قو مشمش قو مشمش
You’ve hired a third-party to gather information about your company’s servers and data. The third-party will not have direct access to your internal network but can gather information from any other source. Which of the following would best describe this approach?
A. Backdoor testing
B. Passive reconnaissance
C. OS fingerprinting
D. Grey box penetration testing
Which of these protocols use TLS to provide secure communication? (Select TWO)
A. HTTPS
B. SSH
C. FTPS
D. SNMPv2
E. DNSSEC
F. SRTP
Which of these threat actors would be MOST likely to attack systems for direct financial gain?
A. Organized crime
B. Hacktivist
C. Nation state
D. Competitor
A security incident has occurred on a file server. Which of the following data sources should be gathered to address file storage volatility? (Select TWO)
A. Partition data
B. Kernel statistics
C. ROM data
D. Temporary file systems
E. Process table
Which of the following would attempt to exploit a vulnerability associated with a specific application?
A. Vulnerability scan
B. Active reconnaissance
C. Penetration test
D. Port scan
An IPS at your company has found a sharp increase in traffic from all-in-one printers. After researching, your security team has found a vulnerability associated with these devices that allows the device to be remotely controlled by a third-party. Which category would BEST describe these devices?
A. IoT
B. RTOS
C. MFD
D. SoC
Elizabeth, a security administrator, is concerned about the potential for data exfiltration using external storage drives. Which of the following would be the BEST way to prevent this method of data exfiltration?
A. Create an operating system security policy to prevent the use of removable media
B. Monitor removable media usage in host-based firewall logs
C. Only whitelist applications that do not use removable media
D. Define a removable media block rule in the UTM
Tayla is a help desk administrator for a major transportation company. Her help desk has suddenly been overwhelmed by phone calls from customers. The customers are complaining that their browser is giving a message that the company’s website is untrusted. Which of the following would be the MOST likely reason for this issue?
A. The web server is not running the latest version of software
B. The corporate firewall is misconfigured
C. A content filter is blocking web server traffic
D. The web server has a certificate issue
Richard, an engineer, has been posting pictures of a not-yet-released company product on an online forum. Richard believed the forum was limited to a small group, but his pictures were actually posted on a publicly accessible area of the site. Which of the following company policies should be discussed with Richard?
A. Personal email
B. Unauthorized software
C. Social media
D. Certificate issues
A group of universities sponsor a monthly speaking event that is attended by faculty from many different schools. Each month, a different university is selected to host the event. The IT staff for the event would like to allow access to the local wireless network using the faculty member’s normal authentication credentials. These credentials should properly authenticate, even when the faculty member is not physically located at their home campus. Which of the following authentication methods would be the BEST choice for this requirement?
A. RADIUS federation
B. 802.1X
C. PEAP
D. EAP-FAST
A system administrator, Daniel, is working on a contract that will specify a minimum required uptime for a set of Internet-facing firewalls. Daniel needs to know how often the firewall hardware is expected to fail between repairs. Which of the following would BEST describe this information?
A. MTBF
B. RTO
C. MTTR
D. MTTF
An attacker calls into a company’s help desk and pretends to be the director of the company’s manufacturing department. The attacker states that they have forgotten their password and they need to have the password reset quickly for an important meeting. The help desk engineer requests the employee’s ID number and sends a password reset validation code to the user’s registered mobile device number. What kind of attack is the help desk engineer preventing by following these processes?
A. Social engineering
B. Tailgating
C. Vishing
D. Man-in-the-middle
A security administrator has been using EAP-FAST wireless authentication since the migration from WEP to WPA2. The company’s network team now needs to support additional authentication protocols inside of an encrypted tunnel. Which of the following would meet the network team’s requirements?
A. EAP-TLS
B. PEAP
C. EAP-TTLS
D. EAP-MSCHAPv2
Which of the following would be commonly provided by a CASB? (Select TWO)
A. List of all internal Windows devices that have not installed the latest security patches
B. List of applications in use
C. Centralized log storage facility
D. List of network outages for the previous month
E. Verification of encrypted data transfers
F. VPN connectivity for remote users
The embedded OS in a company’s time clock appliance is configured to reset the file system and reboot when a file system error occurs. On one of the time clocks, this file system error occurs during the startup process and causes the system to constantly reboot. This loop continues until the time clock is powered down. Which of the following BEST describes this issue?
A. DLL injection
B. Resource exhaustion
C. Race condition
D. Weak configuration
A recent audit has found that existing password policies do not include any restrictions on password attempts, and users are not required to periodically change their passwords. Which of the following would correct these policy issues? (Select TWO)
A. Password complexity
B. Password expiration
C. Password history
D. Password lockout
E. Password recovery
What kind of security control is associated with a login banner?
A. Preventive
B. Deterrent
C. Corrective
D. Detective
E. Compensating
F. Physical
Your security team has been provided with an uncredentialed vulnerability scan report created by a third-party. Which of the following would you expect to see on this report?
A. A summary of all files with invalid group assignments
B. A list of all unpatched operating system files
C. The version of web server software in use
D. A list of local user accounts
. The security team of a small manufacturing company is investigating a compromised server that resulted in a defaced internal website home page. The web server had been running for a year, but no security patches were ever applied. Logs from the web server show a large number of attacks containing well-known exploits occurred just before the server was defaced. Which of these would be the MOST likely source of this attack?
A. Hacktivist
B. Script kiddie
C. Insider
D. Nation state
Which of these would be MOST significant security concern for an insider threat?
A. Passwords written on sticky notes
B. An unpatched file server
C. A VPN concentrator that uses an older encryption cipher
D. Limited bandwidth available on the Internet link
A security administrator would like to limit access from a user VLAN to the server VLAN. All traffic to the server VLAN communicates through the core router. Users should only be able to connect to servers using standard protocols. Which of the following options would be the BEST way to implement this security feature?
A. Configure a reverse proxy
B. Define an ACL on the core router
C. Replace the core router with a layer 3 firewall
D. Add a load balancer for each server cluster
A file server has a full backup performed each Monday at 1 AM. Incremental backups are performed at 1 AM on Tuesday, Wednesday, Thursday, and Friday. The system administrator needs to perform a full recovery of the file server on Thursday afternoon. How many backup sets would be required to complete the recovery?
A. 2
B. 3
C. 4
D. 1
Jack, a security engineer, runs a monthly vulnerability scan and creates a report with the results. The latest report doesn’t list any vulnerabilities for Windows servers, but a significant vulnerability was announced last week and none of the servers are patched yet. The vulnerability scanner is running the latest set of signatures. Which of the following best describes this result?
A. Exploit
B. False positive
C. Zero-day attack
D. False negative
. A security administrator is reviewing a 30-day access report to determine if there are any unusual or unexpected authentications. After these reviews, the security administrator decides to add additional authentication controls to the existing infrastructure. Which of the following should be added by the security administrator? (Select TWO)
A. TOTP
B. Least privilege
C. Role-based awareness training
D. Separation of duties
E. Job rotation
F. Smart Card
A network administrator would like to reconfigure the authentication process on the company’s wireless network. Instead of using the same wireless password for all users, the administrator would like each user to authenticate with their personal username and password. Which of the following should the network administrator configure on the wireless access points?
A. WPA2-PSK
B. 802.1X
C. WPS
D. WPA2-AES
Which of the following technologies use a challenge message during the authentication process?
A. TLS
B. TACACS+
C. Kerberos
D. CHAP
A user has saved a presentation file to a network drive, and the user has assigned individual rights and permissions to the file. Prior to the presentation date, the user adds three additional individuals to have readonly access to the file. Which of the following would describe this access control model?
A. DAC
B. MAC
C. ABAC
D. RBAC
The network administrator for an organization is building a security strategy that can continually monitor the network and systems for threats. This strategy focuses on protecting the automated creation of cloud-based services, the teardown process of cloud-based services, and the rollback of cloud-based services from one version to another. Which of the following BEST describes the environment that the network administrator will secure?
A. Redundant
B. Highly-available
C. Fault-tolerant
D. Non-persistent
A department store offers gift certificates that can be used to purchase merchandise. The store policy requires that a floor manager approves each transaction when a gift certificate is used for payment. The security team has found that some of these transactions have been processed without the approval of a manager. Which of the following would provide a separation of duties to enforce this store policy?
A. Use a WAF to monitor all gift certificate transactions
B. Disable all gift certificate transactions for cashiers
C. Implement a discretionary access control policy
D. Require an approval PIN for the cashier and a separate approval PIN for the manager
Which of the following is true of a rainbow table? (Select TWO)
A. The rainbow table is built in real-time during the attack
B. Rainbow tables are the most effective online attack type
C. Rainbow tables require significant CPU cycles at attack time
D. Different tables are required for different hashing methods
E. A rainbow table won’t be useful if the passwords are salted
Before an application is moved into production, a company’s development team runs a static code analyzer to identify any security vulnerabilities. In the latest scan, the analyzer has identified seven security issues. After reviewing the code, the development team finds that only five of the reported vulnerabilities are actual security problems. Which of the following would BEST describe the two incorrect vulnerability reports?
A. Normalization
B. Fuzzing
C. Obfuscation
D. False positive
Which of these cloud deployment models would share resources between a private virtualized data center and externally available cloud services?
A. SaaS
B. Community
C. Hybrid
D. Containerization
A company hires a large number of seasonal employees, and those contracts commonly end after the beginning of the calendar year. All system access should be disabled when an employee leaves the company, and the security administrator would like to verify that their systems cannot be accessed by any of the former employee accounts. Which of the following would be the BEST way to provide this verification? (Select TWO)
A. Confirm that no unauthorized accounts have administrator access
B. Validate the account lockout policy
C. Audit and verify the operational status of all accounts
D. Create a report that shows all authentications for a 24-hour period
E. Validate the processes and procedures for all outgoing employees
F. Schedule a required password change for all accounts
Sam has just replaced a broken wireless access point in a warehouse. With the new access point online, only a portion of the wireless devices are able to connect to the network. Other devices can see the access point, but they are not able to connect even when using the correct wireless settings. Which of the following security features did Sam MOST likely enable?
A. MAC filtering
B. SSID broadcast suppression
C. 802.1X authentication
D. Anti-spoofing
E. LWAPP management
An attacker has discovered a way to disable a server by sending a specially crafted packet to the operating system. When the packet is received, the system crashes and must be rebooted to restore normal operations. Which of the following would BEST describe this situation?
A. Privilege escalation
B. Spoofing
C. Replay attack
D. DoS
A data breach has occurred in a large insurance company. A security administrator is building new servers and security systems to get all of the financial systems back online. Which part of the incident response process would BEST describe these actions?
A. Lessons learned
B. Isolation and containment
C. Reconstitution
D. Precursors
A service technician would like to protect some private information sent over email. This information should only be viewable by the recipient. Which of these cryptographic algorithms would be the BEST choice?
A. MD5
B. HMAC
C. SHA-2
D. RC4
Your CISO (Chief Information Security Officer) has contracted with a third-party to identify security vulnerabilities associated with all Internetfacing systems. This organization has identified a significant vulnerability in the newly-released firewall used in your DMZ. When you contact the firewall company, you find there are no plans to create a patch for this specific vulnerability. Which of the following would BEST describe this issue?
A. Lack of vendor support
B. Improper input handling
C. Improper key management
D. End-of-life
A company has decided to perform a disaster recovery exercise during an annual meeting. This exercise will include the IT directors and senior directors. A simulated disaster will be presented, and the participants will discuss the logistics and processes requires to resolve the disaster. Which of the following would BEST describe this exercise?
A. After-action report
B. Business impact analysis
C. Alternate business practice
D. Tabletop exercise
Which of the following would be the MOST secure hashing method?
A. RIPEMD
B. AES
C. SHA-2
D. MD5
A system administrator uses an EV certificate for the corporate web server. Which of these would be the MOST likely reason for using this certificate type?
A. Adds additional encryption features over a non-EV certificate
B. Shows that additional checks have been made to validate the site owner
C. Allows the certificate to support many different domains
D. Shows that the owner of the certificate has control over a DNS domain
How can a company ensure that all data on a mobile device is unrecoverable if the device is lost or stolen?
A. Storage segmentation
B. Geofencing
C. Screen locks
D. Remote wipe
Sam is a user in the accounting department, and she uses the corporate accounting software to perform her daily job duties. Sam’s organization uses a role-based access control model to assign permissions. Who is responsible for managing these roles and permissions?
A. Data owners
B. Administrators
C. Users
D. Application owners
Which of these best describes two-factor authentication?
A. A printer that uses a password and a PIN
B. The door to a building that requires a fingerprint scan
C. An application that checks your GPS coordinates
D. A Windows Domain that requires a username, password, and smart card
A company is deploying a new mobile application to all of its employees in the field. Some of the problems associated with this rollout include: • The company does not have a way to manage the mobile devices in the field • Company data on mobile devices in the field introduces additional risk • Team members have many different kinds of mobile devices Which of the following deployment models would address these concerns?
A. Corporate-owned
B. COPE
C. VMI
D. BYOD
An organization is installing a UPS for their new data center. Which of the following would BEST describe this type of control?
A. Compensating
B. Preventive
C. Administrative
D. Detective
Your security team has been tasked with completing a comprehensive study that will involve all devices in the corporate data center. Because of the sensitive nature of your business, all of the testing must be completed by internal team members. A requirement of the study is to identify any security weaknesses in the operating systems or applications running on data center hardware. There can be no downtime or data loss during the testing process. Which of the following would best describe this project?
A. Threshold analysis
B. Vulnerability scanning
C. Fault tolerance
D. Penetration testing
Jack is a member of the incident response team at his company. Jack has been asked to respond to a potential security breach of the company’s databases, and he needs to gather the most volatile data before powering down the database servers. In which order should Jack collect this information?
A. CPU registers, temporary files, memory, remote monitoring data
B. Memory, CPU registers, remote monitoring data, temporary files
C. Memory, CPU registers, temporary files, remote monitoring data
D. CPU registers, memory, temporary files, remote monitoring data
Samantha, a Linux administrator, is downloading an updated version of her Linux distribution. The download site shows a link to the ISO and a SHA256 hash value. Which of these would describe the use of this hash value?
A. Verifies that the file was not corrupted during the file transfer
B. Provides a key for decrypting the ISO after download
C. Authenticates the site as an official ISO distribution site
D. Confirms that the file does not contain any malware
The security policy at a company requires that login access should only be available if a person is physically within the same building as the server. Which of the following would be the BEST way to provide this requirement?
A. TOTP
B. Biometric scanner
C. PIN
D. SMS
Your development team has installed a new application and database to a cloud service. After running a vulnerability scanner on the application instance, you find that the database is available for anyone to query without providing any authentication. Which of these vulnerabilities is MOST associated with this issue?
A. Improper error handling
B. Misconfiguration
C. Race condition
D. Memory leak
One of the computers in the shipping department is showing signs of a malware infection. Which of the following would be the BEST next step to completely remove the malware?
A. Run a virus scan
B. Degauss the hard drive
C. Format the system partition
D. Reimage the computer
Which of these would best describe the use of a nonce?
A. Information encrypted with a public key is decrypted with a private key
B. Prevents replay attacks during authentication
C. Information is hidden inside of an image
D. The sender of an email can be verified
Which of the following would be the BEST way to confirm the secure baseline of a deployed application instance?
A. Compare the production application to the sandbox
B. Perform an integrity measurement
C. Compare the production application to the previous version
D. Perform QA testing on the application instance
Which of the following would BEST describe a security feature based on administrative control diversity?
A. Data center cameras
B. Active directory authentication
C. Off-boarding process
D. Laptop full disk encryption
An analyst is examining the traffic logs to a server in the DMZ. The analyst has identified a number of sessions from a single IP address that appear to be received with a TTL equal to zero. One of the sessions has a destination of the Internet firewall, and a session immediately after has a destination of your DMZ server. Which of the following BEST describes this log information?
A. Someone is performing a vulnerability scan against your firewall and DMZ server
B. Your users are performing DNS lookups
C. A remote user is grabbing banners of your firewall and DMZ server
D. Someone is performing a traceroute to the DMZ server
Rodney is a security administrator for a large manufacturing company. His company has just acquired a transportation company, and Rodney has connected the two networks together with an IPsec VPN. Rodney needs to allow access to the manufacturing company network for anyone who authenticates to the transportation company network. Which of these authentication methods BEST meets Rodney’s requirements?
A. One-way trust
B. Mobile device location services
C. Smartphone software tokens
D. Two-factor authentication
A company encourages users to encrypt all of their confidential materials on a central server. The organization would like to enable key escrow as a backup. Which of these keys should the organization place into escrow?
A. Private
B. CA
C. Session
D. Public
Daniel, a security administrator, is designing an authentication process for a new remote site deployment. Daniel would like the users to provide their credentials when they authenticate in the morning, and he does not want any additional authentication requests to appear during the rest of the day. Which of the following should Daniel use to meet this requirement?
A. TACACS+
B. LDAPS
C. Kerberos
D. 802.1X
A manufacturing company would like to use an existing router to separate a corporate network and the manufacturing floor. The corporate network and manufacturing floor currently operate on the same subnet and the same physical switch. The company does not want to install any additional hardware. Which of the following would be the BEST choice for this segmentation?
A. Connect the corporate network and the manufacturing floor with a VPN
B. Build an air gapped manufacturing floor network
C. Use personal firewalls on each device
D. Create separate VLANs for the corporate network and the manufacturing floor
Hank, a security administrator, has received an email from an employee regarding their VPN connection from home. When this user connects to the corporate VPN, they are no longer able to print to their network printer at home. Once the user disconnects from the VPN, the printer works normally. Which of the following would be the MOST likely reason for this issue?
A. The VPN uses IPSec instead of SSL
B. Printer traffic is filtered by the VPN client
C. The VPN is stateful
D. The VPN tunnel is configured for full tunnel
A data center manager has built a Faraday cage in the data center. A set of application servers has been placed into racks inside the Faraday cage. Which of the following would be the MOST likely reason for the data center manager to install this configuration of equipment?
A. Protect the servers against any unwanted electromagnetic fields
B. Prevent physical access to the servers without the proper credentials
C. Provide additional cooling to all devices in the cage
D. Adds additional fire protection for the application servers
A security administrator is evaluating a monthly vulnerability report associated with web servers in the data center. The report shows the return of a vulnerability that was previously patched four months ago. The report shows that the vulnerability has been active on the web servers for three weeks. After researching this issue, the security team has found that a recent patch has reintroduced this vulnerability on the servers. Which of the following should the security administrator implement to prevent this issue from occurring in the future?
A. Templates
B. Elasticity
C. Master image
D. Continuous monitoring
A critical security patch has been rolled out on short notice to a large number of servers in a data center. IT management is requiring verification that this patch has been properly installed on all applicable servers. Which of the following would be the BEST way to verify the installation of this patch?
A. Use a vulnerability scanner
B. Examine IPS logs
C. Use a data sanitization tool
D. Monitor real-time traffic with a protocol analyzer
Which cryptographic method is used to add trust to a digital certificate?
A. X.509
B. Hash
C. Symmetric encryption
D. Digital signature
Which of these would be commonly used during the authentication phase of the AAA framework?
A. Username
B. Login time
C. Password
D. Access to the /home directory
An organization maintains a large database of customer information for sales tracking and customer support. Which person in the organization would be responsible for managing the access rights to this data?
A. Data steward
B. Data owner
C. Privacy officer
D. Data custodian
An organization’s content management system (CMS) currently labels files and documents as “Unclassified” and “Restricted.” On a recent updated to the CMS, a new classification type of “PII” was added. Which of the following would be the MOST likely reason for this addition?
A. Healthcare system integration
B. Simplified categorization
C. Expanded privacy compliance
D. Decreased search time
A corporate security team has performed a data center audit and found that most web servers store their certificates on the server itself. The security team would like to consolidate and protect the certificates across all of their web servers. Which of these would be the BEST way to securely store these certificates?
A. Use an HSM
B. Implement full disk encryption on the web servers
C. Use a TPM
D. Upgrade the web servers to use a UEFI BIOS
Which of the following describes a monetary loss if one event occurs?
A. ALE
B. SLE
C. RTO
D. ARO
Sam, the manager of the accounting department, has opened a helpdesk ticket complaining of poor system performance and excessive pop up messages. Her cursor is also moving without anyone touching the mouse. This issue began after Sam opened a spreadsheet from a vendor containing part numbers and pricing information. Sam recalls clicking through a number of warning messages before the spreadsheet would open. Which of the following is MOST likely the cause of Sam’s issues?
A. Man-in-the-middle
B. Worm
C. RAT
D. Logic bomb
. A systems engineer in the sales department has left the organization for a position with another company. The engineer’s accounts were disabled on his last day with the company, but security logs show that attempts were made to access email accounts after the account was disabled. Which of these security practices protected the organization from any unauthorized access?
A. Least privilege
B. Auditing
C. Offboarding
D. Location-based policies
A security manager has created a report that shows intermittent network communication from external IP addresses to certain workstations on the internal network. These traffic patterns occur at random times during the day. Which of the following would be the MOST likely reason for these traffic patterns?
A. ARP poisoning
B. Backdoor
C. Polymorphic virus
D. Trojan horse
A company has installed a new set of switches in their data center. The security team would like to authenticate to the switch using the same credentials as their existing Windows Active Directory network. However, the switches do not support Kerberos as an authentication method. Which of the following would be the BEST option for the security team’s authentication requirement?
A. Local authentication
B. LDAP
C. Multi-factor authentication
D. Captive portal
A company has just deployed a new application into their production environment. Unfortunately, a significant bug has been identified that must be quickly corrected. The operations team will not allow any incremental bug fixes to the production system, and instead require an entirely new application instance deployment for any updates. Which of the following would BEST describe this production system?
A. Immutable
B. Agile
C. IAC
D. Sandbox
A security administrator would like to increase the security of the company’s email communication. The outgoing email server currently uses SMTP with no encryption. The security administrator would like to implement encryption between email clients without changing the existing server-to-server communication. Which of the following would be the BEST way to implement this requirement?
A. Implement Secure IMAP
B. Require the use of S/MIME
C. Install an SSL certificate on the email server
D. Use a VPN tunnel between email clients
A company is updating their VoIP handsets and would like to use SRTP for all phone calls. Which of these technologies would MOST commonly be used to implement this feature?
A. AES
B. TLS
C. Asymmetric encryption
D. SSH
E. IPS
A company has just purchased a new application server, and the security director wants to determine if the system is secure. The system is currently installed in a test environment and will not be available to your users until the rollout to production next week. Which of the following would be the BEST way to determine if any part of the system can be exploited?
A. Tabletop exercise
B. Vulnerability scanner
C. Password cracker
D. Penetration tes
{"name":"قو مشمش قو مشمش", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"You’ve hired a third-party to gather information about your company’s servers and data. The third-party will not have direct access to your internal network but can gather information from any other source. Which of the following would best describe this approach?, Which of these protocols use TLS to provide secure communication? (Select TWO), Which of these threat actors would be MOST likely to attack systems for direct financial gain?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}