black_manul
-
Pytanie z
A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even through the data is still viewable from the user’s PCs. Which of the following is the most likely cause of this issue?
-
A. TFTP was disabled on the local hosts
-
B. SSH was turned off instead of modifying the configuration file
-
C. Remote login was disabled in the networkd.config instead of using the sshd.conf
-
D. Network services are no longer running on the NAS
Correct Wrong
-
-
Pytanie z
A help desk technician receives an email from the Chief Information Officer (CIO) asking for documents. The technician knows the CIO is on vacation for a few weeks. Which of the following should the technician do to validate the authenticity of the email?
-
A. Check the metadata in the email header of the received path in reverse order to follow the email’s path.
-
B. Hover the mouse over the CIO’s email address to verify the email address.
-
C. Look at the metadata in the email header and verify the „From.” line matches the CIO’s email address.
-
D. Forward the email to the CIO and ask if the CIO sent the email requesting the documents.
Correct Wrong
https://www.cmu.edu/iso/news/2020/email-spoofing.html
-
-
Pytanie z
During a security assessment, a security finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permission for the existing users and groups and remove the set-user-ID from the file?
-
A. ls
-
B. chflags
-
C. chmod
-
D. lsof
-
E. setuid
Correct Wrong
-
-
Pytanie z
A company recently experienced a major breach. An investigation concludes that customer credit card data was stolen and exfiltrated through a dedicated business partner connection to a vendor, who is not held to the same security contral standards. Which of the following is the MOST likely source of the breach?
-
A. Side channel
-
B. Supply chain
-
C. Cryptographic downgrade
-
D. Malware
Correct Wrong
-
-
Pytanie z
During an investigation, the incident response team discovers that multiple administrator accounts were suspected of being compromised. The host audit logs indicate a repeated brute-force attack on a single administrator account followed by suspicious logins from unfamiliar geographic locations. Which of the following data sources would be BEST to use to assess the accounts impacted by this attack?
-
A. User behavior analytics
-
B. Dump files
-
C. Bandwidth monitors
-
D. Protocol analyzer output
Correct Wrong
-
-
Pytanie z
An employee received multiple messages on a mobile device. The messages instructing the employee to pair the device to an unknown device. Which of the following BEST describes What a malicious person might be doing to cause this issue to occur?
-
A. Jamming
-
B. Bluesnarfing
-
C. Evil twin
-
D. Rogue access point
Correct Wrong
-
-
Pytanie z
As part of the lessons-learned phase, the SOC is tasked with building methods to detect if a previous incident is happening again. Which of the following would allow the security analyst to alert the SOC if an event is reoccurring?
-
A. Creating a playbook within the SOAR
-
B. Implementing rules in the NGFW
-
C. Updating the DLP hash database
-
D. Publishing a new CRL with revoked certificates
Correct Wrong
-
-
Pytanie z
The SIEM at an organization has detected suspicious traffic coming a workstation in its internal network. An analyst in the SOC the workstation and discovers malware that is associated with a botnet is installed on the device A review of the logs on the workstation reveals that the privileges of the local account were escalated to a local administrator. To which of the following groups should the analyst report this real-world event?
-
A. The NOC team
-
B. The vulnerability management team
-
C. The CIRT
-
D. The read team
Correct Wrong
Computer Incident Response Team
-
-
Pytanie z
While reviewing the /etc/shadow file, a security administrator notices files with the same values. Which of the following attacks should the administrator be concerned about?
-
A. Plaintext
-
B. Birthdat
-
C. Brute-force
-
D. Rainbow table
Correct Wrong
-
-
Pytanie z
A company a „right to forgotten” request To legally comply, the company must remove data related to the requester from its systems. Which Of the following Company most likely complying with?
-
A. NIST CSF
-
B. GDPR
-
C. PCI OSS
-
D. ISO 27001
Correct Wrong
-
-
Pytanie z
A company is switching to a remote work model for all employees. All company and employee resources will be in the cloud. Employees must use their personal computers to access the cloud computing environment. The company will manage the operating system. Which of the following deployment models is the company implementing?
-
A. CYOD
-
B. MDM
-
C. COPE
-
D. VDI
Correct Wrong
-
-
Pytanie z
A contractor overhears a customer recite their credit card number during a confidential phone call. The credit card Information is later used for a fraudulent transaction. Which of the following social engineering techniques describes this scenario?
-
A. Shoulder surfing
-
B. Watering hole
-
C. Vishing
-
D. Tailgating
Correct Wrong
-
-
Pytanie z
A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?
-
A. DDoS
-
B. Privilege escalation
-
C. DNS poisoning
-
D. Buffer overflow
Correct Wrong
-
-
Pytanie z
A company’s web filter is configured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites?
-
A. encryption=off
-
B. http://
-
C. www.*.com
-
D. :443
Correct Wrong
-
-
Pytanie z
An organization wants to ensure that proprietary information is not inadvertently exposed during facility tours. Which of the following would the organization implement to mitigate this risk?
-
A. Clean desk policy
-
B. Background checks
-
C. Non-disclosure agreements
-
D. Social media analysis
Correct Wrong
-
-
Pytanie z
A security analyst wants to fingerprint a web server. Which of the following tools will the security analyst MOST likely use to accomplish this task?
-
A. nmap -pl-65535 192.168.0.10
-
B. dig 192.168.0.10
-
C. curl —head http://192.168.0.10
-
D. ping 192.168.0.10
Correct Wrong
The curl command with the --head option is commonly used to send an HTTP HEAD request to a web server, which typically retrieves information about the web server's headers, including the server type and version. This can help a security analyst identify and fingerprint the web server. The other options are not primarily used for web server fingerprinting: A. nmap is a network scanning tool that can be used for port scanning and identifying open ports on a target system, but it won't provide detailed information about the web server itself. B. dig is a DNS query tool used to retrieve DNS-related information about a host, but it doesn't directly fingerprint a web server. D. ping is used to test network connectivity and reachability of a target host but does not provide information about the web server software or version.
-
-
Pytanie z
A cybersecurity analyst reviews the log files from a web server end sees a series of files that indicate a directory traversal attack has occurred Which of the following is the analyst most likely seeing?
-
A. http://sample.url.com/
-
B. http://sample.url.com/someotherpageonsite/../../../etc/shadow
-
C. http://sample.url.com/select-from-database-where-password-null
-
D. http://redirect.sameple.url.sampleurl.com/malicious-dns-redirect
Correct Wrong
-
-
Pytanie z
While checking logs, a security engineer notices a number of end users suddenly downloading files with the.tar.gz extension-Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring?
-
A. The workstations are beaconing to a command-and-control server.
-
B. A logic bomb was executed and is responsible for the data transfers
-
C. A fileless virus is spreading in the local network environment.
-
D. A RAT was installed and is transferring additional exploit tools.
Correct Wrong
-
-
Pytanie z
A penetration test revealed that several Linux servers were misconfigured at the file level and access was granted incorrectly. A security analyst is referencing the instructions in the incident response runbook for remediation information. Which of the following is the best command to use to resolve the issue?
-
A. chmod
-
B. cat
-
C. grep
-
D. dig
Correct Wrong
-
-
Pytanie z
Experienced railed log-in attempts when authenticating from the same IP address:
184.168.131.241 – userA – failed authentication
184.168.131.241 – userA – failed authentication
184.168.131.241 – userB – failed authentication
184.168.131.241 – userB – failed authentication
184.168.131.241 – userC – failed authentication
184.168.131.241 – userC – failed authentication
Which of the following most likely describes the attack that took place?-
Rainbow table
-
Dictionary
-
Brute-force
-
Spraying
Correct Wrong
-
-
Pytanie z
A user would like to install software and features that are not available with a smartphone’s default software. Which of the following would allow the user to install unauthorized software and enable new features?
-
A. SQLi
-
B. Cross-site scripting
-
C. Jailbreaking
-
D. Side loading
Correct Wrong
-
-
Pytanie z
A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources. Which of the following risks would this training help to prevent?
-
A. Hoaxes
-
B. SPIMs
-
C. Identity fraud
-
D. Credential harvesting
Correct Wrong
-
-
Pytanie z
Which of the following should a security operations center use to improve its incident response procedure?
-
A. Playbooks
-
B. Frameworks
-
C. Baselines
-
D. Benchmarks
Correct Wrong
-
-
Pytanie z
Which of the following best describes why the SMS OTP authentication method is more risky to implement than the TOTP method?
-
A. The SMS OTP method requires an end user to have an active mobile telephone service and SIM card.
-
B. Generally, SMS OTP codes are valid for up to 15 minutes, while the TOTP time frame is 30 to 60 seconds.
-
C. The SMS OTP is more likely to be intercepted and lead to unauthorized disclosure of the code than the TOTP method.
-
D. The algorithm used to generate an SMS OTP code is weaker than the one used to generate a TOTP code.
Correct Wrong
-
-
Pytanie z
A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required for the security analysts Which of the following would best enable the reduction in manual work?
-
A. SOAR
-
B. SIEM
-
C. MDM
-
D. DLP
Correct Wrong
-
GIPHY App Key not set. Please check settings