Question 1

Because some clients have reported unauthorized activity on their accounts, a security analyst is reviewing network packet captures from the company's API server. A portion of a capture file is shown below: POST /services/v1_0/Public/Members.svc/soap 192.168.1.22 - - api.somesite.com 200 0 1006 1001 0 192.168.1.22 POST /services/v1_0/Public/Members.svc/soap <Password123 somebody@companyname.com 192.168.5.66 - - api.somesite.com 200 0 11558 1712 2024 192.168.4.89 POST /services/v1_0/Public/Members.svc/soap 516.7.446.605 192.168.1.22 - - api.somesite.com 200 0 1003 1011 307 192.168.1.22 "> kmL4krg2CwwWBan5BReGv5Djb7syxXTNKcWFuSjd0161222 4''1=113026046 192.168.5.66 - - api.somesite.com 200 0 1378 1209 48 192.168.4.89 Which of the following MOST likely explains how the clients' accounts were compromised?

Accepted Answer

The clients' authentication tokens were impersonated and replayed.

Question 2

During a cyber incident, which of the following is the BEST course of action?

Accepted Answer

Limiting communications to pre-authorized parties helps maintain confidentiality and ensures that response efforts are not compromised by misinformation or leaks.

Question 3

The security team at a large corporation is helping the payment-processing team to prepare for a regulatory compliance audit and meet the following objectives: Reduce the number of potential findings by the auditors. Limit the scope of the audit to only devices used by the payment-processing team for activities directly impacted by the regulations. Prevent the external-facing web infrastructure used by other teams from coming into scope. Limit the amount of exposure the company will face if the systems used by the payment-processing team are compromised. Which of the following would be the MOST effective way for the security team to meet these objectives?

Accepted Answer

Segmenting the servers and systems used by the business unit from the rest of the network will limit the audit scope to only those devices, reduce potential findings, prevent other infrastructure from coming into scope, and limit exposure if compromised.

Question 4

Which of the following sets of attributes BEST illustrates the characteristics of an insider threat from a security perspective?

Accepted Answer

An insider threat typically involves someone with authorized access who intentionally and maliciously exploits their position to harm the organization.

Question 5

A development team is testing a new application release. The team needs to import existing client PHI data records from the production environment to the test environment to test accuracy and functionality. Which of the following would BEST protect the sensitivity of this data while still allowing the team to perform the testing?

Accepted Answer

The answer of A development team is testing a new...

Question 6

A security analyst is building a malware analysis lab. The analyst wants to ensure malicious applications are not capable of escaping the virtual machines and pivoting to other networks. To BEST mitigate this risk, the analyst should use __________.

Accepted Answer

The answer of A security analyst is building a malware...

Question 7

A security analyst is reviewing the following log from an email security service.  Which of the following BEST describes the reason why the email was blocked?

Accepted Answer

The answer of A security analyst is reviewing the following...

Question 8

A monthly job to install approved vendor software updates and hot fixes recently stopped working. The security team performed a vulnerability scan, which identified several hosts as having some critical OS vulnerabilities, as referenced in the common vulnerabilities and exposures (CVE) database. Which of the following should the security team do NEXT to resolve the critical findings in the most effective manner? (Choose two.)

Accepted Answer

The answer of A monthly job to install approved vendor...

Question 9

As part of an exercise set up by the information security officer, the IT staff must move some of the network systems to an off-site facility and redeploy them for testing. All staff members must ensure their respective systems can power back up and match their gold image. If they find any inconsistencies, they must formally document the information. Which of the following BEST describes this test?

Accepted Answer

This test is a simulation, as it involves moving systems to an off-site facility and redeploying them to ensure they match their gold image, without actually interrupting the live environment.

Question 10

An incident responder successfully acquired application binaries off a mobile device for later forensic analysis. Which of the following should the analyst do NEXT?

Accepted Answer

The answer of An incident responder successfully acquired application binaries...

Question 11

Bootloader malware was recently discovered on several company workstations. All the workstations run Windows and are current models with UEFI capability. Which of the following UEFI settings is the MOST likely cause of the infections?

Accepted Answer

Compatibility mode allows the system to run legacy BIOS, which can bypass UEFI's Secure Boot feature, making it more susceptible to bootloader malware infections.

Question 12

For machine learning to be applied effectively toward security analysis automation, it requires __________.

Accepted Answer

The answer of For machine learning to be applied effectively...

Question 13

A Chief Information Security Officer (CISO) is concerned the development team, which consists of contractors, has too much access to customer data. Developers use personal workstations, giving the company little to no visibility into the development activities. Which of the following would be BEST to implement to alleviate the CISO's concern?

Accepted Answer

DLP (Data Loss Prevention) can monitor and control the movement of data, both within and outside the organization, to prevent unauthorized access to customer data.

Question 14

A security analyst has received information from a third-party intelligence-sharing resource that indicates employee accounts were breached. Which of the following is the NEXT step the analyst should take to address the issue?

Accepted Answer

The immediate action after a breach is to secure the affected accounts by forcing a password reset and revoking any active tokens to prevent further unauthorized access.

Question 15

A network attack that is exploiting a vulnerability in the SNMP is detected. Which of the following should the cybersecurity analyst do FIRST?

Accepted Answer

Applying the required patches to remediate the vulnerability is the first step in mitigating the attack and preventing further exploitation.

Question 16

Which of the following BEST describes the process by which code is developed, tested, and deployed in small batches?

Accepted Answer

The answer of Which of the following BEST describes the...

Question 17

A product manager is working with an analyst to design a new application that will perform as a data analytics platform and will be accessible via a web browser. The product manager suggests using a PaaS provider to host the application. Which of the following is a security concern when using a PaaS solution?

Accepted Answer

The answer of A product manager is working with an...

Question 18

A security analyst is reviewing a web application. If an unauthenticated user tries to access a page in the application, the user is redirected to the login page. After successful authentication, the user is then redirected back to the original page. Some users have reported receiving phishing emails with a link that takes them to the application login page but then redirects to a fake login page after successful authentication. Which of the following will remediate this software vulnerability?

Accepted Answer

The answer of A security analyst is reviewing a web...

Question 19

During routine monitoring, a security analyst discovers several suspicious websites that are communicating with a local host. The analyst queries for IP 192.168.50.2 for a 24-hour period:  To further investigate, the analyst should request PCAP for SRC 192.168.50.2 and __________.

Accepted Answer

The answer of During routine monitoring, a security analyst discovers...

Question 20

A security analyst needs to reduce the overall attack surface. Which of the following infrastructure changes should the analyst recommend?

Accepted Answer

Network segmentation reduces the attack surface by isolating different parts of the network, making it more difficult for attackers to move laterally and access sensitive systems.

Exam 5: CompTIA Cloud Essentials+