A security engineer must establish a method to assess compliance with company security policies as they apply to the unique configuration of individual endpoints, as well as to the shared configuration policies of common devices.
Which of the following tools is the security engineer using to produce the above output?
- A . Vulnerability scanner
- B . SIEM
- C . Port scanner
- D . SCAP scanner
A security analyst has been asked to create a list of external IT security concerns, which are applicable to the organization. The intent is to show the different types of external actors, their attack vectors, and the types of vulnerabilities that would cause business impact. The Chief Information Security Officer (CISO) will then present this list to the board to request funding for controls in areas that have insufficient coverage.
Which of the following exercise types should the analyst perform?
- A . Summarize the most recently disclosed vulnerabilities.
- B . Research industry best practices and latest RFCs.
- C . Undertake an external vulnerability scan and penetration test.
- D . Conduct a threat modeling exercise.
An online bank has contracted with a consultant to perform a security assessment of the bank’s web portal. The consultant notices the login page is linked from the main page with HTTPS, but when the URL is changed to HTTP, the browser is automatically redirected back to the HTTPS site .
Which of the following is a concern for the consultant, and how can it be mitigated?
- A . XSS could be used to inject code into the login page during the redirect to the HTTPS site. The consultant should implement a WAF to prevent this.
- B . The consultant is concerned the site is using an older version of the SSL 3.0 protocol that is vulnerable to a variety of attacks. Upgrading the site to TLS 1.0 would mitigate this issue.
- C . The HTTP traffic is vulnerable to network sniffing, which could disclose usernames and passwords to an attacker. The consultant should recommend disabling HTTP on the web server.
- D . A successful MITM attack Could intercept the redirect and use sslstrip to decrypt further HTTPS traffic. Implementing HSTS on the web server would prevent this.
The risk subcommittee of a corporate board typically maintains a master register of the most prominent risks to the company.
A centralized holistic view of risk is particularly important to the corporate Chief Information Security Officer (CISO) because:
- A . IT systems are maintained in silos to minimize interconnected risks and provide clear risk boundaries used to implement compensating controls
- B . risks introduced by a system in one business unit can affect other business units in ways in which the individual business units have no awareness
- C . corporate general counsel requires a single system boundary to determine overall corporate risk exposure
- D . major risks identified by the subcommittee merit the prioritized allocation of scare funding to address cybersecurity concerns
A development team is testing an in-house-developed application for bugs. During the test, the application crashes several times due to null pointer exceptions .
Which of the following tools, if integrated into an IDE during coding, would identify these bugs routinely?
- A . Issue tracker
- B . Static code analyzer
- C . Source code repository
- D . Fuzzing utility
Click on the exhibit buttons to view the four messages.
A security architect is working with a project team to deliver an important service that stores and processes customer banking details. The project, internally known as ProjectX, is due to launch its first set of features publicly within a week, but the team has not been able to implement encryption-at-rest of the customer records. The security architect is drafting an escalation email to senior leadership.
Which of the following BEST conveys the business impact for senior leadership?
- A . Message 1
- B . Message 2
- C . Message 3
- D . Message 4
A software development manager is running a project using agile development methods. The company cybersecurity engineer has noticed a high number of vulnerabilities have been making it into production code on the project.
Which of the following methods could be used in addition to an integrated development environment to reduce the severity of the issue?
- A . Conduct a penetration test on each function as it is developed
- B . Develop a set of basic checks for common coding errors
- C . Adopt a waterfall method of software development
- D . Implement unit tests that incorporate static code analyzers
A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite. The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes .
Which of the following controls would BEST mitigate the identified vulnerability?
- A . Issue digital certificates to all users, including owners of group mailboxes, and enable S/MIME
- B . Federate with an existing PKI provider, and reject all non-signed emails
- C . Implement two-factor email authentication, and require users to hash all email messages upon receipt
- D . Provide digital certificates to all systems, and eliminate the user group or shared mailboxes
An organization based in the United States is planning to expand its operations into the European market later in the year Legal counsel is exploring the additional requirements that must be established as a result of the expansion. The BEST course of action would be to
- A . revise the employee provisioning and deprovisioning procedures
- B . complete a quantitative risk assessment
- C . draft a memorandum of understanding
- D . complete a security questionnaire focused on data privacy.
A company has hired an external security consultant to conduct a thorough review of all aspects of corporate security. The company is particularly concerned about unauthorized access to its physical offices resulting in network compromises .
Which of the following should the consultant recommend be performed to evaluate potential risks?
- A . The consultant should attempt to gain access to physical offices through social engineering and then attempt data exfiltration
- B . The consultant should be granted access to all physical access control systems to review logs and evaluate the likelihood of the threat
- C . The company should conduct internal audits of access logs and employee social media feeds to identify potential insider threats
- D . The company should install a temporary CCTV system to detect unauthorized access to physical offices
An organization has established the following controls matrix:
The following control sets have been defined by the organization and are applied in aggregate fashion:
✑ Systems containing PII are protected with the minimum control set.
✑ Systems containing medical data are protected at the moderate level.
✑ Systems containing cardholder data are protected at the high level.
The organization is preparing to deploy a system that protects the confidentially of a database containing PII and medical data from clients.
Based on the controls classification, which of the following controls would BEST meet these requirements?
- A . Proximity card access to the server room, context-based authentication, UPS, and full-disk encryption for the database server.
- B . Cipher lock on the server room door, FDE, surge protector, and static analysis of all application code.
- C . Peer review of all application changes, static analysis of application code, UPS, and penetration testing of the complete system.
- D . Intrusion detection capabilities, network-based IPS, generator, and context-based authentication.
A medical facility wants to purchase mobile devices for doctors and nurses. To ensure accountability, each individual will be assigned a separate mobile device.
Additionally, to protect patients’ health information, management has identified the following requirements:
✑ Data must be encrypted at rest.
✑ The device must be disabled if it leaves the facility.
✑ The device must be disabled when tampered with.
Which of the following technologies would BEST support these requirements? (Select two.)
- A . eFuse
- B . NFC
- C . GPS
- D . Biometric
- E . USB 4.1
- F . MicroSD
A company’s chief cybersecurity architect wants to configure mutual authentication to access an internal payroll website. The architect has asked the administration team to determine the configuration that would provide the best defense against MITM attacks .
Which of the following implementation approaches would BEST support the architect’s goals?
- A . Utilize a challenge-response prompt as required input at username/password entry.
- B . Implement TLS and require the client to use its own certificate during handshake.
- C . Configure a web application proxy and institute monitoring of HTTPS transactions.
- D . Install a reverse proxy in the corporate DMZ configured to decrypt TLS sessions.
A company recently migrated to a SaaS-based email solution.
The solution is configured as follows.
• Passwords are synced to the cloud to allow for SSO
• Cloud-based antivirus is enabled
• Cloud-based anti-spam is enabled
• Subscription-based blacklist is enabled
Although the above controls are enabled, the company’s security administrator is unable to detect an account compromise caused by phishing attacks in a timely fashion because email logs are not immediately available to review .
Which of the following would allow the company to gam additional visibility and reduce additional costs? (Select TWO)
- A . Migrate the email antivirus and anti-spam on-premises
- B . Implement a third-party CASB solution.
- C . Disable the current SSO model and enable federation
- D . Feed the attacker IPs from the company IDS into the email blacklist
- E . Install a virtual SIEM within the email cloud provider
- F . Add email servers to NOC monitoring
Two new technical SMB security settings have been enforced and have also become policies that increase secure communications.
Network Client: Digitally sign communication
Network Server: Digitally sign communication
A storage administrator in a remote location with a legacy storage array, which contains time-sensitive data, reports employees can no longer connect to their department shares .
Which of the following mitigation strategies should an information security manager recommend to the data owner?
- A . Accept the risk, reverse the settings for the remote location, and have the remote location file a risk exception until the legacy storage device can be upgraded
- B . Accept the risk for the remote location, and reverse the settings indefinitely since the legacy storage device will not be upgraded
- C . Mitigate the risk for the remote location by suggesting a move to a cloud service provider. Have the remote location request an indefinite risk exception for the use of cloud storage
- D . Avoid the risk, leave the settings alone, and decommission the legacy storage device
A security incident responder discovers an attacker has gained access to a network and has overwritten key system files with backdoor software. The server was reimaged and patched offline.
Which of the following tools should be implemented to detect similar attacks?
- A . Vulnerability scanner
- B . TPM
- C . Host-based firewall
- D . File integrity monitor
- E . NIPS
A DevOps team wants to move production data into the QA environment for testing. This data contains credit card numbers and expiration dates that are not tied to any individuals. The security analyst wants to reduce risk .
Which of the following will lower the risk before moving the data”
- A . Redacting all but the last four numbers of the cards
- B . Hashing the card numbers
- C . Scrambling card and expiration data
- D . Encrypting card and expiration numbers
Several recent ransomware outbreaks at a company have cost a significant amount of lost revenue.
The security team needs to find a technical control mechanism that will meet the following requirements and aid in preventing these outbreaks:
✑ Stop malicious software that does not match a signature
✑ Report on instances of suspicious behavior
✑ Protect from previously unknown threats
✑ Augment existing security capabilities
Which of the following tools would BEST meet these requirements?
- A . Host-based firewall
- B . EDR
- C . HIPS
- D . Patch management
A company’s human resources department recently had its own shadow IT department spin up ten VMs that host a mixture of differently labeled data types (confidential and restricted) on the same VMs.
Which of the following cloud and visualization considerations would BEST address the issue presented in this scenario?
- A . Vulnerabilities associated with a single platform hosting multiple data types on VMs should have been considered
- B . Vulnerabilities associated with a single server hosting multiple data types should have been considered.
- C . Type 1vs Type 2 hypervisor approaches should have been considered
- D . Vulnerabilities associated with shared hosting services provided by the IT department should have been considered.
A Chief Information Security Officer (CISO is reviewing and revising system configuration and hardening guides that were developed internally and have been used several years to secure the organization’s systems. The CISO knows improvements can be made to the guides.
Which of the following would be the BEST source of reference during the revision process?
- A . CVE database
- B . Internal security assessment reports
- C . Industry-accepted standards
- D . External vulnerability scan reports
- E . Vendor-specific implementation guides
A security architect has been assigned to a new digital transformation program. The objectives are to provide better capabilities to customers and reduce costs.
The program has highlighted the following requirements:
✑ Long-lived sessions are required, as users do not log in very often.
✑ The solution has multiple SPs, which include mobile and web applications.
✑ A centralized IdP is utilized for all customer digital channels.
✑ The applications provide different functionality types such as forums and customer portals.
✑ The user experience needs to be the same across both mobile and web-based applications.
Which of the following would BEST improve security while meeting these requirements?
- A . Social login to IdP, securely store the session cookies, and implement one-time passwords sent to the mobile device
- B . Create-based authentication to IdP, securely store access tokens, and implement secure push notifications.
- C . Username and password authentication to IdP, securely store refresh tokens, and implement context-aware authentication.
- D . Username and password authentication to SP, securely store Java web tokens, and implement SMS OTPs.
A company has adopted and established a continuous-monitoring capability, which has proven to be effective in vulnerability management, diagnostics, and mitigation. The company wants to increase the likelihood that it is able to discover and therefore respond to emerging threats earlier in the life cycle.
Which of the following methodologies would BEST help the company to meet this objective? (Choose two.)
- A . Install and configure an IPS.
- B . Enforce routine GPO reviews.
- C . Form and deploy a hunt team.
- D . Institute heuristic anomaly detection.
- E . Use a protocol analyzer with appropriate connectors.
After multiple service interruptions caused by an older datacenter design, a company decided to migrate away from its datacenter. The company has successfully completed the migration of all datacenter servers and services to a cloud provider.
The migration project includes the following phases:
✑ Selection of a cloud provider
✑ Architectural design
✑ Microservice segmentation
✑ Virtual private cloud
✑ Geographic service redundancy
✑ Service migration
The Chief Information Security Officer (CISO) is still concerned with the availability requirements of critical company applications.
Which of the following should the company implement NEXT?
- A . Multicloud solution
- B . Single-tenancy private cloud
- C . Hybrid cloud solution
- D . Cloud access security broker
An engineer is assisting with the design of a new virtualized environment that will house critical company services and reduce the datacenter’s physical footprint. The company has expressed concern about the integrity of operating systems and wants to ensure a vulnerability exploited in one datacenter segment would not lead to the compromise of all others.
Which of the following design objectives should the engineer complete to BEST mitigate the company’s concerns? (Choose two.)
- A . Deploy virtual desktop infrastructure with an OOB management network
- B . Employ the use of vT PM with boot attestation
- C . Leverage separate physical hardware for sensitive services and data
- D . Use a community CSP with independently managed security services
- E . Deploy to a private cloud with hosted hypervisors on each physical machine
An organization is implementing a virtualized thin-client solution for normal user computing and access. During a review of the architecture, concerns were raised that an attacker could gain access to multiple user environments by simply gaining a foothold on a single one with malware .
Which of the following reasons BEST explains this?
- A . Malware on one virtual environment could enable pivoting to others by leveraging vulnerabilities in the hypervisor.
- B . A worm on one virtual environment could spread to others by taking advantage of guest OS networking services vulnerabilities.
- C . One virtual environment may have one or more application-layer vulnerabilities, which could allow an attacker to escape that environment.
- D . Malware on one virtual user environment could be copied to all others by the attached network storage controller.
To meet a SLA, which of the following documents should be drafted, defining the company’s internal interdependent unit responsibilities and delivery timelines.
- A . BPA
- B . OLA
- C . MSA
- D . MOU
B
Explanation:
OLA is an agreement between the internal support groups of an institution that supports SLA. According to the Operational Level Agreement, each internal support group has certain responsibilities to the other group. The OLA clearly depicts the performance and relationship of the internal service groups. The main objective of OLA is to ensure that all the support groups provide the intended Service Level Agreement.
During the decommissioning phase of a hardware project, a security administrator is tasked with ensuring no sensitive data is released inadvertently. All paper records are scheduled to be shredded in a crosscut shredded, and the waste will be burned. The system drives and removable media have been removed prior to e-cycling the hardware.
Which of the following would ensure no data is recovered from the system droves once they are disposed of?
- A . Overwriting all HDD blocks with an alternating series of data.
- B . Physically disabling the HDDs by removing the dive head.
- C . Demagnetizing the hard drive using a degausser.
- D . Deleting the UEFI boot loaders from each HDD.
A consulting firm was hired to conduct assessment for a company.
During the first stage, a penetration tester used a tool that provided the following output:
TCP 80 open
TCP 443 open
TCP 1434 filtered
The penetration tester then used a different tool to make the following requests:
GET / script/login.php?token=45$MHT000MND876
GET / script/login.php?token=@#984DCSPQ%091DF
Which of the following tools did the penetration tester use?
- A . Protocol analyzer
- B . Port scanner
- C . Fuzzer
- D . Brute forcer
- E . Log analyzer
- F . HTTP interceptor
A systems administrator at a medical imaging company discovers protected health information (PHI) on a general purpose file server .
Which of the following steps should the administrator take NEXT?
- A . Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2
- B . Immediately encrypt all PHI with AES 256
- C . Delete all PHI from the network until the legal department is consulted
- D . Consult the legal department to determine legal requirements
A systems administrator receives an advisory email that a recently discovered exploit is being used in another country and the financial institutions have ceased operations while they find a way to respond to the attack .
Which of the following BEST describes where the administrator should look to find information on the attack to determine if a response must be prepared for the systems? (Choose two.)
- A . Bug bounty websites
- B . Hacker forums
- C . Antivirus vendor websites
- D . Trade industry association websites
- E . CVE database
- F . Company’s legal department
An information security officer is responsible for one secure network and one office network. Recent intelligence suggests there is an opportunity for attackers to gain access to the secure network due to similar login credentials across networks.
To determine the users who should change their information, the information security officer uses a tool to scan a file with hashed values on both networks and receives the following data:
Which of the following tools was used to gather this information from the hashed values in the file?
- A . Vulnerability scanner
- B . Fuzzer
- C . MD5 generator
- D . Password cracker
- E . Protocol analyzer
A security engineer has implemented an internal user access review tool so service teams can baseline user accounts and group memberships. The tool is functional and popular among its initial set of onboarded teams. However, the tool has not been built to cater to a broader set of internal teams yet.
The engineer has sought feedback from internal stakeholders, and a list of summarized requirements is as follows:
✑ The tool needs to be responsive so service teams can query it, and then perform an automated response action.
✑ The tool needs to be resilient to outages so service teams can perform the user access review at any point in time and meet their own SLAs.
✑ The tool will become the system-of-record for approval, reapproval, and removal life cycles of group memberships and must allow for data retrieval after failure.
Which of the following need specific attention to meet the requirements listed above? (Choose three.)
- A . Scalability
- B . Latency
- C . Availability
- D . Usability
- E . Recoverability
- F . Maintainability
An SQL database is no longer accessible online due to a recent security breach. An investigation reveals that unauthorized access to the database was possible due to an SQL injection vulnerability.
To prevent this type of breach in the future, which of the following security controls should be put in place before bringing the database back online? (Choose two.)
- A . Secure storage policies
- B . Browser security updates
- C . Input validation
- D . Web application firewall
- E . Secure coding standards
- F . Database activity monitoring
A forensics analyst suspects that a breach has occurred. Security logs show the company’s OS patch system may be compromised, and it is serving patches that contain a zero-day exploit and backdoor. The analyst extracts an executable file from a packet capture of communication between a client computer and the patch server.
Which of the following should the analyst use to confirm this suspicion?
- A . File size
- B . Digital signature
- C . Checksums
- D . Anti-malware software
- E . Sandboxing
When reviewing KRIs of the email security appliance with the Chief Information Security Officer (CISO) of an insurance company, the security engineer notices the following:
Which of the following measures should the security engineer take to ensure PII is not
intercepted in transit while also preventing interruption to business?
- A . Quarantine emails sent to external domains containing PII and release after inspection.
- B . Prevent PII from being sent to domains that allow users to sign up for free webmail.
- C . Enable transport layer security on all outbound email communications and attachments.
- D . Provide security awareness training regarding transmission of PII.
Given the following code snippet:
Of which of the following is this snippet an example?
- A . Data execution prevention
- B . Buffer overflow
- C . Failure to use standard libraries
- D . Improper filed usage
- E . Input validation
The Chief Executive Officers (CEOs) from two different companies are discussing the highly sensitive prospect of merging their respective companies together.
Both have invited their Chief Information Officers (CIOs) to discern how they can securely and digitally communicate, and the following criteria are collectively determined:
✑ Must be encrypted on the email servers and clients
✑ Must be OK to transmit over unsecure Internet connections
Which of the following communication methods would be BEST to recommend?
- A . Force TLS between domains.
- B . Enable STARTTLS on both domains.
- C . Use PGP-encrypted emails.
- D . Switch both domains to utilize DNSSEC.
A security analyst is reviewing the corporate MDM settings and notices some disabled settings, which consequently permit users to download programs from untrusted developers and manually install them. After some conversations, it is confirmed that these settings were disabled to support the internal development of mobile applications. The security analyst is now recommending that developers and testers have a separate device profile allowing this, and that the rest of the organization’s users do not have the ability to manually download and install untrusted applications .
Which of the following settings should be toggled to achieve the goal? (Choose two.)
- A . OTA updates
- B . Remote wiping
- C . Side loading
- D . Sandboxing
- E . Containerization
- F . Signed applications
A security engineer is working with a software development team. The engineer is tasked with ensuring all security requirements are adhered to by the developers .
Which of the following BEST describes the contents of the supporting document the engineer is creating?
- A . A series of ad-hoc tests that each verify security control functionality of the entire system at once.
- B . A series of discrete tasks that, when viewed in total, can be used to verify and document each individual constraint from the SRTM.
- C . A set of formal methods that apply to one or more of the programing languages used on the development project.
- D . A methodology to verify each security control in each unit of developed code prior to committing the code.
A consultant is hired to perform a passive vulnerability assessment of a company to determine what information might be collected about the company and its employees. The assessment will be considered successful if the consultant can discover the name of one of the IT administrators .
Which of the following is MOST likely to produce the needed information?
- A . Whois
- B . DNS enumeration
- C . Vulnerability scanner
- D . Fingerprinting
A Chief Information Security Officer (CISO) is developing a new BIA for the organization. The CISO wants to gather requirements to determine the appropriate RTO and RPO for the organization’s ERP .
Which of the following should the CISO interview as MOST qualified to provide RTO/RPO metrics?
- A . Data custodian
- B . Data owner
- C . Security analyst
- D . Business unit director
- E . Chief Executive Officer (CEO)
DRAG DROP
A security administrator must configure the database server shown below to comply with the four requirements listed.
Drag and drop the appropriate ACL that should be configured on the database server to its corresponding requirement. Answer options may be used once or not at all.
In the past, the risk committee at Company A has shown an aversion to even minimal amounts of risk acceptance. A security engineer is preparing recommendations regarding the risk of a proposed introducing legacy ICS equipment. The project will introduce a minor vulnerability into the enterprise. This vulnerability does not significantly expose the enterprise to risk and would be expensive against.
Which of the following strategies should the engineer recommended be approved FIRST?
- A . Avoid
- B . Mitigate
- C . Transfer
- D . Accept
A penetration tester noticed special characters in a database table. The penetration tester configured the browser to use an HTTP interceptor to verify that the front-end user registration web form accepts invalid input in the user’s age field. The developer was notified and asked to fix the issue.
Which of the following is the MOST secure solution for the developer to implement?
- A . IF $AGE == “!@#%^&*()_+<>?”:{}[]” THEN ERROR
- B . IF $AGE == [1234567890] {1,3} THEN CONTINUE
- C . IF $AGE != “a-bA-Z!@#$%^&*()_+<>?”{}[]”THEN CONTINUE
- D . IF $AGE == [1-0] {0,2} THEN CONTINUE
An organization is preparing to develop a business continuity plan. The organization is required to meet regulatory requirements relating to confidentiality and availability, which are well-defined. Management has expressed concern following initial meetings that the organization is not fully aware of the requirements associated with the regulations.
Which of the following would be MOST appropriate for the project manager to solicit additional resources for during this phase of the project?
- A . After-action reports
- B . Gap assessment
- C . Security requirements traceability matrix
- D . Business impact assessment
- E . Risk analysis
A developer emails the following output to a security administrator for review:
Which of the following tools might the security administrator use to perform further security assessment of this issue?
- A . Port scanner
- B . Vulnerability scanner
- C . Fuzzer
- D . HTTP interceptor
An organization is currently performing a market scan for managed security services and EDR capability .
Which of the following business documents should be released to the prospective vendors in the first step of the process? (Select TWO).
- A . MSA
- B . RFP
- C . NDA
- D . RFI
- E . MOU
- F . RFQ
Providers at a healthcare system with many geographically dispersed clinics have been fined five times this year after an auditor received notice of the following SMS messages:
Which of the following represents the BEST solution for preventing future fines?
- A . Implement a secure text-messaging application for mobile devices and workstations.
- B . Write a policy requiring this information to be given over the phone only.
- C . Provide a courier service to deliver sealed documents containing public health informatics.
- D . Implement FTP services between clinics to transmit text documents with the information.
- E . Implement a system that will tokenize patient numbers.
A security engineer has been hired to design a device that will enable the exfiltration of data from within a well-defended network perimeter during an authorized test. The device must bypass all firewalls and NIDS in place, as well as allow for the upload of commands from a centralized command and control answer. The total cost of the device must be kept to a minimum in case the device is discovered during an assessment .
Which of the following tools should the engineer load onto the device being designed?
- A . Custom firmware with rotating key generation
- B . Automatic MITM proxy
- C . TCP beacon broadcast software
- D . Reverse shell endpoint listener
An engineer wants to assess the OS security configurations on a company’s servers. The engineer has downloaded some files to orchestrate configuration checks.
When the engineer opens a file in a text editor, the following excerpt appears:
Which of the following capabilities would a configuration compliance checker need to support to interpret this file?
- A . Nessus
- B . Swagger file
- C . SCAP
- D . Netcat
- E . WSDL
An information security manager conducted a gap analysis, which revealed a 75% implementation of security controls for high-risk vulnerabilities, 90% for medium vulnerabilities, and 10% for low-risk vulnerabilities. To create a road map to close the identified gaps, the assurance team reviewed the likelihood of exploitation of each vulnerability and the business impact of each associated control.
To determine which controls to implement, which of the following is the MOST important to consider?
- A . KPI
- B . KRI
- C . GRC
- D . BIA
Developers are working on anew feature to add to a social media platform. Thew new feature involves users uploading pictures of what they are currently doing. The data privacy officer (DPO) is concerned about various types of abuse that might occur due to this new feature. The DPO state the new feature cannot be released without addressing the physical safety concerns of the platform’s users .
Which of the following controls would BEST address the DPO’s concerns?
- A . Increasing blocking options available to the uploader
- B . Adding a one-hour delay of all uploaded photos
- C . Removing all metadata in the uploaded photo file
- D . Not displaying to the public who uploaded the photo
- E . Forcing TLS for all connections on the platform
The Chief Information Officer (CISO) is concerned that certain systems administrators will privileged access may be reading other users’ emails. Review of a tool’s output shows the administrators have used web mail to log into other users’ inboxes.
Which of the following tools would show this type of output?
- A . Log analysis tool
- B . Password cracker
- C . Command-line tool
- D . File integrity monitoring tool
An engineer needs to provide access to company resources for several offshore contractors.
The contractors require:
✑ Access to a number of applications, including internal websites
✑ Access to database data and the ability to manipulate it
✑ The ability to log into Linux and Windows servers remotely
Which of the following remote access technologies are the BEST choices to provide all of this access securely? (Choose two.)
- A . VTC
- B . VRRP
- C . VLAN
- D . VDI
- E . VPN
- F . Telnet
While conducting online research about a company to prepare for an upcoming penetration test, a security analyst discovers detailed financial information on an investor website the company did not make public. The analyst shares this information with the Chief Financial Officer (CFO), who confirms the information is accurate, as it was recently discussed at a board of directors meeting. Many of the details are verbatim discussion comments captured by the board secretary for purposes of transcription on a mobile device .
Which of the following would MOST likely prevent a similar breach in the future?
- A . Remote wipe
- B . FDE
- C . Geolocation
- D . eFuse
- E . VPN
The code snippet below controls all electronic door locks to a secure facility in which the doors should only fail open in an emergency.
In the code, “criticalValue” indicates if an emergency is underway:
Which of the following is the BEST course of action for a security analyst to recommend to the software developer?
- A . Rewrite the software to implement fine-grained, conditions-based testing
- B . Add additional exception handling logic to the main program to prevent doors from being opened
- C . Apply for a life-safety-based risk exception allowing secure doors to fail open
- D . Rewrite the software’s exception handling routine to fail in a secure state
The board of a financial services company has requested that the senior security analyst acts as a cybersecurity advisor in order to comply with recent federal legislation. The analyst is required to give a report on current cybersecurity and threat trends in the financial services industry at the next board meeting .
Which of the following would be the BEST methods to prepare this report? (Choose two.)
- A . Review the CVE database for critical exploits over the past year
- B . Use social media to contact industry analysts
- C . Use intelligence gathered from the Internet relay chat channels
- D . Request information from security vendors and government agencies
- E . Perform a penetration test of the competitor’s network and share the results with the board
A company that has been breached multiple times is looking to protect cardholder data. The previous undetected attacks all mimicked normal administrative-type behavior.
The company must deploy a host solution to meet the following requirements:
✑ Detect administrative actions
✑ Block unwanted MD5 hashes
✑ Provide alerts
✑ Stop exfiltration of cardholder data
Which of the following solutions would BEST meet these requirements? (Choose two.)
- A . AV
- B . EDR
- C . HIDS
- D . DLP
- E . HIPS
- F . EFS
A software development company lost customers recently because of a large number of software issues. These issues were related to integrity and availability defects, including buffer overflows, pointer deferences, and others .
Which of the following should the company implement to improve code quality? (Select two).
- A . Development environment access controls
- B . Continuous integration
- C . Code comments and documentation
- D . Static analysis tools
- E . Application containerization
- F . Code obfuscation
The Chief Information Officer (CIO) has been asked to develop a security dashboard with the relevant metrics. The board of directors will use the dashboard to monitor and track the overall security posture of the organization. The CIO produces a basic report containing both KPI and KRI data in two separate sections for the board to review.
Which of the following BEST meets the needs of the board?
- A . KRI: – Compliance with regulations- Backlog of unresolved security investigations-Severity of threats and vulnerabilities reported by sensors- Time to patch critical issues on a monthly basis
KPI: – Time to resolve open security items- % of suppliers with approved security control frameworks- EDR coverage across the fleet- Threat landscape rating - B . KRI: – EDR coverage across the fleet- Backlog of unresolved security investigations-
Time to patch critical issues on a monthly basis- Threat landscape rating
KPI: – Time to resolve open security items- Compliance with regulations- % of suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors - C . KRI: – EDR coverage across the fleet- % of suppliers with approved security control framework- Backlog of unresolved security investigations- Threat landscape rating
KPI: -Time to resolve open security items- Compliance with regulations- Time to patch critical issues on a monthly basis- Severity of threats and vulnerabilities reported by sensors - D . KPI: – Compliance with regulations- % of suppliers with approved security control frameworks- Severity of threats and vulnerabilities reported by sensors- Threat landscape rating
KRI: – Time to resolve open security items- Backlog of unresolved security investigations- EDR coverage across the fleet- Time to patch critical issues on a monthly basis
An organization implemented a secure boot on its most critical application servers which produce content and capability for other consuming servers A recent incident, however led the organization to implement a centralized attestation service for these critical servers .
Which of the following MOST likely explains the nature of the incident that caused the organization to implement this remediation?
- A . An attacker masqueraded as an internal DNS server
- B . An attacker leveraged a heap overflow vulnerability in the OS
- C . An attacker was able to overwrite an OS integrity measurement register
- D . An attacker circumvented IEEE 802.1X network-level authentication requirements.
A Chief Information Security Officer (CISO) is reviewing the controls in place to support the organization’s vulnerability management program. The CISO finds patching and vulnerability scanning policies and procedures are in place. However, the CISO is concerned the organization is siloed and is not maintaining awareness of new risks to the organization. The CISO determines systems administrators need to participate in industry security events .
Which of the following is the CISO looking to improve?
- A . Vendor diversification
- B . System hardening standards
- C . Bounty programs
- D . Threat awareness
- E . Vulnerability signatures
An organization’s Chief Financial Officer (CFO) was the target of several different social engineering attacks recently. The CFO has subsequently worked closely with the Chief Information Security Officer (CISO) to increase awareness of what attacks may look like. An unexpected email arrives in the CFO’s inbox from a familiar name with an attachment .
Which of the following should the CISO task a security analyst with to determine whether or not the attachment is safe?
- A . Place it in a malware sandbox.
- B . Perform a code review of the attachment.
- C . Conduct a memory dump of the CFO’s PC.
- D . Run a vulnerability scan on the email server.
A company has gone through a round of phishing attacks. More than 200 users have had their workstation infected because they clicked on a link in an email. An incident analysis has determined an executable ran and compromised the administrator account on each workstation. Management is demanding the information security team prevent this from happening again .
Which of the following would BEST prevent this from happening again?
- A . Antivirus
- B . Patch management
- C . Log monitoring
- D . Application whitelisting
- E . Awareness training
An administrator has noticed mobile devices from an adjacent company on the corporate wireless network. Malicious activity is being reported from those devices. To add another layer of security in an enterprise environment, an administrator wants to add contextual authentication to allow users to access enterprise resources only while present in corporate buildings .
Which of the following technologies would accomplish this?
- A . Port security
- B . Rogue device detection
- C . Bluetooth
- D . GPS
During a criminal investigation, the prosecutor submitted the original hard drive from the suspect’s computer as evidence. The defense objected during the trial proceedings, and the evidence was rejected .
Which of the following practices should the prosecutor’s forensics team have used to ensure the suspect’s data would be admissible as evidence? (Select TWO.)
- A . Follow chain of custody best practices
- B . Create an identical image of the original hard drive, store the original securely, and then perform forensics only on the imaged drive.
- C . Use forensics software on the original hard drive and present generated reports as evidence
- D . Create a tape backup of the original hard drive and present the backup as evidence
- E . Create an exact image of the original hard drive for forensics purposes, and then place the original back in service
During a criminal investigation, the prosecutor submitted the original hard drive from the suspect’s computer as evidence. The defense objected during the trial proceedings, and the evidence was rejected .
Which of the following practices should the prosecutor’s forensics team have used to ensure the suspect’s data would be admissible as evidence? (Select TWO.)
- A . Follow chain of custody best practices
- B . Create an identical image of the original hard drive, store the original securely, and then perform forensics only on the imaged drive.
- C . Use forensics software on the original hard drive and present generated reports as evidence
- D . Create a tape backup of the original hard drive and present the backup as evidence
- E . Create an exact image of the original hard drive for forensics purposes, and then place the original back in service
During a criminal investigation, the prosecutor submitted the original hard drive from the suspect’s computer as evidence. The defense objected during the trial proceedings, and the evidence was rejected .
Which of the following practices should the prosecutor’s forensics team have used to ensure the suspect’s data would be admissible as evidence? (Select TWO.)
- A . Follow chain of custody best practices
- B . Create an identical image of the original hard drive, store the original securely, and then perform forensics only on the imaged drive.
- C . Use forensics software on the original hard drive and present generated reports as evidence
- D . Create a tape backup of the original hard drive and present the backup as evidence
- E . Create an exact image of the original hard drive for forensics purposes, and then place the original back in service
During a criminal investigation, the prosecutor submitted the original hard drive from the suspect’s computer as evidence. The defense objected during the trial proceedings, and the evidence was rejected .
Which of the following practices should the prosecutor’s forensics team have used to ensure the suspect’s data would be admissible as evidence? (Select TWO.)
- A . Follow chain of custody best practices
- B . Create an identical image of the original hard drive, store the original securely, and then perform forensics only on the imaged drive.
- C . Use forensics software on the original hard drive and present generated reports as evidence
- D . Create a tape backup of the original hard drive and present the backup as evidence
- E . Create an exact image of the original hard drive for forensics purposes, and then place the original back in service
During a criminal investigation, the prosecutor submitted the original hard drive from the suspect’s computer as evidence. The defense objected during the trial proceedings, and the evidence was rejected .
Which of the following practices should the prosecutor’s forensics team have used to ensure the suspect’s data would be admissible as evidence? (Select TWO.)
- A . Follow chain of custody best practices
- B . Create an identical image of the original hard drive, store the original securely, and then perform forensics only on the imaged drive.
- C . Use forensics software on the original hard drive and present generated reports as evidence
- D . Create a tape backup of the original hard drive and present the backup as evidence
- E . Create an exact image of the original hard drive for forensics purposes, and then place the original back in service
Access to the corporate applications
Which of the following solution components should be deployed to BEST meet the requirements? (Select three.)
- A . IPSec VPN
- B . HIDS
- C . Wireless controller
- D . Rights management
- E . SSL VPN
- F . NAC
- G . WAF
- H . Load balancer
The marketing department has developed a new marketing campaign involving significant social media outreach. The campaign includes allowing employees and customers to submit blog posts and pictures of their day-to-day experiences at the company. The information security manager has been asked to provide an informative letter to all participants regarding the security risks and how to avoid privacy and operational security issues .
Which of the following is the MOST important information to reference in the letter?
- A . After-action reports from prior incidents.
- B . Social engineering techniques
- C . Company policies and employee NDAs
- D . Data classification processes
A security analyst who is concerned about sensitive data exfiltration reviews the following:
Which of the following tools would allow the analyst to confirm if data exfiltration is occuring?
- A . Port scanner
- B . SCAP tool
- C . File integrity monitor
- D . Protocol analyzer
A project manager is working with a team that is tasked to develop software applications in a structured environment and host them in a vendor’s cloud-based infrastructure. The organization will maintain responsibility for the software but will not manage the underlying server applications .
Which of the following does the organization plan to leverage?
- A . SaaS
- B . PaaS
- C . IaaS
- D . Hybrid cloud
- E . Network virtualization
A security analyst is troubleshooting a scenario in which an operator should only be allowed to reboot remote hosts but not perform other activities.
The analyst inspects the following portions of different configuration files:
Configuration file 1:
Operator ALL=/sbin/reboot
Configuration file 2:
Command=”/sbin/shutdown now”, no-x11-forwarding, no-pty, ssh-dss
Configuration file 3:
Operator:x:1000:1000::/home/operator:/bin/bash
Which of the following explains why an intended operator cannot perform the intended action?
- A . The sudoers file is locked down to an incorrect command
- B . SSH command shell restrictions are misconfigured
- C . The passwd file is misconfigured
- D . The SSH command is not allowing a pty session
Following a security assessment, the Chief Information Security Officer (CISO) is reviewing the results of the assessment and evaluating potential risk treatment strategies. As part of the CISO’s evaluation, a judgment of potential impact based on the identified risk is performed. To prioritize response actions, the CISO uses past experience to take into account the exposure factor as well as the external accessibility of the weakness identified.
Which of the following is the CISO performing?
- A . Documentation of lessons learned
- B . Quantitative risk assessment
- C . Qualitative assessment of risk
- D . Business impact scoring
- E . Threat modeling
Security policies that are in place at an organization prohibit USB drives from being utilized across the entire enterprise, with adequate technical controls in place to block them. As a way to still be able to work from various locations on different computing resources, several sales staff members have signed up for a web-based storage solution without the consent of the IT department. However, the operations department is required to use the same service to transmit certain business partner documents.
Which of the following would BEST allow the IT department to monitor and control this behavior?
- A . Enabling AAA
- B . Deploying a CASB
- C . Configuring an NGFW
- D . Installing a WAF
- E . Utilizing a vTPM
CORRECT TEXT
Step 2: If certificate issue is not there then, download the file in your system.
Step 3: Calculate the hash value of the downloaded file.
Step 4: Match the hash value of the downloaded file with the one which you selected on the website.
Step 5: Install the file if the hash value matches.
As part of the development process for a new system, the organization plans to perform requirements analysis and risk assessment. The new system will replace a legacy system, which the organization has used to perform data analytics .
Which of the following is MOST likely to be part of the activities conducted by management during this phase of the project?
- A . Static code analysis and peer review of all application code
- B . Validation of expectations relating to system performance and security
- C . Load testing the system to ensure response times is acceptable to stakeholders
- D . Design reviews and user acceptance testing to ensure the system has been deployed properly
- E . Regression testing to evaluate interoperability with the legacy system during the deployment
Management is reviewing the results of a recent risk assessment of the organization’s policies and procedures. During the risk assessment it is determined that procedures associated with background checks have not been effectively implemented. In response to this risk, the organization elects to revise policies and procedures related to background checks and use a third-party to perform background checks on all new employees.
Which of the following risk management strategies has the organization employed?
- A . Transfer
- B . Mitigate
- C . Accept
- D . Avoid
- E . Reject
After investigating virus outbreaks that have cost the company $1000 per incident, the company’s Chief Information Security Officer (CISO) has been researching new antivirus software solutions to use and be fully supported for the next two years.
The CISO has narrowed down the potential solutions to four candidates that meet all the company’s performance and capability requirements:
Using the table above, which of the following would be the BEST business-driven choice among five possible solutions?
- A . Product A
- B . Product B
- C . Product C
- D . Product D
- E . Product E
A security engineer is attempting to increase the randomness of numbers used in key generation in a system. The goal of the effort is to strengthen the keys against predictive analysis attacks.
Which of the following is the BEST solution?
- A . Use an entropy-as-a-service vendor to leverage larger entropy pools.
- B . Loop multiple pseudo-random number generators in a series to produce larger numbers.
- C . Increase key length by two orders of magnitude to detect brute forcing.
- D . Shift key generation algorithms to ECC algorithms.
A Chief Information Security Officer (CISO) is reviewing the results of a gap analysis with an outside cybersecurity consultant.
The gap analysis reviewed all procedural and technical controls and found the following:
✑ High-impact controls implemented: 6 out of 10
✑ Medium-impact controls implemented: 409 out of 472
✑ Low-impact controls implemented: 97 out of 1000
The report includes a cost-benefit analysis for each control gap.
The analysis yielded the following information:
✑ Average high-impact control implementation cost: $15,000; Probable ALE for each high-impact control gap: $95,000
✑ Average medium-impact control implementation cost: $6,250; Probable ALE for each medium-impact control gap: $11,000
Due to the technical construction and configuration of the corporate enterprise, slightly more than 50% of the medium-impact controls will take two years to fully implement .
Which of the following conclusions could the CISO draw from the analysis?
- A . Too much emphasis has been placed on eliminating low-risk vulnerabilities in the past
- B . The enterprise security team has focused exclusively on mitigating high-level risks
- C . Because of the significant ALE for each high-risk vulnerability, efforts should be focused on those controls
- D . The cybersecurity team has balanced residual risk for both high and medium controls
A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable.
Which of the following solutions BEST meets all of the architect’s objectives?
- A . An internal key infrastructure that allows users to digitally sign transaction logs
- B . An agreement with an entropy-as-a-service provider to increase the amount of randomness in generated keys.
- C . A publicly verified hashing algorithm that allows revalidation of message integrity at a future date.
- D . An open distributed transaction ledger that requires proof of work to append entries.
A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable.
Which of the following solutions BEST meets all of the architect’s objectives?
- A . An internal key infrastructure that allows users to digitally sign transaction logs
- B . An agreement with an entropy-as-a-service provider to increase the amount of randomness in generated keys.
- C . A publicly verified hashing algorithm that allows revalidation of message integrity at a future date.
- D . An open distributed transaction ledger that requires proof of work to append entries.
A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable.
Which of the following solutions BEST meets all of the architect’s objectives?
- A . An internal key infrastructure that allows users to digitally sign transaction logs
- B . An agreement with an entropy-as-a-service provider to increase the amount of randomness in generated keys.
- C . A publicly verified hashing algorithm that allows revalidation of message integrity at a future date.
- D . An open distributed transaction ledger that requires proof of work to append entries.
The data will be hosted and managed outside of the company’s geographical location
The number of users accessing the system will be small, and no sensitive data will be hosted in the solution.
As the security consultant on the project, which of the following should the project’s security consultant recommend as the NEXT step?
- A . Develop a security exemption, as it does not meet the security policies
- B . Mitigate the risk by asking the vendor to accept the in-country privacy principles
- C . Require the solution owner to accept the identified risks and consequences
- D . Review the entire procurement process to determine the lessons learned
A security assessor is working with an organization to review the policies and procedures associated with managing the organization’s virtual infrastructure. During a review of the virtual environment, the assessor determines the organization is using servers to provide more than one primary function, which violates a regulatory requirement. The assessor reviews hardening guides and determines policy allows for this configuration.
It would be MOST appropriate for the assessor to advise the organization to:
- A . segment dual-purpose systems on a hardened network segment with no external access
- B . assess the risks associated with accepting non-compliance with regulatory requirements
- C . update system implementation procedures to comply with regulations
- D . review regulatory requirements and implement new policies on any newly provisioned servers
To prepare for an upcoming audit, the Chief Information Security Officer (CISO) asks for all 1200 vulnerabilities on production servers to be remediated. The security engineer must determine which vulnerabilities represent real threats that can be exploited so resources can be prioritized to migrate the most dangerous risks. The CISO wants the security engineer to act in the same manner as would an external threat, while using vulnerability scan results to prioritize any actions.
Which of the following approaches is described?
- A . Blue team
- B . Red team
- C . Black box
- D . White team
C
Explanation: References:
A security administrator is troubleshooting RADIUS authentication issues from a newly implemented controller-based wireless deployment.
The RADIUS server contains the following information in its logs:
Based on this information, the administrator reconfigures the RADIUS server, which results in the following log data:
To correct this error message, the administrator makes an additional change to the RADIUS server .
Which of the following did the administrator reconfigure on the RADIUS server? (Select TWO)
- A . Added the controller address as an authorized client
- B . Registered the RADIUS server to the wireless controller
- C . Corrected a mismatched shared secret
- D . Renewed the expired client certificate
- E . Reassigned the RADIUS policy to the controller
- F . Modified the client authentication method
A legacy web application, which is being used by a hospital, cannot be upgraded for 12 months. A new vulnerability is found in the legacy application, and the networking team is tasked with mitigation. Middleware for mitigation will cost $100,000 per year .
Which of the following must be calculated to determine ROI? (Choose two.)
- A . ALE
- B . RTO
- C . MTBF
- D . ARO
- E . RPO
A security administrator was informed that a server unexpectedly rebooted.
The administrator received an export of syslog entries for analysis:
Which of the following does the log sample indicate? (Choose two.)
- A . A root user performed an injection attack via kernel module
- B . Encrypted payroll data was successfully decrypted by the attacker
- C . Jsmith successfully used a privilege escalation attack
- D . Payroll data was exfiltrated to an attacker-controlled host
- E . Buffer overflow in memory paging caused a kernel panic
- F . Syslog entries were lost due to the host being rebooted
Legal counsel has notified the information security manager of a legal matter that will require the preservation of electronic records for 2000 sales force employees. Source records will be email, PC, network shares, and applications.
After all restrictions have been lifted, which of the following should the information manager review?
- A . Data retention policy
- B . Legal hold
- C . Chain of custody
- D . Scope statement
An organization is in the process of integrating its operational technology and information technology areas. As part of the integration, some of the cultural aspects it would like to see include more efficient use of resources during change windows, better protection of critical infrastructure, and the ability to respond to incidents.
The following observations have been identified:
✑ The ICS supplier has specified that any software installed will result in lack of support.
✑ There is no documented trust boundary defined between the SCADA and corporate networks.
✑ Operational technology staff have to manage the SCADA equipment via the engineering workstation.
✑ There is a lack of understanding of what is within the SCADA network.
Which of the following capabilities would BEST improve the security position?
- A . VNC, router, and HIPS
- B . SIEM, VPN, and firewall
- C . Proxy, VPN, and WAF
- D . IDS, NAC, and log monitoring
A systems administrator has installed a disk wiping utility on all computers across the organization and configured it to perform a seven-pass wipe and an additional pass to overwrite the disk with zeros. The company has also instituted a policy that requires users to erase files containing sensitive information when they are no longer needed.
To ensure the process provides the intended results, an auditor reviews the following content from a randomly selected decommissioned hard disk:
Which of the following should be included in the auditor’s report based on the above findings?
- A . The hard disk contains bad sectors
- B . The disk has been degaussed.
- C . The data represents part of the disk BIOS.
- D . Sensitive data might still be present on the hard drives.
A security engineer is assisting a developer with input validation, and they are studying the following code block:
The security engineer wants to ensure strong input validation is in place for customer-provided account identifiers. These identifiers are ten-digit numbers. The developer wants to ensure input validation is fast because a large number of people use the system.
Which of the following would be the BEST advice for the security engineer to give to the developer?
- A . Replace code with Java-based type checks
- B . Parse input into an array
- C . Use regular expressions
- D . Canonicalize input into string objects before validation
An organization’s mobile device inventory recently provided notification that a zero-day vulnerability was identified in the code used to control the baseband of the devices. The device manufacturer is expediting a patch, but the rollout will take several months Additionally several mobile users recently returned from an overseas trip and report their phones now contain unknown applications, slowing device performance Users have been unable to uninstall these applications, which persist after wiping the devices.
Which of the following MOST likely occurred and provides mitigation until the patches are released?
- A . Unauthentic firmware was installed, disable OTA updates and carrier roaming via MDM.
- B . Users opened a spear-phishing email: disable third-party application stores and validate all signed code prior to execution.
- C . An attacker downloaded monitoring applications; perform a full factory reset of the affected devices.
- D . Users received an improperly encoded emergency broadcast message, leading to an integrity loss condition; disable emergency broadcast messages
A software development team is conducting functional and user acceptance testing of internally developed web applications using a COTS solution. For automated testing, the solution uses valid user credentials from the enterprise directory to authenticate to each application. The solution stores the username in plain text and the corresponding password as an encoded string in a script within a file, located on a globally accessible network share. The account credentials used belong to the development team lead.
To reduce the risks associated with this scenario while minimizing disruption to ongoing testing, which of the following are the BEST actions to take? (Choose two.)
- A . Restrict access to the network share by adding a group only for developers to the share’s ACL
- B . Implement a new COTS solution that does not use hard-coded credentials and integrates with directory services
- C . Obfuscate the username within the script file with encoding to prevent easy identification and the account used
- D . Provision a new user account within the enterprise directory and enable its use for authentication to the target applications. Share the username and password with all developers for use in their individual scripts
- E . Redesign the web applications to accept single-use, local account credentials for authentication
An architect was recently hired by a power utility to increase the security posture of the company’s power generation and distribution sites. Upon review, the architect identifies legacy hardware with highly vulnerable and unsupported software driving critical operations. These systems must exchange data with each other, be highly synchronized, and pull from the Internet time sources .
Which of the following architectural decisions would BEST reduce the likelihood of a successful attack without harming operational capability? (Choose two.)
- A . Isolate the systems on their own network
- B . Install a firewall and IDS between systems and the LAN
- C . Employ own stratum-0 and stratum-1 NTP servers
- D . Upgrade the software on critical systems
- E . Configure the systems to use government-hosted NTP servers
A Chief Information Officer (CIO) publicly announces the implementation of a new financial system.
As part of a security assessment that includes a social engineering task, which of the following tasks should be conducted to demonstrate the BEST means to gain information to use for a report on social vulnerability details about the financial system?
- A . Call the CIO and ask for an interview, posing as a job seeker interested in an open position
- B . Compromise the email server to obtain a list of attendees who responded to the invitation who is on the IT staff
- C . Notify the CIO that, through observation at events, malicious actors can identify individuals to befriend
- D . Understand the CIO is a social drinker, and find the means to befriend the CIO at establishments the CIO frequents
An agency has implemented a data retention policy that requires tagging data according to type before storing it in the data repository. The policy requires all business emails be automatically deleted after two years. During an open records investigation, information was found on an employee’s work computer concerning a conversation that occurred three years prior and proved damaging to the agency’s reputation .
Which of the following MOST likely caused the data leak?
- A . The employee manually changed the email client retention settings to prevent deletion
of emails - B . The file that contained the damaging information was mistagged and retained on the server for longer than it should have been
- C . The email was encrypted and an exception was put in place via the data classification application
- D . The employee saved a file on the computer’s hard drive that contained archives of emails, which were more than two years old
A financial consulting firm recently recovered from some damaging incidents that were associated with malware installed via rootkit. Post-incident analysis is ongoing, and the incident responders and systems administrators are working to determine a strategy to reduce the risk of recurrence. The firm’s systems are running modern operating systems and feature UEFI and TPMs .
Which of the following technical options would provide the MOST preventive value?
- A . Update and deploy GPOs
- B . Configure and use measured boot
- C . Strengthen the password complexity requirements
- D . Update the antivirus software and definitions
The Chief Executive Officer (CEO) of a small company decides to use cloud computing to host critical corporate data for protection from natural disasters. The recommended solution is to adopt the public cloud for its cost savings If the CEO insists on adopting the public cloud model, which of the following would be the BEST advice?
- A . Ensure the cloud provider supports a secure virtual desktop infrastructure
- B . Ensure the colocation facility implements a robust DRP to help with business continuity planning.
- C . Ensure the on-premises datacenter employs fault tolerance and load balancing capabilities.
- D . Ensure the ISP is using a standard help-desk ticketing system to respond to any system outages
At a meeting, the systems administrator states the security controls a company wishes to implement seem excessive, since all of the information on the company’s web servers can be obtained publicly and is not proprietary in any way. The next day the company’s website is defaced as part of an SQL injection attack, and the company receives press inquiries about the message the attackers displayed on the website.
Which of the following is the FIRST action the company should take?
- A . Refer to and follow procedures from the company’s incident response plan.
- B . Call a press conference to explain that the company has been hacked.
- C . Establish chain of custody for all systems to which the systems administrator has access.
- D . Conduct a detailed forensic analysis of the compromised system.
- E . Inform the communications and marketing department of the attack details.
A newly hired security analyst has joined an established SOC team. Not long after going through corporate orientation, a new attack method on web-based applications was publicly revealed. The security analyst immediately brings this new information to the team lead, but the team lead is not concerned about it.
Which of the following is the MOST likely reason for the team lead’s position?
- A . The organization has accepted the risks associated with web-based threats.
- B . The attack type does not meet the organization’s threat model.
- C . Web-based applications are on isolated network segments.
- D . Corporate policy states that NIPS signatures must be updated every hour.
A security analyst, who is working in a Windows environment, has noticed a significant amount of IPv6 traffic originating from a client, even though IPv6 is not currently in use. The client is a stand-alone device, not connected to the AD that manages a series of SCADA devices used for manufacturing .
Which of the following is the appropriate command to disable the client’s IPv6 stack?
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D