An energy company in the final phase of testing its new billing service. The testing team wants to use production data to test the system for stress...

1.      An energy company in the final phase of testing its new billing service. The testing team wants to use production data to test the system for stress testing. Which of the following is the BEST way to use production data without sending false notification to the customers?

·        Back up and archive the production data to an external source

·        Disable Notifications in the production system

·        Scrub the confidential information

·        Encrypt the data prior to the stress test

2.      A security manager discovers the most recent vulnerability scan report illustrates low-level, non-critical findings. Which of the following scanning concepts would BEST report critical threats?

·        Non-credentialed scan

·        Compliance Scan

·        Intrusive Scan

·        Application Scan

3.      Which of the following would be considered multifactor authentication?

·        Hardware token and smart card

·        Voice recognition and retina scan

·        Strong password and fingerprint

·        PIN and security questions

4.      To help prevent against an SQL injection, which of the following functions should the application developer implement?

·        Error handling

·        Code Signing

·        Input Validation

·        Model Verification

5.       A network technician is trying to set up a secure method for managing users and groups across the enterprise. Which of the following protocols is MOST likely to be used?

·        LDAPS

·        SFTP

·        NTLM

·        SNMPv3

6.      A consumer purchases an exploit from the dark web. The exploit targets the online shopping cart on a popular website, allowing the shopper to modify the price of an item at checkout. Which of the following BEST describes the type of user?

·        Insider

·        Script Kiddie

·        Competitor

·        Hacktivist

·        APT

7.      An office recently completed digitizing all its paper records. Joe, the data custodian, has been tasked with the disposal of the paper files, which include:

-         Intellectual property

-         Payroll records

-         Financial information

-         Drug screening results

Which of the following is the BEST way to dispose of these items?

·        Shredding

·        Pulping

·        Deidentifying

·        Recycling

8.      A security engineer is working with the CSIRT to investigate a recent breach of client data due to the improper use of cloud-based tools. The engineer finds that an employee was able to access a cloud-based storage platform from the office and upload data for the purposes of doing work from home after hours. Such activity is prohibited by policy, but no preventive control is in place to block such activities. Which of the following controls would have prevented this breach?

·        Network-based IPS

·        Host-based DLP

·        Host-based IDS

·        NAC using TACACS+

9.      A security administrator is performing a test to determine if a server is vulnerable to compromise through unnecessary ports. Which of the following tools would assist the security administrator in gathering the request information?

·        Tcpdump

·        Netcat

·        Nslookup

·        Nmap

·        Dig

10.  A security administrator is configuring a RADIUS server for wireless authentication. The configuration must ensure client credentials are encrypted end-to-end between the client and the authenticator. Which of the following protocols should be configured on the RADIUS server? (select TWO)

·        PAP

·        MSCHAP

·        PEAP

·        NTLM

·        SAML

11.  A CSIRT has completed restoration procedures related to a breach of sensitive data and is creating documentation used to improve future response activities and coordination among team members. Which of the following information would be MOST beneficial to include in lessons learned documentation? (Select TWO)

- A summary of approved policy changes based on the outcome of the incident

- Details of any communication challenges that hampered initial response times

- Details of man-hours and related costs associated with the breach, including lost revenue

- Details regarding system restoration activities completed during the response activity

- Suggestions for potential areas of focus during quarterly training activities

- Suggestions of tools that would provide improved monitoring and auditing of system access

12.  Joe, a contractor, is hired by a firm to perform a penetration test against the firm's infrastructure. When conducting the scan, he receives only the network diagram and the network list to scan against the network. Which of the following scan types is Joe performing?

·        Authenticated

·        White box

·        Automated

·        Gray box

13.  Management wishes to add another authentication factor in addition to fingerprints and passwords in order to have three-factor authentication. Which of the following would BEST satisfy this request?

·        Retinal scan

·        Passphrase

·        Token fob

·        Security question

14.  Which of the following computer recovery sites is the least expensive and the most difficult to test at the same time?

·        Non-mobile hot site

·        Mobile hot site

·        Warm site

·        Cold site

15.  After a recent security breach at a hospital, it was discovered that nursing staff members, who were working the overnight shift, searched for and accessed private health information for local celebrities who were patients at the hospital. Which of the following would have enabled the hospital to discover this behavior BEFORE a breach occurred?

·        Time-of-day restrictions

·        Usage reviews

·        Periodic permission audits

·        Location-based policy enforcement

16.  An organization wants to move its operation to the cloud. The organization's systems administrators will still maintain control of the servers, firewalls, and load balancers in the cloud environment. Which of the following models is the organization considering?

·        Saas

·        Iaas

·        Paas

·        Maas

17.  Which of the following access management concepts in associated with the permissions?

·        Authentication

·        Accounting

·        Authorization

·        Identification

18.  An organization would like to grant access to its wireless network to users who are visiting from another trusted organization by authenticating the visiting users at their home organization. Which of the following is the organization's BEST option?

·        RADIUS Federation

·        Captive portal

·        OCSP

·        Certificate Chairing

19.  An employee in the finance department receives an email, which appears to come from the Chief Financial Officer (CFO), instructing the employee to immediately wire a large sum of money to a vendor. Which of the following BEST describes the principles of social engineering used? (select TWO).

·        Familiarity

·        Scarcity

·        Urgency

·        Authority

·        Consensus

20.  Which of the following is a compensating control that will BEST reduce the risk of weak passwords?

·        Requiring the use of one-time tokens

·        Increasing password history retention court

·        Disabling user accounts after exceeding maximum attempts

·        Setting expiration of user passwords to a shorter time