Get Full Version of the Exam
An audit takes place after company-wide restricting, in which several employees changed roles. The following deficiencies are found during the audit regarding access to confidential data:
Which of the following would be the BEST method to prevent similar audit findings in the future?
Implement separation of duties for the payroll department.
Implement a DLP solution on the payroll and human resources servers.
Implement rule-based access controls on the human resources server.
Implement regular permission auditing and reviews.
Which of the following are the MAIN reasons why a systems administrator would install security patches in a staging environment before the patches are applied to the production server? (Select two.)
To prevent server availability issues
To verify the appropriate patch is being installed
To generate a new baseline hash after patching
To allow users to test functionality
To ensure users are trained on new functionality
An analyst is reviewing a simple program for potential security vulnerabilities before being deployed to a Windows server. Given the following code:
Which of the following vulnerabilities is present?
Bad memory pointer
Which of the following cryptography algorithms will produce a fixed-length, irreversible output?
A security analyst is performing a quantitative risk analysis. The risk analysis should show the potential monetary loss each time a threat or event occurs. Given this requirement, which of the following concepts would assist the analyst in determining this value? (Select two.)
A security analyst observes the following events in the logs of an employee workstation:
Given the information provided, which of the following MOST likely occurred on the workstation?
Application whitelisting controls blocked an exploit payload from executing.
Antivirus software found and quarantined three malware files.
Automatic updates were initiated but failed because they had not been approved.
The SIEM log agent was not turned properly and reported a false positive.
Which of the following would MOST likely appear in an uncredentialed vulnerability scan?
Inactive local accounts
After an identified security breach, an analyst is tasked to initiate the IR process. Which of the following is the NEXT step the analyst should take?
Which of the following precautions MINIMIZES the risk from network attacks directed at multifunction printers, as well as the impact on functionality at the same time?
Isolating the systems using VLANs
Installing a software-based IPS on all devices
Enabling full disk encryption
Implementing a unique user PIN access functions
A security administrator suspects a MITM attack aimed at impersonating the default gateway is underway. Which of the following tools should the administrator use to detect this attack? (Select two.)