A. Uninstall the DNS service B. Perform a vulnerability scan. C. Change the server's IP to a private IP address. D. Disable the Telnet service. E. Block port 80 with the host-based firewall. F. Change the SSH port to a non-standard port.
An organization needs to limit its exposure to accidental disclosure when employees send emails that contain personal information to recipients outside the company. Which of the following technical controls would BEST accomplish this goal?
A. DLP B. Encryption C. Data masking D. SPF.
A security analyst received a series of antivirus alerts from a workstation segment, and users reported ransomware messages. During lessons-learned activities, the analyst determines the antivirus was able to alert to abnormal behavior but did not stop this newest variant of ransomware. Which of the following actions should be taken to BEST mitigate the effects of this type of threat in the future? A. Enabling sandboxing technology B. Purchasing cyber insurance C. Enabling application blacklisting D. Installing a firewall between the workstations and internet.
The Chief Information Officer (CIO) of a large healthcare institution is concerned about all machines having direct access to sensitive patient information. Which of the following should the security analyst implement to BEST mitigate the risk of sensitive data exposure? A. A cloud access service broker system B. NAC to ensure minimum standards are met C. MFA on all workstations D. Network segmentation.
Which of the following data security controls would work BEST to prevent real PII from being used in an organization's test cloud environment?
A. Encryption B. Data loss prevention C. Data masking D. Digital rights management E. Access control.
A security team wants to make SaaS solutions accessible from only the corporate campus.
Which of the following would BEST accomplish this goal? A. Geofencing B. IP restrictions C. Reverse proxy D. Single sign-on.
A security analyst receives an alert to expect increased and highly advanced cyberattacks originating from a foreign country that recently had sanctions implemented. Which of the following describes the type of threat actors that should concern the security analyst?
A. Insider threat B. Nation-state C. Hacktivist D. Organized crime.
A security analyst reviews SIEM logs and detects a well-known malicious executable running in a Windows machine. The up-to-date antivirus cannot detect the malicious executable. Which of the following is the MOST likely cause of this issue?
A. The malware is fileless and exists only in physical memory B. The malware detects and prevents its own execution in a virtual environment C. The antivirus does not have the malware's signature D. The malware is being executed with administrative privileges
.
A proposed network architecture requires systems to be separated from each other logically based on defined risk levels. Which of the following explains the reason why an architect would set up the network this way?
A. To complicate the network and frustrate a potential malicious attacker B. To create a design that simplifies the supporting network C. To reduce the attack surface of those systems by segmenting the network based on risk D. To reduce the number of IP addresses that are used on the network.
An organization that uses SPF has been notified emails sent via its authorized third-party partner are getting rejected. A security analyst reviews the DNS entry and sees the following: v=spf1 ip4:180.10.6.5 ip4:180.10.6.10 include:robusmail.com `"all
The organization's primary mail server IP is 180.10.6.6, and the secondary mail server IP is 180.10.6.5. The organization's third-party mail provider is `Robust Mail` with the domain name robustmail.com. Which of the following is the MOST likely reason for the rejected emails?
A. SPF version 1 does not support third-party providers. B. The primary and secondary email server IP addresses are out of sequence. C. An incorrect IP version is being used. D. The wrong domain name is in the SPF record. .
A company has contracted with a software development vendor to design a web portal for customers to access a medical records database. Which of the following should the security analyst recommend to BEST control the unauthorized disclosure of sensitive data when sharing the development database with the vendor? A. Establish an NDA with the vendor. B. Enable data masking of sensitive data tables in the database. C. Set all database tables to read only. D. Use a de-identified data process for the development database. .
A company uses self-signed certificates when sending emails to recipients within the company. Users are calling the help desk because they are getting warnings when attempting to open emails sent by internal users. A security analyst checks the certificates and sees the following:
Issued to: user@company.com -
Issued by: certServer.company.com
Valid from: 1/1/2020 to 1/1/2030
Which of the following should the security analyst conclude?
A. user@company.com is a malicious insider. B. The valid dates are too far apart and are generating the alerts. C. certServer has been compromised. D. The root certificate was not installed in the trusted store. .
A company's security administrator needs to automate several security processes related to testing for the existence of changes within the environment.
Conditionally, other processes will need to be created based on input from prior processes. Which of the following is the BEST method for accomplishing this task? A. Machine learning and process monitoring B. Continuous integration and configuration management C. API integration and data enrichment D. Workflow orchestration and scripting.
A company recently experienced similar network attacks. To determine whether the attacks were identical, the company should gather a list of IPs domains, and files and use: A. behavior data B. the Diamond Model of Intrusion Analysis. C. the attack kill chain. D. the reputational data.
A security analyst receives a CVE bulletin, which lists several products that are used in the enterprise. The analyst immediately deploys a critical security patch.
Which of the following BEST describes the reason for the analyst's immediate action? A. Nation-state hackers are targeting the region. B. A new vulnerability was discovered by a vendor. C. A known exploit was discovered. D. A new zero-day threat needs to be addressed. E. There is an insider threat.
A company recently hired a new SOC provider and implemented new incident response procedures. Which of the following conjoined approaches would MOST likely be used to evaluate the new implementations for monitoring and incident response at the same time? (Choose two.)
A. Blue-team exercise B. Disaster recovery exercise C. Red-team exercise D. Gray-box penetration test E. Tabletop exercise F. Risk assessment.
Portions of a legacy application are being refactored to discontinue the use of dynamic SQL. Which of the following would be BEST to implement in the legacy application?
A. Input validation B. SQL injection C. Parameterized queries D. Web-application firewall E. Multifactor authentication.
An international company is implementing a marketing campaign for a new product and needs a security analyst to perform a threat-hunting process to identify possible threat actors. Which of the following should be the analyst’s primary focus?
A. Hacktivists B. Organized crime C. Nation-states D. Insider threats.
A security team identified some specific known tactics and techniques to help mitigate repeated credential access threats, such as account manipulation and brute forcing. Which of the flowing frameworks or models did the security team MOST likely use to identify the tactics and techniques?
A. MITRE ATT&CK B. ITIL C. Kill chain D. Diamond Model of intrusion Analysis
.
A company that uses email for all internal and external communications received a legal notice from a vendor that was disputing a contract award.
The company needs to implement ta legal hold on the email of users who were involved in the vendor selection process and the awarding of the contract. Which of the following describes the appropriate steps that should be taken to comply with the legal notice?
A. Notify the security team of the legal hold and remove user access to the email accounts. B. Coordinate with legal counsel and then not the security team to ensure the appropriate email accounts are frozen. C. Disable the user accounts that are associated with the legal hold and create new user accounts so they can continue doing business. D. Encrypt messages that are associated with the legal hold and initiate a chain of custody to ensure admissibility in future legal proceedings.
A penetration tester physically enters a datacenter and attaches a small device to a switch. As part of the tester's effort to evaluate which nodes are present on the network, the tester places the network adapter in promiscuous mode and logs traffic for later analysis. Which of the following is the tester performing?
A. Credentialed scanning B. Passive scanning C. Protocol analysis D. SCAP scanning E. Network segmentation.
While reviewing a cyber-risk assessment, an analyst notes there are concerns related to FPGA usage. Which of the following statements would BEST convince the analyst's supervisor to use additional controls? A. FPGAs are expensive and can only be programmed once. Code deployment safeguards are needed. B. FPGAs have an inflexible architecture. Additional training for developers is needed. C. FPGAs are vulnerable to malware installation and require additional protections for their codebase. D. FPGAs are expensive to produce. Anti-counterfeiting safeguards are needed. .
Which of the following BEST explains hardware root of trust?
A. It uses the processor security extensions to protect the OS from malicious software installation. B. It prevents side-channel attacks that can take advantage of speculative execution vulnerabilities. C. It ensures the authenticity of firmware and software during the boot process until the OS is loaded. D. It has been implemented as a mitigation to the Spectre and Meltdown hardware vulnerabilities.
A security engineer must deploy X 509 certificates to two web servers behind a load balancer. Each web server is configured identically. Which of the following should be done to ensure certificate name mismatch errors do not occur?
A. Create two certificates, each with the same fully qualified domain name, and associate each with the web servers’ real IP addresses on the load balancer. B. Create one certificate on the load balancer and associate the site with the web servers’ real IP addresses. C. Create two certificates, each with the same fully qualified domain name, and associate each with a corresponding web server behind the load balancer. D. Create one certificate and export it to each web server behind the load balancer.
A. SPF is failing. B. The DMARC queue is full. C. The DKIM private key has expired D. Port 25 is not open.
.
A. To reject email from servers that are not listed in the SPF record B. To reject email from email addresses that are not digitally signed. C. To accept email to the company's domain. D. To reject email from users who are not authenticated to the network.
A security analyst is reviewing existing email protection mechanisms to generate a report. The analysis finds the following DNS records:
Record 1 -
v=spf1 ip4:192:168.0.0/16 include:_spf.marketing.com include: thirdpartyprovider.com ~all
Record 2 -
“v=DKIM1\ k=rsa\; p=MIGfMA0GCSqh7d8hyh78Gdg87gd98hag86ga98dhay8gd7ashdca7yg79auhudig7df9ah8g76ag98dhay87ga9”
Record 3 -
_dmarc.comptia.com TXT v=DMARC1\; p=reject\; pct=100; rua=mailto:dmarc-reports@comptia.com
Which of the following options provides accurate information to be included in the report?
A. Record 3 serves as a reference of the security features configured at Record 1 and 2. B. Record 1 is used as a blocklist mechanism to filter unauthorized senders. C. Record 2 is used as a key to encrypt all outbound messages sent. D. The three records contain private information that should not be disclosed.
An organization’s Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained. Which of the following roles would MOST likely include these responsibilities? A. Data protection officer B. Data owner C. Backup administrator D. Data custodian E. Internal auditor.
A remote code execution vulnerability was discovered in the RDP. An organization currently uses RDP for remote access to a portion of its VDI environment. The analyst verified network-level authentication is enabled. Which of the following is the BEST remediation for this vulnerability?
A. Verify the threat intelligence feed is updated with the latest solutions. B. Verify the system logs do not contain indicators of compromise. C. Verify the latest endpoint-protection signature is in place. D. Verify the corresponding patch for the vulnerability is installed. .
|
