لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
A security analyst is reviewing the following output: Which of the following would BEST mitigate this type of attack?
A. Installing a network firewall
B. Placing a WAF inline C
عرض الإجابة
اجابة صحيحة: D
السؤال #2
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
A. Peer-to-peer secure communications enabled by mobile applications
B. Proxied application data connections enabled by API gateways C
عرض الإجابة
اجابة صحيحة: C
السؤال #3
A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization. Which of the following should be the analyst’s FIRST action?
A. Create a full inventory of information and data assets
B. Ascertain the impact of an attack on the availability of crucial resources
عرض الإجابة
اجابة صحيحة: B
السؤال #4
A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization. Which of the following actions would BEST resolve the issue? (Choose two.)
A. Conduct input sanitization
E. Deploy a WAF
F. Deploy a reverse proxy G
عرض الإجابة
اجابة صحيحة: A
السؤال #5
A security engineer has been asked to close all non-secure connections from the corporate network. The engineer is attempting to understand why the corporate UTM will not allow users to download email via IMAPS. The engineer formulates a theory and begins testing by creating the firewall ID 58, and users are able to download emails correctly by using IMAP instead. The network comprises three VLANs: The security engineer looks at the UTM firewall rules and finds the following: Which of the following should t
A. Contact the email service provider and ask if the company IP is blocked
B. Confirm the email server certificate is installed on the corporate computers
عرض الإجابة
اجابة صحيحة: A
السؤال #6
A security engineer needs to recommend a solution that will meet the following requirements: Identify sensitive data in the provider’s network Maintain compliance with company and regulatory guidelines Detect and respond to insider threats, privileged user threats, and compromised accounts Enforce datacentric security, such as encryption, tokenization, and access control Which of the following solutions should the security engineer recommend to address these requirements? A.WAF B.CASB C.SWG D.DLP
A security engineer needs to recommend a solution that will meet the following requirements: Identify sensitive data in the provider’s network Maintain compliance with company and regulatory guidelines Detect and respond to insider threats, privileged user threats, and compromised accounts Enforce datacentric security, such as encryption, tokenization, and access control Which of the following solutions should the security engineer recommend to address these requirements? A. AF B
عرض الإجابة
اجابة صحيحة: C
السؤال #7
A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable. Which of the following should the security team recommend FIRST?
A. Investigating a potential threat identified in logs related to the identity management system
B. Updating the identity management system to use discretionary access control C
عرض الإجابة
اجابة صحيحة: D
السؤال #8
An organization is preparing to migrate its production environment systems from an on-premises environment to a cloud service. The lead security architect is concerned that the organization's current methods for addressing risk may not be possible in the cloud environment. Which of the following BEST describes the reason why traditional methods of addressing risk may not be possible in the cloud?
A. Migrating operations assumes the acceptance of all risk
B. Cloud providers are unable to avoid risk
عرض الإجابة
اجابة صحيحة: BD
السؤال #9
Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?
A. Lattice-based cryptography
B. Quantum computing C
عرض الإجابة
اجابة صحيحة: B
السؤال #10
Which of the following is a benefit of using steganalysis techniques in forensic response?
A. Breaking a symmetric cipher used in secure voice communications
B. Determining the frequency of unique attacks against DRM-protected media C
عرض الإجابة
اجابة صحيحة: A
السؤال #11
All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be: Leaked to the media via printing of the documents Sent to a personal email address Accessed and viewed by systems administrators Uploaded to a file storage site Which of the following would mitigate the department’s concerns
All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools
عرض الإجابة
اجابة صحيحة: C
السؤال #12
A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users. Which of the following would be BEST for the developer to perform? (Choose two.)
A. Utilize code signing by a trusted third party
B. Implement certificate-based authentication
F. Make the DACL read-only
عرض الإجابة
اجابة صحيحة: B
السؤال #13
An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
A. The client application is testing PFS
B. The client application is configured to use ECDHE
عرض الإجابة
اجابة صحيحة: B
السؤال #14
A security analyst is investigating a possible buffer overflow attack. The following output was found on a user’s workstation: graphic.linux_randomization.prg Which of the following technologies would mitigate the manipulation of memory segments? A.NX bit B.ASLR C.DEP D.HSM
A security analyst is investigating a possible buffer overflow attack. The following output was found on a user’s workstation: graphic
عرض الإجابة
اجابة صحيحة: D
السؤال #15
After a security incident, a network security engineer discovers that a portion of the company’s sensitive external traffic has been redirected through a secondary ISP that is not normally used. Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?
A. Disable BGP and implement a single static route for each internal network
B. Implement a BGP route reflector
عرض الإجابة
اجابة صحيحة: B
السؤال #16
A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company’s services to ensure false positives do not drop legitimate traffic. Which of the following would satisfy the requirement?
A. NIDS B
عرض الإجابة
اجابة صحيحة: D
السؤال #17
A small company recently developed prototype technology for a military program. The company’s security engineer is concerned about potential theft of the newly developed, proprietary information. Which of the following should the security engineer do to BEST manage the threats proactively?
A. Join an information-sharing community that is relevant to the company
B. Leverage the MITRE ATT&CK framework to map the TTR
عرض الإجابة
اجابة صحيحة: C
السؤال #18
A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals. Which of the following does the business’s IT manager need to consider?
A. The availability of personal data
B. The right to personal data erasure C
عرض الإجابة
اجابة صحيحة: C
السؤال #19
A company publishes several APIs for customers and is required to use keys to segregate customer data sets. Which of the following would be BEST to use to store customer keys?
A. A trusted platform module
B. A hardware security module C
عرض الإجابة
اجابة صحيحة: A
السؤال #20
A company is preparing to deploy a global service. Which of the following must the company do to ensure GDPR compliance? (Choose two.)
A. Inform users regarding what data is stored
B. Provide opt-in/out for marketing messages
E. Grant data access to third parties
F. Provide alternative authentication techniques
عرض الإجابة
اجابة صحيحة: B
السؤال #21
A security engineer was auditing an organization’s current software development practice and discovered that multiple opensource libraries were Integrated into the organization’s software. The organization currently performs SAST and DAST on the software it develops. Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?
A. Perform additional SAST/DAST on the open-source libraries
B. Implement the SDLC security guidelines
عرض الإجابة
اجابة صحيحة: B
السؤال #22
While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware. Which of the following is the NEXT step t
A. Pay the ransom within 48 hours
B. Isolate the servers to prevent the spread
عرض الإجابة
اجابة صحيحة: B
السؤال #23
A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer’s laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy. Which of the following solutions should the security architect recommend?
A. Replace the current antivirus with an EDR solution
B. Remove the web proxy and install a UTM appliance
عرض الإجابة
اجابة صحيحة: A
السؤال #24
A customer reports being unable to connect to a website at www.test.com to consume services. The customer notices the web application has the following published cipher suite: Which of the following is the MOST likely cause of the customer’s inability to connect?
A. Weak ciphers are being used
B. The public key should be using ECDSA
عرض الإجابة
اجابة صحيحة: D
السؤال #25
A security analyst discovered that the company’s WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests: Which of the following would BEST mitigate this vulnerability?
A. CAPTCHA
B. Input validation C
عرض الإجابة
اجابة صحيحة: D
السؤال #26
A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line. Which of the following commands would be the BEST to run to view only active Internet connections?
A. sudo netstat -antu | grep “LISTEN” | awk ‘{print$5}’
B. sudo netstat -nlt -p | grep “ESTABLISHED” C
E. sudo netstat -pnut | grep -P ^tcp
عرض الإجابة
اجابة صحيحة: D
السؤال #27
A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following: 1. The network supports core applications that have 99.99% uptime. 2. Configuration updates to the SD-WAN routers
A. Reverse proxy, stateful firewalls, and VPNs at the local sites B
عرض الإجابة
اجابة صحيحة: B
السؤال #28
A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration: Which of the following ciphers should the security analyst remove to support the business requirements?
A. TLS_AES_128_CCM_8_SHA256
B. TLS_DHE_DSS_WITH_RC4_128_SHA C
عرض الإجابة
اجابة صحيحة: AB
السؤال #29
A company hired a third party to develop software as part of its strategy to be quicker to market. The company’s policy outlines the following requirements: The credentials used to publish production software to the container registry should be stored in a secure location. Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly. Which of the following would be the BEST recommendation for storing and monitoring access to
B. Local secure password file C
عرض الإجابة
اجابة صحيحة: C
السؤال #30
A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs. Which of the following should the company use to prevent data theft?
A. Watermarking
B. DRM C
عرض الإجابة
اجابة صحيحة: D
السؤال #31
A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements: Only users with corporate-owned devices can directly access servers hosted by the cloud provider. The company can control what SaaS applications each individual user can access. User browser activity can be monitored. Which of the following solutions would BEST meet these requirements?
A. IAM gateway, MDM, and reverse proxy
B. VPN, CASB, and secure web gateway C
عرض الإجابة
اجابة صحيحة: C
السؤال #32
An organization wants to perform a scan of all its systems against best practice security configurations. Which of the following SCAP standards, when combined, will enable the organization to view each of the configuration checks in a machine-readable checklist format for fill automation? (Choose two.) A.ARF
B. XCCDF C
F. OVAL
عرض الإجابة
اجابة صحيحة: A
السؤال #33
An organization recently experienced a ransomware attack. The security team leader is concerned about the attack reoccurring. However, no further security measures have been implemented. Which of the following processes can be used to identify potential prevention recommendations?
A. Detection
B. Remediation C
عرض الإجابة
اجابة صحيحة: C
السؤال #34
An organization’s hunt team thinks a persistent threats exists and already has a foothold in the enterprise network. Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?
A. Deploy a SOAR tool
B. Modify user password history and length requirements
عرض الإجابة
اجابة صحيحة: C

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.