A security analyst detected a malicious PowerShell attack on a single server. The malware
used the Invoke-Expression function to execute an external malicious script. The security
analyst scanned the disk with an antivirus application and did not find any IOCs. The
security analyst now needs to deploy a protection solution against this type of malware.
Which of the following BEST describes the type of malware the solution should protect
against?
A.
Worm
B.
Logic bomb
C.
Fileless
D.
Rootkit
Fileless
Reference: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digitalthreats/
tracking-detecting-and-thwarting-powershell-based-malware-and-attacks
A systems administrator is preparing to run a vulnerability scan on a set of information
systems in the organization. The systems administrator wants to ensure that the targeted
systems produce accurate information especially regarding configuration settings.
Which of the following scan types will provide the systems administrator with the MOST
accurate information?
A.
A passive, credentialed scan
B.
A passive, non-credentialed scan
C.
An active, non-credentialed scan
D.
An active, credentialed scan
A passive, credentialed scan
An organization’s existing infrastructure includes site-to-site VPNs between datacenters. In
the past year, a sophisticated attacker exploited a zero-day vulnerability on the VPN
concentrator. Consequently,
the Chief Information Security Officer (CISO) is making infrastructure changes to mitigate
the risk of service loss should another zero-day exploit be used against the VPN solution.
Which of the following designs would be BEST for the CISO to use?
A.
Adding a second redundant layer of alternate vendor VPN concentrators
B.
Using Base64 encoding within the existing site-to-site VPN connections
C.
Distributing security resources across VPN sites
D.
Implementing IDS services with each VPN concentrator
E.
Transitioning to a container-based architecture for site-based services
Implementing IDS services with each VPN concentrator
A user from the sales department opened a suspicious file attachment. The sales
department then contacted the SOC to investigate a number of unresponsive systems, and
the team successfully identified the file and the origin of the attack.
Which of the following is the NEXT step of the incident response plan?
A.
Remediation
B.
Containment
C.
Response
D.
Recovery
Containment
Reference: https://www.sciencedirect.com/topics/computer-science/containment-strategy
A security analyst is investigating a series of suspicious emails by employees to the
security team. The email appear to come from a current business partner and do not
contain images or URLs. No images or URLs were stripped from the message by the
security tools the company uses instead, the emails only include the following in plain textWhich of the following should the security analyst perform?
A.
Contact the security department at the business partner and alert them to the email event.
B.
Block the IP address for the business partner at the perimeter firewall.
C.
Pull the devices of the affected employees from the network in case they are infected with a zero-day virus.
D.
Configure the email gateway to automatically quarantine all messages originating from
the business partner.
Contact the security department at the business partner and alert them to the email event.
An organization is designing a network architecture that must meet the following
requirements:
Users will only be able to access predefined services.
Each user will have a unique allow list defined for access.
The system will construct one-to-one subject/object access paths dynamically.
Which of the following architectural designs should the organization use to meet these
requirements?
A.
Peer-to-peer secure communications enabled by mobile applications
B.
Proxied application data connections enabled by API gateways
C.
Microsegmentation enabled by software-defined networking
D.
VLANs enabled by network infrastructure devices
Microsegmentation enabled by software-defined networking
An organization’s hunt team thinks a persistent threats exists and already has a foothold in
the enterprise network.
Which of the following techniques would be BEST for the hunt team to use to entice the
adversary to uncover malicious activity?
A.
Deploy a SOAR tool.
B.
Modify user password history and length requirements.
C.
Apply new isolation and segmentation schemes.
D.
Implement decoy files on adjacent hosts.
Apply new isolation and segmentation schemes.
Reference: https://www.cynet.com/network-attacks/network-attacks-and-network-securitythreats/
A development team created a mobile application that contacts a company’s back-end
APIs housed in a PaaS environment. The APIs have been experiencing high processor
utilization due to scraping activities. The security engineer needs to recommend a solution
that will prevent and remedy the behavior.
Which of the following would BEST safeguard the APIs? (Choose two.)
A.
Bot protection
B.
OAuth 2.0
C.
Input validation
D.
Autoscaling endpoints
E.
Rate limiting
F.
CSRF protection
Autoscaling endpoints
Rate limiting
Reference: https://stackoverflow.com/questions/3161548/how-do-i-prevent-site-scraping
A company hired a third party to develop software as part of its strategy to be quicker to
market. The company’s policy outlines the following requirements:
The credentials used to publish production software to the container registry should be
stored in a secure location.
Access should be restricted to the pipeline service account, without the ability for the thirdparty
developer to read the credentials directly.
Which of the following would be the BEST recommendation for storing and monitoring
access to these shared credentials?
A.
TPM
B.
Local secure password file
C.
MFA
D.
Key vault
TPM
Reference: https://docs.microsoft.com/en-us/windows/security/informationprotection/
tpm/tpm-fundamentals
A security engineer thinks the development team has been hard-coding sensitive
environment variables in its code.
Which of the following would BEST secure the company’s CI/CD pipeline?
A.
Utilizing a trusted secrets manager
B.
Performing DAST on a weekly basis
C.
Introducing the use of container orchestration
D.
Deploying instance tagging
Utilizing a trusted secrets manager
Reference: https://about.gitlab.com/blog/2021/04/09/demystifying-ci-cd-variables/
A developer is creating a new mobile application for a company. The application uses
REST API and TLS 1.2 to communicate securely with the external back-end server. Due to
this configuration, the company is concerned about HTTPS interception attacks.
Which of the following would be the BEST solution against this type of attack?
A.
Cookies
B.
Wildcard certificates
C.
HSTS
D.
Certificate pinning
HSTS
Reference: https://cloud.google.com/security/encryption-in-transit
Clients are reporting slowness when attempting to access a series of load-balanced APIs
that do not require authentication. The servers that host the APIs are showing heavy CPU
utilization. No alerts are found on the WAFs sitting in front of the APIs.
Which of the following should a security engineer recommend to BEST remedy the
performance issues in a timely manner?
A.
Implement rate limiting on the API.
B.
Implement geoblocking on the WAF.
C.
Implement OAuth 2.0 on the API.
D.
Implement input validation on the API.
Implement OAuth 2.0 on the API.
| Page 7 out of 17 Pages |
| Previous |