QUESTION 1
In an organization, different tiers of access are required for a customer record. Engineers need access to the customer’s infrastructure information, managers need access to contract information, and the financial department needs access to billing information. For this organization, why is rule-based access control preferred over discretionary access control?
A. to ensure adherence to predefined access rules based on roles
B. to allow each team to set their access permissions over data
C. to simplify the process of auditing
D. to facilitate flexible assignments on each user
Correct Answer: A
QUESTION 2
A software development company develops high-end technology for the customer that will go through the HIPAA audit program. The technology will be hosted on the cloud, and the healthcare, employee names, and contact information will be stored on two separate logically isolated private cloud services. The patents and inventions will be hosted on separated encrypted database. A compliance team is asked to analyze the cloud infrastructure and architecture to identify the protected data. Which two types of protected data should be identified? (Choose two.)
A. Self-sovereign Identity (SSI)
B. Payment Card Industry (PCI)
C. Federated Identity ID (FII)
D. Personally Identifiable Information (PII)
E. Protected Health Information (PHI)
Correct Answer: DE
QUESTION 3
What is an evasion technique?
A. deleting update sources from an intrusion prevention system database
B. injecting insecure malicious code into an application or a system
C. building a payload that constructs a not existing signature in the antivirus database
D. blocking digital data using one or more mathematical methods
Correct Answer: C
QUESTION 4
An engineer must gather data for monitoring purposes from different network devices. The engineer must gather events from the local network and use that information for packet sniffing. The engineer must create an exact copy and provide full fidelity. Which solution must the engineer use?
A. tap
B. tunneling
C. NAT
D. span ports
Correct Answer: A
QUESTION 5
Which access control should a chief information security officer select to protect extremely sensitive data categorized at various levels of confidentiality?
A. MAC; each object owner is responsible to provide access only to authorized users.
B. MAC; access control decisions are centrally managed and minimize the human error probability.
C. DAC; each object owner is responsible to provide access only to authorized users.
D. DAC; access control decisions are centrally managed and minimize the human error probability.
Correct Answer: B
QUESTION 6
In a dynamic and collaborative environment between several teams and users, why is the discretionary access control method preferred over nondiscretionary access control?
A. to apply centralized rules and management
B. to ensure strict policies with less human errors
C. to establish a strict hierarchical access model
D. to encourage flexibility and autonomy in collaboration
Correct Answer: D
QUESTION 7
Which type of attack affects the availability of the target?
A. cross-site scripting
B. social engineering
C. SQL injection
D. denial of service
Correct Answer: D
QUESTION 8
What is the difference between antimalware and antivirus?
A. Antimalware identifies threats based on abnormal user behavior and changes that follow this activity, and antivirus recognizes malicious files and activities by an online open-source database filled with millions of existing samples.
B. Antivirus identifies threats based on abnormal user behavior and changes that follow this activity, and antimalware recognizes malicious files and activities by an online open-source database filled with millions of existing samples.
C. Antimalware applications are more effective for standard varieties of threats, and an antivirus can recognize and mitigate unusual and complicated malware strains and increase protection.
D. Antivirus applications are more effective for standard varieties of threats, and antimalware can recognize and mitigate unusual and complicated malware strains and increase protection.
Correct Answer: D
QUESTION 9
What is the difference between antimalware and antivirus solutions?
A. Antivirus applications operate proactively to block ransomware before it can encrypt data, and antimalware cannot resist advanced classes of malware.
B. Antimalware operates using thousands of pieces of threat intelligence information from existing samples, and antivirus can identify patterns of well-known attack types and detect an attack vector before an attack is successful.
C. Antivirus operates using thousands of pieces of threat intelligence information from existing samples, and antimalware can identify patterns of well-known attack types and detect an attack vector before an attack is successful.
D. Antimalware applications operate proactively to block ransomware before it can encrypt data, and antivirus cannot resist advanced classes of malware.
Correct Answer: C
QUESTION 10
What describes the public key infrastructure (PKI)?
A. PKI verifies the identity of the user and sender and creates secure communication channels using symmetric encryption.
B. PKI ensures packet loss prevention and creates secure communication channels using symmetric encryption.
C. PKI verifies the identity of the user and sender and creates secure communication channels using asymmetric encryption.
D. PKI ensures packet loss prevention and creates secure communication channels using asymmetric encryption.
Correct Answer: C
QUESTION 11
Which piece of information is part of the chain of custody during investigation?
A. list of critical assets
B. company that was collecting evidence
C. list of vulnerable assets
D. method the evidence collection
Correct Answer: D
QUESTION 12
While analyzing the process of a recent breach case, a forensic investigator determined that an external USB drive was connected to the laptop of the HR manager and personal data of employees was exfiltrated to an external source. Video surveillance showed a stranger giving this USB drive to an HR manager during a job interview. How must this type of evidence be categorized?
A. indirect evidence
B. corroborative evidence
C. best evidence
D. direct evidence
Correct Answer: D
QUESTION 13
In a coordinated cyber incident, a network of compromised machines operates under the influence of an external entity, executing tasks without the knowledge of legitimate users. These devices receive and execute instructions from a central source, which allows manipulation of the network for various malicious purposes, such as data theft, distributed attacks, or espionage. Which sophisticated endpoint-based attack technique does this scenario exemplify?
A. ransomware
B. unauthorized access
C. DDOS
D. command and control
Correct Answer: D
QUESTION 14
A company had a recent breach and lost confidential data to a competitor. An internal investigation found out that a new junior accounting specialist logged in to an accounting server with their user ID and stole confidential data. The junior accounting specialist denies the action and claims that the attempt was done by someone else. During court proceedings, the company presents logs and CCTV camera recordings that show the malicious insider in action. Which type of evidence has the company presented?
A. circumstantial and direct
B. direct and corroborative
C. corroborative and substantive
D. indirect and corroborative
Correct Answer: A
QUESTION 15
Which two attacks are denial-of-service attacks? (Choose two.)
A. UDP flooding
B. man-in-the-middle
C. ping of death
D. TCP connections
E. code-red
Correct Answer: AC
QUESTION 16
A multinational organization uses a complex network infrastructure, incorporating various cloud services, different endpoints, and distributed networks with several network security devices. Which challenge will the security team face when ensuring robust data visibility across the organization for effective threat detection and response?
A. duplicate logs and alerts from different platforms
B. limited data retention policies across different platforms
C. inconsistent data aggregation from different technologies used within the organization
D. different protocols used through different technologies across the organization
Correct Answer: C
QUESTION 17
A user reports difficulties accessing certain external web pages. When an engineer examines traffic to and from the external domain in full packet captures, it is revealed that many SYNs have the same sequence number, source, and destination IP address, but have different payloads. What causes this situation?
A. failure of the full packet capture solution
B. insufficient network resources
C. misconfiguration of a web filter
D. TCP injection
Correct Answer: D
QUESTION 18
What is the difference between tampered and untampered disk images?
A. Tampered images are secure.
B. Untampered images are not secure.
C. Untampered images store hidden items inside.
D. Tampered images store hidden items inside.
Correct Answer: D
QUESTION 19
What is a ransomware attack?
A. It encrypts a victim’s data and prevents access to it.
B. It is a component of a malware attack used to establish a remote covert channel.
C. The volume of data exceeds the storage.
D. It is malicious software that steals confidential data.
Correct Answer: A
QUESTION 20
What is the name of the technology that searches and reports on known weaknesses and flaws that are present in the IT infrastructure of an organization?
A. configuration management
B. vulnerability scanner
C. identity and access management
D. mobile device management
Correct Answer: B
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.