Question 31
The IT department is concerned about the possibility of a guest device infecting machines on the corporate network or taking down the company's single Internet connection. Which of the following should a security analyst recommend to BEST meet the requirements outlined by the IT department?
A. Require the guest machines to install the corporate-owned EDR solution
B. Configure NAC to only allow machines on the network that are patched and have active antivirus
C. Place a firewall in between the corporate network and the guest network
D. Configure the IPS with rules that will detect common malware signatures traveling from the guest network
Question 32
Following a recent security breach, a company decides to investigate account usage to ensure privileged accounts are only being utilized during typical business hours. During the investigation, a security analyst determines an account was consistently utilized in the middle of the night. Which of the following actions should the analyst take NEXT?
A. Disable the privileged account.
B. Initiate the incident response plan.
C. Report the discrepancy to human resources.
D. Review the activity with the user.
Question 33
Which of the following are reasons why consumer IoT devices should be avoided in an enterprise environment? (Choose two.)
A. Message queuing telemetry transport does not support encryption.
B. The devices may have weak or known passwords.
C. The devices may cause a dramatic increase in wireless network traffic.
D. The devices may utilize unsecure network protocols.
E. Multiple devices may interfere with the functions of other IoT devices.
F. The devices are not compatible with TLS 1.2.
Question 34
In response to an audit finding, a company's Chief Information Officer (CIO) instructed the security department to increase the security posture of the vulnerability management program. Currently, the company's vulnerability management program has the following attributes:
- It is unauthenticated.
- It is at the minimum interval specified by the audit framework.
- It only scans well-known ports.
Which of the following would BEST increase the security posture of the vulnerability management program?
A. Expand the ports being scanned to include all ports. Increase the scan interval to a number the business will accept without causing service interruption. Enable authentication and perform credentialed scans.
B. Expand the ports being scanned to include all ports. Keep the scan interval at its current level. Enable authentication and perform credentialed scans.
C. Expand the ports being scanned to include all ports. Increase the scan interval to a number the business will accept without causing service interruption. Continue unauthenticated scanning.
D. Continue scanning the well-known ports. Increase the scan interval to a number the business will accept without causing service interruption. Enable authentication and perform credentialed scans.
Question 35
A financial organization has offices located globally. Per the organization's policies and procedures, all executives who conduct business overseas must have their mobile devices checked for malicious software or evidence of tampering upon their return. The information security department oversees this process, and no executive has had a device compromised. The Chief Information Security Officer wants to implement an additional safeguard to protect the organization's data.
Which of the following controls would work BEST to protect the privacy of the data if a device is stolen?
A. Implement a mobile device wiping solution for use if a device is lost or stolen.
B. Install a DLP solution to track data flow.
C. Install an encryption solution on all mobile devices.
D. Train employees to report a lost or stolen laptop to the security department immediately.
Question 36
A software development team asked a security analyst to review some code for security vulnerabilities. Which of the following would BEST assist the security analyst while performing this task?
A. Static analysis
B. Dynamic analysis
C. Regression testing
D. User acceptance testing
Question 37
A security analyst inspects the header of an email that is presumed to be malicious and sees the following:
Which of the following is inconsistent with the rest of the header and should be treated as suspicious?
A. The use of a TLS cipher
B. The sender's email address
C. The destination email server
D. The subject line
Question 38
A team of network security analysts is examining network traffic to determine if sensitive data was exfiltrated. Upon further investigation, the analysts believe confidential data was compromised. Which of the following capabilities would BEST defend against this type of sensitive data exfiltration?
A. Deploy an edge firewall.
B. Implement DLP.
C. Deploy EDR.
D. Encrypt the hard drives.
Question 39
After a series of Group Policy Object updates, multiple services stopped functioning. The systems administrator believes the issue resulted from a Group PolicyObject update but cannot validate which update caused the issue. Which of the following security solutions would resolve this issue?
A. Privilege management
B. Group Policy Object management
C. Change management
D. Asset management
Question 40
Which of the following describes the main difference between supervised and unsupervised machine-learning algorithms that are used in cybersecurity applications?
A. Supervised algorithms can be used to block attacks, while unsupervised algorithms cannot.
B. Supervised algorithms require security analyst feedback, while unsupervised algorithms do not.
C. Unsupervised algorithms are not suitable for IDS systems, while supervised algorithms are.
D. Unsupervised algorithms produce more false positives than supervised algorithms.
