOST likely reason for this type of assessment?





1.16 One of the attendees starts to notice delays in the connection. and the HTTPS site requests are
reverting to HTTP.

Which of the following BEST describes what is happening?





6.16. A security analyst is reviewing the vulnerability scan report for a web server following an incident. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability.

Which of the following is the MOST likely cause?





3.3. The security team received a report of copyright infringement from the IP space of the corporate network. The report provided a precise time stamp for the incident as well as the name of the copyrighted files. The analyst has been tasked with determining the infringing source machine and instructed to implement measures to prevent such incidents from occurring again.

Which of the following is MOST capable of accomplishing both tasks?





4.8. A security researcher has alerted an organization that its sensitive user data was found for sale on
a website.

Which of the following should the organization use to inform the affected parties?





3.16. Which of the following must be in place before implementing a BCP?





3.18. An organization wants seamless authentication to its applications.

Which of the following should the organization employ to meet this requirement?





2.10.





3.4. 





1.12 Which of the following environments can be stood up in a short period of time, utilizes either dummy data or actual data, and is used to demonstrate and model system capabilities and functionality for a fixed, agreed-upon duration of time?





5.27. Which of the following incident response steps occurs before containment?





4.27. Which of the following authentication methods sends out a unique password to be used within a specific number of seconds?





2.1. A network analyst is setting up a wireless access point for a home office in a remote, rural location.
The requirement is that users need to connect to the access point securely but do not want to have
to remember passwords Which of the following should the network analyst enable to meet the
requirement?





2.6. When planning to build a virtual environment, an administrator need to achieve the following,
-Establish polices in Limit who can create new VMs
-Allocate resources according to actual utilization
-Require justification for requests outside of the standard requirements

Create standardized categories based on size and resource requirements Which of the following is the administrator
MOST likely trying to do?





6.22.

 





3.10. The SIEM at an organization has detected suspicious traffic coming a workstation in its internal network. An analyst in the SOC the workstation and discovers malware that is associated with a botnet is installed on the device A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator.

To which of the following groups should the analyst report this real-world event?





2.9. A large enterprise has moved all its data to the cloud behind strong authentication and encryption. A sales director recently had a laptop stolen, and later, enterprise data was found to have been compromised from a local database.

Which of the following was the MOST likely cause?






3.26. As part of a company's ongoing SOC maturation process, the company wants to implement a method to share cyberthreat intelligence data with outside security partners.

Which of the following will the company MOST likely implement?





4.21. A grocery store expresses security and reliability concerns about its current local backup strategy using locally attached hard disks. The main concerns are the physical security of the backup media and the durability of the data stored on these devices.

Which of the following approaches is a cost-effective way to address these concerns?





6.13. A security engineer is reviewing the logs from a SAML application that is configured to use MFA, during this review the engineer notices a high volume of successful logins that did not require MFA from users who were traveling internationally. The application, which can be accessed without a VPB, has a policy that allows time-based tokens to be generated. Users who changed locations should be required to reauthenticate but have been.

Which of the following statements BEST explains the issue?





3.23. Which of the following in a forensic investigation should be priorities based on the order of volatility?
(Select TWO).







6.6. A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even through the data is still viewable from the user's PCs.

Which of the following is the most likely cause of this issue?





2.11. During a Chief Information Security Officer (CISO) convention to discuss security awareness, the attendees are provided with a network connection to use as a resource. As the convention progresses, one of the attendees starts to notice delays in the connection, and the HIIPS site requests are reverting to HTTP.

Which of the following BEST describes what is happening?





2.30. Which of the following conditions impacts data sovereignty?





5.1. The Chief information Security Officer has directed the security and networking team to retire the use of shared passwords on routers and switches. Which of the following choices BEST meets the requirements?





4.17. Which of the following environments typically hosts the current version configurations and code, compares user-story responses and workflow, and uses a modified version of actual data for testing?





1.4. A desktop support technician recently installed a new document-scanning software program on a computer. However, when the end user tried to launch the program, it did not respond.

Which of the following is MOST likely the cause?





6.1. A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system tor the company. The CISO categorizes the system, selects the controls mat apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system. 

Which of the following is the CISO using to evaluate Hie environment for this new ERP system?





4.20. Which of the following provides a catalog of security and privacy controls related to the United States federal information systems?





4.19. During an investigation, the incident response team discovers that multiple administrator accounts were suspected of being compromised. The host audit logs indicate a repeated brute-force attack on a single administrator account followed by suspicious logins from unfamiliar geographic locations.

Which of the following data sources would be BEST to use to assess the accounts impacted by this attack?





5.20. Which of the following involves the inclusion of code in the main codebase as soon as it is written?





5.26. Which of the following authentication methods is considered to be the LEAST secure?





5.30. As part of the building process for a web application, the compliance team requires that all PKI certificates are rotated annually and can only contain wildcards at the secondary subdomain level.

Which of the following certificate properties will meet these requirements?





4.28. A company recently experienced a major breach. An investigation concludes that customer credit card data was stolen and exfiltrated through a dedicated business partner connection to a vendor, who is not held to the same security contral standards.

Which of the following is the MOST likely source of the breach?





6.7. Which of the following is required in order for an IDS and a WAF to be effective on HTTPS traffic?





2.25. An organization recently acquired an ISO 27001 certification.

Which of the following would MOST likely be considered a benefit of this certification?






2.13. An enterprise has hired an outside security firm to facilitate penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that ts discovered.

Which of the following BEST represents the type of testing that is being used?






2.5. A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no
patches are currently available to resolve the issue. The security administrator is concerned tf
servers in the company's DMZ will be vulnerable to external attack; however, the administrator
cannot disable the service on the servers, as SMB is used by a number of internal systems and
applications on the LAN. Which of the following TCP ports should be blocked for all external
inbound connections to the DMZ as a workaround to protect the servers? (Select TWO).







3.22. A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters.

Which of the following is the primary use case for this scenario?





5.19. Employees at a company are receiving unsolicited text messages on their corporate cell phones.
The unsolicited text messages contain a password reset Link.

Which of the attacks is being used to target the company?





4.30. An application owner reports suspicious activity on an internal financial application from various internal users within the past 14 days. A security analyst notices the following:
-Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users.
-Internal users in question were changing their passwords frequently during that time period.                                                - A jump box that several domain administrator users use to connect to remote devices was recentlycompromised.
-The authentication method used in the environment is NTLM.

Which of the following types of attacks is MOST likely being used to gain unauthorized access?





1.29.





1.17. A major clothing company recently lost a large amount of proprietary information. The security officer must find a solution to ensure this never happens again.

Which of the following is the BEST technical implementation to prevent this from happening again?






3.21. Which of the following environments would MOST likely be used to assess the execution of component parts of a system at both the hardware and software levels and to measure performance characteristics?





3.11. A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds.

Which of the following cryptographic techniques would BEST meet the requirement?





1.3. Which of the following environment utilizes dummy data and is MOST to be installed locally on a system that allows to be assessed directly and modified easily wit each build?





3.24. The Chief Technology Officer of a local college would like visitors to utilize the school's WiFi but must be able to associate potential malicious activity to a specific person.

Which of the following would BEST allow this objective to be met?





1.30. 





5.17. A junior security analyst is reviewing web server logs and identifies the following pattern in the log
file:
Which ol the following types of attacks is being attempted and how can it be mitigated?





1.1. A company has discovered unauthorized devices are using its WiFi network, and it wants to harden the access point to improve security.

Which of the following configuration should an analysis
enable To improve security? (Select TWO.)







2.20. A business is looking for a cloud service provider that offers a la carte services, including cloud backups, VM elasticity, and secure networking.

Which of the following cloud service provider types should business engage?





2.4. A client sent several inquiries to a project manager about the delinquent delivery status of some
critical reports. The project manager claimed the reports were previously sent via email, but then
quickly generated and backdated the reports before submitting them as plain text within the body
of a new email message thread. Which of the following actions MOST likely supports an
investigation for fraudulent submission?





4.24. A software company is analyzing a process that detects software vulnerabilities at the earliest stage possible. The goal is to scan the source looking for unsecure practices and weaknesses before the application is deployed in a runtime environment.

Which of the following would BEST assist the company with this objective?





3.5. Which of the following function as preventive, detective, and deterrent controls to reduce the risk of physical theft? (Select TWO).







4.12. After gaining access to a dual-homed (i.e .. wired and wireless) multifunction device by exploiting a vulnerability in the device's firmware, a penetration tester then gains shell access on another networked asset.

This technique is an example of:





6.17. The compliance team requires an annual recertification of privileged and non-privileged user access. However, multiple users who left the company six months ago still have access.

Which of the following would have prevented this compliance violation?





2.29. A company installed several crosscut shredders as part of increased information security practices targeting data leakage risks.

Which of the following will this practice reduce?





1.8. A company recently experienced an attack during which 5 main website was directed to the attacker's web server, allowing the attacker to harvest credentials from unsuspecting customers.

Which of the following should the company Implement to prevent this type of attack from occurring in the future?





1.25.







2.27. A security analyst reports a company policy violation in a case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized downloads are occurring. The analyst also discovers a couple of WAPs are using the same SSID, but they have non-standard DHCP configurations and an overlapping channel.

Which of the following attacks is being conducted?






6.2. A security administrator wants to implement a program that tests a user's ability to recognize attacks over the organization's email system.

Which of the following would be BEST suited for this task?





6.4. A security analyst needs an overview of vulnerabilities for a host on the network.

Which of the following is the BEST type of scan for the analyst to run to discover which vulnerable services are running?





6.8. Which of the following BEST describes a technique that compensates researchers for finding
vulnerabilities?





1.15. A security engineer needs to create a network segment that can be used for servers thal require connections from untrusted networks.

Which of the following should the engineer implement?





2.7. A security analyst wants to verify that a client-server (non-web) application is sending encrypted
traffic. Which of the following should the analyst use?





1.27.





3.15. A bad actor tries to persuade someone to provide financial information over the phone in order to gain access to funds.

Which of the following types of attacks does this scenario describe?





2.26 A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware.

Which of the following deployment models will provide the needed flexibility with the GREATEST amount of control and security over company data and infrastructure?





6.18. Which of the following roles would MOST likely have direct access to the senior management team?





3.6. A security assessment found that several embedded systems are running unsecure protocols. These Systems were purchased two years ago and the company that developed them is no longer in business.

Which of the following constraints BEST describes the reason the findings cannot be remediated?





1.21. A company wants to modify its current backup strategy to modify its current backup strategy to minimize the number of backups that would need to be restored in case of data loss.

Which of the following would be the BEST backup strategy






5.2. The Chief Information Security Officer (CISO) has decided to reorganize security staff to concentrate on incident response and to outsource outbound Internet URL categorization and filtering to an outside company. Additionally, the CISO would like this solution to provide the same protections even when a company laptop or mobile device is away from a home office.

Which of the following should the CISO choose?





4.7. Remote workers in an organization use company-provided laptops with locally installed applications and locally stored data Users can store data on a remote server using an encrypted connection. The organization discovered data stored on a laptop had been made available to the public.

Which of the following security solutions would mitigate the risk of future data disclosures?





5.12. A security manager needs to assess the security posture of one of the organization's vendors. The contract with the vendor does not allow for auditing of the vendor's security controls.

Which of the following should the manager request to complete the assessment?





3.8. The Chief Executive Officer announced a new partnership with a strategic vendor and asked the Chief Information Security Officer to federate user digital identities using SAML-based protocols.

Which of the following will this enable?





4.14. A help desk technician receives an email from the Chief Information Officer (C/O) asking for documents. The technician knows the CIO is on vacation for a few weeks.

Which of the following should the technician do to validate the authenticity of the email?





6.14. The help desk has received calls from users in multiple locations who are unable to access core network services The network team has identified and turned off the network switches using remote commands.

Which of the following actions should the network team take NEXT?





5.9. Per company security policy, IT staff members are required to have separate credentials to perform administrative functions using just-in-time permissions.

Which of the following solutions is the company Implementing?





2.19. During an incident, a company's CIRT determines it is necessary to observe the continued network- based transactions between a callback domain and the malware running on an enterprise PC.

Which of the following techniques would be BEST to enable this activity while reducing the nsk of lateral spread and the risk that the adversary would notice any changes?





4.10. Which of the following would MOST likely be identified by a credentialed scan but would be missed by an uncredentialed scan?





1.6. A security engineer is installing a WAF to protect the company's website from malicious web requests over SSL.

Which of the following is needed to meet the objective?





2.16. A systems administrator is considering different backup solutions for the IT infrastructure. The company is looking for a solution that offers the fastest recovery time while also saving the most amount of storage used to maintain the backups. Which of the following recovery solutions would be the BEST option to meet these requirements?





2.3. While reviewing pcap data, a network security analyst is able to locate plaintext usernames and
passwords being sent from workstations to network witches. Which of the following is the security
analyst MOST likely observing?





6.24. A security analyst needs to implement an MDM solution for BYOD users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration that might occur if the devices are lost or stolen.

Which of the following would BEST meet these requirements? (Select TWO).







© 2024 MemoCard