Black Friday Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

Question # 6

An organization is in the process of integrating its operational technology and information technology areas. As part of the integration, some of the cultural aspects it would like to see include more efficient use of resources during change windows, better protection of critical infrastructure, and the ability to respond to incidents. The following observations have been identified:

  • The ICS supplier has specified that any software installed will result in lack of support.
  • There is no documented trust boundary defined between the SCADA and corporate networks.
  • Operational technology staff have to manage the SCADA equipment via the engineering workstation.
  • There is a lack of understanding of what is within the SCADA network.

Which of the following capabilities would BEST improve the security position?

A.

VNC, router, and HIPS

B.

SIEM, VPN, and firewall

C.

Proxy, VPN, and WAF

D.

IDS, NAC, and log monitoring

Full Access
Question # 7

A Chief Security Officer (CSO) is reviewing the organization’s incident response report from a recent incident. The details of the event indicate:

  • A user received a phishing email that appeared to be a report from the organization’s CRM tool.
  • The user attempted to access the CRM tool via a fraudulent web page but was unable to access the tool.
  • The user, unaware of the compromised account, did not report the incident and continued to use the CRM tool with the original credentials.
  • Several weeks later, the user reported anomalous activity within the CRM tool.
  • Following an investigation, it was determined the account was compromised and an attacker in another country has gained access to the CRM tool.
  • Following identification of corrupted data and successful recovery from the incident, a lessons learned activity was to be led by the CSO.

Which of the following would MOST likely have allowed the user to more quickly identify the unauthorized use of credentials by the attacker?

A.

Security awareness training

B.

Last login verification

C.

Log correlation

D.

Time-of-check controls

E.

Time-of-use controls

F.

WAYF-based authentication

Full Access
Question # 8

An organization wants to allow its employees to receive corporate email on their own smartphones. A security analyst is reviewing the following information contained within the file system of an employee’s smartphone:

FamilyPix.jpg

Taxreturn.tax

paystub.pdf

employeesinfo.xls

SoccerSchedule.doc

RecruitmentPlan.xls

Based on the above findings, which of the following should the organization implement to prevent further exposure? (Select two).

A.

Remote wiping

B.

Side loading

C.

VPN

D.

Containerization

E.

Rooting

F.

Geofencing

G.

Jailbreaking

Full Access
Question # 9

A security architect is designing a system to satisfy user demand for reduced transaction time, increased security and message integrity, and improved cryptographic security. The resultant system will be used in an environment with a broad user base where many asynchronous transactions occur every minute and must be publicly verifiable.

Which of the following solutions BEST meets all of the architect’s objectives?

A.

An internal key infrastructure that allows users to digitally sign transaction logs

B.

An agreement with an entropy-as-a-service provider to increase the amount of randomness in generated keys.

C.

A publicly verified hashing algorithm that allows revalidation of message integrity at a future date.

D.

An open distributed transaction ledger that requires proof of work to append entries.

Full Access
Question # 10

A penetration tester is conducting an assessment on Comptia.org and runs the following command from a coffee shop while connected to the public Internet:

Which of the following should the penetration tester conclude about the command output?

A.

The public/private views on the Comptia.org DNS servers are misconfigured

B.

Comptia.org is running an older mail server, which may be vulnerable to exploits

C.

The DNS SPF records have not been updated for Comptia.org

D.

192.168.102.67 is a backup mail server that may be more vulnerable to attack

Full Access
Question # 11

A company is implementing a new secure identity application, given the following requirements

• The cryptographic secrets used in the application must never be exposed to users or the OS

• The application must work on mobile devices.

• The application must work with the company's badge reader system

Which of the following mobile device specifications are required for this design? (Select TWO).

A.

Secure element

B.

Biometrics

C.

UEFI

D.

SEAndroid

E.

NFC

F.

HSM

Full Access
Question # 12

An organization has established the following controls matrix:

The following control sets have been defined by the organization and are applied in aggregate fashion:

  • Systems containing PII are protected with the minimum control set.
  • Systems containing medical data are protected at the moderate level.
  • Systems containing cardholder data are protected at the high level.

The organization is preparing to deploy a system that protects the confidentially of a database containing PII and medical data from clients. Based on the controls classification, which of the following controls would BEST meet these requirements?

A.

Proximity card access to the server room, context-based authentication, UPS, and full-disk encryption for the database server.

B.

Cipher lock on the server room door, FDE, surge protector, and static analysis of all application code.

C.

Peer review of all application changes, static analysis of application code, UPS, and penetration testing of the complete system.

D.

Intrusion detection capabilities, network-based IPS, generator, and context-based authentication.

Full Access
Question # 13

A recent assessment identified that several users’ mobile devices are running outdated versions of endpoint security software that do not meet the company’s security policy. Which of the following should be performed to ensure the users can access the network and meet the company’s security requirements?

A.

Vulnerability assessment

B.

Risk assessment

C.

Patch management

D.

Device quarantine

E.

Incident management

Full Access
Question # 14

Full Access
Question # 15

An infrastructure team within an energy organization is at the end of a procurement process and has selected a vendor’s SaaS platform to deliver services. As part of the legal negotiation, there are a number of outstanding risks, including:

  • There are clauses that confirm a data retention period in line with what is in the energy organization’s security policy.
  • The data will be hosted and managed outside of the energy organization’s geographical location.

The number of users accessing the system will be small, and no sensitive data will be hosted in the SaaS platform. Which of the following should the project’s security consultant recommend as the NEXT step?

A.

Develop a security exemption, as the solution does not meet the security policies of the energy organization.

B.

Require a solution owner within the energy organization to accept the identified risks and consequences.

C.

Mititgate the risks by asking the vendor to accept the in-country privacy principles and modify the retention period.

D.

Review the procurement process to determine the lessons learned in relation to discovering risks toward the end of the process.

Full Access
Question # 16

Developers are working on anew feature to add to a social media platform. Thew new feature involves users uploading pictures of what they are currently doing. The data privacy officer (DPO) is concerned about various types of abuse that might occur due to this new feature. The DPO state the new feature cannot be released without addressing the physical safety concerns of the platform’s users. Which of the following controls would BEST address the DPO’s concerns?

A.

Increasing blocking options available to the uploader

B.

Adding a one-hour delay of all uploaded photos

C.

Removing all metadata in the uploaded photo file

D.

Not displaying to the public who uploaded the photo

E.

Forcing TLS for all connections on the platform

Full Access
Question # 17

A security administrator wants to implement two-factor authentication for network switches and routers. The solution should integrate with the company’s RADIUS server, which is used for authentication to the network infrastructure devices. The security administrator implements the following:

  • An HOTP service is installed on the RADIUS server.
  • The RADIUS server is configured to require the HOTP service for authentication.

The configuration is successfully tested using a software supplicant and enforced across all network devices. Network administrators report they are unable to log onto the network devices because they are not being prompted for the second factor.

Which of the following should be implemented to BEST resolve the issue?

A.

Replace the password requirement with the second factor. Network administrators will enter their username and then enter the token in place of their password in the password field.

B.

Configure the RADIUS server to accept the second factor appended to the password. Network administrators will enter a password followed by their token in the password field.

C.

Reconfigure network devices to prompt for username, password, and a token. Network administrators will enter their username and password, and then they will enter the token.

D.

Install a TOTP service on the RADIUS server in addition to the HOTP service. Use the HOTP on older devices that do not support two-factor authentication. Network administrators will use a web portal to log onto these devices.

Full Access
Question # 18

A security technician receives a copy of a report that was originally sent to the board of directors by the Chief Information Security Officer (CISO).

The report outlines the following KPVKRI data for the last 12 months:

Which of the following BEST describes what could be interpreted from the above data?

A.

1. AV coverage across the fleet improved2. There is no correlation between infected systems and AV coverage.3. There is no correlation between detected phishing attempts and infected systems4. A correlation between threat landscape rating and infected systems appears to exist.5. Effectiveness and performance of the security team appears to be degrading.

B.

1. AV signature coverage has remained consistently high2. AV coverage across the fleet improved3. A correlation between phishing attempts and infected systems appears to exist4. There is a correlation between the threat landscape rating and the security team’s performance.5. There is no correlation between detected phishing attempts and infected systems

C.

1. There is no correlation between infected systems and AV coverage2. AV coverage across the fleet improved3. A correlation between phishing attempts and infected systems appears to exist4. There is no correlation between the threat landscape rating and the security team’s performance.5. There is a correlation between detected phishing attempts and infected systems

D.

1. AV coverage across the fleet declined2. There is no correlation between infected systems and AV coverage.3. A correlation between phishing attempts and infected systems appears to exist4. There is no correlation between the threat landscape rating and the security team’s performance5. Effectiveness and performance of the security team appears to be degrading.

Full Access
Question # 19

A company is not familiar with the risks associated with IPv6. The systems administrator wants to isolate IPv4 from IPv6 traffic between two different network segments. Which of the following should the company implement? (Select TWO)

A.

Use an internal firewall to block UDP port 3544.

B.

Disable network discovery protocol on all company routers.

C.

Block IP protocol 41 using Layer 3 switches.

D.

Disable the DHCPv6 service from all routers.

E.

Drop traffic for ::/0 at the edge firewall.

F.

Implement a 6in4 proxy server.

Full Access
Question # 20

An organization just merged with an organization in another legal jurisdiction and must improve its network security posture in ways that do not require additional resources to implement data isolation. One recommendation is to block communication between endpoint PCs. Which of the following would be the BEST solution?

A.

Installing HIDS

B.

Configuring a host-based firewall

C.

Configuring EDR

D.

Implementing network assess control

Full Access
Question # 21

An organization is implementing a virtualized thin-client solution for normal user computing and access. During a review of the architecture, concerns were raised that an attacker could gain access to multiple user environments by simply gaining a foothold on a single one with malware. Which of the following reasons BEST explains this?

A.

Malware on one virtual environment could enable pivoting to others by leveraging vulnerabilities in the hypervisor.

B.

A worm on one virtual environment could spread to others by taking advantage of guest OS networking services vulnerabilities.

C.

One virtual environment may have one or more application-layer vulnerabilities, which could allow an attacker to escape that environment.

D.

Malware on one virtual user environment could be copied to all others by the attached network storage controller.

Full Access
Question # 22

Ann, a terminated employee, left personal photos on a company-issued laptop and no longer has access to them. Ann emails her previous manager and asks to get her personal photos back. Which of the following BEST describes how the manager should respond?

A.

Determine if the data still exists by inspecting to ascertain if the laptop has already been wiped and if the storage team has recent backups.

B.

Inform Ann that the laptop was for company data only and she should not have stored personal photos on a company asset.

C.

Report the email because it may have been a spoofed request coming from an attacker who is trying to exfiltrate data from the company laptop.

D.

Consult with the legal and/or human resources department and check company policies around employment and termination procedures.

Full Access
Question # 23

A forensics analyst suspects that a breach has occurred. Security logs show the company’s OS patch system may be compromised, and it is serving patches that contain a zero-day exploit and backdoor. The analyst extracts an executable file from a packet capture of communication between a client computer and the patch server.

Which of the following should the analyst use to confirm this suspicion?

A.

File size

B.

Digital signature

C.

Checksums

D.

Anti-malware software

E.

Sandboxing

Full Access
Question # 24

A Chief Information Security Officer (CISO) is reviewing the controls in place to support the organization’s vulnerability management program. The CISO finds patching and vulnerability scanning policies and procedures are in place. However, the CISO is concerned the organization is siloed and is not maintaining awareness of new risks to the organization. The CISO determines systems administrators need to participate in industry security events. Which of the following is the CISO looking to improve?

A.

Vendor diversification

B.

System hardening standards

C.

Bounty programs

D.

Threat awareness

E.

Vulnerability signatures

Full Access
Question # 25

A security engineer is attempting to convey the importance of including job rotation in a company’s standard security policies. Which of the following would be the BEST justification?

A.

Making employees rotate through jobs ensures succession plans can be implemented and prevents single point of failure.

B.

Forcing different people to perform the same job minimizes the amount of time malicious actions go undetected by forcing malicious actors to attempt collusion between two or more people.

C.

Administrators and engineers who perform multiple job functions throughout the day benefit from being cross-trained in new job areas.

D.

It eliminates the need to share administrative account passwords because employees gain administrative rights as they rotate into a new job area.

Full Access
Question # 26

As a security administrator, you are asked to harden a server running Red Hat Enterprise Server 5.5 64-bit.

This server is being used as a DNS and time server. It is not used as a database, web server, or print server. There are no wireless connections to the server, and it does not need to print.

The command window will be provided along with root access. You are connected via a secure shell with root access.

You may query help for a list of commands.

Instructions:

You need to disable and turn off unrelated services and processes.

It is possible to simulate a crash of your server session. The simulation can be reset, but the server cannot be rebooted. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Full Access
Question # 27

The Chief Information Security Officer (CISO) has asked the security team to determine whether the organization is susceptible to a zero-day exploit utilized in the banking industry and whether attribution is possible. The CISO has asked what process would be utilized to gather the information, and then wants to apply signatureless controls to stop these kinds of attacks in the future. Which of the following are the MOST appropriate ordered steps to take to meet the CISO’s request?

A.

1. Perform the ongoing research of the best practices2. Determine current vulnerabilities and threats3. Apply Big Data techniques4. Use antivirus control

B.

1. Apply artificial intelligence algorithms for detection2. Inform the CERT team3. Research threat intelligence and potential adversaries4. Utilize threat intelligence to apply Big Data techniques

C.

1. Obtain the latest IOCs from the open source repositories2. Perform a sweep across the network to identify positive matches3. Sandbox any suspicious files4. Notify the CERT team to apply a future proof threat model

D.

1. Analyze the current threat intelligence2. Utilize information sharing to obtain the latest industry IOCs3. Perform a sweep across the network to identify positive matches4. Apply machine learning algorithms

Full Access
Question # 28

An information security officer is responsible for one secure network and one office network. Recent intelligence suggests there is an opportunity for attackers to gain access to the secure network due to similar login credentials across networks. To determine the users who should change their information, the information security officer uses a tool to scan a file with hashed values on both networks and receives the following data:

Which of the following tools was used to gather this information from the hashed values in the file?

A.

Vulnerability scanner

B.

Fuzzer

C.

MD5 generator

D.

Password cracker

E.

Protocol analyzer

Full Access
Question # 29

A managed service provider is designing a log aggregation service for customers who no longer want to manage an internal SIEM infrastructure. The provider expects that customers will send all types of logs to them, and that log files could contain very sensitive entries. Customers have indicated they want on-premises and cloud-based infrastructure logs to be stored in this new service. An engineer, who is designing the new service, is deciding how to segment customers.

Which of the following is the BEST statement for the engineer to take into consideration?

A.

Single-tenancy is often more expensive and has less efficient resource utilization. Multi-tenancy may increase the risk of cross-customer exposure in the event of service vulnerabilities.

B.

The managed service provider should outsource security of the platform to an existing cloud company. This will allow the new log service to be launched faster and with well-tested security controls.

C.

Due to the likelihood of large log volumes, the service provider should use a multi-tenancy model for the data storage tier, enable data deduplication for storage cost efficiencies, and encrypt data at rest.

D.

The most secure design approach would be to give customers on-premises appliances, install agents on endpoints, and then remotely manage the service via a VPN.

Full Access
Question # 30

A cybersecurity analyst has received an alert that well-known "call home" messages are continuously observed by network sensors at the network boundary. The proxy firewall successfully drops the massages. After determining the alert was a true positive, which of the following represents OST likely cause?

A.

Attackers are running reconnaissance on company resources.

B.

An outside command and control system is attempting to reach an infected system.

C.

An insider trying to exfiltrate information to a remote network.

D.

Malware is running on a company system

Full Access
Question # 31

A pharmacy gives its clients online access to their records and the ability to review bills and make payments. A new SSL vulnerability on a special platform was discovered, allowing an attacker to capture the data between the end user and the web server providing these services. After invest the new vulnerability, it was determined that the web services providing are being impacted by this new threat. Which of the following data types a MOST likely at risk of exposure based on this new threat? (Select TWO)

A.

Cardholder data

B.

intellectual property

C.

Personal health information

D.

Employee records

E.

Corporate financial data

Full Access
Question # 32

A security analyst is classifying data based on input from data owners and other stakeholders. The analyst has identified three data types:

  • Financially sensitive data
  • Project data
  • Sensitive project data

The analyst proposes that the data be protected in two major groups, with further access control separating the financially sensitive data from the sensitive project data. The normal project data will be stored in a separate, less secure location. Some stakeholders are concerned about the recommended approach and insist that commingling data from different sensitive projects would leave them vulnerable to industrial espionage.

Which of the following is the BEST course of action for the analyst to recommend?

A.

Conduct a quantitative evaluation of the risks associated with commingling the data and reject or accept the concerns raised by the stakeholders.

B.

Meet with the affected stakeholders and determine which security controls would be sufficient to address the newly raised risks.

C.

Use qualitative methods to determine aggregate risk scores for each project and use the derived scores to more finely segregate the data.

D.

Increase the number of available data storage devices to provide enough capacity for physical separation of non-sensitive project data.

Full Access
Question # 33

The Chief Executive Officer (CEO) instructed the new Chief Information Security Officer (CISO) to provide a list of enhancements to the company’s cybersecurity operation. As a result, the CISO has identified the need to align security operations with industry best practices. Which of the following industry references is appropriate to accomplish this?

A.

OSSM

B.

NIST

C.

PCI

D.

OWASP

Full Access
Question # 34

As part of an organization's ongoing vulnerability assessment program, the Chief Information Security Officer (CISO) wants to evaluate the organization's systems, personnel, and facilities for various threats As part of the assessment the CISO plans to engage an independent cybersecurity assessment firm to perform social engineering and physical penetration testing against the organization's corporate offices and remote locations. Which of the following techniques would MOST likely be employed as part of this assessment? (Select THREE).

A.

Privilege escalation

B.

SQL injection

C.

TOC/TOU exploitation

D.

Rogue AP substitution

E.

Tailgating

F.

Vulnerability scanning

G.

Vishing

Full Access
Question # 35

An internal application has been developed to increase the efficiency of an operational process of a global manufacturer. New code was implemented to fix a security bug, but it has caused operations to halt. The executive team has decided fixing the security bug is less important than continuing operations.

Which of the following would BEST support immediate rollback of the failed fix? (Choose two.)

A.

Version control

B.

Agile development

C.

Waterfall development

D.

Change management

E.

Continuous integration

Full Access
Question # 36

A company has completed the implementation of technical and management controls as required by its adopted security, ponies and standards. The implementation took two years and consumed s the budget approved to security projects. The board has denied any further requests for additional budget. Which of the following should the company do to address the residual risk?

A.

Transfer the risk

B.

Baseline the risk.

C.

Accept the risk

D.

Remove the risk

Full Access
Question # 37

A company is concerned about disgruntled employees transferring its intellectual property data through covert channels. Which of the following tools would allow employees to write data into ICMP echo response packets?

A.

Thor

B.

Jack the Ripper

C.

Burp Suite

D.

Loki

Full Access
Question # 38

A developer is reviewing the following transaction logs from a web application:

Username: John Doe

Street name: Main St.

Street number: