1) Which of the following would MOST likely be a result of improperly configured user accounts? a) Resource exhaustion  b) Buffer overflow  c) Session hijacking  d) Privilege escalation 2) An organization is concerned about video emissions from users' desktops. Which of the following is the BEST solution to implement? a) Screen filters  b) Shielded cables  c) Spectrum analyzers  d) Infrared detection 3) A user recent an SMS on a mobile phone that asked for bank delays.Which of the following social-engineering techniques was used in this case? a) SPIM  b) Vishing  c) Spear phishing  d) Smishing 4) A security administrator needs to create a RAID configuration that is focused on high read speeds and fault tolerance. It is unlikely that multiple drivers will fail simultaneously. Which of the following RAID configurations should the administration use? a) RA1D 0  b) RAID1  c) RAID 5  d) RAID 10 5) A user is concerned that a web application will not be able to handle unexpected or random input without crashing. Which of the following BEST describes the type of testing the user should perform? a) Code signing  b) Fuzzing  c) Manual code review  d) Dynamic code analysis 6) A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective? a) Security information and event management  b) A web application firewall  c) A vulnerability scanner  d) A next-generation firewall 7) The SOC is reviewing process and procedures after a recent incident. The review indicates it took more than 30 minutes to determine that quarantining an infected host was the best course of action. The allowed the malware to spread to additional hosts before it was contained. Which of the following would be BEST to improve the incident response process? a) Updating the playbooks with better decision points  b) Dividing the network into trusted and untrusted zones  c) Providing additional end-user training on acceptable use  d) Implementing manual quarantining of infected hosts 8) An organization has been experiencing outages during holiday sales and needs to ensure the availability of its point-of-sale systems. The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load. Which of the following are the BEST options to accomplish this objective? (Select TWO) a) Load balancing  b) Incremental backups  c) UPS  d) RAID  e) Dual power supply  f) NIC teaming 9) In the middle of a cybersecurity, a security engineer removes the infected devices from the network and lock down all compromised accounts. In which of the following incident response phases is the security engineer currently operating? a) Identification  b) Preparation  c) Eradication  d) Recovery  e) Containment 10) An organization has a growing workforce that is mostly driven by additions to the sales department. Each newly hired salesperson relies on a mobile device to conduct business. The Chief Information Officer (CIO) is wondering it the organization may need to scale down just as quickly as it scaled up. The ClO is also concerned about the organization's security and customer privacy. Which of the following would be BEST to address the ClO's concerns? a) Disallow new hires from using mobile devices for six months  b) Select four devices for the sales department to use in a CYOD model  c) Implement BYOD for the sates department while leveraging the MDM  d) Deploy mobile devices using the COPE methodology 11) A public relations team will be taking a group of guests on a tour through the facility of a large ecommerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against. a) Loss of proprietary information  b) Damage to the company's reputation  c) Social engineering  d) Credential exposure 12) A network engineer needs to create a plan for upgrading the wireless infrastructure in a large office Priority must be given to areas that are currently experiencing latency and connection issues. Which of the following would be the BEST resource for determining the order of priority? a) Nmap n b) Heat maps c) Network diagrams d) Wireshark 13) A security analyst is preparing a threat for an upcoming internal penetration test. The analyst needs to identify a method for determining the tactics, techniques, and procedures of a threat against the organization's network. Which of the following will the analyst MOST likely use to accomplish the objective? a) A table exercise  b) NST CSF  c) MTRE ATT$CK  d) OWASP 14) A security analyst has received an alert about PII being sent via email. The analyst's Chief information Security Officer (CISO) has made it clear that PII must be handled with extreme care From which of the following did the alert MOST likely originate? a) S/MIME b) DLP c) IMAP d) HIDS 15) A document that appears to be malicious has been discovered in an email that was sent to a company's Chief Financial Officer (CFO).Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain? a) Open the document on an air-gapped network  b) View the document's metadata for origin clues  c) Search for matching file hashes on malware websites  d) Detonate the document in an analysis sandbox 16) A network engineer notices the VPN concentrator overloaded and crashes on days when there are a lot of remote workers. Senior management has placed greater importance on the availability of VPN resources for the remote workers than the security of the end users' traffic. Which of the following would be BEST to solve this issue? a) iPSec  b) Always On  c) Split tunneling  d) L2TP 17) A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would BEST detect the presence of a rootkit in the future? a) FDE  b) NIDS  c) EDR  d) DLP 18) A security administrator currently spends a large amount of time on common security tasks, such aa report generation, phishing investigations, and user provisioning and deprovisioning This prevents the administrator from spending time on other security projects. The business does not have the budget to add more staff members. Which of the following should the administrator implement? a) DAC  b) ABAC  c) SCAP  d) SOAR 19) A security analyst sees the following log output while reviewing web logs: Which of the following mitigation strategies would be BEST to prevent this attack from being successful? a) Secure cookies  b) Input validation  c) Code signing  d) Stored procedures 20) A Chief Information Security Officer (CISO) is concerned about the organization's ability to continue business operation in the event of a prolonged DDoS attack on its local datacenter that consumes database resources. Which of the following will the CISO MOST likely recommend to mitigate this risk? a) Upgrade the bandwidth available into the datacenter  b) Implement a hot-site failover location  c) Switch to a complete SaaS offering to customers  d) Implement a challenge response test on all end-user queries

Security + (Part 7)

by
Print
Embed

Leaderboard

Visual style

Options

Switch template

Continue editing: ?