This Knowt contains all of the practice questions from the end of each section, from chapters 6 - 13. Also if you're in Professor McGowan's class... hi LOL 🙋🏼♂️
Which of the following are solutions that address physical security? (Select two.)
Escort visitors at all times.
Scan all floppy disks before use.
Require identification and name badges for all employees.
Disable guest accounts on computers.
Implement complex passwords.
Escort visitors at all times, require identification and name badges for all employees.
If a fingerprint or retina scan is required to open a secured door, which kind of physical security has been implemented?
Access list
Double-entry door
Mantrap
Biometric locks
Biometric locks
A security manager decides to enhance the physical security of a warehouse storing high-value tech equipment by installing a deterrent at the perimeter to prevent vehicle-based attacks. Which security measure would be the MOST suitable for this purpose?
Bollards
Access control vestibule
Access badge
Fencing
Bollards
You want to use CCTV to increase your physical security, and you want the ability to remotely control the camera position. Which camera type should you choose?
Dome
Bullet
PTZ
C-mount
PTZ
Which of the following controls is an example of a physical access control method?
Hiring background checks
Passwords
Locks on doors
Smart cards
Access control lists with permissions
Locks on doors
A data center must enhance its security measures to prevent unauthorized access to its facility. The center are considering different methods to achieve this goal. What should the data center implement first to ensure a strong physical barrier against intrusions?
Security guard patrols
Video surveillance
Fencing
Biometric authentication
Fencing
To increase the physical security of a secured location, an organization deploys motion detection sensors throughout the grounds and building. What type of sensor uses this technology?
Infrared sensor
Ultrasonic sensor
Microwave sensor
Pressure sensor
Infrared sensor
As the head of physical security at a large tech company, you have been tasked with investigating a series of unauthorized entries into secure areas of your facilities. The intrusions have been sporadic and seemingly random, with no clear pattern or motive. The intruders have not been caught on camera, and no physical damage or theft has been reported. However, you notice that the access logs show entries made using the credentials of employees who were not on-site at the time of the incidents. Which of the following is the MOST likely method the intruders are using to gain access?
Bypassing CCTV cameras
RFID cloning
Lock picking
Social engineering
RFID cloning
Which kind of access control technology allows more than just the identity of an individual to be transmitted wirelessly to either allow or deny access?
Keypad locks
Biometric locks
Proximity card
Smart card
Smart card
A company wants to improve the physical security at its headquarters. They need a solution that can help regulate access to the building and deter potential intruders during nighttime. Which physical security measure should they prioritize?
Access control vestibule
Closed-circuit television (CCTV)
Perimeter fencing
Enhanced lighting
Access control vestibule
You want to identify all devices on a network along with a list of open ports on those devices. You want the results displayed in a graphical diagram. Which tool should you use?
Ping scanner
OVAL
Port scanner
Network mapper
Network mapper
You need to check network connectivity from your computer to a remote computer. Which of the following tools would be the BEST option to use?
ping
tracert
nmap
route
As a cybersecurity analyst, you are tasked with performing active reconnaissance on a potential client's network to identify vulnerabilities. You have already completed the passive reconnaissance phase. Which of the following steps would you take next, and why?
Begin with port scanning to identify open ports and the services running on them.
Start by launching a denial-of-service (DoS) attack to test the network's resilience.
Use social engineering techniques to trick employees into revealing sensitive information.
Immediately report to the client that their network is secure based on the passive reconnaissance results.
Begin with port scanning to identify open ports and the services running on them.
You want to use a tool to scan a system for vulnerabilities, including open ports, running services, and missing patches. Which tool should you use?
LC4
Wireshark
Nessus
OVAL
Nessus
Gathering as much personally identifiable information (PII) on a target as possible is a goal of which reconnaissance method?
Passive
Active
Packet sniffing
OSINT
OSINT
Which type of reconnaissance is associated with dumpster diving?
OSINT
Active
Packet sniffing
Passive
Passive
Which passive reconnaissance tool is used to gather information from a variety of public sources?
Shodan
scanless
Packet sniffing
theHarvester
theHarvester
Which of the following tools can be used to see if a target has any online IoT devices without proper security?
scanless
Shodan
theHarvester
Packet sniffing
Shodan
You are a cybersecurity analyst tasked with performing passive reconnaissance on a potential client's network. You need to gather information from a variety of public sources including emails, names, subdomains, IPs, and URLs. Which of the following tools would be most appropriate for this task?
Shodan
theHarvester
OSINT framework
Dnsenum
theHarvester
Which of the following is known as the process of walking around an office building with an 802.11 signal detector.
War dialing
Daemon dialing
Driver signing
War driving
War driving
You are concerned about protecting your network from network-based attacks on the internet. Specifically, you are concerned about attacks that have not yet been identified or that do not have prescribed protections. Which type of device should you use?
Host-based firewall
Anomaly-based IDS
Signature-based IDS
Antivirus scanner
Network-based firewall
Anomaly-based IDS
Which of the following describes the worst possible action by an IDS?
The system detected a valid attack and the appropriate alarms and notifications were generated.
The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.
The system correctly deemed harmless traffic as inoffensive and let it pass.
The system identified harmless traffic as offensive and generated an alarm.
The system identified harmful traffic as harmless and allowed it to pass without generating any alerts.
Which of the following describes a false positive when using an IPS device?
The source address identifying a non-existent host.
Malicious traffic masquerading as legitimate traffic.
The source address matching the destination address.
Legitimate traffic being flagged as malicious.
Malicious traffic not being identified.
Legitimate traffic being flagged as malicious.
As a security precaution, you have implemented IPsec that is used between any two devices on your network. IPsec provides encryption for traffic between devices. You would like to implement a solution that can scan the contents of the encrypted traffic to prevent any malicious attacks. Which solution should you implement?
Protocol analyzer
Host-based IDS
VPN concentrator
Network-based IDS
Port scanner
Host-based IDS
What is the MOST common form of host-based IDS that employs signature or pattern-matching detection methods?
Honeypots
Motion detectors
Antivirus software
Firewalls
Antivirus software
An active IDS system often performs which of the following actions? (Select two.)
Traps and delays the intruder until the authorities arrive.
Performs reverse lookups to identify an intruder.
Cannot be detected on the network because it takes no detectable actions.
Requests a second logon test for users performing abnormal activities.
Updates filters to block suspect traffic.
Performs reverse lookups to identify an intruder, updates filters to block suspect traffic
You are concerned about attacks directed at your network firewall. You want to be able to identify and be notified of any attacks. In addition, you want the system to take immediate action to stop or prevent the attack, if possible. Which tool should you use?
Packet sniffer
IDS
IPS
Port scanner
IPS
Listen to exam instructions
Your organization uses a web server to host an e-commerce site. Because this web server handles financial transactions, you are concerned that it could become a prime target for exploits. You want to implement a network security control that analyzes the contents of each packet going to or from the web server. The security control must be able to identify malicious payloads and block them. What should you do?
Implement a stateful firewall in front of the web server.
Implement an application-aware IDS in front of the web server.
Install an anti-malware scanner on the web server.
Implement a packet-filtering firewall in front of the web server.
Implement an application-aware IPS in front of the web server.
Implement an application-aware IPS in front of the web server.
Which IDS method searches for intrusion or attack attempts by recognizing patterns or identifying entities listed in a database?
Anomaly-analysis-based IDS
Heuristics-based IDS
Signature-based IDS
Stateful-inspection-based IDS
Signature-based IDS
A multinational corporation has recently implemented an intrusion detection system (IDS) and intrusion prevention system (IPS) to protect its network infrastructure.
The security team receives many alerts and struggles to manage false positives. The team must optimize the IDS and IPS to identify and prioritize actual threats while minimizing irrelevant alerts.
Which primary strategy should the team adopt to achieve this objective?
Implement trend analysis to identify patterns and anomalies, tune the IDS/IPS over time, and prioritize genuine threats.
Ignore all alerts from the IDS/IPS to focus on manual monitoring of network traffic.
Apply signature-based detection rules only to filter out false positives.
Integrate SELinux policies for a layered security approach, ensuring system-level restrictions to applications and processes.
Implement trend analysis to identify patterns and anomalies, tune the IDS/IPS over time, and prioritize genuine threats.
You are using a protocol analyzer to capture network traffic. You want to only capture the frames coming from a specific IP address. Which of the following can you use to simplify this process?
Display filters
Capture filters
Switch
NIC
Capture filters
Which of the following processes identifies an operating system based on its response to different types of network traffic?
Firewalking
Port scanning
Social engineering
Fingerprinting
Fingerprinting
You decide to use a packet sniffer to identify the type of traffic sent to a router. You run the packet sniffing software on a device that is connected to a hub with three other computers. The hub is connected to a switch that is connected to the router. When you run the software, you see frames addressed to the four workstations, but not to the router. Which feature should you configure on the switch?
Promiscuous mode
Port mirroring
Spanning Tree Protocol
Bonding
Port mirroring
You are running a packet sniffer on your workstation so you can identify the types of traffic on your network. You expect to see all the traffic on the network, but the packet sniffer only seems to be capturing frames that are addressed to the network interface on your workstation. Which of the following must you configure in order to see all of the network traffic?
Configure the network interface to use port mirroring mode.
Configure the network interface to use promiscuous mode.
Configure the network interface to enable logging.
Configure the network interface to use protocol analysis mode.
Configure the network interface to use promiscuous mode.
Which of the following accurately describes what a protocol analyzer is used for? (Select two.)
A device that measures the amount of data that can be transferred through a network or processed by a device.
A device that does NOT allow you to capture, modify, and retransmit frames (to perform an attack).
A device that allows you to capture, modify, and retransmit frames (to perform an attack).
A passive device that is used to copy frames and allow you to view frame contents.
A device that can simulate a large number of client connections to a website, test file downloads for an FTP site, or simulate large volumes of emails.
A device that does NOT allow you to capture, modify, and retransmit frames (to perform an attack), A passive device that is used to copy frames and allow you to view frame contents.
You want to identify traffic that is generated and sent through a network by a specific application running on a device. Which tool should you use?
Certifier
TDR
Toner probe
Protocol analyzer
Multimeter
Protocol analyzer
You want to know which protocols are being used on your network. You'd like to monitor network traffic and sort traffic by protocol. Which tool should you use?
Port scanner
Packet sniffer
IPS
Throughput tester
IDS
Packet sniffer
You are concerned about attacks directed against the firewall on your network. You would like to examine the content of individual frames sent to the firewall. Which tool should you use?
Throughput tester
Packet sniffer
Event log
Load tester
System log
Packet sniffer
Which of the following roles would be MOST likely to use a protocol analyzer to identify frames that might cause errors?
Security operations team
Network administrator
Standard user
Malicious hacker
Security operations team
You want to use a tool to see packets on a network, including the source and destination of each packet. Which tool should you use?
nmap
Nessus
OVAL
Wireshark
Wireshark
Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on a network?
MAC spoofing
Port mirroring
MAC flooding
ARP poisoning
ARP poisoning
A threat actor has successfully manipulated a client's DNS cache, causing the client to resolve domain names to incorrect IP addresses controlled by the threat actor. This allows the threat actor to redirect the client's network traffic to malicious websites.
ANSWER: Client cache poisoning
Client cache poisoning
A major online retail company has recently been experiencing intermittent downtime of its website. Network analysts observe a massive influx of traffic from multiple sources to the server. However, the traffic seems redirected from other systems. What type of attack is the company likely experiencing?
Collision
Injection
Distributed denial-of-service (DDoS)
Buffer overflow
Distributed denial-of-service (DDoS)
A company CEO is upset after receiving a call from a reporter at a local news station that the company is apparently at a launching point for a massive attack. The reporter provided detailed IP logs, and the network team reviewed them but could not find similar entries. What could be a possible explanation for the different records?
DNS-based on-path attack
DNS poisoning
DNS attack indicators
DNS client cache poisoning
DNS poisoning
A threat actor has successfully breached a company's network and has installed malicious code on a compromised host. The threat actor is now operating the compromised host remotely and maintaining access to it over a period of time. The threat actor's activity is disguised as part of the network's regular traffic. Detection of this type of activity usually depends on identifying anomalous connection endpoints. Which stage of the cyberattack lifecycle does this scenario represent?
Command and Control
Weaponization, delivery, and breach
Reconnaissance
Data exfiltration
Command and Control
A network administrator suspects an attacker is intercepting and potentially modifying communications between their organization's server and the client systems. The attacker is not detected by either party during this process. Which type of attack is the network administrator likely observing in this instance?
On-path attack
Distributed denial-of-service (DDoS) attack
Replay attack
Domain Name System (DNS) attack
On-path attack
A threat actor has launched an attack against a company's network. The threat actor spoofs the victim's IP address and attempts to open connections with multiple third-party servers. Those servers direct their responses to the victim host, rapidly consuming the victim's available bandwidth. Which type of attack does this scenario represent?
Amplified attack
Distributed denial-of-service (DDoS) attack
Reflected attack
Direct attack
Reflected attack
Which of the following statements about Bash is true?
Bash cannot be used to design malware that attacks systems running on Linux's Apache platform.
Bash works in the background to execute commands using environment variables.
Bash was released in 2000 and is rarely used today.
Bash is a command shell and scripting language used only in Windows operating systems.
Bash works in the background to execute commands using environment variables.
As a system administrator, you notice unusual network activity on a company server. Upon investigation, you discover that a PowerShell script is running in the background. What type of malware is MOST likely responsible for this activity?
Trojan horse
Fileless malware
Macro virus
Worm
Fileless malware
How can Visual Basic for Applications (VBA) be used to perform malicious attacks?
VBA can be used to delete all files on a computer system automatically.
VBA can be used to disable all security features on a computer system.
VBA can be used to create a macro virus that opens a shell on the Windows operating system.
VBA can be used to physically damage the hardware components of a computer.
VBA can be used to create a macro virus that opens a shell on the Windows operating system.
You are using a password attack that tests every possible keystroke for every single key in a password until the correct one is found. Which of the following technical password attacks are you using?
Password sniffing
Keylogger
Brute force attack
Pass-the-hash attack
Brute force attack
You are cleaning your desk at work. You toss several stacks of paper in the trash, including a sticky note with your password written on it. Which of the following types of non-technical password attacks have you enabled?
Password guessing
Social engineering
Shoulder surfing
Dumpster diving
Dumpster diving
Carl receives a phone call from a woman who states she is calling from his bank. She tells him that someone has tried to access his checking account, and she needs him to confirm his account number and password to discuss further details. He gives her his account number and password.
Which of the following types of non-technical password attack has occurred?
Dumpster diving
Password guessing
Shoulder surfing
Social engineering
Social engineering
A hacker successfully exfiltrates a database of user passwords and attempts to gain access to it as the hacker can now go around the authentication system. What type of attack has the hacker achieved?
Dictionary
Password spraying
Brute force
Offline
Offline
You want to check a server for user accounts that have weak passwords. Which tool should you use?
John the Ripper
Nessus
Retina
OVAL
John the Ripper
Which of the following password attacks uses preconfigured matrices of hashed dictionary words?
Dictionary attack
Brute-force attack
Hybrid attack
Rainbow table attack
Rainbow table attack
Which of the following techniques involves adding random bits of data to a password before it is stored as a hash?
Pass-the-hash attack
Password sniffing
Keylogging
Password salting
Password salting
Which of the following BEST describes shoulder surfing?
Finding someone's password in the trash can and using it to access their account.
Guessing someone's password because it is so common or simple.
Someone nearby watching you enter your password on your computer and recording it.
Giving someone you trust your username and account password.
Someone nearby watching you enter your password on your computer and recording it.
An organization notices an external actor trying to gain access to the company network. The attacker is not targeting a specific account but rather using the same password across a vast range of usernames in hopes that one might be correct. What type of attack BEST describes this scenario?
Brute force
Rainbow table
Dictionary
Spraying
Spraying
Which social engineering technique involves the attacker interacting with the user to trick them into revealing their username and password?
Dumpster diving
User manipulation
Password guessing
Physical access
User manipulation
You are the IT Director at a mid-sized company. The company's core business operations rely on a legacy system that has recently reached its end-of-life (EOL). The vendor no longer supports this system, and it has known security vulnerabilities. However, transitioning to a new system would be costly and time-consuming. What is the BEST course of action?
Immediately transition to a new system, regardless of the cost and disruption to business operations.
Ignore the EOL status and continue operations as usual, as the system has been reliable so far.
Develop a detailed transition plan that includes a cost-benefit analysis, risk assessment, and timeline for transitioning to a new system.
Continue using the EOL system and hope that the known vulnerabilities won't be exploited.
Develop a detailed transition plan that includes a cost-benefit analysis, risk assessment, and timeline for transitioning to a new system.
A cyber consultant inspects a corporate desktop after receiving numerous complaints. What type of vulnerability can include instances where processors inside the computer allow malicious programs to steal data during processing?
Firmware
End-of-life
Legacy
Virtualization
Firmware
What describes systems that create risk because they no longer receive critical security updates and patches?
Sandbox
Thin client
Operating system
Legacy system
Legacy system
A medium-sized software development company recently introduced a bug bounty program to identify and mitigate vulnerabilities in their flagship application. The security manager plans to coordinate the program's rules and engagement policies. When setting up a bug bounty program for vulnerability management, which activities should the security manager prioritize to ensure the program's effectiveness and ethical participation? (Select two.)
Providing valuable real-time information on the latest cyber threats and vulnerabilities.
Offering substantial rewards regardless of the severity of the bug found.
Establishing a clear scope of which assets researchers can test.
Providing a secure platform for researchers to report findings.
Allowing researchers to disclose findings publicly immediately after discovery.
Establishing a clear scope of which assets researchers can test, Providing a secure platform for researchers to report findings.
A system admin discovers a security vulnerability in a widely used software and brings it to the manager's attention, who said to fix it but has not released the information yet. The system admin releases the information anyway, as the company is part of a voluntary info-sharing organization. What is the company a part of?
Responsible disclosure program
Auditing
Penetration testing
Bug bounty program
Responsible disclosure program
Open-source threat feeds are an excellent tool for utilizing all companies with an online presence. However, some companies use proprietary threat feeds for an additional cost due to more depth, breadth, and sophistication of analysis found herein. What are the three primary forms these can take? (Select three.)
Reputational threat intelligence
Bug bounties
Dark web
Dark net
Threat data
Behavioral threat research
Vulnerability management
Reputational threat intelligence, Threat data, Behavioral threat research
In your role as a security analyst, you need to stay up to date on the latest threats. You are currently reviewing the latest real-time updates on cyberthreats from across the world. Which of the following resources are you MOST likely using?
Advisories and bulletins
Intelligence fusion
Threat feeds
Threat hunting
Threat feeds
You have run a vulnerability scanning tool and identified several patches that need to be applied to a system. What should you do next after applying the patches?
Use a port scanner to check for open ports.
Run the vulnerability assessment again.
Update the vulnerability scanner definition files.
Document your actions.
Run the vulnerability assessment again.
You are a cybersecurity analyst who has recently implemented a remediation plan for a critical vulnerability in your organization's network. Your manager has asked you to ensure the effectiveness of your remediation efforts. What is the MOST crucial next step you should take?
Update the organization's vulnerability database
Inform the stakeholders about the remediation
Move on to the next identified vulnerability
Auditing the remediation process
Auditing the remediation process
You are the lead cybersecurity analyst for a multinational corporation. Your team has recently completed a vulnerability analysis of the company's IT infrastructure. The CEO has requested a briefing on the most critical consideration that should guide the company's remediation efforts. Which of the following considerations should you emphasize in your briefing?
Classification
Prioritization
Risk tolerance
Exposure factor
Exposure factor
Which of the following are key purposes of running a credentialed scan in a vulnerability assessment? (Select two.)
Compromised user account
Public network access
External network perimeter
Testing routines
Unprivileged user access
Compromised user account, Testing routines
You are a cybersecurity analyst at a large corporation. Your team has been tasked with conducting a vulnerability assessment of the company's internal network. You have been given the option to perform either a credentialed or non-credentialed scan. Which of the following factors would most strongly suggest that a credentialed scan is the appropriate choice for this situation?
The company's IT department has recently installed a new patch management system.
The company's network has recently been targeted by a series of external cyber attacks.
The company has a large number of third-party applications installed on its network.
The company has recently implemented a new security policy that restricts the use of administrative privileges.
The company has recently implemented a new security policy that restricts the use of administrative privileges.
An application security analyst at a software company is assessing a new software application before releasing it to customers. Before deciding on the BEST approach for the assessment, the analyst recalls that there are different methods of analysis to evaluate the software's security posture. The analyst wants to assess the software's running state to identify potential vulnerabilities during its execution. Considering the preference to evaluate the software in its running state and identifying vulnerabilities during execution, which type of examination should the analyst primarily rely on?
Source code fingerprinting
Dynamic analysis
Manual penetration testing
Static code review
Dynamic analysis
Which of the following are key areas of focus for a non-credentialed scan in a vulnerability assessment? (Select two.)
Internal network access
Compromised user account
Privileged user access
External network perimeter
Unprivileged user access
External network perimeter, Unprivileged user access
You are a cybersecurity analyst at a financial institution. Your team has been tasked with conducting a vulnerability assessment of the company's external network perimeter. You have been given the option to perform either a credentialed or non-credentialed scan. Which of the following factors would MOST strongly suggest that a non-credentialed scan is the appropriate choice for this situation?
The company's IT department has recently installed a new patch management system.
The company's network has recently been targeted by a series of external cyber attacks.
The company has a large number of third-party applications installed on its network.
The company has recently implemented a new security policy that restricts the use of administrative privileges.
The company's network has recently been targeted by a series of external cyber attacks.
As a cybersecurity analyst, you are tasked with identifying known vulnerabilities in the third-party software packages, libraries, and dependencies used within your organization. Which of the following would be the MOST effective tool for accomplishing this task?
National Vulnerability Database (NVD)
Intrusion detection system (IDS)
Software Bill of Materials (SBOM)
Software composition analysis (SCA)
National Vulnerability Database (NVD)
You are a cybersecurity analyst at a large organization. You've noticed that several third-party software packages used within your organization have not been updated in a while. What is the MOST appropriate action to take?
Update the software packages immediately without informing anyone
Delete the outdated software packages from the system.
Inform your manager about the issue and suggest implementing automated package monitoring.
Ignore the issue as it's not your responsibility to update third-party software.
Inform your manager about the issue and suggest implementing automated package monitoring.
As a cybersecurity analyst, you are tasked with improving the security of your organization's software applications. One of your responsibilities is to ensure that all third-party software packages, libraries, and dependencies used within your organization are up-to-date and free from known vulnerabilities. Which of the following would be the MOST effective tool for accomplishing this task?
Intrusion detection system (IDS)
Software Bill of Materials (SBOM)
National Vulnerability Database (NVD)
Software composition analysis (SCA)
Software Bill of Materials (SBOM)
Which of the following statements about network vulnerability scanners is true?
Network vulnerability scanners do not depend upon a database of known software and configuration vulnerabilities.
Network vulnerability scanners only identify vulnerabilities but do not suggest any remediation techniques.
Network vulnerability scanners can test common operating systems, desktop applications, and server applications.
Network vulnerability scanners, such as Tenable Nessus and OpenVAS, are designed to test only servers and switches.
Network vulnerability scanners can test common operating systems, desktop applications, and server applications.
Which of the following statements about vulnerability scanning is true?
Vulnerability scanning is a process of identifying, classifying, and ignoring vulnerabilities within a system or network.
Non-credentialed scans are more intrusive and provide a more in-depth analysis than credentialed scans.
Network vulnerability scanners, such as Tenable Nessus and OpenVAS, are designed to test only servers and switches.
Package monitoring is a critical capability in application vulnerability assessment practices as it tracks and assesses the security of third-party software packages, libraries, and dependencies.
A manufacturing company's security manager plans to implement corrective operational controls to mitigate potential security threats. Which of the following instances would be the appropriate control?
A firewall that prevents unauthorized access to the network.
Enabling continuous monitoring to disable abnormal accounts.
Regular penetration testing to uncover potential vulnerabilities.
A security camera system monitoring the premises.
Enabling continuous monitoring to disable abnormal accounts.
A security operations analyst at a financial institution analyzes an incident involving unauthorized transactions. The analyst suspects that a malware infection on one of the endpoints might have led to the unauthorized access. To identify the root cause and trace the activities of the suspected malware, which combination of data sources should the analyst primarily consider?
Firewall logs, system memory metadata, and automated reports from the SIEM tool.
Logs from applications involved in the transactions, logs generated by the host's antivirus software, and /var/log/auth.log for authentication and authorization data.
Network logs, packet captures, and logs generated by network-based vulnerability scanners.
Endpoint logs, log files generated by the OS components of the affected host computer, and logs from the host-based intrusion detection system.
Endpoint logs, log files generated by the OS components of the affected host computer, and logs from the host-based intrusion detection system.
A network administrator at a large tech company has the task of enhancing the visibility into network traffic patterns in a distributed enterprise network. The administrator wants to implement a solution that captures metadata and statistics about network traffic without recording each frame, with the goal of improving the company's security measures. Which tool should the administrator consider implementing?
A simple network management protocol (SNMP) trap
A data loss prevention
A vulnerability scanner
A NetFlow collector
A NetFlow collector
After experiencing a catastrophic server failure in the headquarters building, what can the company use to monitor notable events such as port failure, chassis overheating, power failure, or excessive central processing unit (CPU) utilization?
Security content automation protocol
Data loss prevention
Antivirus (A-V)
Simple network management protocol (SNMP) trap
Simple network management protocol (SNMP) trap
Which SIEM component is responsible for gathering all event logs from configured devices and securely sending them to the SIEM system?
SIEM alerts
Collectors
Data handling
Security automation
Collectors
A security analyst is optimizing a multinational company's security information and event management (SIEM) system. The system collects security event data from sources globally, and the analyst has noticed inconsistencies due to different time zones. What should the analyst consider to ensure a consistent timeline across all logs for accurate event correlation?
Installing agents on all data sources to ensure synchronization with the SIEM server's time zone.
Configuring the SIEM system to only collect data during the company's standard business hours.
Implementing additional packet sniffers to collect network data uniformly.
Adjusting the log aggregation process in the SIEM system to normalize date/time zone differences.
Adjusting the log aggregation process in the SIEM system to normalize date/time zone differences.
To optimize the enterprise security information and event management (SIEM) solution, a multinational 's chief information security officer (CISO) is strategizing. The SIEM system acquires data from diverse sources, including Linux and Windows servers, advanced switches, Next Generation Firewalls (NGFWs), and routers. Which feature should the CISO prioritize improving in the SIEM solution to standardize the data and enhance its searchability?
Upgrading the network-based data collection method in the SIEM solution.
Elevating the SIEM solution's threat-hunting capabilities.
Integrating additional intrusion detection systems (IDS) into the network.
Augmenting the log correlation mechanism in the SIEM solution.
Augmenting the log correlation mechanism in the SIEM solution.
Which of the following security orchestration, automation, and response (SOAR) system automation components is often used to document the processes and procedures that are to be used by a human during a manual intervention?
Orchestration
Response
Runbook
Playbook
Playbook
Which of the following systems is able to respond to low-level security events without human assistance?
Firewall
SOAR
SIEM
IDS
SOAR
Listen to exam instructions
Which of the following DLP implementations can be used to monitor and control access to physical devices on workstations or servers?
File-level DLP
Cloud DLP
Endpoint DLP
Network DLP
Endpoint DLP
You have been hired as part of the team that manages an organization's network defense. Which security team are you working on?
Red
White
Blue
Purple
Blue
As part of a special program, you have discovered a vulnerability in an organization's website and reported it to the organization. Because of the severity, you are paid a good amount of money. Which type of penetration test are you performing?
Black box
Bug bounty
White box
Gray box
Bug bounty
Which phase or step of a security assessment is a passive activity?
Enumeration
Reconnaissance
Vulnerability mapping
Privilege escalation
Reconnaissance
Which team performs the offensive role in a penetration exercise?
Purple team
Red team
White team
Blue team
Red team
The IT department in an accounting firm is gearing up for an external penetration testing engagement to evaluate the organization's security readiness. To guarantee a seamless testing process and prevent misunderstandings, the IT team has worked closely with the company's management and relevant stakeholders to set up the rules of engagement (ROE) for the assessment. What is the purpose of establishing rules of engagement during a penetration testing engagement?
To eliminate all security vulnerabilities identified during the testing process.
To define the scope of the assessment, testing methods, and timeframe for conducting the test.
To ensure the penetration test results are shared with external parties to strengthen collaboration.
To allow penetration testers unrestricted access to all systems and data within the organization.
To define the scope of the assessment, testing methods, and timeframe for conducting the test.
You have been promoted to team lead of one of the security operations teams. Which security team are you now a part of?
Purple
Red
Blue
White
White
A cybersecurity team is preparing to conduct a comprehensive security assessment. The team has access to system documentation, network diagrams, and source code and has permission to interview IT staff. What type of testing environment is the team operating within?
Partially known environment
Unknown environment
Known environment
Uncontrolled environment
Known environment
A cybersecurity team at an organization prepares to carry out an assessment that aims to mimic potential attackers' tactics, techniques, and procedures (TTPs) to identify vulnerabilities and weaknesses in the organization's digital systems. What type of penetration test is the team about to conduct?
Integrated penetration testing
Physical penetration testing
Offensive penetration testing
Defensive penetration testing
Offensive penetration testing
The IT security team of a company has concerns about network vulnerabilities and hires an external penetration tester to evaluate its security controls and identify potential risks. The company provides the penetration tester with fragments of network information and permits them to use reconnaissance techniques for further information gathering. What penetration testing method is the company using?
Open-source intelligence gathering
Partially known environment penetration testing
Unknown environment penetration testing
Known environment penetration testing
Partially known environment penetration testing
A software company has completed in-house testing and auditing and is bringing in an outside source to attempt to compromise the new software. The project head wants to ensure that the MOST realistic testing goes against the software. What type of penetration testing will the outside source use on this new software?
Environmental variables
Partially known environment
Known environment
Unknown environment
Unknown environment