Download SEC+ FINAL EXAM Questions with 100% verified Answers Latest Updates 2024 A+ and more Exams Nursing in PDF only on Docsity! SEC+ FINAL EXAM Questions with 100% verified Answers Latest Updates 2024 A+ Analyze the following scenarios and determine which attacker used piggy backing. A.) On the way to a meeting in a restricted area of a government facility, a contractor holds open a gate for a person in a military uniform, who approaches the entry point at a jog, flashing a badge just outside of the readable range. B.) A government employee is late for a meeting in a restricted area of a military installation. Preoccupied with making the meeting on time, the employee does not notice when the gate has not closed and someone enters the restricted area. C.) An employee leaves the workstation to use the restroom. A coworker notices that the employee has forgotten to lock the workstation, and takes advantage of the user's permissions. D.) Several prospective interns are touring the operations floor of a large tech firm. One of them seems to be paying especially close attention to the employees. A.) On the way to a meeting in a restricted area of a government facility, a contractor holds open a gate for a person in a military uniform, who approaches the entry point at a jog, flashing a badge just outside of the readable range. What type of phishing attack targets upper-level managment? A.) Pharming B.) Credential harvesting C.) Whaling D.) Typosquatting C.) Whaling An end-user has enabled cookies for several e-commerce websites and has started receiving targeted ads. The ads do not trouble the user until, when trying to access an e-commerce site, the user gets several pop-up ads that automatically redirect the user to suspicious sites the user did not intend to visit. What is the most likely explanation for this phenomenon? A.) tracking cookies have infected the user's computer. B.) Ransomeware has infected the user's computer. C.) Spyware has infected the user's computer. D.) Crypto-malware has infected the user's computer. C.) Spyware has infected the user's computer A hacker gains access to a database of usernames for a target company and then begins combining common, weak passwords with each username to attempt authentication. The hacker conducts what type of attack? A.) Password spraying B.) Brute force attack C.) Dictionary attack D.) Rainbow table attack A.) Password spraying When monitoring API usage on a system, an engineer notices a very high error rate. The application's latency and thresholds appear to be normal. What does the engineer determine to be the cause? A.) Overloaded system B.) Security issues C.) Number of requests D.) Service responses Overloaded system, Security issues A user at a realtor's office contacts their IT department to report that they are not able to copy contract files to a USB flash drive to take home. Which explanation does the IT representative share with the user? A.) Data loss prevention prevents file copying. B.) Mobile device management restricts the use of a portable USB device. C.) A compromised private key has created a trust issue. D.) The file copy process has been allow-listed. A.) Data loss prevention prevents file copying An employee that carries a company credit card learns that the card has become compromised. The employee only remembers fueling a company vehicle. Consider the following viable methods and determine which method compromised the card. Card cloning Data blocker Proximity reader Card skimming card skimming Identify the type of attack where malware forces a legitimate process to load a malicious link library. A.) DLL injection B.) Pass the Hash (PtH) C.) Null pointer dereferencing D.) Overflow attack A.) DLL injection What type of attack replays a cookie? A.) Cross-site request forgery (CSRF or XSRF) B.) Clickjacking C.) Secure Sockets Layer (SSL) strip attack D.) Session hijacking D.) Session hijacking After several users call to report dropped network connections on a local wireless network, a security analyst scans network logs and discovers that multiple unauthorized devices were connecting to the network and overwhelming it via a smartphone tethered to the network, which provided a backdoor for unauthorized access. How would this device be classified? A.) A switched port analyzer (SPAN)/mirror port B.) A spectrum analyzer C.) A rogue access point (AP) D.) A thin wireless access point (WAP) C.) A rouge access point (AP) A hacker places a false name:IP address mapping in an operating system's HOSTS file, redirecting traffic from a legitimate IP address to a malicious IP address. What type of apply.) a. Configure the use of port 990 b. Configure the use of port 22 c. Negotiate a tunnel prior to any exchanged commands d. Using Secure Shell (SSH) between client and server a. configure the use of port 990; c. negotiate a tunnel prior to any exchange commands An administrator provisions both a new cloud-based virtual server and an on-premises virtual server. Compare the possible virtualization layer responsibilities for the implementation and determine which one applies to this configuration. a. CSP is responsible for the cloud, the administrator is responsible for the on-premise. b. CSP is responsible for the cloud, the CSP is responsible for the on-premise. c. The administrator is responsible for the cloud, the administrator is responsible for the on-premise. d. The administrator is responsible for the cloud, the CSP is responsible for the on- premise. a. CSP is responsible for the cloud, the administrator is responsible for the on-premise Select the correct simulation of a Virtual Desktop Infrastructure (VDI) deployment. a. A company installs a platform that uses a Type 1 hypervisor to manage access to the host hardware outside of the host operating system. b. A company deploys Citrix XenApp on a server for the client to access for local processing. c. A company replaces all desktop computers with thin clients the employees use to log into VMs stored on the company server. d. A company enforces resource separation at the operating system level without the use of a hypervisor. c. A company replaces all desktop computers with thin clients the employees use to log into VMs stored on the company server Simulate the installation of a bare metal virtual platform. a. A type 1 hypervisor is installed directly onto a host machine and manages access to the host hardware directly. b. An office has all desktop computers replaced with low specification and low power thin client computers that boot a minimal operating system. c. The client accesses an application hosted on a server or streams the application from the server to the client for local processing. d. A client enforces resource separation at the operating system level without a hypervisor. a. A type 1 hypervisor is installed directly onto a host machine and manages access to the host hardware directly Which of the following statements best contrasts between a service-oriented architecture (SOA) model and a microservices-based model? a. SOA can build services from other services, while an implementation of microservices develops, tests, and deploys microservices independently. b. Microservices are loosely decoupled, while SOA services are considered highly decoupled. c. SOA focuses on making a single, discrete task easily repeatable, while microservices perform a sequence of automated tasks. d. Microservices help to make a network's design architecture fit a business's requirements, rather than accommodating the business workflow to the platform requirements, as in SOA. a. SOA can build services from other services, while an implementation of microservices deveolps, tests and deploys microservices independently. Examine the use of software diversity in infrastructure development and assess which statement describes the advantages of using a diverse range of development tools and application vendors over a monoculture environment. a. A diverse environment enables secure failover, as development diversity provides system redundancy over multiple vendor products. b. A diverse environment relies on security by obscurity, making a system's infrastructure more difficult for an attacker to interpret and attack. c. A diverse environment can provide security by diversity, making attack strategies more difficult to research and implement. d. A diverse environment reduces the likelihood of installing configuration errors common to a monoculture environment. c. A diverse environment can provide security by diversity, making attack strategies more difficult to research and implement. Examine the differences between authentication factors and authentication attributes and select the statement that most effectively summarizes the differences between authentication factors and authentication attributes. a. Authentication attributes are characteristics used to verify an account holder's credentials, while authentication factors use secondary or continuous authentication and access control. b. Authentication factors verify an account holder's credentials, while authentication attributes are either non-unique or cannot independently authenticate a user's credentials. c. Authentication factors are most secure when used alone, while authentication attributes should be used in combination with one another to authenticate a user's credentials. d. Authentication attributes describe physical characteristics and behavioral traits of an individual user, while authentication factors primarily authenticate users based on items they carry or information they know. b. Authentication factors verify an account holder's credentials, while authentication attributes are either non-unique or cannot independently authenticate a user's credentials. Which of the following authentication procedures effectively employs multifactor authentication? a. A password reset prompt requires the user to supply the answer to several recovery questions. b. A system login requires a user to insert a smart card and enter a PIN. c. An entry control point employs a security guard and requires entrants to submit to a retinal scan. d. A system login requires a user to enter a password, pin, and passphrase. b. a system login requires a user to insert a smart card and enter a pin An organization considers installing fingerprint scanners at a busy entry control point to a secure area. What concerns might arise with the use of this technology? (Select all that apply.). Fingerprint scanning is relatively easy to spoof. Installing equipment is cost-prohibitive. Surfaces must be clean and dry. The scan is highly intrusive. fingerprinting scanning is relatively easy to spoof; surfaces must be clean and dry An administrator plans a backup and recovery implementation for a server. The goal is to have a full backup every Sunday followed by backups that only include changes every other day of the week. In the event of a catastrophe, the restore time needs to be as quick as possible. Which scheme does the administrator use? Full followed by incrementals Image followed by incrementals Full followed by differentials2 Snapshot followed by differentials full followed by differentials Two companies enter into an agreement that if one data center suffers a disaster-level event, it can failover to the other company's data center with minimal disruption in service. Which statement most accurately describes the companies' site resiliency postures? The companies have a reciprocal arrangement for mutual hot site support. The companies have a contractual agreement to provide mutual cold site support. The companies each have a reserved warm site for failover operations. The companies have a mutual contract for warm site failover support. the companies have a reciprocal arrangement for mutal hot site support A systems administrator realizes the need to scale a server for high availability purposes. Which approaches does the administrator utilize to scale out the system? (Select all that apply.) Add an additional CPU Give important processes higher priority FTPS uses an entirely different protocol, using secure port 990. FTP uses only basic encryption, while FTPS adds transport layer security (TLS), and SFTP is an entirely different protocol based on the network protocol SSH (secure shell). FTP has no encryption. FTPS adds transport layer security (TLS), and SFTP is an entirely different protocol based on the network protocol SSH (secure shell). Which features distinguish a next-generation endpoint detection and response (EDR) product from traditional EDR solutions? (Select all that apply.) Next-generation endpoint agents use cloud management, rather than reporting to an on-premises server. Next-generation endpoint detection systems use artificial intelligence (AI) and machine learning to perform user and entity behavior analysis (UEBA). Next-generation endpoint agents report baseline configuration deviations, whereas legacy systems report threats based on signature-detection. The primary purpose of next-generation endpoint agents is to stop initial threat execution, while traditional systems aim to detect and report attacks. Next-generation endpoint agents use cloud management, rather than reporting to an on-premises server. ; Next-generation endpoint detection systems use artificial intelligence (AI) and machine learning to perform user and entity behavior analysis (UEBA). A software engineer develops an application that includes routines to check whether user input meets conformity standards to reduce the application's potential attack surface. The engineer conducts which secure coding technique? Normalization Output encoding Error handling Input validation input validation A small company needs to secure the perimeter of their network, but they do not have the overhead or infrastructure to construct a demilitarized zone. Examine the following recommendations and select the best solution for this small company. The company should configure a screened subnet. The company should install a triple-homed firewall. The company should implement microsegmentation across their network. The company should configure a screened host. the company should configure a screened host A network administrator needs to implement a firewall between nodes on the same subnet, without reconfiguring subnets and reassigning IP addresses across the network. Considering firewall configurations, which implementation is the best choice? Routed firewall Router firewall Transparent firewall Virtual firewall transparent firewall A systems engineer looks to monitor a network for security purposes. The engineer places sensors throughout the building in appropriate places. Fortunately, the engineer thought ahead and purchased appropriate network switches. Which sensor type does the engineer use? (Select all that apply.) TAP (Active) SPAN TAP (passive) Mirror SPAN; mirror Analyze the following security information and event management (SIEM) functions and determine which event is NOT conducted during data aggregation. Normalize time zones to a single timeframe. Use plug-ins to parse data from different vendors and sensors. Identify attributes and content that can be mapped to standard fields. Link observables into a meaningful indicator of risk, or Indicator of Compromise (IOC). link observables into a meaningful indicator of risk, or indicator of compromise (IOC) Compare and evaluate the main components in an Extensible Authentication Protocol (EAP). Which scenarios accurately differentiate between these components? (Select all that apply.) An authenticator performs the authentication and the authentication server establishes a channel. An authenticator establishes a channel for the supplicant and the authentication server to exchange credentials using EAP. A supplicant requests authentication and the authentication server performs the authentication. A supplicant requests authentication and the authenticator performs the authentication. An authenticator establishes a channel for the supplicant and the authentication server to exchange credentials using EAP. A supplicant requests authentication and the authentication server performs the authentication. A cooperative group of farmers and ranchers consider network options for embedded systems that operate automated irrigation and feeding processes. The cooperative is most likely to be concerned with which embedded network features? (Select all that apply.) Antenna range High reliability 4G/5G connectivity Low latency high reliability; low latency Which statements describe why devices on an enterprise network should disable Wi-Fi tethering? (Select all that apply.) Wi-Fi tethering functionality can circumvent data loss prevention measures. Wi-Fi tethering functionality can circumvent web content filtering policies. Wi-Fi tethering functionality can enable a Trojan to install apps through the device's charging plug. Wi-Fi tethering functionality can enable a nearby attacker to skim information from the device. Wi-Fi tethering functionality can circumvent data loss prevention measures. Wi-Fi tethering functionality can circumvent web content filtering policies. What exploitation method targets near field communication (NFC) devices? Juice jacking Bluesnarfing frequently and has never had a problem before. Applying knowledge of server certificates, select the circumstances that could cause this error message. (Select all that apply.) The system's time setting is incorrect. The certificate is pinned. The web address was mistyped. The certificate expired. the system's time setting is incorrect; the certificate expired Which of the following key storage solutions exercises M-of-N control? Security administrators log and audit access to critical encryption keys. While four administrators have access to the system, it takes two administrators to access the system at any given time. A third party safely stores the encryption key. One administrator has access to the system, and that administrator can delegate access to two others. While four administrators have access to the system, it takes two administrators to access the system at any given time A suspected network breach prompts an engineer to investigate. The engineer utilizes a set of command line tools to collect network routing data. While doing so, the engineer discovers that UDP communications is not working as expected. Which tool does the engineer experience difficulty with? route tracert pathping traceroute traceroute Which command can help a security professional conducting an organizational security assessment identify a spoofing attack? arp ipconfig/ifconfig route pathping/mtr arp Management looks to IT for a solution to identify successful and failed login attempts. Which solution will IT provide to management? Logs Network monitors Packet capture Sniffer Logs An investigator needs to analyze all data on a system. Which file does the investigator review if it contains data while in use when physical RAM in a system is exceeded? Hibernation file Dump file Swap file Temp file swap file During weekly scans, a system administrator identifies a system that has software installed that goes against security policy. The system administrator removes the system from the network in an attempt to limit the effect of the incident on the remainder of the network. After the system administrator removes the unauthorized software and completes additional scans, the system administrator places the system back on the network. Applying information from the Computer Security Incident Handling Guide, determine the next step the system administrator should take to mitigate the effects of the incident and restore the network to optimal functionality. The system administrator should put controls in place to prevent the software from being installed. The system administrator should complete an initial scan to determine if unauthorized software is installed, then fully document the incident. The system administrator should remove the system from the network, remove the unauthorized software, and then place the system back into operation. The system administrator should determine how the unauthorized software was installed and identify what security to modify to prevent future incidents, then fully document the incident. The system administrator should determine how the unauthorized software was installed and identify what security to modify to prevent future incidents, then fully document the incident. In the containment phase of incident response, the Cyber Incident Response Team (CIRT) faces complex issues that need to be addressed quickly. During this phase, a member of the CIRT would be concerned about all EXCEPT which of the following issues? What damage has already occurred? Which password policy will prevent this in the future? What actions could alert the attacker that the attack has been detected? What countermeasures are available? which password policy will prevent this in the future Management at a financial firm assembles an incident response team. This team is responsible for handling certain aspects of recovery and remediation following a security incident. Which roles are appropriate to include on the team? (Select all that apply.) Sales Legal HR PR Legal; HR;PR A threat actor infiltrates a company's server. Engineers fail while trying to stop the attacker from stealing data. The attacker achieves which final phase of the Lockheed Martin kill chain? Command and control Reconnaissance Exploitation Actions on objectives Actions on Objective During a cyber incident response exercise, a blue team takes steps to ensure the company and its affiliates can still use network systems while managing a simulated threat in real-time. Based on knowledge of incident response procedures, what stage of the incident response process is the blue team practicing? The laboratory needs to take detective action and should implement corrective controls in the future. The laboratory needs to take compensatory action and should implement physical controls in the future. The laboratory needs to take corrective action and should implement both physical and preventative controls in the future. The laboratory needs to take corrective action and should implement both physical and preventative controls in the future. The Human Resources department issues a policy at an organization to govern the use of company owned computer equipment. Which behavior type does this policy address? Code of conduct Clean desk Bring your own device Acceptable use acceptable use A systems manager creates a control diversity plan to enact a defense in depth approach to security. To mitigate any possible risk of a virus infection, the plan includes which physical and administrative controls? (Select all that apply.) User training USB port locks Restricted permissions Endpoint security user training; USB port locks Analyze the factors associated with performing a Business Process Analysis (BPA) and select the statement that aligns with the output factors. The data or resources a function produces The source of information for performing a function The resources supporting a function A description of how a function is performed the data or resources a function produces While preparing a disaster recovery plan, management at a company considers how far back it can allow for the loss of data. Which metric does management use to describe this business essential data in terms of recovery? Recovery point objective Work recovery time Maximum tolerable downtime Mean time to repair recovery point objective A new IT administrator accidently causes a fire in the IT closet at a small company. Consider the disaster types and conclude which types this event might classify as. (Select all that apply.) External Man-made Internal Environmental man-made; internal A company performing a risk assessment calculates how much potential cost the company has saved by implementing a security measure. Which formula will they use to calculate this metric? Asset value x EF [(ALE-ALEm)-Cost of Solution]/Cost of Solution SLE x ARO (ALE-SLE)/Cost of Solution [(ALE-ALEm)-Cost of Solution]/Cost of Solution A company hires a security consultant to help them perform a business process analysis (BPA) and reduce dependencies. The consultant asks a manager at the company to walk through the typical process each salesperson makes when processing order requests. Examine the consultant's methods and determine which factor in the BPA the consultant is evaluating. Identify process inputs Identify process outputs Examine the process flow Identify staff and other resources performing the function examine the process flow A national intelligence agency maintains data on threat actors. If someone intercepted this data, it would cause exceptionally grave damage to national security. Analyze the risk of exposure and determine which classification this data most likely holds. Confidential Secret Top secret Proprietary top secret The U.S. Department of Defense (DoD) awards an IT contract to a tech company to perform server maintenance. The servers are colocated at a third-party storage facility. The DoD and the tech company enter into what type of agreement which commits the tech company to implement the agreed upon security controls? Interconnection security agreement (ISA) Non-disclosure agreement (NDA) Data sharing and use agreement Service level agreement (SLA) Interconnection security agreement (ISA)