Mock Exam A

#1. The Chief information Officer (CIO) wants to establish a non-binding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a formal partnership. Which of the follow would MOST likely be used?

MOU

SLA

OLA

NDA

#2. A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different highlatency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated. Which of the following techniques would be BEST suited for this requirement?

Provide the contractors with direct access to satellite telemetry data

Replace the associated hardware

Deploy SOAR utilities and runbooks

Reduce link latency on the affected ground and satellite segments

#3. A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation. Which of the following is the BEST solution to meet these objectives?

Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.

Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.

Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.

Implement EDR, keep users in the local administrators group, and enable user behavior analytics

#4. A Financial Investments organization, requires a task to be carried by more than one person concurrently. This is an example of:

dual control

separation of duties

least privilege

job rotation

#5. A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots. Which of the following would provide the BEST boot loader protection?

PKI

HSM

TPM

UEFI/BIOS

#6. During a black box assignment, a Pen Tester successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels. Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

Read the /etc/passwd file to extract the usernames

Spawn a shell using sudo and an escape string such as sudo vim -c '!sh'.

Initiate unquoted service path exploits.

Use the UNION operator to extract the database schema

Perform ASIC password cracking on the host

#7. Following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure. Which of the following must occur to ensure the integrity of the image?

The image must be password protected against changes

A hash value of the image must be computed.

The disk containing the image must be placed in a seated container

A duplicate copy of the image must be maintained

#8. Acme corporation is establishing a contract with a major services provider. The terms of the agreement are formalized in a document covering the payment terms, limitation of liability, and intellectual property rights. Which of the following documents will MOST likely contain these elements?

OLA

SLA

MSA

NDA

MOU

#9. A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer's laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy. Which of the following solutions should the security architect recommend?

Remove the web proxy and install a UTM appliance

Replace the current antivirus with an EDR solution

Add a firewall module on the current antivirus solution

Implement a deny list feature on the endpoints.

#10. A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services. Which of the following should be modified to prevent the issue from reoccurring?

Recovery time objective

Recovery service level

Recovery point objective

Mission-essential functions

#11. A major defense contractor is designing a system, to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by R&D within the company. The network already includes a SEIM and a NIPS and requires 2FA for all user access. Which of the following system should the company consider NEXT to mitigate the associated risks?

Mail Gateway

DLP

Data flow enforcement

UTM

#12. Whilst reviewing web server application logs a threat analyst notices the following URL (see exhibit). What type of attack will likely occur?

Session hijacking

CSRF

SQL injection

XSS

#13. An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?

The client application is configured to use RC4

The client application is testing PFS

The client application is configured to use AES-256 in GCM

The client application is configured to use ECDHE

#14. A small company recently developed prototype technology for a military program. The company's security engineer is concerned about potential theft of the newly developed, proprietary information. Which of the following should the security engineer do to BEST manage the threats proactively?

Update security awareness training to address new threats, such as best practices for data security

Use OSINT techniques to evaluate and analyse the threats

Join an information-sharing community that is relevant to the company

Leverage the MITRE ATT&CK framework to map the TTP

Need to proactively mitigate the risks

#15. Which of the following terms refers to the delivery of encryption keys to a CASB or a third-party entity?

Key Recovery

Key Sharing

Key Distribution

Key Escrow

#16. A large online retailer recently experienced a ransomware attack. The CISO is concerned about the attack re-occurring. At this point, no further security measures have been implemented. Which of the following processes can be used to identify potential prevention recommendations?

Preparation

Detection

Containment

Recovery

#17. Security professionals are reviewing MDM device event logs (see exhibit), would poses the biggest risk & how should the team mitigate the risk.

Resource leak; recover the device for analysis and clean up the local storage.

Malicious installation of an application; change the MDM configuration to remove application ID 1022.

Impossible travel; disable the device's account and access while investigating

Falsified status reporting; remotely wipe the device.

#18. A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.

Select all that apply:

Utilize code signing by a trusted third party.

Compress the program with a password.

Make the DACL read-only

Encrypt with 3DES

Verify MD5 hashes.

Implement certificate-based authentication.

#19. Over the last 3 months, multiple storage services have been exposed within cloud service environments. Presently the security team does not have the ability to see who is creating these instances. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem. Which of the following will BEST address the problem with the least amount of administrative effort?

Compile a list of firewall requests and compare than against interesting cloud services

Implement a CASB solution and track cloud service use cases for greater visibility.

Capture all log and feed then to a SIEM and then for cloud service events

Implement a user-behaviour system to associate user events and cloud service creation events.

#20. Jeff, a security engineer, whilst auditing the organization's current software development practice discovered that multiple open-source libraries were Integrated into the organization's SaaS software. The organization currently performs SAST and DAST on the software it develops. Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?

Track the library versions and monitor the CVE website for related vulnerabilities

Implement the SDLC security guidelines

Perform additional SAST/DAST on the open-source libraries

Perform unit testing of the open-source libraries

#21. A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs. Which of the following should the company use to prevent data theft?

Access logging

Watermarking

DRM

NDA

#22. An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items. Which of the following phases establishes the identification and prioritization of critical systems and functions?

Perform a cost-benefit analysis.

Conduct a business impact analysis

Review a recent gap analysis.

Develop an exposure factor matrix

#23. A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location. Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

No-execute

Virtual memory encryption

Total memory encryption

Execute never

#24. A security analyst is investigating a possible buffer overflow attack, after the following output was found on a user's workstation: mem_bashshell.prg Which technology would mitigate the manipulation of memory segments?

DEP

NX bit

ALSR

UEFI

#25. Customer facing application servers all crashed around the same time for an unknown reason. All servers were restored to working condition, and all file integrity was verified. Which of the following should the incident response team perform to understand the crash and prevent it in the future?

Root cause analysis

After-action report

Lessons learned

Continuity of operations plan

#26. After a security incident, a network security engineer discovers that a portion of the company's sensitive external traffic has been redirected through a secondary ISP that is not normally used. Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure? ? BGP Border Gateway Protocol is used for external routing

Disable BGP and implement a single static route for each internal network

Implement an inbound BGP prefix list

Implement a BGP route reflector

Disable BGP and implement OSPF

#27. A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output (shown in the exhibit), from which of the following process IDs can the analyst begin an investigation?

25

99

12

22

#28. A security engineer thinks the development team has been hard-coding sensitive environment variables in its code. Which of the following would BEST secure the company's CI/CD pipeline?

Introducing the use of container orchestration

Utilizing a trusted secrets manager

Performing DAST on a weekly basis

Deploying instance tagging

#29. A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources. Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?

Union filesystem overlay

Linux namespaces

Device mapper

Cgroups

#30. The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?

Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier's rating. Report finding units that rely on the suppliers and the various risk teams.

Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a database for all other business units and risk teams to reference

Establish a review committee that assesses the importance of suppliers and ranks them to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier's post-contract renewal with a dedicated risk management team.according

Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.