1) Which of the following will MOST likely cause machine learning and Al-enabled systems to operate with unintended consequences? a) Stored procedures  b) Buffer overflows  c) Data bias  d) Code reuse 2) An organization blocks user access to command-line interpreters but hackers still managed to invoke the interpreters using native administrative tools. Which of the following should the security team do to prevent this from Happening in the future? a) Implement HIPS to block Inbound and outbound SMB ports 139 and 445.  b) Trigger a SIEM alert whenever the native OS tools are executed by the user c) Disable the built-in OS utilities as long as they are not needed for functionality.  d) Configure the AV to quarantine the native OS tools whenever they are executed. 3) An analyst has determined that a server was not patched and an external actor exfiltrated data on port 139. Which of the following sources should the analyst review to BEST ascertain how the Incident could have been prevented? a) The vulnerability scan output  b) The security logs.  c) The baseline report.  d) The correlation of events 4) A local coffee shop runs a small Wi-Fi hotspot for its customers that utilizes WPA2-PSK. The coffee shop would like to stay current with security trends and wants to implement WPA3 to make its Wi-Fi even more secure. Which of the following technologies will the coffee shop MOST likely use in place of PSK? a) WEP  b) MSCHAP  c) WPS  d) SAE 5) A security analyst is running a vulnerability scan to check for missing patches during a suspected security rodent. During which of the following phases of the response process is this activity MOST likely occurring? a) Containment  b) Identification  c) Recovery  d) Preparation 6) Which of the following is MOST likely to contain ranked and ordered information on the likelihood and potential impact of catastrophic events that may affect business processes and systems, while also highlighting the residual risks that need to be managed after mitigating controls have been implemented? a) An RTO report.  b) A risk register.  c) A business impact analysis  d) An asset value register  e) A disaster recovery plan 7) A client sent several inquiries to a project manager about the delinquent delivery status of some critical reports. The project manager warned the reports were previously sent via email but then quickly generated and backdated the reports before submitting them via a new email message. Which of the following actions MOST likely supports an investigation for fraudulent submission? a) Establish a chain of custody  b) Inspect the file metadata.  c) Reference the data retention policy  d) Review the email event logs. 8) A university is opening a facility in a location where there is an elevated risk of theft. The university wants to protect the desktops in its classrooms and labs. Which of the following should the university use to BEST protect these assets deployed in the facility? a) Visitor logs  b) Cable locks  c) Guards  d) Disk encryption  e) Motion detection 9) A systems analyst is responsible for generating a new digital forensics chain-of-custody form. Which of the following should the analyst Include in this documentation? (Select TWO). a) The order of volatility  b) A checksum  c) The location of the artifacts  d) The vendor's name.  e) The date and time  f) A warning banner. 10) A company is setting up a web server on the Internet that will utilize both encrypted and unencrypted web-browsing protocols. A security engineer runs a port scan against the server from the Internet and sees the following output: Which of the following steps would be best for the security engineer to take NEXT? a) Allow DNS access from the internet. b) Block SMTP access from the Internet  c) Block HTTPS access from the Internet  d) Block SSH access from the Internet. 11) Which of the following is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization? a) To provide data to quantity risk based on the organization's systems.  b) To keep all software and hardware fully patched for known vulnerabilities.  c) To only allow approved, organization-owned devices onto the business network  d) To standardize by selecting one laptop model for all users in the organization 12) An attacker was easily able to log in to a company's security camera by performing a baste online search for a setup guide for that particular camera brand and model. Which of the following BEST describes the configurations the attacker exploited? a) A. Weak encryption  b) B. Unsecure protocols c) C. Default settings d) D. Open permissions 13) A cloud administrator configures five computer instances under the same subnet in a VPC. Three instances are required to communicate with one another, and the other two must be logically isolated from all other instances in the VPC. Which of the following must the administrator configure to meet this requirement? a) One security group  b) Two security groups  c) Three security groups  d) Five security groups 14) An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them' (Select THREE) a) SFTP FTPS  b) SNMPv2 SNMPv3  c) HTTP, HTTPS  d) TFTP FTP  e) SNMPv1, SNMPv2  f) Telnet SSH 15) An attacker was easily able to log in to a company's security camera by performing a basic online search for a setup guide for that particular camera brand and model. Which of the following BEST describes the configurations the attacker exploited? a) Weak encryption  b) Unsecure protocols  c) Default settings  d) Open permissions 16) A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicloud provider environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control and management regardless of the data location. Which of the following would BEST meet the architect's objectives? a) Trusted Platform Module  b) laaS  c) HSMaaS  d) PaaS  e) Key Management Service 17) A security operations analyst is using the company's SIEM solution to correlate alerts. Which of the following stages of the incident response process is this an example of? a) Eradication  b) Recovery  c) Identification  d) Preparation 18) A company uses specially configured workstations to any work that requires administrator privileges to its Tier 0 and Tier 1 systems. The company follows a strict process to harden systems immediately upon delivery. Even with these strict security measures in place, an incident occurred from one of the workstations. The root cause appears to be that the SoC was tampered with or replaced. Which of the following MOST likely occurred? a) Fileless malware  b) A downgrade attack.  c) A supply-chain attack  d) A logic bomb.  e) Misconfigured BIOS 19) A hospital's administration is concerned about a potential loss of patient data that is stored on tablets. A security administrator needs to implement controls to alert the SOC any time the devices are near exits. Which of the following would BEST achieve this objective? a) Geotargeting  b) Geolocation  c) Geotagging  d) Geofencing 20) A SOC is implementing an insider threat detection program. The primary concern is that users may be accessing confidential data without authorization. Which of the following should be deployed to detect a potential insider threat? a) A honeyfile  b) ADMZ  c) DLP  d) File integrity monitoring

Security + (Part 15)

by
Print
Embed

Leaderboard

Visual style

Options

Switch template

Continue editing: ?