Month End Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

Which of the following actions produced the output seen below?

A.

An access rule was removed from firewallrules.txt

B.

An access rule was added to firewallrules2.txt

C.

An access rule was added to firewallrules.txt

D.

An access rule was removed from firewallrules2.txt

A security incident investigation identified the following modified version of a legitimate system file on a compromised client:

C:\Windows\System32\winxml.dll Addition Jan. 16, 2014 4:53:11 PM

The infection vector was determined to be a vulnerable browser plug-in installed by the user. Which of the organization’s CIS Controls failed?

A.

Application Software Security

B.

Inventory and Control of Software Assets

C.

Maintenance, Monitoring, and Analysis of Audit Logs

D.

Inventory and Control of Hardware Assets

An auditor is validating the policies and procedures for an organization with respect to a control for Data Recovery. The organization’s control states they will completely back up critical servers weekly, with incremental backups every four hours. Which action will best verify success of the policy?

A.

Verify that the backup media cannot be read without the encryption key

B.

Check the backup logs from the critical servers and verify there are no errors

C.

Select a random file from a critical server and verify it is present in a backup set

D.

Restore the critical server data from backup and see if data is missing

Executive management approved the storage of sensitive data on smartphones and tablets as long as they were encrypted. Later a vulnerability was announced at an information security conference that allowed attackers to bypass the device’s authentication process, making the data accessible. The smartphone manufacturer said it would take six months for the vulnerability to be fixed and distributed through the cellular carriers. Four months after the vulnerability was announced, an employee lost his tablet and the sensitive information became public.

What was the failure that led to the information being lost?

A.

There was no risk acceptance review after the risk changed

B.

The employees failed to maintain their devices at the most current software version

C.

Vulnerability scans were not done to identify the devices that we at risk

D.

Management had not insured against the possibility of the information being lost

What documentation should be gathered and reviewed for evaluating an Incident Response program?

A.

Staff member interviews

B.

NIST Cybersecurity Framework

C.

Policy and Procedures

D.

Results from security training assessments

Janice is auditing the perimeter of the network at Sugar Water InC. According to documentation, external SMTP traffic is only allowed to and from 10.10.10.25. Which of the following actions would demonstrate the rules are configured incorrectly?

A.

Receive spam from a known bad domain

B.

Receive mail at Sugar Water Inc. account using Outlook as a mail client

C.

Successfully deliver mail from another host inside the network directly to an external contact

D.

Successfully deliver mail from web client using another host inside the network to an external contact.

An organization is implementing a control for the Limitation and Control of Network Ports, Protocols, and Services CIS Control. Which action should they take when they discover that an application running on a web server is no longer needed?

A.

Uninstall the application providing the service

B.

Turn the service off in the host configuration files

C.

Block the protocol for the unneeded service at the firewall

D.

Create an access list on the router to filter traffic to the host

Which of the following should be measured and analyzed regularly when implementing the Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers CIS Control?

A.

How long does it take to identify new unauthorized listening ports on the network systems

B.

How long does it take to remove unauthorized software from the organization’s systems

C.

What percentage of the organization’s applications are using sandboxing products

D.

What percentage of assets will have their settings enforced and redeployed

E.

What percentage of systems in the organization are using Network Level Authentication (NLA)

Which of the following is used to prevent spoofing of e-mail addresses?

A.

Sender Policy Framework

B.

DNS Security Extensions

C.

Public-Key Cryptography

D.

Simple Mail Transfer Protocol

An administrator looking at a web application’s log file found login attempts by the same host over several seconds. Each user ID was attempted with three different passwords. The event took place over 5 seconds.

    ROOT

    TEST

    ADMIN

    SQL

    USER

    NAGIOSGUEST

What is the most likely source of this event?

A.

An IT administrator attempting to use outdated credentials to enter the site

B.

An attempted Denial of Service attack by locking out administrative accounts

C.

An automated tool that attempts to use a dictionary attack to infiltrate a website

D.

An attempt to use SQL Injection to gain information from a web-connected database