Missed Practice Exam Questions 1

Question 1 of 20

1. Question

A security analyst suspects a network intrusion attempt is underway. Which data source would be MOST useful for capturing detailed network traffic for analysis?

Firewall logs
IPS logs
Packet captures
Netflow

Question 2 of 20

2. Question

Match the behavior with its corresponding description:

Sort elements

Unexplained
Risky
Unintentional
Suspicious

Behavior involves actions that are not in line with established security policies or procedures

Behavior refers to actions taken by individuals that knowingly or recklessly disregard established security policies and procedures, putting sensitive information at risk

Behavior refers to actions that occur inadvertently or accidentally, without malicious intent.

Behavior involves actions or activities that raise concerns or suspicions regarding potential security threats. Include attempting to access restricted areas or information without proper authorization,

Question 3 of 20

3. Question

A server log analysis reveals failed login attempts with usernames not associated with any authorized users. This is a potential indicator of which type of attack?

Replay attack
Spraying attack
Brute-force
Credential stuffing

Question 4 of 20

4. Question

Which of the following would determine if safeguards that have been installed were properly implemented, performing as expected and producing the appropriate results? Match the safeguard with the description:

Sort elements

Security Controls Testing
Penetration testing
Adversary emulation
Bug bounty
Attack surface reduction

Determines if safeguards that have been installed were properly implemented, performing as expected and producing the appropriate results

Critical for attack surface management, determines as many vulnerabilities as possible within defined time and scope parameters

Adopts current threat intelligence methodologies and tactics to identify, expose and correct vulnerabilities

A reward for finding security flaws (bugs) in an application

Refers to hardening areas that are potential entry points, including cloud infrastructure.

Question 5 of 20

5. Question

Arrange the following activities performed in the risk response process in order of priority:

Risk response prioritization
Development
Risk identification
Risk response selection and documentation
Risk analysis
Establishment of risk appetite and risk tolerance

View Answers:

Question 6 of 20

6. Question

Security awareness training for employees is an example of which control type?

Technical
Managerial
Operational
Directive

Question 7 of 20

7. Question

Match the log with its corresponding description:

Sort elements

Firewall
Application
Endpoint
Operating System

Help security analysts identify unauthorized access attempts, suspicious network behavior, and potential threats such as port scanning or denial-of-service (DoS) attack

Capture events and activities generated by software applications running on servers or client devices

contain information about user logins, file access, system processes, and network connections initiated by endpoint devices

include authentication events, system configuration changes, audit trails, and security policy enforcement activities.

Question 8 of 20

8. Question

Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer’s PII?

SCAP
NetFlow
Antivirus
DLP

Question 9 of 20

9. Question

A company wants to improve the overall security posture of its network by filtering malicious traffic. Which security control would be MOST beneficial in achieving this goal?

Proxy server
Web application firewall (WAF)
Next-generation firewall (NGFW)
Intrusion prevention system (IPS)

Question 10 of 20

10. Question

Which of the following considerations are critical for comparing and contrasting the security implications of different architectures?

Patch availability
Ease of recovery
Resilience
Ease of deployment

Question 11 of 20

11. Question

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Compensating control
Network segmentation
Transfer of risk
SNMP traps

Question 12 of 20

12. Question

A {agreement} outlines mutual goals and general terms of an understanding.

A outlines mutual goals and general terms of an understanding.

Question 13 of 20

13. Question

A ________ is also known as a trusted execution environment or TEE.

A is also known as a trusted execution environment or TEE.

Question 14 of 20

14. Question

When troubleshooting a firewall configuration, a technician determines a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?

Documenting the new policy in a change request and submitting the request to change management
Testing the policy in a non-production environment before enabling the policy in the production network
Disabling any intrusion prevention signatures on the “deny any” policy prior to enabling the new policy
Including an “allow any” policy above the “deny any” policy

Question 15 of 20

15. Question

A {contract} usually specifies more concrete terms, responsibilities, and roles of each party in a business relationship.

A usually specifies more concrete terms, responsibilities, and roles of each party in a business relationship.

Question 16 of 20

16. Question

Match the attack with its corresponding description:

Sort elements

Smurf
Brute Force
on-path
SYN flood

a combination of Internet Protocol (IP) spoofing and the saturation of a network with Internet Control Message Protocol (ICMP) messages

occurs when a hacker tries all possible values for such variables as usernames and passwords.

occurs when a hacker intercepts messages from a sender, modifies those messages, and sends them to a legitimate receiver.

occurs when an attacker exploits the three-packet Transmission Control Protocol (TCP) handshake

Question 17 of 20

17. Question

Order the phases of an incident response:

Detection
Lessons learned
Preparation
Recovery
Containment
Analysis
Eradication

View Answers:

Question 18 of 20

18. Question

Which type of security control focuses on day-to-day activities and procedures that users and administrators perform to maintain security?

Question 19 of 20

19. Question

Match the audit type with its description:

Sort elements

Examinations
Regulatory audits
Assessment
Compliance

Refer to a comprehensive category of assessments that encompasses a broad range of evaluations and can include various types of evaluations conducted by external parties encompassing financial audits, security audits, compliance audits, or other examinations aimed at evaluating different aspects of organizational performance, governance, or risk management

Involve evaluating adherence to laws, regulations, or industry standards set forth by governing bodies or regulatory agencies: assess compliance with requirements related to data protection, privacy, financial reporting, or industry-specific regulations

Refers to the process of evaluating systems, processes, or controls to identify strengths, weaknesses, and areas for improvement

Specifically target adherence to applicable laws, regulations, or industry standards. These audits assess whether the organization’s policies, procedures, and practices align with regulatory requirements and whether it has implemented adequate controls to mitigate compliance risks

Question 20 of 20

20. Question

Order these root cause analysis steps in order or priority:

Monitoring and Verification
Solution Generation
Data Collection
Solution Implementation
Cause Analysis
Documenting and Reporting
Problem Identification

View Answers: