لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
A security researcher has aferted an organuzation that its sensifive user data was found for sale on a website. Which af the followang should the organzabon use to inform the affected partes?
A. A An incident response plan
B. A communications plan
C. A business continuity plan
D. A disaster recovery plan
عرض الإجابة
اجابة صحيحة: B
السؤال #2
An organization recently released a software assurance policy that requires developers to run code scans each night on the repository. After the first night, the security team alerted the developers that more than 2,000 findings were reported and need to be addressed. Which of the following is the MOST likely cause for the high number of findings?
A. The vulnerability scanner was not properly configured and generated a high number of false positives
B. Third-party libraries have been loaded into the repository and should be removed from the codebase
C. The vulnerability scanner found several memory leaks during runtime, causing duplicate reports for the same issue
D. The vulnerability scanner was not loaded with the correct benchmarks and needs to be updated
عرض الإجابة
اجابة صحيحة: A
السؤال #3
An organization has expanded its operations by opening a remote office. The new office is fully furnished with office resources to support up to 50 employees working on any given day. Which of the following VPN solutions would BEST support the new office?
A. Always On
B. Remote access
C. Site-to-site
D. Full tunnel
عرض الإجابة
اجابة صحيحة: A
السؤال #4
Asecurity analyst is reviewing a penetration-testing report from a third-party contractor. The penetration testers used the organization's new API to bypass a driver to perform privilege escalation on the organization's web servers. Upon looking at the API, the security analyst realizes the particular API call was to a legacy system running an outdated OS. Which of the following is the MOST likely attack type?
A. Request forgery
B. Session replay
C. DLL injection
D. Shimming
عرض الإجابة
اجابة صحيحة: D
السؤال #5
A security analyst is reviewing the following command-line output: Which of the following Is the analyst observing?
A. IGMP spoofing
B. URL redirection
C. MAG address cloning
D. DNS poisoning
عرض الإجابة
اجابة صحيحة: B
السؤال #6
The Chief Technology Officer of a local college would like visitors to utilize the school's WiFi but must be able to associate potential malicious activity to a specific person. Which of the following would BEST allow this objective to be met?
A. Requiring all new, on-site visitors to configure their devices to use WPS
B. Implementing a new SSID for every event hosted by the college that has visitors
C. Creating a unique PSK for every visitor when they arrive at the reception area
D. Deploying a captive portal to capture visitors' MAC addresses and names
عرض الإجابة
اجابة صحيحة: AD
السؤال #7
Which of the following is the MOST secure but LEAST expensive data destruction method for data that is stored on hard drives?
A. Pulverizing
B. Shredding
C. Incinerating
D. Degaussing
عرض الإجابة
اجابة صحيحة: C
السؤال #8
Which of the following in a forensic investigation should be priorities based on the order of volatility? (Select TWO).
A. Page files
B. Event logs
C. RAM
D. Cache
E. Stored files
F. HDD
عرض الإجابة
اجابة صحيحة: A
السؤال #9
A security administrator Is evaluating remote access solutions for employees who are geographically dispersed. Which of the following would provide the MOST secure remote access? (Select TWO).
A. IPSec
B. SFTP
C. SRTP
D. LDAPS
E. S/MIME
F. SSL VPN
عرض الإجابة
اجابة صحيحة: C
السؤال #10
When used at the design stage, which of the following improves the efficiency, accuracy, and speed of a database?
A. Tokenization
B. Data masking
C. Normalization
D. Obfuscation
عرض الإجابة
اجابة صحيحة: B
السؤال #11
As part of a company's ongoing SOC maturation process, the company wants to implement a method to share cyberthreat intelligence data with outside security partners. Which of the following will the company MOST likely implement?
A. TAXII
B. TLP
C. TTP
D. STIX
عرض الإجابة
اجابة صحيحة: B
السؤال #12
A SECURITY ANALYST NEEDS TO FIND REAL-TIME DATA ON THE LATEST MALWARE AND loCs WHICH OF THE FOLLOWING BEST DESCRIBE THE SOLUTION THE ANALYST SHOULD PERSUE?
A. ADVISORIES AND BULLETINS
B. THREAT FEEDS
C. SECURITY NEWS ARTICLES
D. PEER-REVIEWED CONTENT
عرض الإجابة
اجابة صحيحة: B
السؤال #13
A company recenty experienced an attack during which its main website was Girected to the attacker's web server, allowing the attacker to harvest credentials trom unsuspecting customers, Which of the following should the company implement lo prevent this type of attack from occurring In the future?
A. PSec
B. SSL/TLS
C. ONSSEC
D. SMIME
عرض الإجابة
اجابة صحيحة: B
السؤال #14
A external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the DMZ and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will BEST assist with this investigation?
A. Perform e@ vulnerability scan to identify the weak spots
B. Use a packet analyzer to investigate the NetFlow traffic
C. Check the SIEM to review the correlated logs
D. Require access to the routers to view current sessions,
عرض الإجابة
اجابة صحيحة: C
السؤال #15
A financial institution would like to store its customer data in a cloud but still allow the data to be accessed and manipulated while encrypted. Doing so would prevent the cloud service provider from being able to decipher the data due to its sensitivity. The financial institution is not concerned about computational overheads and slow speeds. Which of the following cryptographic techniques would BEST meet the requirement?
A. Asymmetric
B. Symmetric
C. Homomorphic
D. Ephemeral
عرض الإجابة
اجابة صحيحة: C
السؤال #16
A security analyst is investigating a vulnerability in which a default file permission was set incorrectly. The company uses non-credentialed scanning for vulnerability management. Which of the following tools can the analyst use to verify the permissions?
A. ssh
B. chmod
C. 1s
D. setuid
E. nessus
F. ne
عرض الإجابة
اجابة صحيحة: A
السؤال #17
A company ts required to continue using legacy softveare to support a critical serwce. Whech of the folowing BEST explans a reek of this prachce?
A. Default system configuraton
B. Unsecure protocols
C. Lack of vendor support
D. Weak encryption
عرض الإجابة
اجابة صحيحة: AEG
السؤال #18
Which of the following uses six initial steps that provide basic control over system security by including hardware and software inventory, vulnerability management, and continuous monitoring to minimize risk in all network environments?
A. ISO 27701
B. The Center for Internet Security
C. SSAE SOC 2
D. NIST Risk Management Framework
عرض الإجابة
اجابة صحيحة: B
السؤال #19
A security analyst notices several attacks are being blocked by the NIPS but does not see anything on the boundary firewall logs. The attack seems to have been thwarted Which of the following resiliency techniques was applied to the network to prevent this attack?
A. NIC Teaming
B. Port mirroring
C. Defense in depth
D. High availability
E. Geographic dispersal
عرض الإجابة
اجابة صحيحة: A
السؤال #20
A Chief Security Officer (CSO) is concerned about the volume and integrity of sensitive information that is exchanged between the organization and a third party through email. The CSO is particularly concerned about an unauthorized party who is intercepting information that is in transit between the two organizations. Which of the following would address the CSO's concerns?
A. SPF
B. DMARC
C. SSL
D. DKIM
E. TLS
عرض الإجابة
اجابة صحيحة: C
السؤال #21
Which of the following cryptographic concepts would a security engineer utilize while implementing non-repudiation? (Select TWO)
A. Block cipher
B. Hashing
C. Private key
D. Perfect forward secrecy
E. Salting
F. Symmetric keys
عرض الإجابة
اجابة صحيحة: D
السؤال #22
A cybersecurity administrator needs to allow mobile BYOD devices to access network resources. As the devices are not enrolled to the domain and do not have policies applied to them, which of the following are best practices for authentication and infrastructure security? (Select TWO).
A. Create a new network for the mobile devices and block the communication to the internal network and servers
B. Use a captive portal for user authentication
C. Authenticate users using OAuth for more resiliency
D. Implement SSO and allow communication to the internal network
E. Use the existing network and allow communication to the internal network and servers
F. Use a new and updated RADIUS server to maintain the best solution
عرض الإجابة
اجابة صحيحة: C
السؤال #23
A major Clotting company recently lost 4 aege amount of propeetary wvformaton The security olficer must fied a solution t ensure frs never happens agan tht 8 the BEST tachrycal implementation tp prevent thes fom happening agai?
A. Configure OLP soktons
B. Disable peer-to-peer sharing
C. Enable role-based access controls
D. Mandate job rotabon
E. Implement content ters
عرض الإجابة
اجابة صحيحة: B
السؤال #24
A developer is building a new portal to deliver single-pane-of-glass management capabilities to customers with multiple firewalls. To Improve the user experience, the developer wants to implement an authentication and authorization standard that uses security tokens that contain assertions to pass user Information between nodes. Which of the following roles should the developer configure to meet these requirements? (Select TWO).
A. Identity processor
B. Service requestor
C. Identity provider
D. Service provider
E. Tokenized resource
F. Notarized referral
عرض الإجابة
اجابة صحيحة: D
السؤال #25
A large bank with two geographically dispersed data centers Is concerned about major power disruptions at Both locations. Every day each location experiences very brief outages thai last (or a few seconds. However, during the summer a high risk of intentional under-voltage events that could last up to an hour exists, particularly at one of the locations near an industrial smelter. Which of the following is the BEST solution to reduce the risk of data loss?
A. Dual supply
B. Generator
C. PDU
D. Dally backups
عرض الإجابة
اجابة صحيحة: B
السؤال #26
A new security engineer has started hardening systems. One o( the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability lo use SCP to transfer files to the NAS, even though the data is still viewable from the users' PCs. Which of the following is the MOST likely cause of this issue?
A. TFTP was disabled on the local hosts
B. SSH was turned off instead of modifying the configuration file
C. Remote login was disabled in the networkd
D. conf
E. Network services are no longer running on the NAS
عرض الإجابة
اجابة صحيحة: B
السؤال #27
An enterpnse has hired an outside security firm to facilitate penetration testing on its network and applications. The firm has agreed to pay for each vulnerability that ts discovered. Which of the following BEST represents the type of testing that is being used?
A. White-box
B. Red-leam
C. Bug bounty
D. Gray-box
E. Black-box
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.