Quiz about 532 BNS6 PT5

Question 1

NO.203 A user contacts the help desk to report the following:

* Two days ago, a pop-up browser window prompted the user for a name and password after

connecting to the corporate wireless SSID. This had never happened before, but the user entered the

information as requested.

* The user was able to access the Internet but had trouble accessing the department share until the

next day.

* The user is now getting notifications from the bank about unauthorized transactions.

Which of the following attack vectors was MOST likely used in this scenario?

Accepted Answer

(A). Rogue access point

Answer

(B). Evil twin

Answer

(C). DNS poisoning

Answer

(D). ARP poisoning

Question 2

NO.204 The IT department at a university is concerned about professors placing servers on the

university network in an attempt to bypass security controls. Which of the following BEST represents

this type of threat?

Accepted Answer

(B). Shadow IT

Answer

(A). A script kiddie

Answer

(C). Hacktivism

Answer

(D). White-hat

Question 3

NO.205 A bad actor tries to persuade someone to provide financial information over the phone in

order to gain access to funds. Which of the following types of attacks does this scenario describe?

Accepted Answer

(C). Spear phishing

Answer

(A). Vishing

Answer

(B). Phishing

Answer

(D). Whaling

Question 4

NO.206 A security analyst discovers several .jpg photos from a cellular phone during a forensics

investigation involving a compromised system. The analyst runs a forensics tool to gather file

metadata. Which of the following would be part of the images if all the metadata is still intact?

Accepted Answer

(A). The GPS location

Answer

(B). When the file was deleted

Answer

(C). The total number of print jobs

Answer

(D). The number of copies made

Question 5

NO.207 During a routine scan of a wireless segment at a retail company, a security administrator

discovers several devices are connected to the network that do not match the company's naming

convention and are not in the asset Inventory. WiFi access Is protected with 255-Wt encryption via

WPA2. Physical access to the company's facility requires two-factor authentication using a badge and

a passcode Which of the following should the administrator implement to find and remediate the

Issue? (Select TWO).

Accepted Answer

(B). Enable MAC filtering on the switches that support the wireless network.

Accepted Answer

(E). Scan the wireless network for rogue access points.

Answer

(A). Check the SIEM for failed logins to the LDAP directory.

Answer

(C). Run a vulnerability scan on all the devices in the wireless network

Answer

(D). Deploy multifactor authentication for access to the wireless network

Question 6

NO.208 An analyst is trying to identify insecure services that are running on the internal network

After performing a port scan the analyst identifies that a server has some insecure services enabled

on default ports Which of the following BEST describes the services that are currently running and

the secure alternatives for replacing them' (Select THREE)

Accepted Answer

(B). SNMPv2 SNMPv3

Accepted Answer

(C). HTTP, HTTPS

Accepted Answer

(F). Telnet SSH

Answer

(A). SFTP FTPS

Answer

(D). TFTP FTP

Question 7

NO.209 Some laptops recently went missing from a locked storage area that is protected by keyless

RFID-enabled locks. There is no obvious damage to the physical space. The security manager

identifies who unlocked the door, however, human resources confirms the employee was on vacation at the time of the incident. Which of the following describes what MOST likely occurred?

Accepted Answer

(A). The employee's physical access card was cloned.

Answer

(B). The employee is colluding with human resources

Answer

(C). The employee's biometrics were harvested

Answer

(D). A criminal used lock picking tools to open the door.

Question 8

NO.210 During an asset inventory, several assets, supplies, and miscellaneous items were noted as

missing. The security manager has been asked to find an automated solution to detect any future

theft of equipment. Which of the following would be BEST to implement?

Accepted Answer

(C). Access control vestibule

Answer

(A). Badges

Answer

(B). Fencing

Answer

(D). Lighting

Answer

(E). Cameras

Question 9

NO.211 An end user reports a computer has been acting slower than normal for a few weeks, During

an investigation, an analyst determines the system 3 sending the users email address and a ten-digit

number ta an IP address once a day. The only resent log entry regarding the user's computer is the

following:

Which of the following is the MOST likely cause of the issue?

Accepted Answer

(A). The end user purchased and installed 2 PUP from a web browser.

Answer

(B). 4 bot on the computer is rule forcing passwords against a website.

Answer

(C). A hacker Is attempting to exfilltrated sensitive data.

Answer

(D). Ransomwere is communicating with a command-and-control server.

Question 10

NO.212 A network engineer needs to create a plan for upgrading the wireless infrastructure in a

large office Priority must be given to areas that are currently experiencing latency and connection

issues. Which of the following would be the BEST resource for determining the order of priority?

Accepted Answer

(B). Heat maps

Answer

(A). Nmapn

Answer

(C). Network diagrams

Answer

(D). Wireshark

Question 11

NO.213 Which of the following BEST describes the MFA attribute that requires a callback on a

predefined landline?

Accepted Answer

(B). Something you can do

Answer

(A). Something you exhibit

Answer

(C). Someone you know

Answer

(D). Somewhere you are

Question 12

NO.214 Which of the following should be monitored by threat intelligence researchers who search

for leaked credentials?

Accepted Answer

(D). Vulnerability databases

Answer

(A). Common Weakness Enumeration

Answer

(B). OSINT

Answer

(C). Dark web

Question 13

NO.215 Which of the following would cause a Chief Information Security Officer (CISO) the MOST

concern regarding newly installed Internet-accessible 4K surveillance cameras?

Accepted Answer

(B). The cameras could be compromised if not patched in a timely manner.

Answer

(A). An inability to monitor 100%, of every facility could expose the company to unnecessary risk.

Answer

(C). Physical security at the facility may not protect the cameras from theft.

Answer

(D). Exported videos may take up excessive space on the file servers.

Question 14

NO.216 An analyst needs to set up a method for securely transferring files between systems. One of

the requirements is to authenticate the IP header and the payload. Which of the following services

would BEST meet the criteria?

Accepted Answer

(A). TLS

Answer

(B). PFS

Answer

(C). ESP

Answer

(D). AH

Question 15

NO.217 A security auditor is reviewing vulnerability scan data provided by an internal security team.

Which of the following BEST indicates that valid credentials were used?

Accepted Answer

(B). The scan enumerated software versions of installed programs

Answer

(A). The scan results show open ports, protocols, and services exposed on the target host

Answer

(C). The scan produced a list of vulnerabilities on the target host

Answer

(D). The scan identified expired SSL certificates

Question 16

NO.218 Which of the following would satisfy three-factor authentication?

Accepted Answer

(A). Password, retina scanner, and NFC card

Answer

(B). Password, fingerprint scanner, and retina scanner

Answer

(C). Password, hard token, and NFC card

Answer

(D). Fingerprint scanner, hard token, and retina scanner

Question 17

NO.219 Which of the following scenarios would make a DNS sinkhole effective in thwarting an

attack?

Accepted Answer

(D). Routing tables have been compromised, and an attacker is rerouting traffic to malicious websites

Answer

(A). An attacker is sniffing traffic to port 53, and the server is managed using unencrypted usernames

and passwords.

Answer

(B). An organization is experiencing excessive traffic on port 53 and suspects an attacker is trying to

DoS the domain name server.

Answer

(C). Malware trying to resolve an unregistered domain name to determine if it is running in an

isolated sandbox

Question 18

NO.220 The concept of connecting a user account across the systems of multiple enterprises is BEST

known as:

Accepted Answer

(D). single sign-on.

Answer

(A). federation.

Answer

(B). a remote access policy.

Answer

(C). multifactor authentication.

Question 19

NO.221 A financial analyst is expecting an email containing sensitive information from a client.

When the email arrives, the analyst receives an error and is unable to open the encrypted message.

Which of the following is the MOST likely cause of the issue?

Accepted Answer

(A). The S/MME plug-in is not enabled.

Answer

(B). The SLL certificate has expired.

Answer

(C). Secure IMAP was not implemented

Answer

(D). POP3S is not supported.

Question 20

NO.222 A security analyst has received several reports of an issue on an internal web application.

Users stale they are having to provide their credential twice lo log in. The analyst checks with the

application team and notes this is not an expected behavior. After looking at several loos the analyst

decades to run some commands on the gateway and obtains the following output Internet address.

Which of the following BEST describes the attack the company is experiencing?

Accepted Answer

(C). ARP poisoning

Answer

(A). MAC flooding

Answer

(B). URL redirection

Answer

(D). DNS hijacking

Question 21

NO.223 A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web

application using a third-party library. The development staff state there are still customers using the

application even though it is end of life and it would be a substantial burden to update the

application for compatibility with more secure libraries. Which of the following would be the MOST

prudent course of action?

Accepted Answer

(C). Use containerization to segment the application from other applications to eliminate the risk

Answer

(A). Accept the risk if there is a clear road map for timely decommission

Answer

(B). Deny the risk due to the end-of-life status of the application.

Answer

(D). Outsource the application to a third-party developer group

Question 22

NO.224 A security analyst needs to generate a server certificate to be used for 802.1X and secure

RDP connections.

The analyst is unsure what is required to perform the task and solicits help from a senior colleague.

Which of the following is the FIRST step the senior colleague will most likely tell the analyst to

perform to accomplish this task?

Accepted Answer

(B). Generate a CSR

Answer

(A). Create an OCSP

Answer

(C). Create a CRL

Answer

(D). Generate a .pfx file

Question 23

NO.225 A security analyst is performing a packet capture on a series of SOAP HTTP requests for a

security assessment. The analyst redirects the output to a file After the capture is complete, the

analyst needs to review the first transactions quickly and then search the entire series of requests for

a particular string Which of the following would be BEST to use to accomplish the task? (Select TWO).

Accepted Answer

(A). head

Accepted Answer

(C). grep

Answer

(B). Tcpdump

Answer

(D). rail

Answer

(E). curl

Question 24

NO.226 A company is considering transitioning to the cloud. The company employs individuals from

various locations around the world The company does not want to increase its on-premises

infrastructure blueprint and only wants to pay for additional compute power required. Which of the following solutions would BEST meet the needs of the company?

Accepted Answer

(B). Hybrid environment

Answer

(A). Private cloud

Answer

(C). Managed security service provider

Answer

(D). Hot backup site

Question 25

NO.227 An auditor is performing an assessment of a security appliance with an embedded OS that

was vulnerable during the last two assessments. Which of the following BEST explains the appliance's

vulnerable state?

Accepted Answer

(C). The vendor has not supplied a patch for the appliance.

Answer

(A). The system was configured with weak default security settings.

Answer

(B). The device uses weak encryption ciphers.

Answer

(D). The appliance requires administrative credentials for the assessment.

Question 26

NO.228 An analyst visits an internet forum looking for information about a tool. The analyst finds a

threat that appears to contain relevant information. One of the posts says the following:

Which of the following BEST describes the attack that was attempted against the forum readers?

Accepted Answer

(C). XSS attack

Answer

(A). SOU attack

Answer

(B). DLL attack

Answer

(D). API attack

Question 27

NO.229 A security analyst is reviewing the following command-line output:

Which of the following Is the analyst observing?

Accepted Answer

(C). MAC address cloning

Answer

(A). IGMP spoofing

Answer

(B). URL redirection

Answer

(D). DNS poisoning

Question 28

NO.230 A security analyst generated a file named host1.pcap and shared it with a team member

who is going to use it for further incident analysis. Which of the following tools will the other team

member MOST likely use to open this file?

Accepted Answer

(D). Wireshark

Answer

(A). Autopsy

Answer

(B). Memdump

Answer

(C). FTK imager

Question 29

NO.231 The Chief Information Security Officer wants to pilot a new adaptive, user-based

authentication method. The concept Includes granting logical access based on physical location and

proximity. Which of the following Is the BEST solution for the pilot?

Accepted Answer

(B). Self-sovereign identification

Answer

(A). Geofencing

Answer

(C). PKl certificates

Answer

(D). SSO

Question 30

NO.232 A company needs to centralize its logs to create a baseline and have visibility on its security

events. Which of the following technologies will accomplish this objective?

Accepted Answer

(A). Security information and event management

Answer

(B). A web application firewall

Answer

(C). A vulnerability scanner

Answer

(D). A next-generation firewall

Question 31

NO.233 A system that requires an operation availability of 99.99% and has an annual maintenance

window available to patching and fixes will require the HIGHEST:

Accepted Answer

(B). MTTR

Answer

(A). MTBF

Answer

(C). RPO

Answer

(D). RTO

Question 32

NO.234 Which of the following is MOST likely to contain ranked and ordered information on the

likelihood and potential impact of catastrophic events that may affect business processes and

systems, while also highlighting the residual risks that need to be managed after mitigating controls

have been implemented?

Accepted Answer

(B). A risk register

Answer

(A). An RTO report

Answer

(C). A business impact analysis

Answer

(D). An asset value register

Answer

(E). A disaster recovery plan

Question 33

NO.235 A security analyst has been asked to investigate a situation after the SOC started to receive

alerts from the SIEM. The analyst first looks at the domain controller and finds the following events:

To better understand what is going on, the analyst runs a command and receives the following

output:

Based on the analyst's findings, which of the following attacks is being executed?

Accepted Answer

(D). Spraying

Answer

(A). Credential harvesting

Answer

(B). Keylogger

Answer

(C). Brute-force

Question 34

NO.236 A SOC is currently being outsourced. Which of the following is being used?

Accepted Answer

(C). MSSP

Answer

(A). Microservices

Answer

(B). SaaS

Answer

(D). PaaS

Question 35

NO.237 The website http://companywebsite.com requires users to provide personal information including security responses, for registration. which of the following would MOST likely cause a date breach?

Accepted Answer

(A). LACK OF INPUT VALIDATION

Answer

(B). OPEN PERMISSIONS

Answer

(C). UNSCECURE PROTOCOL

Answer

(D). MISSING PATCHES

Question 36

NO.238 A security assessment found that several embedded systems are running unsecure

protocols. These Systems were purchased two years ago and the company that developed them is no

longer in business Which of the following constraints BEST describes the reason the findings cannot

be remediated?

Accepted Answer

(D). Unavailable patch

Answer

(A). inability to authenticate

Answer

(B). Implied trust

Answer

(C). Lack of computing power

Question 37

NO.239 A network administrator would like to configure a site-to-site VPN utilizing iPSec. The

administrator wants the tunnel to be established with data integrity encryption, authentication and

anti- replay functions Which of the following should the administrator use when configuring the VPN?

Accepted Answer

(C). ESP

Answer

(A). AH

Answer

(B). EDR

Answer

(D). DNSSEC

Question 38

NO.240 A new vulnerability in the SMB protocol on the Windows systems was recently discovered,

but no patches are currently available to resolve the issue. The security administrator is concerned

that servers in the company's DMZ will be vulnerable to external attack; however, the administrator

cannot disable the service on the servers, as SMB is used by a number of internal systems and

applications on the LAN Which of the following TCP ports should be blocked for all external inbound

connections to the DMZ as a workaround to protect the servers? (Select TWO).

Accepted Answer

(A). 135

Accepted Answer

(E). 443

Answer

(B). 139

Answer

(C). 143

Answer

(D). 161

Question 39

NO.242 A security analyst needs to complete an assessment. The analyst is logged into a server and

must use native tools to map services running on it to the server's listening ports. Which of the

following tools can BEST accomplish this talk?

Accepted Answer

(B). Netstat

Answer

(A). Netcat

Answer

(C). Nmap

Answer

(D). Nessus

Question 40

NO.243 A workwide manufacturing company has been experiencing email account compromised. In

one incident, a user logged in from the corporate office in France, but then seconds later, the same

user account attempted a login from Brazil. Which of the following account policies would BEST

prevent this type of attack?

Accepted Answer

(D). Geofencing

Answer

(A). Network location

Answer

(B). Impossible travel time

Answer

(C). Geolocation

Question 41

NO.244 A user recently attended an exposition and received some digital promotional materials The

user later noticed blue boxes popping up and disappearing on the computer, and reported receiving

several spam emails, which the user did not open Which of the following is MOST likely the cause of

the reported issue?

Accepted Answer

(D). There was malicious code on the USB drive

Answer

(A). There was a drive-by download of malware

Answer

(B). The user installed a cryptominer

Answer

(C). The OS was corrupted

Question 42

NO.245 An organization is concerned about intellectual property theft by employee who leave the

organization. Which of the following will be organization MOST likely implement?

Accepted Answer

(B). NDA

Answer

(A). CBT

Answer

(C). MOU

Answer

(D). AUP

Question 43

NO.246 An end user reports a computer has been acting slower than normal for a few weeks. During

an investigation, an analyst determines the system is sending the user's email address and a ten-digit

number to an IP address once a day. The only recent log entry regarding the user's computer is the

following:

Which of the following is the MOST likely cause of the issue?

Accepted Answer

(A). The end user purchased and installed a PUP from a web browser

Answer

(B). A bot on the computer is brute forcing passwords against a website

Answer

(C). A hacker is attempting to exfiltrate sensitive data

Answer

(D). Ransomware is communicating with a command-and-control server.

Question 44

NO.247 An organization would like to remediate the risk associated with its cloud service provider

not meeting its advertised 99.999% availability metrics. Which of the following should the

organization consult for the exact requirements for the cloud provider?

Accepted Answer

(A). SLA

Answer

(B). BPA

Answer

(C). NDA

Answer

(D). MOU

Question 45

NO.248 Which of the following will provide the BEST physical security countermeasures to stop

intruders? (Select TWO.)

Accepted Answer

(D). Mantraps

Accepted Answer

(E). Fencing

Answer

(A). Alarms

Answer

(B). Signage

Answer

(C). Lighting

Question 46

NO.249 An incident response technician collected a mobile device during an investigation. Which of

the following should the technician do to maintain chain of custody?

Accepted Answer

(A). Document the collection and require a sign-off when possession changes.

Answer

(B). Lock the device in a safe or other secure location to prevent theft or alteration.

Answer

(C). Place the device in a Faraday cage to prevent corruption of the data.

Answer

(D). Record the collection in a blockchain-protected public ledger.

Question 47

NO.250 Administrators have allowed employee to access their company email from personal

computers. However, the administrators are concerned that these computes are another attach

surface and can result in user accounts being breached by foreign actors. Which of the following

actions would provide the MOST secure solution?

Accepted Answer

(D). Enforce a policy that allows employees to be able to access their email only while they are

connected to the internet via VPN

Answer

(A). Enable an option in the administration center so accounts can be locked if they are accessed from different geographical areas

Answer

(B). Implement a 16-character minimum length and 30-day expiration password policy

Answer

(C). Set up a global mail rule to disallow the forwarding of any company email to email addresses

outside the organization

Question 48

NO.252 Which of the following environments would MOST likely be used to assess the execution of

component parts of a system at both the hardware and software levels and to measure performance

characteristics?

Accepted Answer

(A). Test

Answer

(B). Staging

Answer

(C). Development

Answer

(D). Production

Question 49

NO.253 A security administrator suspects there may be unnecessary services running on a server.

Which of the following tools will the administrator MOST likely use to confirm the suspicions?

Accepted Answer

(A). Nmap

Answer

(B). Wireshark

Answer

(C). Autopsy

Answer

(D). DNSEnum

Question 50

NO.254 A technician needs to prevent data loss in a laboratory. The laboratory is not connected to

any external networks. Which of the following methods would BEST prevent data? (Select TWO)

Accepted Answer

(B). Drive encryption

Accepted Answer

(E). USB blocker

Answer

(A). VPN

Answer

(C). Network firewall

Answer

(D). File-level encryption

532 BNS6 PT5

50 questions

NO.204 The IT department at a university is concerned about professors placing servers on the
university network in an attempt to bypass security controls. Which of the following BEST represents
this type of threat?

NO.205 A bad actor tries to persuade someone to provide financial information over the phone in
order to gain access to funds. Which of the following types of attacks does this scenario describe?

NO.206 A security analyst discovers several .jpg photos from a cellular phone during a forensics
investigation involving a compromised system. The analyst runs a forensics tool to gather file
metadata. Which of the following would be part of the images if all the metadata is still intact?

NO.210 During an asset inventory, several assets, supplies, and miscellaneous items were noted as
missing. The security manager has been asked to find an automated solution to detect any future
theft of equipment. Which of the following would be BEST to implement?

NO.212 A network engineer needs to create a plan for upgrading the wireless infrastructure in a
large office Priority must be given to areas that are currently experiencing latency and connection
issues. Which of the following would be the BEST resource for determining the order of priority?

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Mathematics

532 BNS6 PT5

50 questions

NO.204 The IT department at a university is concerned about professors placing servers on theuniversity network in an attempt to bypass security controls. Which of the following BEST representsthis type of threat?

NO.205 A bad actor tries to persuade someone to provide financial information over the phone inorder to gain access to funds. Which of the following types of attacks does this scenario describe?

NO.206 A security analyst discovers several .jpg photos from a cellular phone during a forensicsinvestigation involving a compromised system. The analyst runs a forensics tool to gather filemetadata. Which of the following would be part of the images if all the metadata is still intact?

NO.210 During an asset inventory, several assets, supplies, and miscellaneous items were noted asmissing. The security manager has been asked to find an automated solution to detect any futuretheft of equipment. Which of the following would be BEST to implement?

NO.212 A network engineer needs to create a plan for upgrading the wireless infrastructure in alarge office Priority must be given to areas that are currently experiencing latency and connectionissues. Which of the following would be the BEST resource for determining the order of priority?

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Mathematics

NO.204 The IT department at a university is concerned about professors placing servers on the
university network in an attempt to bypass security controls. Which of the following BEST represents
this type of threat?

NO.205 A bad actor tries to persuade someone to provide financial information over the phone in
order to gain access to funds. Which of the following types of attacks does this scenario describe?

NO.206 A security analyst discovers several .jpg photos from a cellular phone during a forensics
investigation involving a compromised system. The analyst runs a forensics tool to gather file
metadata. Which of the following would be part of the images if all the metadata is still intact?

NO.210 During an asset inventory, several assets, supplies, and miscellaneous items were noted as
missing. The security manager has been asked to find an automated solution to detect any future
theft of equipment. Which of the following would be BEST to implement?

NO.212 A network engineer needs to create a plan for upgrading the wireless infrastructure in a
large office Priority must be given to areas that are currently experiencing latency and connection
issues. Which of the following would be the BEST resource for determining the order of priority?