Topic 3: Exam Pool C
A systems administrator is looking for a solution that will help prevent OAuth applications
from being leveraged by hackers to trick users into authorizing the use of their corporate
credentials. Which of the following BEST describes this solution?
A.
CASB
B.
UEM
C.
WAF
D.
VPC
WAF
Which of the following BEST describes a social-engineering attack that relies on an executive at a small business visiting a fake banking website where credit card and account details are harvested?
A.
Whaling
B.
Spam
C.
Invoice scam
D.
Pharming
Pharming
Explanation: Pharming: Phishing attempt to trick a user to access a different or fake website (usually by modifying hosts file)
Which of the following environments would MOST likely be used to assess the execution of
component parts of a system at both the hardware and software levels and to measure
performance characteristics?
A.
Test
B.
Staging
C.
Development
D.
Production
Test
Which of the following function as preventive, detective, and deterrent controls to reduce
the risk of physical theft? (Select TWO).
A.
Mantraps
B.
Security guards
C.
Video surveillance
D.
Fences
E.
Bollards
F.
Antivirus
Mantraps
Security guards
An organization has various applications that contain sensitive data hosted in the cloud.
The company’s leaders are concerned about lateral movement across applications of
different trust levels. Which of the following solutions should the organization implement to
address the concern?
A.
ISFW
B.
UTM
C.
SWG
D.
CASB
CASB
Once the full extent of cloud usage is revealed, the CASB then determines
the risk level associated with each by determining what the application is, what sort of data
is within the app, and how it is being shared. https://www.mcafee.com/enterprise/enau/
security-awareness/cloud/what-is-a-casb.html
A cloud access security broker (CASB) (sometimes pronounced cas-bee) is on-premises or
cloud based software that sits between cloud service users and cloud applications, and
monitors all activity and enforces security policies.[1] A CASB can offer a variety of
services such as monitoring user activity, warning administrators about potentially
hazardous actions, enforcing security policy compliance, and automatically preventing
malware. https://en.wikipedia.org/wiki/Cloud_access_security_broker
Which of the following uses six initial steps that provide basic control over system security
by including hardware and software inventory, vulnerability management, and continuous
monitoring to minimize risk in all network environments?
A.
ISO 27701
B.
The Center for Internet Security
C.
SSAE SOC 2
D.
NIST Risk Management Framework
The Center for Internet Security
When planning to build a virtual environment, an administrator need to achieve the
following,
•Establish polices in Limit who can create new VMs
•Allocate resources according to actual utilization‘
•Require justication for requests outside of the standard requirements.
•Create standardized categories based on size and resource requirements
Which of the following is the administrator MOST likely trying to do?
A.
Implement IaaS replication
B.
Product against VM escape
C.
Deploy a PaaS
D.
Avoid VM sprawl
Avoid VM sprawl
A cyberthreat intelligence analyst is gathering data about a specific adversary using OSINT techniques. Which of the following should the analyst use?
A.
Internal log files
B.
Government press releases
C.
Confidential reports
D.
Proprietary databases
Internal log files
Which of the following distributes data among nodes, making it more difficult to manipulate
the data while also minimizing downtime?
A.
MSSP
B.
Public cloud
C.
Hybrid cloud
D.
Fog computing
Hybrid cloud
A security engineer needs to create a network segment that can be used for servers that require connections from untrusted networks When of the following should the engineer implement?
A.
An air gap
B.
A hot site
C.
A VLAN
D.
A screened subnet
A screened subnet
Which of the following is the MOST secure but LEAST expensive data destruction method
for data that is stored on hard drives?
A.
Pulverizing
B.
Shredding
C.
Incinerating
D.
Degaussing
Degaussing
Which of the following should a data owner require all personnel to sign to legally protect
intellectual property?
A.
An NDA
B.
An AUP
C.
An ISA
D.
An MOU
An MOU
| Page 24 out of 74 Pages |
| Previous |