QUESTION 121
How is symmetric encryption used for HTTPS connections?
A. The symmetric encryption algorithm uses public/private certificates.
B. The key exchange process is reliable and secure.
C. Encryption is based on RSA-2048.
D. The symmetric key is used for encryption.
Correct Answer: D
QUESTION 122
Which security monitoring data type is associated with application server logs?
A. session data
B. transaction data
C. alert data
D. statistical data
Correct Answer: C
QUESTION 123
Which type of data is used to monitor and detect anomalies within the organization’s network?
A. metadata
B. alert
C. statistical
D. transaction
Correct Answer: C
QUESTION 124
Which type of attack involves executing arbitrary commands on the operating system to escalate privileges?
A. cross-site scripting
B. SQL injection
C. command injection
D. Apache log
Correct Answer: C
QUESTION 125
The SOC team detected an ongoing port scan. After investigation, the team concluded that the scan was targeting the company servers. According to the Cyber Kill Chain model, which step must be assigned to this type of event?
A. exploitation
B. reconnaissance
C. delivery
D. actions on objectives
Correct Answer: B
QUESTION 126
A security specialist is investigating an incident regarding a recent major breach in the organization. The accounting data from a 24-month period is affected due to a trojan detected in a department’s critical server. A security analyst investigates the incident and discovers that an incident response team member who detected a trojan during regular AV scans had made an image of the server for evidence purposes. The security analyst made an image again to compare the hashes of the two images, and they appeared to differ and do not match. Which type of evidence is the security analyst dealing with?
A. integrity violated image
B. untampered image
C. checksum violated image
D. tampered image
Correct Answer: A
QUESTION 127
Which principle reduces the risk of attackers gaining access to sensitive data by compromising a low-level user account?
A. privilege separation
B. limited access
C. least privilege
D. separation of duties
Correct Answer: C
QUESTION 128
Which description is a defense-in-depth principal strategy?
A. developing approval flow for new hires
B. designing Active Directory groups
C. isolating employees with access to critical data
D. implementing VLANs to segment network traffic
Correct Answer: D
QUESTION 129
Where is a host-based intrusion detection system located?
A. on an end-point as an agent
B. on a span switch port
C. on a tap switch port
D. on a dedicated proxy server monitoring egress traffic
Correct Answer: A
QUESTION 130
A security engineer must protect the company from known issues that trigger adware. Recently new incident has been raised that could harm the system. Which security concepts are present in this scenario?
A. exploit and patching
B. risk and evidence
C. vulnerability and threat
D. analysis and remediation
Correct Answer: C
QUESTION 131
Which type of evasion technique is accomplished by separating the traffic into smaller segments before transmitting across the network?
A. fragmentation
B. proxies
C. tunneling
D. encryption
Correct Answer: A
QUESTION 132
A CMS plugin creates two files that are accessible from the Internet: myplugin.html and exploitable.php. A newly discovered exploit takes advantage of an injection vulnerability in exploitable.php. To exploit the vulnerability, an HTTP POST must be sent with specific variables to exploitable.php. A secunty engineer notices traffic to the webserver that consists of only HTTP GET requests to myplugin.html. Which category does this activity fall under?
A. weaponization
B. exploitation
C. reconnaissance
D. installation
Correct Answer: C
QUESTION 133
A network engineer noticed in the NetFlow report that internal hosts are sending many DNS requests to external DNS servers. ASOC analyst checked the endpoints and discovered that they are infected and became part of the botnet. Endpoints are sending multiple DNS requests, but with spoofed IP addresses of valid external sources. What kind of attack are infected endpoints involved in?
A. DNS flooding
B. DNS hijacking
C. DNS amplification
D. DNS tunneling
Correct Answer: C
QUESTION 134
Which piece of information is needed for attribution in an investigation?
A. asset value and an asset owner
B. attack surface and the threat posing the risk
C. attack vector and exploited vulnerability
D. threat actor and associated behavior
Correct Answer: D
QUESTION 135
What are the three critical security principles or goals of the CIA triad?
A. Protect the confidentiality of data, and ensure that protected data is unaltered at all stages and available for permitted requesters
B. Implement data tags to identify critical assets and data for preserving the secretness, and develop policies and procedures for accessing data.
C. Ensure that the connections are safe and the data delivery is improved continuously with appropriate monitoring and cross-checks.
D. Validate the copyright of the data, and ensure that individual data owners are protected with a defense-in-depth approach.
Correct Answer: A
QUESTION 136
What is a description of the defense-in-depth strategy?
A. deployment of NGFWs at each segment of a network for deep visibility and control
B. encryption of data at rest and data in transit
C. implementation of advanced malware protection for network and endpoints
D. introduction of multilayer security controls for each aspect of IT
Correct Answer: D
QUESTION 137
What is the difference between deep packet inspection and stateful inspection?
A. Stateful inspection is more secure due to its complex signatures, and deep packet inspection requires less human intervention.
B. Deep packet inspection gives insights up to Layer 7, and stateful inspection gives insights only up to Layer 4.
C. Stateful inspection verifies data at the transport layer, and deep packet inspection verifies data at the application layer.
D. Deep packet inspection is more secure due to its complex signatures, and stateful inspection requires less human intervention.
Correct Answer: B
QUESTION 138
A security engineer notices confidential data being exfiltrated to a domain “Ransomware” address that is attributed to a known advanced persistent threat group. The engineer discovers that the activity is part of a real attack and not a network misconfiguration. Which category does this event fall under as defined in the Cyber Kill Chain?
A. Delivery
B. Reconnaissance
C. Weaponization
D. action on objectives
Correct Answer: D
QUESTION 139
What is a difference between a threat and a risk?
A. A risk is a flaw or hole in security, and a threat is what is being used against that flaw.
B. A threat is a sum of risks, and a risk itself represents a specific danger toward the asset.
C. A risk is an intersection between threat and vulnerabilities, and a threat is what a security engineer is trying to protect against.
D. A threat can be people, property, or information, and risk is a probability by which these threats may bring harm to the business.
Correct Answer: C
QUESTION 140
Which attack method is being used when an attacker tries to compromise a network with an authentication system that uses only 4-digit numeric passwords and no username?
A. replay
B. SQL injection
C. dictionary
D. cross-site scripting
Correct Answer: C
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.