Mock Exam A

#1. Whilst reviewing web server application logs a threat analyst notices the following URL (see exhibit). What type of attack will likely occur?

XSS

Session hijacking

SQL injection

CSRF

#2. A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different highlatency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated. Which of the following techniques would be BEST suited for this requirement?

Reduce link latency on the affected ground and satellite segments

Deploy SOAR utilities and runbooks

Provide the contractors with direct access to satellite telemetry data

Replace the associated hardware

#3. A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location. Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

Total memory encryption

Virtual memory encryption

Execute never

No-execute

#4. A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots. Which of the following would provide the BEST boot loader protection?

UEFI/BIOS

PKI

HSM

TPM

#5. An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?

The client application is configured to use AES-256 in GCM

The client application is testing PFS

The client application is configured to use RC4

The client application is configured to use ECDHE

#6. A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer’s laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy. Which of the following solutions should the security architect recommend?

Replace the current antivirus with an EDR solution

Implement a deny list feature on the endpoints.

Add a firewall module on the current antivirus solution

Remove the web proxy and install a UTM appliance

#7. A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation. Which of the following is the BEST solution to meet these objectives?

Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.

Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.

Implement EDR, keep users in the local administrators group, and enable user behavior analytics

Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.

#8. A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs. Which of the following should the company use to prevent data theft?

DRM

Access logging

NDA

Watermarking

#9. A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.

Select all that apply:

Verify MD5 hashes.

Make the DACL read-only

Encrypt with 3DES

Utilize code signing by a trusted third party.

Implement certificate-based authentication.

Compress the program with a password.

#10. A Financial Investments organization, requires a task to be carried by more than one person concurrently. This is an example of:

least privilege

separation of duties

job rotation

dual control

#11. A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources. Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?

Cgroups

Device mapper

Union filesystem overlay

Linux namespaces

#12. The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?

Establish a review committee that assesses the importance of suppliers and ranks them to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier’s post-contract renewal with a dedicated risk management team.according

Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier’s rating. Report finding units that rely on the suppliers and the various risk teams.

Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a database for all other business units and risk teams to reference

Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.

#13. A security engineer thinks the development team has been hard-coding sensitive environment variables in its code. Which of the following would BEST secure the company’s CI/CD pipeline?

Deploying instance tagging

Performing DAST on a weekly basis

Introducing the use of container orchestration

Utilizing a trusted secrets manager

#14. A security analyst is investigating a possible buffer overflow attack, after the following output was found on a user’s workstation: mem_bashshell.prg Which technology would mitigate the manipulation of memory segments?

DEP

NX bit

ALSR

UEFI

#15. After a security incident, a network security engineer discovers that a portion of the company’s sensitive external traffic has been redirected through a secondary ISP that is not normally used. Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure? ? BGP Border Gateway Protocol is used for external routing

Implement an inbound BGP prefix list

Implement a BGP route reflector

Disable BGP and implement OSPF

Disable BGP and implement a single static route for each internal network

#16. Which of the following terms refers to the delivery of encryption keys to a CASB or a third-party entity?

Key Escrow

Key Sharing

Key Recovery

Key Distribution

#17. During a black box assignment, a Pen Tester successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels. Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

Read the /etc/passwd file to extract the usernames

Initiate unquoted service path exploits.

Use the UNION operator to extract the database schema

Spawn a shell using sudo and an escape string such as sudo vim -c ‘!sh’.

Perform ASIC password cracking on the host

#18. The Chief information Officer (CIO) wants to establish a non-binding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a formal partnership. Which of the follow would MOST likely be used?

OLA

NDA

SLA

MOU

#19. Customer facing application servers all crashed around the same time for an unknown reason. All servers were restored to working condition, and all file integrity was verified. Which of the following should the incident response team perform to understand the crash and prevent it in the future?

After-action report

Root cause analysis

Lessons learned

Continuity of operations plan

#20. Acme corporation is establishing a contract with a major services provider. The terms of the agreement are formalized in a document covering the payment terms, limitation of liability, and intellectual property rights. Which of the following documents will MOST likely contain these elements?

SLA

MOU

MSA

NDA

OLA

#21. An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items. Which of the following phases establishes the identification and prioritization of critical systems and functions?

Perform a cost-benefit analysis.

Develop an exposure factor matrix

Conduct a business impact analysis

Review a recent gap analysis.

#22. Security professionals are reviewing MDM device event logs (see exhibit), would poses the biggest risk & how should the team mitigate the risk.

Impossible travel; disable the device’s account and access while investigating

Resource leak; recover the device for analysis and clean up the local storage.

Malicious installation of an application; change the MDM configuration to remove application ID 1022.

Falsified status reporting; remotely wipe the device.

#23. Over the last 3 months, multiple storage services have been exposed within cloud service environments. Presently the security team does not have the ability to see who is creating these instances. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem. Which of the following will BEST address the problem with the least amount of administrative effort?

Compile a list of firewall requests and compare than against interesting cloud services

Capture all log and feed then to a SIEM and then for cloud service events

Implement a CASB solution and track cloud service use cases for greater visibility.

Implement a user-behaviour system to associate user events and cloud service creation events.

#24. A small company recently developed prototype technology for a military program. The company’s security engineer is concerned about potential theft of the newly developed, proprietary information. Which of the following should the security engineer do to BEST manage the threats proactively?

Join an information-sharing community that is relevant to the company

Update security awareness training to address new threats, such as best practices for data security

Use OSINT techniques to evaluate and analyse the threats

Leverage the MITRE ATT&CK framework to map the TTP

Need to proactively mitigate the risks

#25. A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output (shown in the exhibit), from which of the following process IDs can the analyst begin an investigation?

25

12

22

99

#26. Following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure. Which of the following must occur to ensure the integrity of the image?

The disk containing the image must be placed in a seated container

A hash value of the image must be computed.

The image must be password protected against changes

A duplicate copy of the image must be maintained

#27. A large online retailer recently experienced a ransomware attack. The CISO is concerned about the attack re-occurring. At this point, no further security measures have been implemented. Which of the following processes can be used to identify potential prevention recommendations?

Detection

Containment

Recovery

Preparation

#28. A major defense contractor is designing a system, to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by R&D within the company. The network already includes a SEIM and a NIPS and requires 2FA for all user access. Which of the following system should the company consider NEXT to mitigate the associated risks?

UTM

Mail Gateway

Data flow enforcement

DLP

#29. A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services. Which of the following should be modified to prevent the issue from reoccurring?

Mission-essential functions

Recovery service level

Recovery time objective

Recovery point objective

#30. Jeff, a security engineer, whilst auditing the organization’s current software development practice discovered that multiple open-source libraries were Integrated into the organization’s SaaS software. The organization currently performs SAST and DAST on the software it develops. Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?

Perform unit testing of the open-source libraries

Implement the SDLC security guidelines

Track the library versions and monitor the CVE website for related vulnerabilities

Perform additional SAST/DAST on the open-source libraries