لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
A security assessment found that several embedded systems are running unsecure protocols. These Systems were purchased two years ago and the company that developed them is no longer in business Which of the following constraints BEST describes the reason the findings cannot be remediated?
A. inability to authenticate
B. Implied trust
C. Lack of computing power
D. Unavailable patch
عرض الإجابة
اجابة صحيحة: C
السؤال #2
A global pandemic is forcing a private organization to close some business units and reduce staffing at others. Which of the following would be BEST to help the organization’s executives determine the next course of action?
A. An incident response plan
B. A communications plan
C. A disaster recovery plan
D. A business continuity plan
عرض الإجابة
اجابة صحيحة: B
السؤال #3
A security administrator needs to inspect in-transit files on the enterprise network to search for Pll, credit card data, and classification words. Which of the following would be the BEST to use?
A. IDS solution
B. EDR solution
C. HIPS software solution
D. Network DLP solution
عرض الإجابة
اجابة صحيحة: B
السؤال #4
After a hardware incident, an unplanned emergency maintenance activity was conducted to rectify the issue. Multiple alerts were generated on the SIEM during this period of time. Which of the following BEST explains what happened?
A. The unexpected traffic correlated against multiple rules, generating multiple alerts
B. Multiple alerts were generated due to an attack occurring at the same time
C. An error in the correlation rules triggered multiple alerts
D. The SIEM was unable to correlate the rules, triggering the alert
عرض الإجابة
اجابة صحيحة: D
السؤال #5
Which of the following BEST describes the MFA attribute that requires a callback on a predefined landline?
A. Something you exhibit
B. Something you can do
C. Someone you know
D. Somewhere you are
عرض الإجابة
اجابة صحيحة: A
السؤال #6
The process of passively gathering information prior to launching a cyberattack is called:
A. tailgating
B. reconnaissance
C. pharming
D. prepending
عرض الإجابة
اجابة صحيحة: AB
السؤال #7
Company engineers regularly participate in a public Internet forum with other engineers throughout the industry. Which of the following tactics would an attacker MOST likely use in this scenario?
A. Watering-hole attack
B. Credential harvesting
C. Hybrid warfare
D. Pharming
عرض الإجابة
اجابة صحيحة: A
السؤال #8
When implementing automation with loT devices, which of the following should be considered FIRST to keep the network secure?
A. Z-Wave compatibility
B. Network range
C. Zigbee configuration
D. Communication protocols
عرض الإجابة
اجابة صحيحة: A
السؤال #9
A user enters a password to log in to a workstation and is then prompted to enter an authentication code. Which of the following MFA factors or attributes are being utilized in the authentication process? (Select TWO).
A. Something you know
B. Something you have
C. Somewhere you are
D. Someone you are
E. Something you are
F. Something you can do
عرض الإجابة
اجابة صحيحة: BE
السؤال #10
A company Is concerned about ts securkty afler a red-tearn exercise. The report shows the team was able to reach the critical servers due to Ihe SMB being exposed fo the Internet and running NTLMV1, Which of the following BEST explains the findings?
A. Default settings on the servers
B. Unsecuted administrator accounts
C. Open ports and services
D. Weak Gata encryption
عرض الإجابة
اجابة صحيحة: A
السؤال #11
Which of the following utilize a subset of real data and are MOST likely to be used to assess the features and functions of a system and how it interacts or performs from an end user's perspective against defined test cases? (Select TWO).
A. A Production
B. Test
C. Research and development
D. PoC
E. UAT
F. SDLC
عرض الإجابة
اجابة صحيحة: B
السؤال #12
A global company is experiencing unauthorized logging due to credential theft and account lockouts caused by brute-force attacks. The company is considering implementing a third-party identity provider to help mitigate these attacks. Which of the following would be the BEST control for the company to require from prospective vendors?
A. IP restrictions
B. Multifactor authentication
C. A banned password list
D. A complex password policy
عرض الإجابة
اجابة صحيحة: E
السؤال #13
The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access Which of the following is the BEST security solution to reduce this risk?
A. CASB
B. VPN concentrator
C. MFA
D. VPC endpoint
عرض الإجابة
اجابة صحيحة: C
السؤال #14
Which of the following should a technician consider when selecting an encryption method for data that needs to remain confidential for a specific length of time?
A. The key length of the encryption algorithm
B. The encryption algorithm's longevity
C. A method of introducing entropy into key calculations
D. The computational overhead of calculating the encryption key
عرض الإجابة
اجابة صحيحة: B
السؤال #15
A local coffee shop runs a small WiFi hot-spot for its customers that utilizes WPA2-PSK. The coffee shop would like to stay current with security trends and wants to implement WPA3 to make its WiFi even more secure. Which of the following technologies will the coffee shop MOST likely use in place of PSK?
A. WEP
B. MSCHAP
C. wes
D. SAE
عرض الإجابة
اجابة صحيحة: A
السؤال #16
The SIEM at an organization has detected suspicious traffic coming a workstation in its internal network. An analyst in the SOC the workstation and discovers malware that is associated with a botnet is installed on the device A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator. To which of the following groups should the analyst report this real-world event?
A. The NOC team
B. The vulnerability management team
C. The CIRT
D. The read team
عرض الإجابة
اجابة صحيحة: C
السؤال #17
A user recent an SMS on a mobile phone that asked for bank delays. Which of the following social-engineering techniques was used in this case?
A. SPIM
B. Vishing
C. Spear phishing
D. Smishing
عرض الإجابة
اجابة صحيحة: D
السؤال #18
An analyst is trying to identify insecure services thal are running on the intemal network. After performing a port scan, the analyst identifies that a server has some insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for replacing them? (Select THREE)
A. SFT
B. FIPS
C. SNMPv2, SNMPv3
D. HTTP, HTTPS D TFTP, FTP
E. SNMPyt, SNMPy2
F. Tenet, SSH G
عرض الإجابة
اجابة صحيحة: C
السؤال #19
Joe, a security analyst, recently performed a network discovery to fully understand his organization's electronic footprint from a "public" perspective. Joe ran a set of commands and received the following output: Which of the following can be determined about the organization's public presence and security posture? (Select TWO).
A. Joe used Whois to produce this output
B. Joe used cURL to produce this output
C. Joe used Wireshark to produce this output
D. The organization has adequate information available in public registration
E. The organization has too much information available in public registration
F. The organization has too little information available in public registration
عرض الإجابة
اجابة صحيحة: A
السؤال #20
DURING A SECURITY ASSESSMENT. A SECURITY ANALYST FINDS A FILE WITH OVERLY PERMISSIVE PERMISSION. WICH OF THE FOLLOWING TOOL WILL ALLOW THE ANALYST TO REDUCE THR PERMISSONFOR THE EXIXTING USER AND GROUPS AND REMOVE THE SET-USER-ID BIT FROM THE FILE?
A. 1a
B. Chflaga
C. Chmod
D. Leof
E. aeuid
عرض الإجابة
اجابة صحيحة: D
السؤال #21
The human resources department of a large online retailer has received multiple customer complaints about the rudeness of the automated chatbots it uses to interface and assist online shoppers. The system, which continuously learns and adapts, was working fine when it was installed a few months ago. Which of the following BEST describes the method being used to exploit the system?
A. Baseline modification
B. A fileless virus
C. Tainted training data
D. Cryptographic manipulation
عرض الإجابة
اجابة صحيحة: B
السؤال #22
A company would like to set up a secure way to transfer data between users via their mobile phones The company's top pnonty is utilizing technology that requires users to be in as close proximity as possible to each other. Which of the following connection methods would BEST fulfill this need?
A. Cellular
B. NFC
C. Wi-Fi
D. Bluetooth
عرض الإجابة
اجابة صحيحة: D
السؤال #23
A security analyst is running a vulnerability scan to check for missing patches during a suspected security rodent During which of the following phases of the response process is this activity MOST likely occurring?
A. Containment
B. Identification
C. Recovery
D. Preparation
عرض الإجابة
اجابة صحيحة: B
السؤال #24
A secullly operations analyst is using the company’s SIEM solufon to correlate alens. Which of the following stages of the Inciden reapanse process is this an example af?
A. Eradication
B. Recowery
C. identiticalion
D. Preparation
عرض الإجابة
اجابة صحيحة: A
السؤال #25
A user contacts the help desk to report the following: Two days ago, a pop-up browser window prompted the user for a name and password after connecting to the corporate wireless SSID. This had never happened before, but the user entered the information as requested. The user was able to access the Internet but had trouble accessing the department share until the next day. The user is now getting notifications from the bank about unauthorized transactions. Which of the following attack vectors was MOST likel
A. Rogue access point
B. Evil twin
C. DNS poisoning
D. ARP poisoning
عرض الإجابة
اجابة صحيحة: D
السؤال #26
An attacker is attempting to harvest user credentials on a client's wedsite, A security analyst notices multiple attempts of rencom usemames and passwords. When the analyst types in a random username and password, the logon screen displays the following message: The username you entered does not exist. Which of the following should the analyst recommend be enabled?
A. Input validation
B. Obfuscation
C. Error handling
D. Username lockout
عرض الإجابة
اجابة صحيحة: A
السؤال #27
A security analyst wants to verify that a client-server (non-web) application is sending encrypted traffic. Which of the following should the analyst use?
A. openssl
B. hping
C. netcat
D. tcpdump
عرض الإجابة
اجابة صحيحة: D
السؤال #28
An organization wants to integrate its incident response processes into a workflow with automated decision points and actions based on predefined playbooks. Which of the following should the organization implement?
A. SIEM
B. SOAR
C. EDR
D. CASB
عرض الإجابة
اجابة صحيحة: BE
السؤال #29
An attacker replaces a digitally signed document with another version that goes unnoticed Upon reviewing the document's contents the author notices some additional verbiage that was not originally in the document but cannot validate an integrity issue. Which of the following attacks was used?
A. Cryptomalware
B. Hash substitution
C. Collision
D. Phishing
عرض الإجابة
اجابة صحيحة: BC
السؤال #30
During a Chiet Information Securty Officer (CISO) comvenbon to discuss security awareness, the affendees are provided with a network connection to use as a resource. As the Convention progresses. ane of the attendees starts to notice delays in the connection. and the HTTPS ste requests are reverting to HTTP. Which of the folowing BEST describes what is happening?
A. Birtuday colfisices on the cartificate key
B. DNS hijackeng to reroute tratic
C. Brute force 1 tho access point
D. A SSL/TLS downgrade
عرض الإجابة
اجابة صحيحة: D

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.