1) An organization is developing an authentication service for use at the entry and exit ports of country borders. The service will use data feeds obtained from passport systems, passenger manifests, and high- definition video feeds from CCTV systems that are located at the ports. The service will incorporate machine-learning techniques to eliminate biometric enrollment processes while still allowing authorities to identify passengers with increasing accuracy over time. The more frequently passengers travel, the more accurately the service will identify them. Which of the following biometrics will MOST likely be used, without the need for enrollment? (Choose two.)  a) Voice b) Gait c) Vein d) Facial e) Retina f) Fingerprint 2) A small company that does not have security staff wants to improve its security posture. Which of the following would BEST assist the company? a) MSSP b) SOAR c) IaaS d) PaaS 3) An organization's help desk is flooded with phone calls from users stating they can no longer access certain websites. The help desk escalates the issue to the security team, as these websites were accessible the previous day. The security analysts run the following command: ipconfig /flushdns, but the issue persists. Finally, an analyst changes the DNS server for an impacted machine, and the issue goes away. Which of the following attacks MOST likely occurred on the original DNS server? a) DNS cache poisoning b) Domain hiijacking c) Distributed denial-of-service d) DNS tunneling 4) A cybersecurity manager has scheduled biannual meetings with the IT team and department leaders to discuss how they would respond to hypothetical cyberattacks. During these meetings, the manager presents a scenario and injects additional information throughout the session to replicate what might occur in a dynamic cybersecurity event involving the company, its facilities, its data, and its staff. Which of the following describes what the manager is doing?  a) Developing an incident response plan b) Building a disaster recovery plan c) Conducting a tabletop exercise d) Running a simulation exercise 5) A RAT that was used to compromise an organization's banking credentials was found on a user's computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system as part of a remote management tool set. Which of the following recommendations would BEST prevent this from reoccurring? a) Create a new acceptable use policy b) Segment the network into trusted and untrusted zones c) Enforce application whitelisting d) Implement DLP at the network boundary 6) A security analyst is reviewing a new website that will soon be made publicly available. The analyst sees the following in the URL: (PHOTO). The analyst then sends an internal user a link to the new website for testing purposes, and when the user clicks the link, the analyst is able to browse the website with the following URL: (PHOTO). Which of the following application attacks is being tested? a) Pass-the-hash b) Session replay c) Object deference d) Cross-site request forgery 7) A network administrator has been asked to install an IDS to improve the security posture of an organization. Which of the following control types is an IDS? a) Corrective b) Physical c) Detective d) Administrative 8) Which of the following should be put in place when negotiating with a new vendor about the timeliness of the response to a significant outage or incident? a) MOU b) MTTR c) SLA d) NDA 9) A startup company is using multiple SaaS and IaaS platforms to stand up a corporate infrastructure and build out a customer-facing web application. Which of the following solutions would be BEST to provide security, manageability, and visibility into the platforms? a) SIEM b) DLP c) CASB d) SWG 10) A root cause analysis reveals that a web application outage was caused by one of the company's developers uploading a newer version of the third-party libraries that were shared among several applications. Which of the following implementations would be BEST to prevent the issue from reoccurring? a) CASB b) SWG c) Containerization d) Automated failover 11) A security administrator suspects there may be unnecessary services running on a server. Which of the following tools will the administrator MOST likely use to confirm the suspicions? a) Nmap b) Wireshark c) Autopsy d) DNSenum 12) A company has drafted an insider-threat policy that prohibits the use of external storage devices. Which of the following would BEST protect the company from data exfiltration via removable media? a) Monitoring large data transfer transactions in the firewall logs b) Developing mandatory training to educate employees about the removable media policy c) Implementing a group policy to block user access to system files d) Blocking removable-media devices and write capabilities using a host-based security tool 13) In which of the following common use cases would steganography be employed? a) Obfuscation b) Integrity c) Non-repudiation d) Blockchain 14) To secure an application after a large data breach, an e-commerce site will be resetting all users' credentials. Which of the following will BEST ensure the site's users are not compromised after the reset? a) A password reuse policy b) Account lockout after three failed attempts c) Encrypted credentials in transit d) A geofencing policy based on login history 15) In which of the following risk management strategies would cybersecurity insurance be used? a) Transference b) Avoidance c) Acceptance d) Mitigation 16) An organization has implemented a policy requiring the use of conductive metal lockboxes for personal electronic devices outside of a secure research lab. Which of the following did the organization determine to be the GREATEST risk to intellectual property when creating this policy? a) The theft of portable electronic devices b) Geotagging in the metadata of images c) Bluesnarfing of mobile devices d) Data exfiltration over a mobile hotspot 17) A security analyst is using a recently released security advisory to review historical logs, looking for the specific activity that was outlined in the advisory. Which of the following is the analyst doing? a) A packet capture b) A user behavior analysis c) Threat hunting d) Credentialed vulnerability scanning 18) Which of the following would MOST likely support the integrity of a voting machine? a) Asymmetric encryption b) Blockchain c) Transport Layer Security d) Perfect forward secrecy 19) A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies? a) PCI DSS b) GDPR c) NIST d) ISO 31000 20) The IT department at a university is concerned about professors placing servers on the university network in an attempt to bypass security controls. Which of the following BEST represents this type of threat? a) A script kiddie b) Shadow IT c) Hacktivism d) White-hat

Security + Questions Part 3.

Leaderboard

Visual style

Options

Switch template

Continue editing: ?