1) A company has just experienced a malware attack affecting a large number of desktop users. The antivirus solution was not able to block the malware, but the HIDS alerted to C2 calls as 'Troj.Generic'. Once the security team found a solution to remove the malware, they were able to remove the malware files successfully, and the HIDS stopped alerting. The next morning, however, the HIDS once again started alerting on the same desktops, and the security team discovered the files were back. Which of the following BEST describes the type of malware infecting this company's network? a) Trojan b) Spyware c) Rootkit d) Botnet 2) An organization wants to host an externally accessible web server that will not contain sensitive user information. Any sensitive information will be hosted on file servers. Which of the following is the BEST architecture configuration for this organization? a) A. Host the web server in a DMZ and the file servers behind a firewall b) B. Host the web server and the file servers in a DMZ c) C. Host the web server behind a firewall and the file servers in a DMZ d) D. Host both the web server and file servers behind a firewall 3) Which of the following describes the ability of code to target a hypervisor from inside a guest OS? a) Fog computing b) VM escape c) Software-defined networking d) Image forgery e) container breakout 4) A company posts a sign indicating its server room is under video surveillance. Which of the following control types is represented? a) Administrative b) Detective c) Technical d) Deterrent 5) A security administrator has received multiple calls from the help desk about customers who are unable to access the organization's web server. Upon reviewing the log files. the security administrator determines multiple open requests have been made from multiple IP addresses, which is consuming system resources. Which of the following attack types does this BEST describe? a) DDoS b) DoS c) Zero Day d) Logic Bomb 6) A network administrator was provided the following output from a vulnerability scan:The network administrator has been instructed to prioritize remediation efforts based on overall risk to the enterprise. Which of the following plugin IDs should be remediated FIRST? a) 10 b) 11 c) 12 d) 13 e) 14 7) A junior systems administrator noticed that one of two hard drives in a server room had a red error notification. The administrator removed the hard drive to replace it but was unaware that the server was configured in an array. Which of the following configurations would ensure no data is lost? a) RAID 0  b) RAID 1 c) RAID 2 d) RAID 3 8) A system in the network is used to store proprietary secrets and needs the highest level of security possible. Which of the following should a security administrator implement to ensure the system cannot be reached from the Internet? a) VLAN b) Air gap c) NAT d) Firewall 9) which of the following is the BEST use of a WAF(web application firewall) a) A. To protect sites on web servers that are publicly accessible b) B. To allow access to web services of internal users of the organization. c) C. To maintain connection status of all HTTP requests d) D. To deny access to all websites with certain contents 10) a transitive trust: a) is automatically established between a parent and a child b) is used to update DNS records c) allows access to untrusted domains d) can be used in place of a hardware token for logins 11) A systems administrator wants to disable the use of usernames and passwords for SSH authentication and enforce key-based authentication. Which of the following should the administrator do NEXT to enforce this new configuration? a) A. Issue a public/private key pair for each user and securely distribute a private key to each employee. b) B. Instruct users on how to create a public/private key pair and install users' public keys on the server. c) C. Disable the username and password authentication and enable TOTP in the sshd.conf file. d) D. Change the default SSH port. enable TCP tunneling. and provide a pre-configured SSH client. 12) Which of the following would MOST likely be a result of improperly configured user accounts? a) Resource Exhaustion b) Buffer overflow c) Session Hijacking d) Priviledge escalation 13) An organization is concerned about video emissions from users' desktops. Which of the following is the BEST solution to implement? a) Screen Filters b) Shielded cables c) Spectrum analyzers d) Infrared detection 14) When examining the PCAP associated with the event, the security administrator finds the following information:Which of the following actions should the security administrator take? a) A. Upload the PCAP to the IDS in order to generate a blocking signature to block the traffic. b) B. Manually copy the <script> data from the PCAP file and generate a blocking signature in the HIDS to block the traffic for future events. c) C. Implement a host-based firewall rule to block future events of this type from occurring. d) D. Submit a change request to modify the XSS vulnerability signature to TCP reset on future attempts. 15) Which of the following encryption algorithms require one encryption key? (Select TWO). a) MD5 b) 3DES c) BCRPYT d) RC4 e) DSA 16) A company moved into a new building next to a sugar mill. Cracks have been discovered in the walls of the server room, which is located on the same side as the sugar mill loading docks. The cracks are believed to have been caused by heavy trucks. Moisture has begun to seep into the server room, causing extreme humidification problems and equipment failure. Which of the following BEST describes the type of threat the organization faces? a) Foundational b) Man-made c) Environmental d) Natural 17) Which of the following should a technician use to protect a cellular phone that is needed for an investigation, to ensure the data will not be removed remotely? a) Air gap b) Secure cabinet c) Faraday cage d) safe 18) Which of the following is the MOST likely motivation for a script kiddie threat actor? a) Financial gain b) Notoreity c) Political expression d) Corporate espionage 19) Moving laterally within a network once an initial exploit is used to gain persistent access for the purpose of establishing further control of a system is known as: a) pivoting b) persistence c) active reconnaissance d) a backdoor 20) An organization discovers that unauthorized applications have been installed on companyprovided mobile phones. The organization issues these devices, but some users have managed to bypass the security controls. Which of the following is the MOST likely issue, and how can the organization BEST prevent this from happening? a) A. The mobile phones are being infected with malware that covertly installs the applications. Implement full disk encryption and integrity-checking software. b) B. Some advanced users are jailbreaking the OS and bypassing the controls. Implement an MDM solution to control access to company resources. c) C. The mobile phones have been compromised by an APT and can no longer be trusted. Scan the devices for the unauthorized software, recall any compromised devices, and issue completely new ones. d) D. Some advanced users are upgrading the devices' OS and installing the applications. The organization should create an AUP that prohibits this activity. 21) Which of the following is a valid multifactor authentication combination? a) OTP token combined with password b) Strong password and PIN combination c) OTP token plus smart card d) Presence detecting facial recognition 22) A security analyst is investigating a call from a user regarding one of the websites receiving a 503: Service Unavailable error. The analyst runs a netstat-an command to discover if the web server is up and listening. The analyst receives the following output:Which of the following types of attack is the analyst seeing? a) buffer overflow b) Domain hijacking c) Denial of Service d) ARP poisoning 23) Which of the following serves to warn users against downloading and installing pirated software on company devices? a) AUP b) NDA c) ISA d) BPA 24) An employee opens a web browser and types a URL into the address bar. Instead of reaching the requested site, the browser opens a completely different site. Which of the following types of attacks have MOST likely occurred? (Select TWO). a) DNS hijacking b) Cross-site scripting c) Domain Hijacking d) man-in-the-browser e) Session hijacking 25) A company is experiencing an increasing number of systems that are locking up on Windows startup. The security analyst clones a machine, enters into safe mode, and discovers a file in the startup process that runs Wstart.bat.Given the file contents and the system’s issues, which of the following types of malware is present? a) Rootkit b) Logic bomb c) Worm d) Virus 26) Which of the following attacks can be mitigated by proper data retention policies? a) Dumpster diving b) Man-in-the middle c) Spear phishing d) Watering hole 27) A company employee recently retired, and there was a schedule delay because no one was capable of filling the employee's position. Which of the following practices would BEST help to prevent this situation in the future? a) Mandatory vacation b) Separation of duties c) Job rotation d) Exit interviews 28) During a security audit of a company's network, unsecure protocols were found to be in use.A network administrator wants to ensure browser-based access to company switches is using the most secure protocol. Which of the following protocols should be implemented? a) SSH2 b) TLS1.2 c) SSL1.3 d) SNMPv3 29) A healthcare company is revamping its IT strategy in light of recent regulations. The company is concerned about compliance and wants to use a pay-per-use model. Which of the following is the BEST solution? a) On-premises hosting b) Community cloud c) Hosted infrastructure d) Public SaaS 30) Which of the following represents a multifactor authentication system? a) A. An iris scanner coupled with a palm print reader and fingerprint scanner with liveness detection b) B. A secret passcode that prompts the user to enter a secret key if entered correctly c) C. A digital certificate on a physical token that is unlocked with a secret passcode d) D. A one-time password token combined with a proximity badge 31) A preventive control differs from a compensating control in that a preventive control is: a) put in place to mitigate a weakness in a user contrl b) deployed to supplement an exisisting control taht is EOL c) relied on to addres gaps in the exitsting control structure d) designed to specifically mitigate a risk 32) The exploitation of a buffer-overrun vulnerability in an application will MOST likely lead to: a) arbitrary code execution b) resource exhaustion c) exposure of authentication credentials d) dereferencing of memory pointers 33) The president of a company that specializes in military contracts receives a request for an interview. During the interview, the reporter seems more interested in discussing the president's family life and personal history than the details of a recent company success. Which of the following security concerns is this MOST likely an example of? a) insider threat b) social engineering c) Passive reconnaissance d) phishing 34) Which of the following is an example of federated access management? a) A. Windows passing user credentials on a peer-to-peer network b) B. Applying a new user account with a complex password c) C. Implementing a AM framework for network access d) D. Using a popular website login to provide access to another website 35) A company network is currently under attack. Although security controls are in place to stop the attack, the security administrator needs more information about the types of attacks being used. Which of the following network types would BEST help the administrator gather this information? a) DMZ b) Guest network c) Ad hoc d) Honey net 36) The incident response team recently discovered that passwords for one system were compromised. Passwords for a completely separate system have NOT been compromised, but unusual login activity has been detected fc that separate system. Account login has been detected for users who are on vacation. Which of the following BEST describes what is happening a) A. Some users are meeting password complexity requirements but not password length requirements. b) B. The password history enforcement is insufficient, and old passwords are still valid across many different systems. c) C. Some users are reusing passwords, and some of the compromised passwords are valid on multiple systems. ' d) D. The compromised password file has been brute-force hacked, and the complexity requirements are not adequate to mitigate this risk. 37) A company recently implemented a new security system. In the course of configuration, the security administrator adds the following entry:Which of the following security technologies is MOST likely being configured? a) application whitelisting b) HIDS c) Data execution prevention d) Removable media control 38) A security analyst needs to be proactive in understand the types of attacks that could potentially target the company's execute. Which of the following intelligence sources should to security analyst review? a) Vulnerability feeds b) trusted automated exchange of indication information c) structured threat information d) industry information-sharing and collaboration groups 39) A cybersecurity department purchased a new PAM solution. The team is planning to randomize the service account credentials of the Windows server first.Which of the following would be the BEST method to increase the security on the Linux server? a) randomize the shared credentials b) use only guest accounts to connect c) use SSH keys and remove generic passwords d) remove all user accounts 40) A security audit has revealed that a process control terminal is vulnerable to malicious users installing and executing software on the system. The terminal is beyond end-of-life support and cannot be upgraded, so it is placed on a projected network segment.Which of the following would be MOST effective to implement to further mitigate the reported vulnerability? a) DNS sinkholding b) DLP rules on the terminal c) an IP black list d) Application whitelisting 41) An organization has decided to host its web application and database in the cloud. Which of the following BEST describes the security concerns for this decision? a) A. Access to the organization's servers could be exposed to other cloud-provider clients b) B. The cloud vendor is a new attack vector within the supply chain c) C. Outsourcing the code development adds risk to the cloud provider d) D. Vendor support will cease when the hosting platforms reach EOL. 42) A user reports constant lag and performance issues with the wireless network when working at a local coffee shop.A security analyst walks the user through an installation of Wireshark and get a five-minute pcap to analyze. The analyst observes the following output: a) session replay b) evil twin c) bluejacking d) ARP poisoning 43) A user recently attended an exposition and received some digital promotional materials. The user later noticed blue boxes popping up and disappearing on the computer, and reported receiving several spam emails, which the user did not open. Which of the following is MOST likely the cause of the reported issue? a) thre was a drive-by download of malware b) he user installed a cryptominer c) the OS was corrupted d) there was a malicious code on the USB drive 44) A security analyst is performing a packet capture on a series of SOAP HTTP requests for a security assessment.   a) head b) Tcpdump c) grep d) rail e) curl f) openssi 45) A security analyst is performing a packet capture on a series of SOAP HTTP requests for a security assessment.   a) head b) Tcpdump c) grep d) rail e) curl f) openssi 46) The Chief Executive Officer (CEO) of an organization would like staff members to have the flexibility to work from home anytime during business hours, incident during a pandemic or crisis, However, the CEO is concerned that some staff members may take advantage of the of the flexibility and work from high-risk countries while on holidays work to a third-party organization in another country. The Chief information Officer (CIO) believes the company can implement some basic to mitigate the majority of the risk.Which of the following would be BEST to mitigate CEO's concern? (Select TWO). a) Geolocation b) Time-of-day restrictions c) certificates d) tokens e) geotagging f) roel-based access controls 47) A forensics investigator is examining a number of unauthorized payments the were reported on the company's website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe. One of the users reported the email to the phishing team, and the forwarded email revealed the link to be: a) SQL injection b) CSRF c) XSS d) XSRF 48) Which of the following allows for functional test data to be used in new systems for testing and training purposes to protect the read data? a) data encryption b) data masking c) data deduplication d) data minimization 49) A nuclear plant was the victim of a recent attack, and all the networks were air gapped. A subsequent investigation revealed a worm as the source of the issue. Which of the following BEST explains what happened? a) A. A malicious USB was introduced by an unsuspecting employee. b) The ICS firmware was outdated c) local machine has a rat installed d) The HVAC was connected to the maintenance vendor 50) Under GDPR, which of the following is MOST responsible for the protection of privacy and website user rights? a) data protection officer b) the data processor c) data owner d) data controller

security plus part 2

Papan mata

Gaya visual

Pilihan

Tukar templat

Pulihkan autosimpan: ?