CERTKILLERS_001-701
Studied by 0 people
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/165
Earn XP
Description and Tags
5 OR 6 QUESTIONS WITH IMAGES MISSING
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
166 Terms
A company’s legal department drafted sensitive documents in a SaaS application and wants to
ensure the documents cannot be accessed by individuals in high-risk countries. Which of the
following is the most effective way to limit this access?
A. Data masking
B. Encryption
C. Geolocation policy
D. Data sovereignty regulation
C
While troubleshooting a firewall configuration, a technician determines that a “deny any” policy
should be added to the bottom of the ACL. The technician updates the policy, but the new policy
causes several company servers to become unreachable.
Which of the following actions would prevent this issue?
A. Documenting the new policy in a change request and submitting the request to change
management
B. Testing the policy in a non-production environment before enabling the policy in the
production network
C. Disabling any intrusion prevention signatures on the 'deny any* policy prior to enabling the
new policy
D. Including an 'allow any1 policy above the 'deny any* policy
B
Which of the following is a hardware-specific vulnerability?
A. Firmware version
B. Buffer overflow
C. SQL injection
D. Cross-site scripting
A
An organization is building a new backup data center with cost-benefit as the primary
requirement and RTO and RPO values around two days. Which of the following types of sites is
the best for this scenario?
A. Real-time recovery
B. Hot
C. Cold
D. Warm
C
A company requires hard drives to be securely wiped before sending decommissioned systems
to recycling. Which of the following best describes this policy?
A. Enumeration
B. Sanitization
C. Destruction
D. Inventory
B
A systems administrator works for a local hospital and needs to ensure patient data is protected
and secure. Which of the following data classifications should be used to secure patient data?
A. Private
B. Critical
C. Sensitive
D. Public
C
A U.S.-based cloud-hosting provider wants to expand its data centers to new international
locations. Which of the following should the hosting provider consider first?
A. Local data protection regulations
B. Risks from hackers residing in other countries
C. Impacts to existing contractual obligations
D. Time zone differences in log correlation
A
Which of the following would be the best way to block unknown programs from executing?
A. Access control list
B. Application allow list.
C. Host-based firewall
D. DLP solution
B
A company hired a consultant to perform an offensive security assessment covering penetration
testing and social engineering.
Which of the following teams will conduct this assessment activity?
A. White
B. Purple
C. Blue
D. Red
D
A software development manager wants to ensure the authenticity of the code created by the
company. Which of the following options is the most appropriate?
A. Testing input validation on the user input fields
B. Performing code signing on company-developed software
C. Performing static code analysis on the software
D. Ensuring secure cookies are use
B
Which of the following can be used to identify potential attacker activities without affecting
production servers?
A. Honey pot
B. Video surveillance
C. Zero Trust
D. Geofencing
A
During an investigation, an incident response team attempts to understand the source of an
incident. Which of the following incident response activities describes this process?
A. Analysis
B. Lessons learned
C. Detection
D. Containment
A
A security practitioner completes a vulnerability assessment on a company’s network and finds
several vulnerabilities, which the operations team remediates. Which of the following should be
done next?
A. Conduct an audit.
B. Initiate a penetration test.
C. Rescan the network.
D. Submit a report
C
An administrator was notified that a user logged in remotely after hours and copied large
amounts of data to a personal device.
Which of the following best describes the user’s activity?
A. Penetration testing
B. Phishing campaign
C. External audit
D. Insider threat
D
Which of the following allows for the attribution of messages to individuals?
A. Adaptive identity
B. Non-repudiation
C. Authentication
D. Access logs
B
Which of the following is the best way to consistently determine on a daily basis whether
security settings on servers have been modified?
A. Automation
B. Compliance checklist
C. Attestation
D. Manual audit
A
Which of the following tools can assist with detecting an employee who has accidentally
emailed a file containing a customer’s PII?
A. SCAP
B. Net Flow
C. Antivirus
D. DLP
D
An organization recently updated its security policy to include the following statement:
Regular expressions are included in source code to remove special characters such as $, |, ;. &, `,
and ? from variables set by forms in a web application.
Which of the following best explains the security technique the organization adopted by making
this addition to the policy?
A. Identify embedded keys
B. Code debugging
C. Input validation
D. Static code analysis
C
A security analyst and the management team are reviewing the organizational performance of a
recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold,
and the management team wants to reduce the impact when a user clicks on a link in a phishing
message. Which of the following should the analyst do?
A. Place posters around the office to raise awareness of common phishing activities.
B. Implement email security filters to prevent phishing emails from being delivered
C. Update the EDR policies to block automatic execution of downloaded programs.
D. Create additional training for users to recognize the signs of phishing attempts.
C
Which of the following has been implemented when a host-based firewall on a legacy Linux
system allows connections from only specific internal IP addresses?
A. Compensating control
B. Network segmentation
C. Transfer of risk
D. SNMP traps
A
The management team notices that new accounts that are set up manually do not always have
correct access or permissions.
Which of the following automation techniques should a systems administrator use to streamline
account creation?
A. Guard rail script
B. Ticketing workflow
C. Escalation script
D. User provisioning script
D
A company is planning to set up a SIEM system and assign an analyst to review the logs on a
weekly basis. Which of the following types of controls is the company setting up?
A. Corrective
B. Preventive
C. Detective
D. Deterrent
C
A systems administrator is looking for a low-cost application-hosting solution that is cloudbased.
Which of the following meets these requirements?
A. Serverless framework
B. Type 1 hvpervisor
C. SD-WAN
D. SDN
A
A security operations center determines that the malicious activity detected on a server is
normal. Which of the following activities describes the act of ignoring detected activity in the
future?
A. Tuning
B. Aggregating
C. Quarantining
D. Archiving
A
A company is concerned about weather events causing damage to the server room and
downtime. Which of the following should the company consider?
A. Clustering servers
B. Geographic dispersion
C. Load balancers
D. Off-site backups
B
Which of the following is a primary security concern for a company setting up a BYOD program?
A. End of life
B. Buffer overflow
C. VM escape
D. Jailbreaking
D
A company decided to reduce the cost of its annual cyber insurance policy by removing the
coverage for ransomware attacks.
Which of the following analysis elements did the company most likely use in making this
decision?
A. IMTTR
B. RTO
C. ARO
D. MTBF
C
Which of the following is the most likely to be included as an element of communication in a
security awareness program?
A. Reporting phishing attempts or other suspicious activities
B. Detecting insider threats using anomalous behavior recognition
C. Verifying information when modifying wire transfer data
D. Performing social engineering as part of third-party penetration testing
A
Which of the following would be the best way to handle a critical business application that is
running on a legacy server?
A. Segmentation
B. Isolation
C. Hardening
D. Decommissioning
C
Which of the following describes the process of concealing code or text inside a graphical
image?
A. Symmetric encryption
B. Hashing
C. Data masking
D. Steganography
D
After a company was compromised, customers initiated a lawsuit. The company's attorneys
have requested that the security team initiate a legal hold in response to the lawsuit. Which of
the following describes the action the security team will most likely be required to take?
A. Retain the emails between the security team and affected customers for 30 days.
B. Retain any communications related to the security breach until further notice.
C. Retain any communications between security members during the breach response.
D. Retain all emails from the company to affected customers for an indefinite period of time.
B
A network manager wants to protect the company's VPN by implementing multifactor
authentication that uses:
. Something you know
. Something you have
. Something you are
Which of the following would accomplish the manager's goal?
A. Domain name, PKI, GeolP lookup
B. VPN IP address, company ID, facial structure
C. Password, authentication token, thumbprint
D. Company URL, TLS certificate, home address
C
A security manager created new documentation to use in response to various types of security
incidents. Which of the following is the next step the manager should take?
A. Set the maximum data retention policy.
B. Securely store the documents on an air-gapped network.
C. Review the documents' data classification policy.
D. Conduct a tabletop exercise with the team.
D
Users at a company are reporting they are unable to access the URL for a new retail website
because it is flagged as gambling and is being blocked.
Which of the following changes would allow users to access the site?
A. Creating a firewall rule to allow HTTPS traffic
B. Configuring the IPS to allow shopping
C. Tuning the DLP rule that detects credit card data
D. Updating the categorization in the content filter
D
An administrator discovers that some files on a database server were recently encrypted. The
administrator sees from the security logs that the data was last accessed by a domain user.
Which of the following best describes the type of attack that occurred?
A. Insider threat
B. Social engineering
C. Watering-hole
D. Unauthorized attacker
A
Which of the following automation use cases would best enhance the security posture of an
organization by rapidly updating permissions when employees leave a company?
A. Provisioning resources
B. Disabling access
C. Reviewing change approvals
D. Escalating permission requests
B
Which of the following must be considered when designing a high-availability network? (Select
two).
A. Ease of recovery
B. Ability to patch
C. Physical isolation
D. Responsiveness
E. Attack surface
F. Extensible authentication
A E
Which of the following methods to secure credit card data is best to use when a requirement is
to see only the last four numbers on a credit card?
A. Encryption
B. Hashing
C. Masking
D. Tokenization
C
An administrator finds that all user workstations and servers are displaying a message that is
associated with files containing an extension of .ryk. Which of the following types of infections is
present on the systems?
A. Virus
B. Trojan
C. Spyware
D. Ransomware
D
A healthcare organization wants to provide a web application that allows individuals to digitally
report health emergencies.
Which of the following is the most important consideration during development?
A. Scalability
B. Availability
C. Cost
D. Ease of deployment
B
An organization wants a third-party vendor to do a penetration test that targets a specific
device. The organization has provided basic information about the device. Which of the
following best describes this kind of penetration test?
A. Partially known environment
B. Unknown environment
C. Integrated
D. Known environment
A
An attacker posing as the Chief Executive Officer calls an employee and instructs the employee
to buy gift cards. Which of the following techniques is the attacker using?
A. Smishing
B. Disinformation
C. Impersonating
D. Whaling
D
An analyst is evaluating the implementation of Zero Trust principles within the data plane.
Which of the following would be most relevant for the analyst to evaluate?
A. Secured zones
B. Subject role
C. Adaptive identity
D. Threat scope reduction
A
An organization is leveraging a VPN between its headquarters and a branch location. Which of
the following is the VPN protecting?
A. Data in use
B. Data in transit
C. Geographic restrictions
D. Data sovereignty
B
The marketing department set up its own project management software without telling the
appropriate departments. Which of the following describes this scenario?
A. Shadow IT
B. Insider threat
C. Data exfiltration
D. Service disruption
A
An enterprise is trying to limit outbound DNS traffic originating from its internal network.
Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25.
Which of the following firewall ACLs will accomplish this goal?
A. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53
C. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53
D
After a security incident, a systems administrator asks the company to buy a NAC platform.
Which of the following attack surfaces is the systems administrator trying to protect?
A. Bluetooth
B. Wired
C. NFC
D. SCADA
B
Which of the following factors are the most important to address when formulating a training
curriculum plan for a security awareness program? (Select two).
A. Channels by which the organization communicates with customers
B. The reporting mechanisms for ethics violations
C. Threat vectors based on the industry in which the organization operates
D. Secure software development training for all personnel
E. Cadence and duration of training events
F. Retraining requirements for individuals who fail phishing simulations
C E
An organization disabled unneeded services and placed a firewall in front of a business-critical
legacy system. Which of the following best describes the actions taken by the organization?
A. Exception
B. Segmentation
C. Risk transfer
D. Compensating controls
D
Which of the following is the best reason to complete an audit in a banking environment?
A. Regulatory requirement
B. Organizational change
C. Self-assessment requirement
D. Service-level requirement
A
A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive
customer dat
a. Which of the following should the administrator do first?
A. Block access to cloud storage websites.
B. Create a rule to block outgoing email attachments.
C. Apply classifications to the data.
D. Remove all user permissions from shares on the file server.
C
Which of the following describes a security alerting and monitoring tool that collects system,
application, and network logs from multiple sources in a centralized system?
A. SIEM
B. DLP
C. IDS
D. SNMP
A
Which of the following are cases in which an engineer should recommend the decommissioning
of a network device? (Select two).
A. The device has been moved from a production environment to a test environment.
B. The device is configured to use cleartext passwords.
C. The device is moved to an isolated segment on the enterprise network.
D. The device is moved to a different location in the enterprise.
E. The device's encryption level cannot meet organizational standards.
F. The device is unable to receive authorized updates.
E
An administrator assists the legal and compliance team with ensuring information about
customer transactions is archived for the proper time period. Which of the following data
policies is the administrator carrying out?
A. Compromise
B. Retention
C. Analysis
D. Transfer
E. Inventory
B
A systems administrator is working on a solution with the following requirements:
-Provide a secure zone
-Enforce a company wide access control policy.
-Reduce the scope of threats
Which of the following is the systems administrator setting up?
A. Zero Trust
B. AAA
C. Non-repudiation
D. CIA
A
A security administrator needs a method to secure data in an environment that includes some
form of checks so that the administrator can track any changes. Which of the following should
the administrator set up to achieve this goal?
A. SPF
B. GPO
C. NAC
D. FIM
D
Which of the following is the phase in the incident response process when a security analyst
reviews roles and responsibilities?
A. Preparation
B. Recovery
C. Lessons learned
D. Analysis
A
A company is discarding a classified storage array and hires an outside vendor to complete the
disposal. Which of the following should the company request from the vendor?
A. Certification
B. Inventory list
C. Classification
D. Proof of ownership
A
Which of the following would be the best ways to ensure only authorized personnel can access a
secure facility? (Select two).
A. Fencing
B. Video surveillance
C. Badge access
D. Access control vestibule
E. Sign-in sheet
F. Sensor
C D
A company's marketing department collects, modifies, and stores sensitive customer dat
a. The infrastructure team is responsible for securing the data while in transit and at rest. Which
of the following data roles describes the customer?
A. Processor
B. Custodian
C. Subject
D. Owner
C
Malware spread across a company's network after an employee visited a compromised industry
blog. Which of the following best describes this type of attack?
A. Impersonation
B. Disinformation
C. Watering-hole
D. Smishing
C
After a recent ransomware attack on a company's system, an administrator reviewed the log
files. Which of the following control types did the administrator use?
A. Compensating
B. Detective
C. Preventive
D. Corrective
B
Which of the following agreement types defines the time frame in which a vendor needs to
respond?
A. SOW
B. SLA
C. MOA
D. MOU
B
A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks
and allow for comprehensive investigations if an attack occurs. The company uses SSL
decryption to allow traffic monitoring. Which of the following strategies would best accomplish
this goal?
A. Logging all NetFlow traffic into a SIEM
B. Deploying network traffic sensors on the same subnet as the servers
C. Logging endpoint and OS-specific security logs
D. Enabling full packet capture for traffic entering and exiting the servers
D
A client demands at least 99.99% uptime from a service provider's hosted security services.
Which of the following documents includes the information the service provider should return
to the client?
A. MOA
B. SOW
C. MOU
D. SLA
D
A company is adding a clause to its AUP that states employees are not allowed to modify the
operating system on mobile devices. Which of the following vulnerabilities is the organization
addressing?
A. Cross-site scripting
B. Buffer overflow
C. Jailbreaking
D. Side loading
C
Which of the following practices would be best to prevent an insider from introducing malicious
code into a company's development process?
A. Code scanning for vulnerabilities
B. Open-source component usage
C. Quality assurance testing
D. Peer review and approval
D
A systems administrator is creating a script that would save time and prevent human error when
performing account creation for a large number of end users. Which of the following would be a
good use case for this task?
A. Off-the-shelf software
B. Orchestration
C. Baseline
D. Policy enforcement
B
After an audit, an administrator discovers all users have access to confidential data on a file
server. Which of the following should the administrator use to restrict access to the data
quickly?
A. Group Policy
B. Content filtering
C. Data loss prevention
D. Access control lists
D
A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the
increase of ransomware-as-a-service in a report to the management team. Which of the
following best describes the threat actor in the CISO's report?
A. Insider threat
B. Hacktivist
C. Nation-state
D. Organized crime
D
A small business uses kiosks on the sales floor to display product information for customers. A
security team discovers the kiosks use end-of-life operating systems. Which of the following is
the security team most likely to document as a security implication of the current architecture?
A. Patch availability
B. Product software compatibility
C. Ease of recovery
D. Cost of replacement
A
A company is developing a critical system for the government and storing project information on
a fileshare. Which of the following describes how this data will most likely be classified? (Select
two).
A. Private
B. Confidential
C. Public
D. Operational
E. Urgent
F. Restricted
B F
After reviewing the following vulnerability scanning report:
Server:192.168.14.6
Service: Telnet
Port: 23 Protocol: TCP
Status: Open Severity: High
Vulnerability: Use of an insecure network protocol
A security analyst performs the following test:
nmap -p 23 192.168.14.6 —script telnet-encryption
PORT STATE SERVICE REASON
23/tcp open telnet syn-ack
I telnet encryption:
| _ Telnet server supports encryption
Which of the following would the security analyst conclude for this reported vulnerability?
A. It is a false positive.
B. A rescan is required.
C. It is considered noise.
D. Compensating controls exist
A
A security consultant needs secure, remote access to a client environment. Which of the
following should the security consultant most likely use to gain access?
A. EAP
B. DHCP
C. IPSec
D. NAT
C
Which of the following best practices gives administrators a set period to perform changes to an
operational system to ensure availability and minimize business impacts?
A. Impact analysis
B. Scheduled downtime
C. Backout plan
D. Change management boards
B
Which of the following actions could a security engineer take to ensure workstations and servers
are properly monitored for unauthorized changes and software?
A. Configure all systems to log scheduled tasks.
B. Collect and monitor all traffic exiting the network.
C. Block traffic based on known malicious signatures.
D. Install endpoint management software on all systems.
D
After a security awareness training session, a user called the IT help desk and reported a
suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card
information in order to close an invoice. Which of the following topics did the user recognize
from the training?
A. Insider threat
B. Email phishing
C. Social engineering
D. Executive whaling
C
Which of the following exercises should an organization use to improve its incident response
process?
A. Tabletop
B. Replication
C. Failover
D. Recovery
A
Which of the following is used to validate a certificate when it is presented to a user?
A. OCSP
B. CSR
C. CA
D. CRC
A
A newly identified network access vulnerability has been found in the OS of legacy loT devices.
Which of the following would best mitigate this vulnerability quickly?
A. Insurance
B. Patching
C. Segmentation
D. Replacement
C
A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following
strategies is the bank requiring?
A. Encryption at rest
B. Masking
C. Data classification
D. Permission restrictions
A
Which of the following would be best suited for constantly changing environments?
A. RTOS
B. Containers
C. Embedded systems
D. SCADA
B
A security analyst scans a company's public network and discovers a host is running a remote
desktop that can be used to access the production network. Which of the following changes
should the security analyst recommend?
A. Changing the remote desktop port to a non-standard number
B. Setting up a VPN and placing the jump server inside the firewall
C. Using a proxy for web connections from the remote desktop server
D. Connecting the remote server to the domain and increasing the password length
B
Which of the following involves an attempt to take advantage of database misconfigurations?
A. Buffer overflow
B. SQL injection
C. VM escape
D. Memory injection
B
An organization would like to store customer data on a separate part of the network that is not
accessible to users on the main corporate network. Which of the following should the
administrator use to accomplish this goal?
A. Segmentation
B. Isolation
C. Patching
D. Encryption
A
Which of the following is used to quantitatively measure the criticality of a vulnerability?
A. CVE
B. CVSS
C. CIA
D. CERT
B
A technician is opening ports on a firewall for a new system being deployed and supported by a
SaaS provider. Which of the following is a risk in the new system?
A. Default credentials
B. Non-segmented network
C. Supply chain vendor
D. Vulnerable software
C
Which of the following security concepts is the best reason for permissions on a human
resources fileshare to follow the principle of least privilege?
A. Integrity
B. Availability
C. Confidentiality
D. Non-repudiation
C
Security controls in a data center are being reviewed to ensure data is properly protected and
that human life considerations are included. Which of the following best describes how the
controls should be set up?
A. Remote access points should fail closed.
B. Logging controls should fail open.
C. Safety controls should fail open.
D. Logical security controls should fail closed.
C
Which of the following is the most common data loss path for an air-gapped network?
A. Bastion host
B. Unsecured Bluetooth
C. Unpatched OS
D. Removable devices
D
Which of the following can best protect against an employee inadvertently installing malware on
a company system?
A. Host-based firewall
B. System isolation
C. Least privilege
D. Application allow list
D
An organization is struggling with scaling issues on its VPN concentrator and internet circuit due
to remote work. The organization is looking for a software solution that will allow it to reduce
traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help
achieve these objectives?
A. Deploying a SASE solution to remote employees
B. Building a load-balanced VPN solution with redundant internet
C. Purchasing a low-cost SD-WAN solution for VPN traffic
D. Using a cloud provider to create additional VPN concentrators
A
A company's end users are reporting that they are unable to reach external websites. After
reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk,
and memory usage are minimal, but the network interface is flooded with inbound traffic.
Network logs show only a small number of DNS queries sent to this server. Which of the
following best describes what the security analyst is seeing?
A. Concurrent session usage
B. Secure DNS cryptographic downgrade
C. On-path resource consumption
D. Reflected denial of service
D
A systems administrator wants to prevent users from being able to access data based on their
responsibilities. The administrator also wants to apply the required access structure via a
simplified format. Which of the following should the administrator apply to the site recovery
resource group?
A. RBAC
B. ACL
C. SAML
D. GPO
A
One of a company's vendors sent an analyst a security bulletin that recommends a BIOS update.
Which of the following vulnerability types is being addressed by the patch?
A. Virtualization
B. Firmware
C. Application
D. Operating system
B
A security analyst locates a potentially malicious video file on a server and needs to identify both
the creation date and the file's creator. Which of the following actions would most likely give
the security analyst the information required?
A. Obtain the file's SHA-256 hash.
B. Use hexdump on the file's contents.
C. Check endpoint logs.
D. Query the file's metadata.
D
After a recent vulnerability scan, a security engineer needs to harden the routers within the
corporate network. Which of the following is the most appropriate to disable?
A. Console access
B. Routing protocols
C. VLANs
D. Web-based administration
D
Which of the following should a systems administrator use to ensure an easy deployment of
resources within the cloud provider?
A. Software as a service
B. Infrastructure as code
C. Internet of Things
D. Software-defined networking
B
An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older
browser versions with well-known exploits. Which of the following security solutions should be
configured to best provide the ability to monitor and block these known signature-based
attacks?
A. ACL
B. DLP
C. IDS
D. IPS
D
During the onboarding process, an employee needs to create a password for an intranet
account. The password must include ten characters, numbers, and letters, and two special
characters. Once the password is created, the company will grant the employee access to other
company-owned websites based on the intranet profile. Which of the following access
management concepts is the company most likely using to safeguard intranet accounts and
grant access to multiple sites based on a user's intranet account? (Select two).
A. Federation
B. Identity proofing
C. Password complexity
D. Default password changes
E. Password manager
F. Open authentication
A C