A business wants to migrate its workloads from an exclusively on-premises IT infrastructure to the cloud but cannot implement all the required controls. Which of the following BEST describes the risk associated with this implementation?
- A. Loss of governance
- B. Vendor lockout
- C. Compliance risk
- D. Vendor lock-in
A security architect needs to implement a CASB solution for an organization with a highly distributed remote workforce. One of the requirements for the implementation includes the capability to discover SaaS applications and block access to those that are unapproved or identified as risky. Which of the following would BEST achieve this objective?
- A. Deploy endpoint agents that monitor local web traffic to enforce DLP and encryption policies.
- B. Implement cloud infrastructure to proxy all user web traffic to enforce DLP and encryption policies.
- C. Implement cloud infrastructure to proxy all user web traffic and control access according to centralized policy.
- D. Deploy endpoint agents that monitor local web traffic and control access according to centralized policy.
During a phishing exercise, a few privileged users ranked high on the failure list. The enterprise would like to ensure that privileged users have an extra security- monitoring control in place. Which of the following is the MOST likely solution?
- A. A WAF to protect web traffic
- B. User and entity behavior analytics
- C. Requirements to change the local password
- D. A gap analysis
An analyst is evaluating the security of a web application that does not hold sensitive or financial data. The application requires users to have a minimum password length of 12 characters. One of the characters must be capitalized, and one must be a number. To reset the password, the user is asked to provide the birthplace, birthdate, and mother’s maiden name. When all of these are entered correctly, a new password is emailed to the user. Which of the following should concern the analyst the MOST?
- A. The security answers may be determined via online reconnaissance.
- B. The password is too long, which may encourage users to write the password down.
- C. The password should include a special character.
- D. The minimum password length is too short.
In a cloud environment, the provider offers relief to an organization’s teams by sharing in many of the operational duties. In a shared responsibility model, which of the following responsibilities belongs to the provider in a PaaS implementation?
- A. Application-specific data assets
- B. Application user access management
- C. Application-specific logic and code
- D. Application/platform software
SIMULATION –
You are about to enter the virtual environment.
Once you have completed the item in the virtual environment, you will NOT be allowed to return to this item.
Click Next to continue.
Question and Instructions –
DO NOT perform the following actions within the virtual environment. Making any of these changes will cause the virtual environment to fail and prevent proper scoring.
1. Disabling ssh
2. Disabling systemd
3. Altering the network adapter 172.162.0.0
4. Changing the password in the lab admin account
Once you have completed the item in the virtual environment. you will NOT be allowed to return to this item.
TEST QUESTION –
This system was recently patched following the exploitation of a vulnerability by an attacker to enable data exfiltration.
Despite the vulnerability being patched, it is likely that a malicious TCP service is still running and the adversary has achieved persistence by creating a systemd service.
Examples of commands to use:
kill, killall
lsof
man, –help (use for assistance)
netstat (useful flags: a, n, g, u)
ps (useful flag: a)
systemctl (to control systemd)
Please note: the list of commands shown above is not exhaustive. All native commands are available.
INSTRUSTIONS –
Using the following credentials:
Username: labXXXadmin –
Password: XXXyyYzz!
Investigate to identify indicators of compromise and then remediate them. You will need to make at least two changes:
1. End the compromised process that is using a malicious TCP service.
2. Remove the malicious persistence agent by disabling the service’s ability to start on boot.
Correct Answer:
Find the malicious service and use ג€Killallג€ switch command to end the process.
An analyst received a list of IOCs from a government agency. The attack has the following characteristics:
1. The attack starts with bulk phishing.
2. If a user clicks on the link, a dropper is downloaded to the computer.
3. Each of the malware samples has unique hashes tied to the user.
The analyst needs to identify whether existing endpoint controls are effective. Which of the following risk mitigation techniques should the analyst use?
- A. Update the incident response plan.
- B. Blocklist the executable.
- C. Deploy a honeypot onto the laptops.
- D. Detonate in a sandbox.
An organization’s finance system was recently attacked. A forensic analyst is reviewing the contents of the compromised files for credit card data. Which of the following commands should the analyst run to BEST determine whether financial data was lost?
- A. grep ג€”v ‘^4 [0ג€”9] {12} (?:[0ג€”9]{3}) ?$’ file
- B. grep ‘^4 [0ג€”9]{12}(?:[0ג€”9]{3})?$’ file
- C. grep ‘^6(?:011|5[0ג€”9]{2}) [0ג€”9] {12} ?’ file
- D. grep ג€”v ‘^6(?:011|5[0ג€”9]{2})[0ג€”9]{12}?’ file
An organization requires a contractual document that includes:
– An overview of what is covered
– Goals and objectives
– Performance metrics for each party
– A review of how the agreement is managed by all parties
Which of the following BEST describes this type of contractual document?
- A. SLA
- B. BAA
- C. NDA
- D. ISA
A company based in the United States holds insurance details of EU citizens. Which of the following must be adhered to when processing EU citizens’ personal, private, and confidential data?
- A. The principle of lawful, fair, and transparent processing
- B. The right to be forgotten principle of personal data erasure requests
- C. The non-repudiation and deniability principle
- D. The principle of encryption, obfuscation, and data masking