A. Wildcard vs. standard certificate
QUESTION 1 A company is implementing an internal PKI. The design will include a CA and a subordinate CA. Which of the following CA design choices should be considered prior to implementation?
A. Wildcard vs. standard certificate
B. Subject field vs. subje
B. MSCHAP C. PEAP
QUESTION 2 A security administrator is configuring a RADIUS server for wireless authentication. The configuration ensure client credentials are encrypted end-to-end between the client and the authenticator. Which of the following protocols should be confi
B. Patch the scanner
QUESTION 3 To get the most accurate results on the security posture of a system, which of the following actions should the security analyst do prior to scanning?
A. Log all users out of the system
B. Patch the scanner
C. Reboot the target host
D. Update t
D. nmap
QUESTION 4 A security administrator is performing a test to determine if a server is vulnerable to compromise through unnecessary ports. Which of the following tools would assist the security administrator in gathering the required information?
A. tcpdump
D. Administrative
QUESTION 5 Which of the following security controls provides an alternative solution to a control that would be considered unpractical or excessively expensive?
A. Deterrent
B. Compensating
C. Technical
D. Administrative
B. Host-based DLP
QUESTION 6 A security engineer is working with the CSIRT to investigate a recent breach of client data due to the improper use of cloud-based tools. The engineer finds that an employee was able to access a cloud-based storage platform from the office and
B. Create a separate VLAN for the desktops
QUESTION 7 A vice president at a manufacturing organization is concerned about desktops being connected to the network. Employees need to log onto the desktops' local account to verify that a product is being created withirn specifications; otherwise, the
C. Urgency D. Authority
QUESTION 8 An employee in the finance department receives an email, which appears to come from the Chief Financial Officer (CFO), instructing the employee to immediately wire a large sum of money to a vendor. Which of the following BEST describes the prin
D. Containment
QUESTION 9 A member of the IR team has identified an infected computer. Which of the following IR phases should the team member conduct NEXT?
A. Eradication
B. Recovery
C. Lessons learned
D. Containment
D. The manufacturing company is the identity provider, and the cloud company is the service provider
QUESTION 10 A security engineer at a manufacturing company is implementing a third-party cloud application. Rather than create users manually in the application, the engineer decides to use the SAML protocol. Which of the following is being used for this
B. CRL
QUESTION 11 While troubleshooting a client application connecting to the network, the security administrator notices the following error: Certificate is not valid. Which of the following is the BEST way to check if the digital certificate is valid?
A. PKI
A. Round-robin
QUESTION 12 A technician is configuring a load balancer for the application team to accelerate the network performance of their applications. The applications are hosted on multiple servers and must be redundant. Given this scenario, which of the followin
C. Time normalization
QUESTION 13 A DFIR analyst is collecting log data from multiple global locations. Which of the following must the DFIR analyst do to properly utilize the logs for forensic analysis?
A. Log encryption
B. Filling out chain of custody
C. Time normalization
D
B. RC4
QUESTION 14 Which of the following is used to encrypt web application data?
A. RSA
B. RC4
C. SHA
D. DHA
D. Create an automated alert on the SIEM for anomalous sales team activity
QUESTION 15 Joe, a member of the sales team, recently logged into the company servers after midnight local time to download the daily lead form before his co-workers did. Management has asked the security team to provide a method for detecting this type o
A. Uncommon open ports on the host
QUESTION 16 Compared to a non-credentialed scan, which of the following is a unique result of a credentialed scan?
A. Uncommon open ports on the host
B. Outdated software versions on the host
C. Self-signed certificate on the host
D. Fully qualified domai
D. Configure a software whitelist
QUESTION 17 An auditor has identified unauthorized p2p file-sharing programs and possible copyrighted material on employees' computers. Which of the following should the auditor recommend be done to prevent employees from installing unauthorized software?
C. Salting
QUESTION 18 When using a cryptographic function to store a password, which of the following should be used to avoid similar output from similar passwords?
A. Hashing
B. Field padding
C. Salting
D. Key rotating
C. Worm
QUESTION 19 The network team has detected a large amount of traffic between workstations on the network. The traffic was initially very light, but it is increasing exponentially as the day progresses. Which of the following types of malware might be suspe
A. LDAPS
QUESTION 20 A network technician is trying to set up a secure method for managing users and groups accross the enterprise. Which of the following protocols is MOST likely to be used?
A. LDAPS
B. SFTP
C. NTLM
D. SNMPV3
A. VPN
QUESTION 21 A chief information security officer CISO asks the security architect to design a method for contractors to access the company's internal network securely without allowing access to systems beyond the scope of their project. Which of the follo
C. MD5
QUESTION 22 Which of the following is used to validate the integrity of data?
A. CBC
B. Blowfish
C. MD5
D. RSA
B. Pivoting
QUESTION 23 A third party penetration testing company was not able to successfully use an ARP cache poison technique to gain root access on a server. The tester successfully moved to another that was not in the original network. Which of the following is
A. Proper offboarding procedures D. Exit interviews
QUESTION 24 An organization employee resigns without giving adequate notice. The following day, it is determined that the employee is still in possession of several company-owned mobile devices. Which of the following could have reduced the risk of the oc
D. ICS
QUESTION 25 Which of the following types of embedded systems is required in manufacturing environments with life safety requirements?
A. MFD
B. RTOS
C. SoC
D. ICS
A. Public key E. Private key
QUESTION 26 Ann, a security administrator, wants to ensure credentials are encrypted in transit when implementing RADIUS server for SSO. Which of the following are needed given these requirements? (select TWO)
A. Public
B. Shared key
C. Elliptic curve
D.
B. XSS attacks
QUESTION 27 A website form is used to register new students at a university. The form passes the unsanitized values entered by the user and uses them to directly add the student's information to several core systems. Which of the following attacks can be
A. Enforce password reuse limitations B. Enable password complexity
QUESTION 28 A company has been experiencing many successful email phishing email attacks, which have been resulting in the compromise of multiple employees' accounts when employees reply with their credentials. The security administrator has been notifyin
B. Usage reviews
QUESTION 29 After a recent security breach at a hospital, it was discovered that nursing staff members, who were working the overnight shift, searched for and accessed private health information for local celebrities who were patients at the hospital. Whi
B. Details of any communication challenges that hampered initial response times F. Suggestions of tools that would provide improved monitoring and auditing of system access
QUESTION 30 A CSIRT has completed restoration procedures related to a breach of sensitive data and is creating documentation used to improve future response activities and coordination among team members. Which of the following information would be MOST b
C. Input validation
QUESTION 31 To help prevent against an SQL injection, which of the following functions should the application developer mplement?
A Error handling
B. Code signing
C. Input validation
D. Model verification
C. availability
QUESTION 32 An active/passive configuration has an impact on:
A. confidentiality
B. integrity
C. availability
D. non-repudiation
D. Site-to-site VPN
QUESTION 33 A law office has been leasing dark fiber from a local telecommunications company to connect a remote office to company headquarters. The telecommunications company has decided to discontinue its dark fiber product and is offering an MPLS conne
C. Multiple forms of protections is preferred over single points of failure
QUESTION 34 A security team has deployed a new UTM to connect different segments of the corporate network. In addition to the UTM, each host has its own firewall and HIPS. The new UTM implements many of the same protections as the host-based firewall and
D. Cold site
QUESTION 35 Which of the following computer recovery sites is the least expensive and most difficult to test at the same time?
A. Non-mobile hot site
B. Mobile hot site
C. Warm site
D. Cold site
C. SCP
QUESTION A company was 36 recenty audited by a third party. The audit revealed the company's network devices were transferring files in the clear. Which of the following protocols should the company use to transfer files?
A. HTTPS
B. LDAPS
C. SCP
D. SNMPv
C. Encryption
QUESTION 37 A penetration tester has written an application that performs a bit-by-bit XOR OxFF operation on binaries prior to transmission over untrusted media. Which of the following BEST describes the action performed by this type of application?
A. Ha
A. Access violations
QUESTION 38 The Chief Executive Officer (CEO) has asked a junior technician to create a folder in which the CEO can place sensitive files. The technician finds the information within these files is the topic of conversation around the company. When this i
D. Administrative
QUESTION 39 A new Chief Information Officer (CIO) has been reviewing the badging procedures and decides to write a policy that all employees must have their badges rekeyed at least annually. Which of the following controls BEST describes this policy?
A. P
C. Qualitative risk assessment
QUESTION 40 An analyst generates the following color-coded table shown in the exhibit to help explain the risk of potential incidents in the company. The vertical axis indicates the likelihood of an incident, while the horizontal axis indicates the impact
D. Intrusive non-credentialed scan
QUESTION 41 A new security administrator ran a vulnerability scanner for the first time and caused a system outage. Which of the following types of scans MOST likely caused the outage?
A. Non-intrusive credentialed scan
B. Non-intrusive non-credentialed s
A. ARO
QUESTION 42 A security consultant is gathering information about the frequency of a security threat's impact to an organization. Which of the following should the consultant use to label the number of times an attack can be expected to impact the organiza
A. Exploitation of local console access and removal of data
QUESTION 43 A company stores highly sensitive data files used by the accounting system on a server file share. The accounting system uses a service account named accounting-svc to access the file share. The data is protected with full disk encryption, and
C. Crypto-malware
QUESTION 44 An employee is having issues when attempting to access files on a laptop. The machine was previously running slow, and many files were not accessible. The employee is not able to access the hard drive the next day, and all the file names were
A. Use password-enabled lock screens B. Implement an MDM solution
QUESTION 45 A company has just adopted the BYOD deployment methodology. The company is unsure of how to address the new trend and has requested assistance from a consultant. Given this scenario, which of the following should consultant recommend? (select
C. User account
QUESTION 46 An organization is providing employees on the shop floor with computers that will log their time based on when they sign on and off the network. Which of the following account types should the employees receive?
A. Shared account
B. Privileged
A. Use nc to establish a connection to each web server
QUESTION 47 A security consultant wants to see what information can be obtained by banner grabbing the company's web servers. There are more than 100 web servers, and the consultant would like to perform and aggregate the information quickly. Which of the
C. Apply firmware and software updates upon availability
QUESTION 48 Which of the following is the BEST way for home users to mitigate vulnerabilities associated with loT devices on their home networks?
A. Power off the devices when they are not in use
B. Prevent loT devices from contacting the Internet directl
C. System sprawl
QUESTION 49 A recent internal audit is forcing a company to review each internal business unit's VMs because the cluster they are installed on is in danger of running out of computer resources. Which of the following vulnerabilities exists?
A. Buffer over
D. EAP-FAST
QUESTION 50 A security engineer is configuring a wireless network. The security requirements for the network are:
-Mutual authentication of wireless clients and the authentication server
-Client authentication must be username and password
-Cannot use a c
C. The entries in the log were caused by the file integrity monitoring systenm
QUESTION 51 During a routine review of firewall log reports, a security admin user during unusual hours. The technician contacts the network technician notices multiple successful logins for the administrator, who confirms the logins were not related to t
A. Cable locks
QUESTION 52 A retail store recently deployed tablets for sales employees to use while assisting customers. Two of the tablets have already been lost or stolen. Which of the following would be the BEST way for the store to secure the tablets against future
B. laaS
QUESTION 53 An organization wants to move its operations to the cloud. The organization's systems administrators will still maintain control of the servers, firewalls, and load balancers in the cloud environment. Which of the following models is the organ
B. Script kiddie
QUESTION 54 A consumer purchases an exploit from the dark web. The exploit targets the online shopping cart of a popular website, allowing the shopper to modify the price of an item at checkout. Which of the following BEST describes this type of user?
A.
A. Black box
QUESTION 55 A security analyst is assigned to perform a penetration test for one of the company's clients. During the scope discussion, the analyst is notified that the client is not going to share any information related to the environment to be tested.
A. The permit statement for 204.211.38.52/24 should be changed to TCP port 631 instead of UDP
QUESTION 56 An employee workstations with an IP address of 204.211.38.211/24 reports it is unable to submit print jobs to a network printer at 204.211.38.52/.24 after a firewall upgrade. The active firewall rules are as follows:
IP Address Protocol Port N
B. SFTP C. HTTPS
QUESTION 57 As part of a corporate merger, two companies are combining resources. As a result they must transfer files through the internet in a secure manner. Which of the following protocols would BEST meet this objective? (select TWO).
A. LDAPS
B. SFTP
B. The file integrity check
QUESTION 58 A technician receives a device with the following anomalies:
-Frequent pop-up ads
-Slow response-time switching between active programs
-Unresponsive peripherals
(Image of table)
Based on the above output, which of the following should be revi
A. Hot site
QUESTION 59 A stock trading company had the budget for enhancing its secondary datacenter approved. Since the main site is in a hurricane-affected area and the disaster recovery site is 100mi (161km) away, the company wants to ensure its business is alway
A. Legal hold
QUESTION 60 A security technician has been given the task of preserving emails that are potentially involved in a dispute between a company and a contractor. Which of the following BEST describes this forensic concept?
A. Legal hold
B. Chain of custody
C.
C. Rogue system detection
QUESTION 61 A security administrator installed a network scanner that identifies new host systems on the network. Which of the following did the security administrator install?
A. Vulnerability scanner
B. Network-based IDS
C. Rogue system detection
D. Con
C. Steganography
QUESTION 62 Which of the following BEST describes the process of altering the bits of a media file to embed a hidden message?
A. Encryption
B. Diffusion
C. Steganography
D. Hashing
D. Internal hosts have become members of a botnet
QUESTION 63 A security administrator has completed a monthly review of DNS server query logs. the administrator notices continuous name resolution attempts from a large number of internal hosts to a single internet addressable domain name. The security ad
B. Buffer overflow
QUESTION 64 A security analyst monitors the syslog server and notices the following:
pinging 10.25.27.31 with 65500 bytes of data
Reply from 10.25.27.31 bytes 65500 timescims TTI-128
Reply from 10.25.27.31 bytes 65500 timescims TTI-128
Reply from 10.25.27
B. EAP-TLS
QUESTION 65 A systems administrator wants to implement a secure wireless network requiring wireless clients to pre- register with the company and install a PKI client certificate prior to being able to connect to the wireless network. Which of teh followi
A. Data exfiltration
QUESTION 66 A security analyst reviews the following log entry:
2017-01-13 1622CST 10.11.24.18 93242 148 TCP HIT 200.200.0.223
OBSERVED POST HTTP/1.1.0 "Mozilla 1.0" www.dropbox.com
Financial Report 2016 CONFID.pdf, 13MB, MS-RTC LMB; .NET
CLR 3.0.4509.139
C. LDAPS
QUESTION 67 A network administrator receives a support ticket from the security operations team to implement secure access to the domain. The support ticket contains the following info:
-Source: 192.168.1.137
-Destination: 10.113.10.8
-Protocol TCP Ports:
C. nc-1 192.168.5.1 -p 9856
QUESTION 68 A cybersecurity analyst is looking into the payload of a random packet capture file that was selected for analysis. The analyst notices that an internal host had a socket established with another internal host over a non-standard port. Upon in
C. Logic bomb
QUESTION 69 A security administrator is reviewing the following PowerShell script referenced in the Task Scheduler on a database server:
$ members = GetADGroupMemeber - Identity " Domain Admins " -Recursive | Select
If (Smembers-notcontains "JohnDoe") {
R
A. SSH D. SMTP
QUESTION 70 The output of running the "netstat -an" command on a network device is as follows:
Proto Local Addr Foreign Addx State
TCP 0.0.0.0:22 0.0.0.0:0 Listening
TCP 0.0.0.0:25 0.0.0.0:0 Listening
TCP 0.0.0.0:631 0.0.0.0:0 Listening
TCP 0.0.0.0:161 0.
D. Allow C:\OperatingSystem\, C:Programs Block *