A company uses wireless for all laptops and keeps a very detailed record of its assets, along with a comprehensive list of devices that are authorized to be on the wireless network. The Chief Information Officer (CIO) is concerned about a script kiddie potentially using an unauthorized device to brute force the wireless PSK and obtain access to the internal network. Which of the following should the company implement to BEST prevent this from occurring?, A BPDU guard , WPA-EAP , IP filtering , A WIDS, Which of the following would be BEST to establish between organizations that have agreed to cooperate and are engaged in early discussion to define the responsibilities of each party, but do not want to establish a contractually binding agreement?, A. An SLA , B. An NDA , C. A BPA , D. An MOU, A Chief Executive Officer's (CEO) personal information was stolen in a social engineering attack. Which of the following sources would reveal if the CEO's personal information is for sale?, Automated information sharing , Open-source intelligence , The dark web , Vulnerability databases, An organization suffered an outage, and a critical system took 90 minutes to come back online. Though there was no data loss during the outage, the expectation was that the critical system would be available again within 60 minutes. Which of the following is the 60- minute expectation an example of:, MTBF , RPO , MTTR , RTO, A smart retail business has a local store and a newly established and growing online storefront. A recent storm caused a power outage to the company and the local ISP, resulting in several hours of lost sales and delayed order processing. The business owner now needs to ensure protection from power outrages and always available connectivity in case of an outage. The owner has decided to implement battery backups for the computer equipment. Which of the following would BEST fulfill the owner's second need? , A reverse proxy was used to redirect network traffic , An SSL strip MITM attack was performed , An attacker temporarily pawned a name server , An ARP poisoning attack was successfully executed, A company recently moved sensitive videos between on-premises. Company-owned websites. The company then learned the videos had been uploaded and shared to the internet. Which of the following would MOST likely allow the company to find the cause?, Checksums , Watermarks , Order of volatility , A log analysis , A right-to-audit clause, A company's Chief Information officer (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company's developers. Which of the following would be MOST suitable for training the developers?, A. A capture-the-flag competition , B. A phishing simulation , C. Physical security training , D. Baste awareness training., Local guidelines require that all information systems meet a minimum security baseline to be compliant. Which of the following can security administrators use to assess their system configurations against the baseline?, A. SOAR playbook , B. Security control matrix , C. Risk management framework , D. Benchmarks, Which of the following would be BEST to establish between organizations to define the responsibilities of each party outline the key deliverables and include monetary penalties for breaches to manage third-party risk?, An ARO , An MOU , An SLA , A BPA, A large industrial system's smart generator monitors the system status and sends alerts to third-party maintenance personnel when critical failures occur. While reviewing the network logs the company's security manager notices the generator's IP is sending packets to an internal file server's IP. Which of the following mitigations would be BEST for the security manager to implement while maintaining alerting capabilities?, Segmentation , Firewall whitelisting , Containment , isolation, Which of the following ISO standards is certified for privacy?, ISO 9001 , ISO 27002 , ISO 27701 , ISO 31000, Which of the following technical controls is BEST suited for the detection and prevention of buffer overflows on hosts?, DLP , HIDS , EDR , NIPS, A recent audit uncovered a key finding regarding the use of a specific encryption standard in a web application that is used to communicate with business customers. Due to the technical limitations of its customers the company is unable to upgrade the encryption standard. Which of the following types of controls should be used to reduce the risk created by this scenario?, Physical , Detective , Preventive , Compensating, A security assessment determines DES and 3DES are still being used on recently deployed production servers. Which of the following did the assessment identify?, Unsecure Protocols , Default settings , Open permissions , Weak encryption, A consultant is configuring a vulnerability scanner for a large, global organization in multiple countries. The consultant will be using a service account to scan systems with administrative privileges on a weekly basis, but there is a concern that hackers could gain access to account to the account and pivot through the global network. Which of the following would be BEST to help mitigate this concern? , Create consultant accounts for each region, each configured with push MFA notifications. , Create one global administrator account and enforce Kerberos authentication , Create different accounts for each region. limit their logon times, and alert on risky logins , Create a guest account for each region. remember the last ten passwords, and block password reuse, A security modern may have occurred on the desktop PC of an organization's Chief Executive Officer (CEO). A duplicate copy of the CEO's hard drive must be stored securely to ensure appropriate forensic processes and the chain of custody are followed. Which of the following should be performed to accomplish this task?, Install a new hard drive in the CEO's PC, and then remove the old hard drive and place it in a tamper-evident bag , Connect a write blocker to the hard drive Then leveraging a forensic workstation, utilize the dd command m a live Linux environment to create a duplicate copy , Remove the CEO's hard drive from the PC, connect to the forensic workstation, and copy all the contents onto a remote fileshare while the CEO watches , Refrain from completing a forensic analysis of the CEO's hard drive until after the incident is confirmed, duplicating the hard drive at this stage could destroy evidence, A security analyst needs to implement an MDM solution for BYOD users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration that might occur if the devices are lost or stolen. Which of the following would BEST meet these requirements? (Select TWO)., Full-device encryption , Network usage rules , Geofencing , Containerization , Application whitelisting , Remote control, A security analyst receives the configuration of a current VPN profile and notices the authentication is only applied to the IP datagram portion of the packet. Which of the following should the analyst implement to authenticate the entire packet?, AH , ESP , SRTP , LDAP, Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?, Watering-hole attack , Credential harvesting , Hybrid warfare , Pharming, Employees are having issues accessing the company's website. Some employees report very slow performance, while others cannot the website at all. The web and security administrators search the logs and find millions of half-open connections to port 443 on the web server. Further analysis reveals thousands of different source IPs initiating this traffic. Which of the following attacks is MOST likely occurring?, DDoS , Man-in-the-middle. , MAC flooding , Domain hijacking, An organization has hired a security analyst to perform a penetration test. The analyst captures 1Gb worth of inbound network traffic to the server and transfer the pcap back to the machine for analysis. Which of the following tools should the analyst use to further review the pcap?, Nmap , cURL , Netcat , Wireshark.
0%
Security + (Part 9)
Share
Share
Share
by
Josephdavila
Edit Content
Print
Embed
More
Assignments
Leaderboard
Show more
Show less
This leaderboard is currently private. Click
Share
to make it public.
This leaderboard has been disabled by the resource owner.
This leaderboard is disabled as your options are different to the resource owner.
Revert Options
Quiz
is an open-ended template. It does not generate scores for a leaderboard.
Log in required
Visual style
Fonts
Subscription required
Options
Switch template
Show all
More formats will appear as you play the activity.
)
Open results
Copy link
QR code
Delete
Continue editing:
?
