An organization announces that all employees will need to work remotely for an extended period of time. All
employees will be provided with a laptop and supported hardware to facilitate this requirement. The
organization asks the information security division to reduce the risk during this time. Which of the following
is a technical control that will reduce the risk of data loss if a laptop is lost or stolen? A Requiring the use of the corporate VPN b Requiring the screen to be locked after five minutes of inactivity C Requiring the laptop to be locked in a cabinet when not in use D Requiring full disk encryption.
The security team decides to meet informally to discuss and test their response plan for potential security breaches and emergency situations. Which of the following types of training will the security team perform? A. Tabletop exercise B. Red-team attack C. System assessment implementation D. Blue-team training E. White-team engagement.
Which of the following are considered PII by themselves? (Choose two.) A. Government ID B. Job title C. Employment start date D. Birth certificate E. Employer address F. Mother's maiden name.
A security analyst has received a report that servers are no longer able to connect to the network. After many hours of troubleshooting, the analyst determines a
Group Policy Object is responsible for the network connectivity issues. Which of the following solutions should the security analyst recommend to prevent an interruption of service in the future?
A. CI/CD pipeline B. Impact analysis and reporting C. Appropriate network segmentation D. Change management process .
A computer hardware manufacturer is developing a new SoC that will be used by mobile devices. The SoC should not allow users or the process to downgrade from a newer firmware to an older one. Which of the following can the hardware manufacturer implement to prevent firmware downgrades? A. Encryption B. eFuse C. Secure Enclave D. Trusted execution
.
A security officer needs to find a most cost-effective solution to the current data privacy and protection gap found in the last security assessment. Which of the following is the most cost-effective solution?
A. Require users to sign NDAs. B. Create a data minimization plan. C. Add access control requirements. D. Implement a data loss prevention solution.
During a review of recent network traffic, an analyst realizes the team has seen this same traffic multiple times in the past three weeks, and it resulted in confirmed malware activity. The analyst also notes there is no other alert in place for this traffic. After resolving the security incident, which of the following would be the BEST action for the analyst to take to increase the chance of detecting this traffic in the future?
A. Share details of the security incident with the organization's human resources management team. B. Note the security incident to other analysts so they are aware of the traffic. C. Communicate the security incident to the threat team for further review and analysis. D. Report the security incident for inclusion in the daily report.
software developer is correcting the error-handling capabilities of an application following the initial coding of the fix. Which of the following would the software developer MOST likely perform to validate the code prior to pushing it to production? A. Web-application vulnerability scan B. Static analysis C. Packet inspection D. Penetration test.
A business recently acquired a software company. The software company's security posture is unknown. However, based on an initial assessment, there are limited security controls. No significant security monitoring exists. Which of the following is the NEXT step that should be completed to obtain information about the software company's security posture?
A. Develop an asset inventory to determine the systems within the software company. B. Review relevant network drawings, diagrams, and documentation. C. Perform penetration tests against the software company's internal and external networks. D. Baseline the software company's network to determine the ports and protocols in use.
A company offers a hardware security appliance to customers that provides remote administration of a device on the customer's network. Customers are not authorized to alter the configuration. The company deployed a software process to manage unauthorized changes to the appliance, log them, and forward them to a central repository for evaluation. Which of the following processes is the company using to ensure the appliance is not altered from its original configured state? A. CI/CD B. Software assurance C. Anti-tamper D. Change management .
A user reports a malware alert to the help desk. A technician verifies the alert, determines the workstation is classified as a low-severity device, and uses network controls to block access. The technician then assigns the ticket to a security analyst who will complete the eradication and recovery processes. Which of the following should the security analyst do NEXT? A. Document the procedures and walkthrough the incident training guide B. Reverse engineer the malware to determine its purpose and risk to the organization C. Sanitize the workstation and verify countermeasures are restored D. Isolate the workstation and issue a new computer to the user.
A security analyst is scanning the network to determine if a critical security patch was applied to all systems in an enterprise. The organization has a very low tolerance for risk when it comes to resource availability. Which of the following is the BEST approach for configuring and scheduling the scan?
A. Make sure the scan is credentialed, covers all hosts in the patch management system, and is scheduled during business hours so it can be terminated if it affects business operations. B. Make sure the scan is uncredentialed, covers all hosts in the patch management system, and is scheduled during off-business hours so it has the least impact on operations. C. Make sure the scan is credentialed, has the latest software and signature versions, covers all external hosts in the patch management system, and is scheduled during off-business hours so it has the least impact on operations. D. Make sure the scan is credentialed, uses a limited plug-in set, scans all host IP addresses in the enterprise, and is scheduled during off-business hours so it has the least impact on operations.
A cybersecurity analyst is researching operational data to develop a script that will detect the presence of a
threat on corporate assets. Which of the following contains the most useful information to produce this script? A API documentation B Protocol analysis captures C MITRE ATT&CK reports D. OpenloC files.
A. 66.187.224.210 set up a DNS hijack with 192.168.12.21. B. 192.168.12.21 made a TCP connection to 66.187.224.210 C. 192.168.12.21 made a TCP connection to 209.132.177.50. D. 209.132.177.50 set up a TCP reset attack to 192.168.12.21.
A company stores all of its data in the cloud. All company-owned laptops are currently unmanaged, and all users have administrative rights. The security team is having difficulty identifying a way to secure the environment. Which of the following would be the BEST method to protect the company's data?
A. Implement UEM on all systems and deploy security software. B. Implement DLP on all workstations and block company data from being sent outside the company. C. Implement a CASB and prevent certain types of data from being downloaded to a workstation. D. Implement centralized monitoring and logging for all company systems.
A. Remove rules 1, 2, and 3. B. Remove rules 1, 2, 4, and 5. C. Remove rules 1, 2, 3, 4, and 5. D. Remove rules 1. 2, and 5. E. Remove rules 1, 4, and 5. F. Remove rules 4 and 5.
A technician working at company.com received the following email:
After looking at the above communication, which of the following should the technician recommend to the
security team to prevent exposure of sensitive information and reduce the risk of corporate data being stored
on non-corporate assets? Discutabil A. Forwarding of corporate email should be disallowed by the company. B. A VPN should be used to allow technicians to troubleshoot computer issues securely. C. An email banner should be implemented to identify emails coming from external sources. D. A rule should be placed on the DLP to flag employee IDs and serial numbers.
The management team has asked a senior security engineer to explore DLP security solutions for the
company's growing use of cloud-based storage. Which of the following is an appropriate solution to control
the sensitive data that is being stored in the cloud? A. NAC B. IPS C. CASB D. WAF.
An organization's internal department frequently uses a cloud provider to store large amounts of sensitive data. A threat actor has deployed a virtual machine to attack another virtual machine to gain access to the data. Through the use of the cloud host's hypervisor, the threat actor has escalated the access rights. Which of the following actions would be BEST to remediate the vulnerability the attacker has used to exploit the system? A. Sandbox the virtual machine. B. Implement an MFA solution. C. Update to the secure hypervisor version. D. Implement dedicated hardware for each customer.
A security analyst identified one server that was compromised and used as a data mining machine, and a clone of the hard drive that was created. Which of the following will MOST likely provide information about when and how the machine was compromised and where the malware is located? A. System timeline reconstruction B. System registry extraction C. Data carving D. Volatile memory analysis .
Due to continued support of legacy applications, an organization's enterprise password complexity rules are inadequate for its required security posture. Which of the following is the BEST compensating control to help reduce authentication compromises? A. Smart cards B. Multifactor authentication C. Biometrics D. Increased password-rotation frequency.
A consultant is evaluating multiple threat intelligence feeds to assess potential risks for a client. Which of the following is the BEST approach for the consultant to consider when modeling the client's attack surface? A. Ask for external scans from industry peers, look at the open ports, and compare information with the client. B. Discuss potential tools the client can purchase to reduce the likelihood of an attack. C. Look at attacks against similar industry peers and assess the probability of the same attacks happening. D. Meet with the senior management team to determine if funding is available for recommended solutions.
Which of the following BEST explains the function of trusted firmware updates as they relate to hardware assurance?
A. Trusted firmware updates provide organizations with development, compilation, remote access, and customization for embedded devices. B. Trusted firmware updates provide organizations with security specifications, open-source libraries, and custom tools for embedded devices. C. Trusted firmware updates provide organizations with remote code execution, distribution, maintenance, and extended warranties for embedded devices. D. Trusted firmware updates provide organizations with secure code signing, distribution, installation, and attestation for embedded devices.
|
