Читать книгу CompTIA CySA+ Practice Tests - Mike Chapple - Страница 19

EXAM OBJECTIVES COVERED IN THIS CHAPTER:

 1.1 Explain the importance of threat data and intelligence.Intelligence sourcesConfidence levelsIndicator managementThreat classificationThreat actorsIntelligence cycleCommodity malwareInformation sharing and analysis communities

 1.2 Given a scenario, utilize threat intelligence to support organizational security.Attack frameworksThreat researchThreat modeling methodologiesThreat intelligence sharing with supported functions

 1.3 Given a scenario, perform vulnerability management activities.Vulnerability identificationValidationRemediation/mitigationScanning parameters and criteriaInhibitors to remediation

 1.4 Given a scenario, analyze the output from common vulnerability assessment tools.Web application scannerInfrastructure vulnerability scannerSoftware assessment tools and techniquesEnumerationWireless assessment toolsCloud infrastructure assessment tools

 1.5 Explain the threats and vulnerabilities associated with specialized technology.MobileInternet of Things (IoT)EmbeddedReal-time operating system (RTOS)System-on-Chip (SoC)Field programmable gate array (FPGA)Physical access controlBuilding automation systemsVehicles and dronesWorkflow and process automation systemsIndustrial control systems (ICS)Supervisory control and data acquisition (SCADA)

 1.6 Explain the threats and vulnerabilities associated with operating in the cloud.Cloud service modelsCloud deployment modelsFunction as a service (FaaS)/serverless architectureInfrastructure as code (IaC)Insecure application programming interface (API)Improper key managementUnprotected storageLogging and monitoring

 1.7 Given a scenario, implement controls to mitigate attacks and software vulnerabilities.Attack typesVulnerabilities

1 Olivia is considering potential sources for threat intelligence information that she might incorporate into her security program. Which one of the following sources is most likely to be available without a subscription fee?Vulnerability feedsOpen sourceClosed sourceProprietary

2 During the reconnaissance stage of a penetration test, Cynthia needs to gather information about the target organization's network infrastructure without causing an IPS to alert the target to her information gathering. Which of the following is her best option?Perform a DNS brute-force attack.Use an nmap ping sweep.Perform a DNS zone transfer.Use an nmap stealth scan.

3 Roger is evaluating threat intelligence information sources and finds that one source results in quite a few false positive alerts. This lowers his confidence level in the source. What criteria for intelligence is not being met by this source?TimelinessExpenseRelevanceAccuracy

4 What markup language provides a standard mechanism for describing attack patterns, malware, threat actors, and tools?STIXTAXIIXMLOpenIOC

5 A port scan of a remote system shows that port 3306 is open on a remote database server. What database is the server most likely running?OraclePostgresMySQLMicrosoft SQL

6 Brad is working on a threat classification exercise, analyzing known threats and assessing the possibility of unknown threats. Which one of the following threat actors is most likely to be associated with an advanced persistent threat (APT)?HacktivistNation-stateInsiderOrganized crime

7 During a port scan of her network, Cynthia discovers a workstation that shows the following ports open. What should her next action be?Determine the reason for the ports being open.Investigate the potentially compromised workstation.Run a vulnerability scan to identify vulnerable services.Reenable the workstation's local host firewall.

8 Charles is working with leaders of his organization to determine the types of information that should be gathered in his new threat intelligence program. In what phase of the intelligence cycle is he participating?DisseminationFeedbackAnalysisRequirements

9 As Charles develops his threat intelligence program, he creates and shares threat reports with relevant technologists and leaders. What phase of the intelligence cycle is now occurring?DisseminationFeedbackCollectionRequirements

10 What term is used to describe the groups of related organizations who pool resources to share cybersecurity threat information and analyses?SOCISAC CERTCIRT

11 Which one of the following threats is the most pervasive in modern computing environments?Zero-day attacksAdvanced persistent threatsCommodity malwareInsider threats

12 Singh incorporated the Cisco Talos tool into his organization's threat intelligence program. He uses it to automatically look up information about the past activity of IP addresses sending email to his mail servers. What term best describes this intelligence source?Open sourceBehavioralReputationalIndicator of compromise

13 Consider the threat modeling analysis shown here. What attack framework was used to develop this analysis?ATT&CKCyber Kill Chain STRIDEDiamond

14 Jamal is assessing the risk to his organization from their planned use of AWS Lambda, a serverless computing service that allows developers to write code and execute functions directly on the cloud platform. What cloud tier best describes this service?SaaSPaaSIaaSFaaS

15 Lauren's honeynet, shown here, is configured to use a segment of unused network space that has no legitimate servers in it. What type of threats is this design particularly useful for detecting?Zero-day attacksSQL injectionNetwork scansDDoS attacks

16 Nara is concerned about the risk of attackers conducting a brute-force attack against her organization. Which one of the following factors is Nara most likely to be able to control?Attack vectorAdversary capability LikelihoodTotal attack surface

17 Fred believes that the malware he is tracking uses a fast flux DNS network, which associates many IP addresses with a single fully qualified domain name as well as using multiple download hosts. How many distinct hosts should he review based on the NetFlow shown here?Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows 2020-07-11 14:39:30.606 0.448 TCP 192.168.2.1:1451->10.2.3.1:443 10 1510 1 2020-07-11 14:39:30.826 0.448 TCP 10.2.3.1:443->192.168.2.1:1451 7 360 1 2020-07-11 14:45:32.495 18.492 TCP 10.6.2.4:443->192.168.2.1:1496 5 1107 1 2020-07-11 14:45:32.255 18.888 TCP 192.168.2.1:1496->10.6.2.4:443 11 1840 1 2020-07-11 14:46:54.983 0.000 TCP 192.168.2.1:1496->10.6.2.4:443 1 49 1 2020-07-11 16:45:34.764 0.362 TCP 10.6.2.4:443->192.168.2.1:4292 4 1392 1 2020-07-11 16:45:37.516 0.676 TCP 192.168.2.1:4292->10.6.2.4:443 4 462 1 2020-07-11 16:46:38.028 0.000 TCP 192.168.2.1:4292->10.6.2.4:443 2 89 1 2020-07-11 14:45:23.811 0.454 TCP 192.168.2.1:1515->10.6.2.5:443 4 263 1 2020-07-11 14:45:28.879 1.638 TCP 192.168.2.1:1505->10.6.2.5:443 18 2932 1 2020-07-11 14:45:29.087 2.288 TCP 10.6.2.5:443->192.168.2.1:1505 37 48125 1 2020-07-11 14:45:54.027 0.224 TCP 10.6.2.5:443->192.168.2.1:1515 2 1256 1 2020-07-11 14:45:58.551 4.328 TCP 192.168.2.1:1525->10.6.2.5:443 10 648 1 2020-07-11 14:45:58.759 0.920 TCP 10.6.2.5:443->192.168.2.1:1525 12 15792 1 2020-07-11 14:46:32.227 14.796 TCP 192.168.2.1:1525->10.8.2.5:443 31 1700 1 2020-07-11 14:46:52.983 0.000 TCP 192.168.2.1:1505->10.8.2.5:443 1 40 11345

18 Which one of the following functions is not a common recipient of threat intelligence information?Legal counselRisk managementSecurity engineeringDetection and monitoring

19 Alfonzo is an IT professional at a Portuguese university who is creating a cloud environment for use only by other Portuguese universities. What type of cloud deployment model is he using?Public cloudPrivate cloudHybrid cloudCommunity cloud

20 During a network reconnaissance exercise, Chris gains access to a PC located in a secure network. If Chris wants to locate database and web servers that the company uses, what command-line tool can he use to gather information about other systems on the local network without installing additional tools or sending additional traffic?pingtraceroutenmapnetstat

21 Kaiden's organization uses the AWS public cloud environment. He uses the CloudFormation tool to write scripts that create the cloud resources used by his organization. What type of service is CloudFormation?SaaSIACFaaSAPI

22 What is the default nmap scan type when nmap is not provided with a scan type flag?A TCP FIN scanA TCP connect scanA TCP SYN scanA UDP scan

23 Isaac wants to grab the banner from a remote web server using commonly available tools. Which of the following tools cannot be used to grab the banner from the remote host?NetcatTelnet WgetFTP

24 Lakshman wants to limit what potential attackers can gather during passive or semipassive reconnaissance activities. Which of the following actions will typically reduce his organization's footprint the most?Limit information available via the organizational website without authentication.Use a secure domain registration.Limit technology references in job postings.Purge all document metadata before posting.

25 Cassandra's nmap scan of an open wireless network (192.168.10/24) shows the following host at IP address 192.168.1.1. Which of the following is most likely to be the type of system at that IP address based on the scan results shown?A virtual machineA wireless routerA broadband routerA print server

26 Several organizations recently experienced security incidents when their AWS secret keys were published in public GitHub repositories. What is the most significant threat that could arise from this improper key management?Total loss of confidentialityTotal loss of integrityTotal loss of availabilityTotal loss of confidentiality, integrity, and availability

27 Latisha has local access to a Windows workstation and wants to gather information about the organization that it belongs to. What type of information can she gain if she executes the command nbtstat -c?MAC addresses and IP addresses of local systemsNetBIOS name-to-IP address mappings A list of all NetBIOS systems that the host is connected toNetBIOS MAC-to-IP address mappings

28 Tracy believes that a historic version of her target's website may contain data she needs for her reconnaissance. What tool can she use to review snapshots of the website from multiple points in time?Time MachineMorlockWayback MachineHer target's web cache

29 After Kristen received a copy of an nmap scan run by a penetration tester that her company hired, she knows that the tester used the -O flag. What type of information should she expect to see included in the output other than open ports?OCMP statusOther portsObjective port assessment data in verbose modeOperating system and Common Platform Enumeration (CPE) data

30 Andrea wants to conduct a passive footprinting exercise against a target company. Which of the following techniques is not suited to a passive footprinting process?WHOIS lookupsBanner grabbingBGP looking glass usageRegistrar checks

31 While gathering reconnaissance data for a penetration test, Charlene uses the MXToolbox MX Lookup tool. What can she determine from the response to her query shown here?The mail servers are blacklisted.The mail servers have failed an SMTP test.The mail servers are clustered.There are two MX hosts listed in DNS.

32 Alex wants to scan a protected network and has gained access to a system that can communicate to both his scanning system and the internal network, as shown in the image here. What type of nmap scan should Alex conduct to leverage this host if he cannot install nmap on system A?A reflection scanA proxy scanA randomized host scanA ping-through scan

33 As a member of a blue team, Lukas observed the following behavior during an external penetration test. What should he report to his managers at the conclusion of the test?A significant increase in latencyA significant increase in packet lossLatency and packet loss both increased.No significant issues were observed.

34 As part of an organizationwide red team exercise, Frank is able to use a known vulnerability to compromise an Apache web server. Once he has gained access, what should his next step be if he wants to use the system to pivot to protected systems behind the DMZ that the web server resides in?Vulnerability scanningPrivilege escalationPatchingInstalling additional tools

35 Maddox is conducting an inventory of access permissions on cloud-based object buckets, such as those provided by the AWS S3 service. What threat is he seeking to mitigate?Insecure APIsImproper key managementUnprotected storageInsufficient logging and monitoring

36 Alex has been asked to assess the likelihood of reconnaissance activities against her organization (a small, regional business). Her first assignment is to determine the likelihood of port scans against systems in her organization's DMZ. How should she rate the likelihood of this occurring?LowMediumHighThere is not enough information for Alex to provide a rating.

37 Lucy recently detected a cross-site scripting vulnerability in her organization's web server. The organization operates a support forum where users can enter HTML tags and the resulting code is displayed to other site visitors. What type of cross-site scripting vulnerability did Lucy discover?PersistentReflectedDOM-basedBlind

38 Which one of the following tools is capable of handcrafting TCP packets for use in an attack?ArachniHpingResponderHashcat

39 Which one of the following IoT components contains hardware that can be dynamically reprogrammed by the end user?RTOSSoCFPGAMODBUS

40 Florian discovered a vulnerability in a proprietary application developed by his organization. The application performs memory management using the malloc() function and one area of memory allocated in this manner has an overflow vulnerability. What term best describes this overflow?Buffer overflowStack overflowInteger overflowHeap overflow

41 The company that Maria works for is making significant investments in infrastructure-as-a-service hosting to replace its traditional datacenter. Members of her organization's management have Maria's concerns about data remanence when Lauren's team moves from one virtual host to another in their cloud service provider's environment. What should she instruct her team to do to avoid this concern?Zero-wipe drives before moving systems.Use full-disk encryption.Use data masking.Span multiple virtual disks to fragment data.

42 Lucca wants to prevent workstations on his network from attacking each other. If Lucca's corporate network looks like the network shown here, what technology should he select to prevent laptop A from being able to attack workstation B?An IPSAn IDSAn HIPSAn HIDS

43 Geoff is reviewing logs and sees a large number of attempts to authenticate to his VPN server using many different username and password combinations. The same usernames are attempted several hundred times before moving on to the next one. What type of attack is most likely taking place?Credential stuffingPassword sprayingBrute-forceRainbow table

44 The company that Dan works for has recently migrated to an SaaS provider for its enterprise resource planning (ERP) software. In its traditional on-site ERP environment, Dan conducted regular port scans to help with security validation for the systems. What will Dan most likely have to do in this new environment?Use a different scanning tool.Rely on vendor testing and audits.Engage a third-party tester.Use a VPN to scan inside the vendor's security perimeter.

45 Lakshman uses Network Miner to review packet captures from his reconnaissance of a target organization. One system displayed the information shown here. What information has Network Miner used to determine that the PC is a Hewlett-Packard device?The MAC addressThe OS flagsThe system's bannerThe IP address

46 Kaiden is configuring a SIEM service in his IaaS cloud environment that will receive all of the log entries generated by other devices in that environment. Which one of the following risks is greatest with this approach in the event of a DoS attack or other outage?Inability to access logsInsufficient loggingInsufficient monitoringInsecure API

47 Which one of the following languages is least susceptible to an injection attack?HTMLSQLSTIXXML

48 Which one of the following types of malware would be most useful in a privilege escalation attack?RootkitWormVirusRAT

49 Ricky discovered a vulnerability in an application where privileges are checked at the beginning of a series of steps, may be revoked during those steps, and then are not checked before new uses of them later in the sequence. What type of vulnerability did he discover?Improper error handlingRace conditionDereferencingSensitive data exposure

50 Matthew is analyzing some code written in the C programming language and discovers that it is using the functions listed here. Which of these functions poses the greatest security vulnerability?strcpy()main()printf()scanf()

51 Abdul is conducting a security audit of a multicloud computing environment that incorporates resources from AWS and Microsoft Azure. Which one of the following tools will be most useful to him?ScoutSuitePacuProwlerCloudSploit

52 Jake is performing a vulnerability assessment and comes across a CAN bus specification. What type of environment is most likely to include a CAN bus?Physical access control systemBuilding automation systemVehicle control systemWorkflow and process automation system

53 Darcy is conducting a test of a wireless network using the Reaver tool. What technology does Reaver specifically target?WPAWPA2WPSWEP

54 Azra believes that one of her users may be taking malicious action on the systems she has access to. When she walks past her user's desktop, she sees the following command on the screen:user12@workstation:/home/user12# ./john -wordfile:/home/user12/mylist.txt -format:lm hash.txtWhat is the user attempting to do?They are attempting to hash a file.They are attempting to crack hashed passwords.They are attempting to crack encrypted passwords.They are attempting a pass-the-hash attack.

55 nmap provides a standardized way to name hardware and software that it detects. What is this called?CVEHardwareEnumCPEGearScript

56 Lakshman wants to detect port scans using syslog so that he can collect and report on the information using his SIEM. If he is using a default CentOS system, what should he do?Search for use of privileged ports in sequential order.Search for connections to ports in the /var/syslog directory.Log all kernel messages to detect scans.Install additional tools that can detect scans and send the logs to syslog.

57 Greg is concerned about the use of DDoS attack tools against his organization, so he purchased a mitigation service from his ISP. What portion of the threat model did Greg reduce?LikelihoodTotal attack surfaceImpactAdversary capability

58 Lucas believes that an attacker has successfully compromised his web server. Using the following output of ps, identify the process ID he should focus on.root 507 0.0 0.1 258268 3288 ? Ssl 15:52 0:00 /usr/sbin/rsyslogd -n message+ 508 0.0 0.2 44176 5160 ? Ss 15:52 0:00 /usr/bin/dbusdaemon --system --address=systemd: --nofork --nopidfile --systemd-activa root 523 0.0 0.3 281092 6312 ? Ssl 15:52 0:00 /usr/lib/accountsservice/accounts-daemon root 524 0.0 0.7 389760 15956 ? Ssl 15:52 0:00 /usr/sbin/NetworkManager --no-daemon root 527 0.0 0.1 28432 2992 ? Ss 15:52 0:00 /lib/systemd/systemd-logind apache 714 0.0 0.1 27416 2748 ? Ss 15:52 0:00 /www/temp/webmin root 617 0.0 0.1 19312 2056 ? Ss 15:52 0:00 /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid root 644 0.0 0.1 245472 2444 ? Sl 15:52 0:01 /usr/sbin/VBoxService root 653 0.0 0.0 12828 1848 tty1 Ss+ 15:52 0:00 /sbin/agetty --noclear tty1 linux root 661 0.0 0.3 285428 8088 ? Ssl 15:52 0:00 /usr/lib/policykit-1/polkitd --no-debug root 663 0.0 0.3 364752 7600 ? Ssl 15:52 0:00 /usr/sbin/gdm3 root 846 0.0 0.5 285816 10884 ? Ssl 15:53 0:00 /usr/lib/upower/upowerd root 867 0.0 0.3 235180 7272 ? Sl 15:53 0:00 gdm-session-worker [pam/gdm-launch-environment] Debian-+ 877 0.0 0.2 46892 4816 ? Ss 15:53 0:00 /lib/systemd/systemd --user Debian-+ 878 0.0 0.0 62672 1596 ? S 15:53 0:00 (sd-pam)508617846714

59 Geoff is responsible for hardening systems on his network and discovers that a number of network appliances have exposed services, including telnet, FTP, and web servers. What is his best option to secure these systems?Enable host firewalls.Install patches for those services.Turn off the services for each appliance.Place a network firewall between the devices and the rest of the network.

60 While conducting reconnaissance of his own organization, Ian discovers that multiple certificates are self-signed. What issue should he report to his management?Self-signed certificates do not provide secure encryption for site visitors.Self-signed certificates can be revoked only by the original creator.Self-signed certificates will cause warnings or error messages.None of the above.

61 During the reconnaissance stage of a penetration test, Fred calls a number of staff at the target organization. Using a script he prepared, Fred introduces himself as part of the support team for their recently installed software and asks for information about the software and its configuration. What is this technique called?PretextingOSINTA tag-outProfiling

62 Carrie needs to lock down a Windows workstation that has recently been scanned using nmap with the results shown here. She knows that the workstation needs to access websites and that the system is part of a Windows domain. What ports should she allow through the system's firewall for externally initiated connections?80, 135, 139, and 44580, 445, and 3389135, 139, and 445No ports should be open.

63 Adam's port scan returns results on six TCP ports: 22, 80, 443, 515, 631, and 9100. If Adam needs to guess what type of device this is based on these ports, what is his best guess?A web serverAn FTP serverA printerA proxy server

64 In his role as the SOC operator, Manish regularly scans a variety of servers in his organization. After two months of reporting multiple vulnerabilities on a Windows file server, Manish recently escalated the issue to the server administrator's manager.At the next weekly scan window, Manish noticed that all the vulnerabilities were no longer active; however, ports 137, 139, and 445 were still showing as open. What most likely happened?The server administrator blocked the scanner with a firewall.The server was patched.The vulnerability plug-ins were updated and no longer report false positives.The system was offline.

65 While conducting reconnaissance, Piper discovers what she believes is an SMTP service running on an alternate port. What technique should she use to manually validate her guess?Send an email via the open port.Send an SMTP probe.Telnet to the port.SSH to the port.

66 What two pieces of information does nmap need to estimate network path distance?IP address and TTLTTL and operating systemOperating system and BGP flagsTCP flags and IP address

67 Helen is using the Lockheed Martin Cyber Kill Chain to analyze an attack that took place against her organization. During the attack, the perpetrator attached a malicious tool to an email message that was sent to the victim. What phase of the Cyber Kill Chain includes this type of activity?WeaponizationDeliveryExploitationActions on objectives

68 During an on-site penetration test of a small business, Ramesh scans outward to a known host to determine the outbound network topology. What information can he gather from the results provided by Zenmap?There are two nodes on the local network.There is a firewall at IP address 96.120.24.121.There is an IDS at IP address 96.120.24.121.He should scan the 10.0.2.0/24 network.Use the following network diagram and scenario to answer questions 69–71.

69 Marta is a security analyst who has been tasked with performing nmap scans of her organization's network. She is a new hire and has been given this logical diagram of the organization's network but has not been provided with any additional detail.Marta wants to determine what IP addresses to scan from location A. How can she find this information?Scan the organization's web server and then scan the other 255 IP addresses in its subnet.Query DNS and WHOIS to find her organization's registered hosts.Contact ICANN to request the data.Use traceroute to identify the network that the organization's domain resides in.

70 If Marta runs a scan from location B that targets the servers on the datacenter network and then runs a scan from location C, what differences is she most likely to see between the scans?The scans will match.Scans from location C will show no open ports.Scans from location C will show fewer open ports.Scans from location C will show more open ports.

71 Marta wants to perform regular scans of the entire organizational network but only has a budget that supports buying hardware for a single scanner. Where should she place her scanner to have the most visibility and impact?Location ALocation BLocation CLocation D

72 Andrea needs to add a firewall rule that will prevent external attackers from conducting topology gathering reconnaissance on her network. Where should she add a rule intended to block this type of traffic?The firewallThe routerThe distribution switchThe Windows server

73 Brandon wants to perform a WHOIS query for a system he believes is located in Europe. Which NIC should he select to have the greatest likelihood of success for his query?AFRINICAPNICRIPELACNIC

74 While reviewing Apache logs, Janet sees the following entries as well as hundreds of others from the same source IP. What should Janet report has occurred?[ 21/Jul/2020:02:18:33 -0500] - - 10.0.1.1 "GET /scripts/sample.php" "-" 302 336 0 [ 21/Jul/2020:02:18:35 -0500] - - 10.0.1.1 "GET /scripts/test.php" "-" 302 336 0 [ 21/Jul/2020:02:18:37 -0500] - - 10.0.1.1 "GET /scripts/manage.php" "-" 302 336 0 [ 21/Jul/2020:02:18:38 -0500] - - 10.0.1.1 "GET /scripts/download.php" "-" 302 336 0 [ 21/Jul/2020:02:18:40 -0500] - - 10.0.1.1 "GET /scripts/update.php" "-" 302 336 0 [ 21/Jul/2020:02:18:42 -0500] - - 10.0.1.1 "GET /scripts/new.php" "-" 302 336 0A denial-of-service attackA vulnerability scanA port scanA directory traversal attack

75 Chris wants to gather as much information as he can about an organization using DNS harvesting techniques. Which of the following methods will most easily provide the most useful information if they are all possible to conduct on the network he is targeting?DNS record enumerationZone transferReverse lookupDomain brute-forcing

76 Geoff wants to perform passive reconnaissance as part of an evaluation of his organization's security controls. Which of the following techniques is a valid technique to perform as part of a passive DNS assessment?A DNS forward or reverse lookupA zone transferA WHOIS queryUsing maltego

77 Mike's penetration test requires him to use passive mapping techniques to discover network topology. Which of the following tools is best suited to that task?WiresharknmapnetcatAngry IP Scanner

78 While gathering DNS information about an organization, Ryan discovered multiple AAAA records. What type of reconnaissance does this mean Ryan may want to consider?Second-level DNS queriesIPv6 scans Cross-domain resolutionA CNAME verification

79 After Carlos completes a topology discovery scan of his local network, he sees the Zenmap topology shown here. What can Carlos determine from the Zenmap topology view?There are five hosts with port security enabled.DemoHost2 is running a firewall.DemoHost4 is running a firewall.There are four hosts with vulnerabilities and seven hosts that do not have vulnerabilities.

80 Scott is part of the white team who is overseeing his organization's internal red and blue teams during an exercise that requires each team to only perform actions appropriate to the penetration test phase they are in. During the reconnaissance phase, he notes the following behavior as part of a Wireshark capture. What should he report?The blue team has succeeded.The red team is violating the rules of engagement.The red team has succeeded.The blue team is violating the rules of engagement.

81 Jennifer analyzes a Wireshark packet capture from a network that she is unfamiliar with. She discovers that a host with IP address 10.11.140.13 is running services on TCP ports 636 and 443. What services is that system most likely running?LDAPS and HTTPSFTPS and HTTPSRDP and HTTPSHTTP and Secure DNS

82 Kai has identified a privilege escalation flaw on the system she targeted in the first phase of her penetration test and is now ready to take the next step. According to the NIST 800-115 standard, what is step C that Kai needs to take, as shown in this diagram?System browsingScanningRootingConsolidation

83 When Scott performs an nmap scan with the -T flag set to 5, what variable is he changing?How fast the scan runsThe TCP timeout flag it will setHow many retries it will performHow long the scan will take to start up

84 While conducting a port scan of a remote system, Henry discovers TCP port 1433 open. What service can he typically expect to run on this port?OracleVNCIRCMicrosoft SQL

85 While application vulnerability scanning one of her target organizations web servers, Andrea notices that the server's hostname is resolving to a cloudflare.com host. What does Andrea know about her scan?It is being treated like a DDoS attack.It is scanning a CDN-hosted copy of the site.It will not return useful information.She cannot determine anything about the site based on this information.

86 While tracking a potential APT on her network, Cynthia discovers a network flow for her company's central file server. What does this flow entry most likely show if 10.2.2.3 is not a system on her network?Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows 2017-07-11 13:06:46.343 21601804 TCP 10.1.1.1:1151->10.2.2.3:443 9473640 9.1 G 1 2017-07-11 13:06:46.551 21601804 TCP 10.2.2.3:443->10.1.1.1:1151 8345101 514 M 1A web browsing sessionData exfiltrationData infiltrationA vulnerability scan

87 Part of Tracy's penetration testing assignment is to evaluate the WPA2 Enterprise protected wireless networks of her target organization. What major differences exist between reconnaissances of a wired network versus a wireless network?Encryption and physical accessibilityNetwork access control and encryptionPort security and physical accessibilityAuthentication and encryption

88 Ian's company has an internal policy requiring that they perform regular port scans of all of their servers. Ian has been part of a recent effort to move his organization's servers to an infrastructure as a service (IaaS) provider. What change will Ian most likely need to make to his scanning efforts?Change scanning softwareFollow the service provider's scan policies Sign a security contract with the providerDiscontinue port scanning

89 During a regularly scheduled PCI compliance scan, Fred has discovered port 3389 open on one of the point-of-sale terminals that he is responsible for managing. What service should he expect to find enabled on the system?MySQLRDPTORJabber

90 Saanvi knows that the organization she is scanning runs services on alternate ports to attempt to reduce scans of default ports. As part of her intelligence-gathering process, she discovers services running on ports 8080 and 8443. What services are most likely running on these ports?Botnet C&CNginxMicrosoft SQL Server instancesWeb servers

91 Lauren wants to identify all the printers on the subnets she is scanning with nmap. Which of the following nmap commands will not provide her with a list of likely printers?nmap -sS -p 9100,515,631 10.0.10.15/22 -oX printers.txtnmap -O 10.0.10.15/22 -oG - | grep printer >> printers.txtnmap -sU -p 9100,515,631 10.0.10.15/22 -oX printers.txtnmap -sS -O 10.0.10.15/22 -oG | grep >> printers.txt

92 Chris knows that systems have connected to a remote host on TCP ports 1433 and 1434. If he has no other data, what should his best guess be about what the host is?A print serverA Microsoft SQL serverA MySQL serverA secure web server running on an alternate port

93 What services will the following nmap scan test for?nmap -sV -p 22,25,53,389 192.168.2.50/27Telnet, SMTP, DHCP, MS-SQLSSH, SMTP, DNS, LDAPTelnet, SNMP, DNS, LDAPSSH, SNMP, DNS, RDP

94 While conducting a topology scan of a remote web server, Susan notes that the IP addresses returned for the same DNS entry change over time. What has she likely encountered?A route changeFast-flux DNSA load balancerAn IP mismatch

95 Kwame is reviewing his team's work as part of a reconnaissance effort and is checking Wireshark packet captures. His team reported no open ports on 10.0.2.15. What issue should he identify with their scan based on the capture shown here?The host was not up.Not all ports were scanned.The scan scanned only UDP ports.The scan was not run as root.

96 Allan's nmap scan includes a line that starts with cpe:/o. What type of information should he expect to gather from the entry?Common privilege escalationOperating system Certificate performance evaluationHardware identification

97 While scanning a network, Frank discovers a host running a service on TCP ports 1812 and 1813. What type of server has Frank most likely discovered?RADIUSVNCKerberosPostgres

98 Nihar wants to conduct an nmap scan of a firewalled subnet. Which of the following is not an nmap firewall evasion technique he could use?Fragmenting packetsChanging packet header flagsSpoofing the source IPAppending random data

99 Which of the following commands will provide Ben with the most information about a host?dig -x [ip address]host [ip address]nslookup [ip address]zonet [ip address]

100 Fred's reconnaissance of an organization includes a search of the Censys network search engine. There, he discovers multiple certificates with validity dates as shown here:Validity2018-07-07 00:00:00 to 2019-08-11 23:59:59 (400 days, 23:59:59)2017-07-08 00:00:00 to 2019-08-12 23:59:59 (400 days, 23:59:59)2018-07-11 00:00:00 to 2019-08-15 23:59:59 (400 days, 23:59:59)What should Fred record in his reconnaissance notes?The certificates expired as expected, showing proper business practice.The certificates were expired by the CA, possibly due to nonpayment.The system that hosts the certificates may have been compromised.The CA may have been compromised, leading to certificate expiration.

101 When Casey scanned a network host, she received the results shown here. What does she know based on the scan results?The device is a Cisco device.The device is running CentO.The device was built by IBM.None of the above.

102 Fred conducts an SNMP sweep of a target organization and receives no-response replies from multiple addresses that he believes belong to active hosts. What does this mean?The machines are unreachable.The machines are not running SNMP servers.The community string he used is invalid.Any or all of the above may be true.

103 Angela wants to gather detailed information about the hosts on a network passively. If she has access to a Wireshark PCAP file from the network, which of the following tools can she use to provide automated analysis of the file?EttercapNetworkMinerSharkbaitDradis

104 While performing reconnaissance of an organization's network, Angela discovers that web.organization.com, www.organization.com, and documents.organization.com all point to the same host. What type of DNS record allows this?A CNAMEAn MX recordAn SPF recordAn SOA record

105 Aidan operates the point-of-sale network for a company that accepts credit cards and is thus required to be compliant with PCI DSS. During his regular assessment of the point-of-sale terminals, he discovers that a recent Windows operating system vulnerability exists on all of them. Since they are all embedded systems that require a manufacturer update, he knows that he cannot install the available patch. What is Aidan's best option to stay compliant with PCI DSS and protect his vulnerable systems?Replace the Windows embedded point-of-sale terminals with standard Windows systems.Build a custom operating system image that includes the patch.Identify, implement, and document compensating controls.Remove the POS terminals from the network until the vendor releases a patch.

106 What occurs when Mia uses the following command to perform an nmap scan of a network?nmap -sP 192.168.2.0/24A secure port scan of all hosts in the 192.168.0.0 to 192.168.2.255 network rangeA scan of all hosts that respond to ping in the 192.168.0.0 to 192.168.255.255 network rangeA scan of all hosts that respond to ping in the 192.168.2.0 to 192.168.2.255 network rangeA SYN-based port scan of all hosts in the 192.168.2.0 to 192.168.2.255 network range

107 Amir's remote scans of a target organization's class C network block using nmap ( nmap -sS 10.0.10.1/24) show only a single web server. If Amir needs to gather additional reconnaissance information about the organization's network, which of the following scanning techniques is most likely to provide additional detail?Use a UDP scan.Perform a scan from on-site.Scan using the -p 1-65535 flag.Use nmap's IPS evasion techniques.

108 Damian wants to limit the ability of attackers to conduct passive fingerprinting exercises on his network. Which of the following practices will help to mitigate this risk?Implement an IPS.Implement a firewall.Disable promiscuous mode for NICs.Enable promiscuous mode for NICs.

109 Wang submits a suspected malware file to malwr.com and receives the following information about its behavior. What type of tool is malwr.com?A reverse-engineering toolA static analysis sandbox A dynamic analysis sandboxA decompiler sandbox

110 As part of his active reconnaissance activities, Frank is provided with a shell account accessible via SSH. If Frank wants to run a default nmap scan on the network behind the firewall shown here, how can he accomplish this?ssh -t 192.168.34.11 nmap 192.168.34.0/24ssh -R 8080:192.168.34.11:8080 [remote account:remote password]ssh -proxy 192.168.11 [remote account:remote password]Frank cannot scan multiple ports with a single ssh command.

111 Angela captured the following packets during a reconnaissance effort run by her organization's red team. What type of information are they looking for?Vulnerable web applicationsSQL injectionDirectory traversal attacksPasswords

112 Which sources are most commonly used to gather information about technologies a target organization uses during intelligence gathering?OSINT searches of support forums and social engineeringPort scanning and social engineering Social media review and document metadataSocial engineering and document metadata

113 Sarah has been asked to assess the technical impact of suspected reconnaissance performed against her organization. She is informed that a reliable source has discovered that a third party has been performing reconnaissance by querying WHOIS data. How should Sarah categorize the technical impact of this type of reconnaissance?HighMediumLowShe cannot determine this from the information given.

114 Rick is reviewing flows of a system on his network and discovers the following flow logs. What is the system doing?ICMP "Echo request" Date flow start Duration Proto Src IP Addr:Port->Dst IP Addr:Port Packets Bytes Flows 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.6:8.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.6:0->10.1.1.1:0.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.7:8.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.7:0->10.1.1.1:0.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.8:8.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.8:0->10.1.1.1:0.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.9:8.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.9:0->10.1.1.1:0.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.10:8.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.10:0->10.1.1.1:0.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.1.1.1:0->10.2.2.6:11.0 11 924 1 2019-07-11 04:58:59.518 10.000 ICMP 10.2.2.11:0->10.1.1.1:0.0 11 924 1A port scanA failed three-way handshake A ping sweepA traceroute

115 Ryan's passive reconnaissance efforts resulted in the following packet capture. Which of the following statements cannot be verified based on the packet capture shown for the host with IP address 10.0.2.4?The host does not have a DNS entry.It is running a service on port 139.It is running a service on port 445.It is a Windows system.

116 Stacey encountered a system that shows as “filtered” and “firewalled” during an nmap scan. Which of the following techniques should she not consider as she is planning her next scan?Packet fragmentationSpoofing the source addressUsing decoy scansSpoofing the destination address

117 Kim is preparing to deploy a new vulnerability scanner and wants to ensure that she can get the most accurate view of configuration issues on laptops belonging to traveling salespeople. Which technology will work best in this situation?Agent-based scanningServer-based scanningPassive network monitoringNoncredentialed scanning

118 Carla runs a vulnerability scan of a new appliance that engineers are planning to place on her organization's network and finds the results shown here. Of the actions listed, which would correct the highest criticality vulnerability?Block the use of TLS v1.0.Replace the expired SSL certificate.Remove the load balancer.Correct the information leakage vulnerability.

119 In what type of attack does the adversary leverage a position on a guest operating system to gain access to hardware resources assigned to other operating systems running in the same hardware environment?Buffer overflowDirectory traversalVM escapeCross-site scripting

120 Sadiq is responsible for the security of a network used to control systems within his organization's manufacturing plant. The network connects manufacturing equipment, sensors, and controllers. He runs a vulnerability scan on this network and discovers that several of the controllers are running very out-of-date firmware that introduces security issues. The manufacturer of the controllers is out of business. What action can Sadiq take to best remediate this vulnerability in an efficient manner?Develop a firmware update internally and apply it to the controllers.Post on an Internet message board seeking other organizations that have developed a patch.Ensure that the ICS is on an isolated network.Use an intrusion prevention system on the ICS network.

121 Vic scanned a Windows server used in his organization and found the result shown here. The server is on an internal network with access limited to IT staff and is not part of a domain. How urgently should Vic remediate this vulnerability?Vic should drop everything and remediate this vulnerability immediately.While Vic does not need to drop everything, this vulnerability requires urgent attention and should be addressed quickly.This is a moderate vulnerability that can be scheduled for remediation at a convenient time.This vulnerability is informational in nature and may be left in place.

122 Rob's manager recently asked him for an overview of any critical security issues that exist on his network. He looks at the reporting console of his vulnerability scanner and sees the options shown here. Which of the following report types would be his best likely starting point?Technical ReportHigh Severity ReportQualys Patch ReportUnknown Device Report

123 Wendy is the security administrator for a membership association that is planning to launch an online store. As part of this launch, she will become responsible for ensuring that the website and associated systems are compliant with all relevant standards. What regulatory regime specifically covers credit card information?PCI DSSFERPAHIPAASOX

124 During a port scan of a server, Miguel discovered that the following ports are open on the internal network:TCP port 25TCP port 80TCP port 110TCP port 443TCP port 1433TCP port 3389The scan results provide evidence that a variety of services are running on this server. Which one of the following services is not indicated by the scan results?WebDatabaseSSHRDP

125 Nina is a software developer and she receives a report from her company's cybersecurity team that a vulnerability scan detected a SQL injection vulnerability in one of her applications. She examines her code and makes a modification in a test environment that she believes corrects the issue. What should she do next?Deploy the code to production immediately to resolve the vulnerability.Request a scan of the test environment to confirm that the issue is corrected.Mark the vulnerability as resolved and close the ticket.Hire a consultant to perform a penetration test to confirm that the vulnerability is resolved.

126 George recently ran a port scan on a network device used by his organization. Which one of the following open ports represents the most significant possible security vulnerability?2223161443Use the following scenario to answer questions 127–129.Harold runs a vulnerability scan of a server that he is planning to move into production and finds the vulnerability shown here.

127 What operating system is most likely running on the server in this vulnerability scan report?macOSWindowsCentOSRHEL

128 Harold is preparing to correct the vulnerability. What service should he inspect to identify the issue?SSHHTTPSRDPSFTP

129 Harold would like to secure the service affected by this vulnerability. Which one of the following protocols/versions would be an acceptable way to resolve the issue?SSL v2.0SSL v3.0TLS v1.0None of the above

130 Seth found the vulnerability shown here in one of the systems on his network. What component requires a patch to correct this issue?Operating systemVPN concentratorNetwork router or switchHypervisor

131 Quentin ran a vulnerability scan of a server in his organization and discovered the results shown here. Which one of the following actions is not required to resolve one of the vulnerabilities on this server?Reconfigure cipher support.Apply Window security patches.Obtain a new SSL certificate.Enhance account security policies.

132 The presence of ____________ triggers specific vulnerability scanning requirements based on law or regulation.Credit card informationProtected health informationPersonally identifiable informationTrade secret informationUse the scenario to answer questions 133–135.Stella is analyzing the results of a vulnerability scan and comes across the vulnerability shown here on a server in her organization. The SharePoint service in question processes all of the organization's work orders and is a critical part of the routine business workflow.

133 What priority should Stella place on remediating this vulnerability?Stella should make this vulnerability one of her highest priorities.Stella should remediate this vulnerability within the next several weeks.Stella should remediate this vulnerability within the next several months.Stella does not need to assign any priority to remediating this vulnerability.

134 What operating system is most likely running on the server in this vulnerability scan report?macOSWindowsCentOSRHEL

135 What is the best way that Stella can correct this vulnerability?Deploy an intrusion prevention system.Apply one or more application patches.Apply one or more operating system patches.Disable the service.

136 Harry is developing a vulnerability scanning program for a large network of sensors used by his organization to monitor a transcontinental gas pipeline. What term is commonly used to describe this type of sensor network?WLANVPNP2PSCADA

137 This morning, Eric ran a vulnerability scan in an attempt to detect a vulnerability that was announced by a software manufacturer yesterday afternoon. The scanner did not detect the vulnerability although Eric knows that at least two of his servers should have the issue. Eric contacted the vulnerability scanning vendor, who assured him that they released a signature for the vulnerability overnight. What should Eric do as a next step?Check the affected servers to verify a false positive.Check the affected servers to verify a false negative.Report a bug to the vendor.Update the vulnerability signatures.

138 Natalie ran a vulnerability scan of a web application recently deployed by her organization, and the scan result reported a blind SQL injection. She reported the vulnerability to the developers, who scoured the application and made a few modifications but did not see any evidence that this attack was possible. Natalie reran the scan and received the same result. The developers are now insisting that their code is secure. What is the most likely scenario?The result is a false positive.The code is deficient and requires correction.The vulnerability is in a different web application running on the same server.Natalie is misreading the scan report.

139 Kasun discovers a missing Windows security patch during a vulnerability scan of a server in his organization's data center. Upon further investigation, he discovers that the system is virtualized. Where should he apply the patch?To the virtualized systemThe patch is not necessaryTo the domain controllerTo the virtualization platform

140 Joaquin is frustrated at the high level of false positive reports produced by his vulnerability scans and is contemplating a series of actions designed to reduce the false positive rate. Which one of the following actions is least likely to have the desired effect?Moving to credentialed scanningMoving to agent-based scanningIntegrating asset information into the scanIncreasing the sensitivity of scans

141 Joe is conducting a network vulnerability scan against his datacenter and receives reports from system administrators that the scans are slowing down their systems. There are no network connectivity issues, only performance problems on individual hosts. He looks at the scan settings shown here. Which setting would be most likely to correct the problem?Scan IP addresses in a random orderNetwork timeout (in seconds)Max simultaneous checks per hostMax simultaneous hosts per scan

142 Isidora runs a vulnerability scan of the management interface for her organization's DNS service. She receives the vulnerability report shown here. What should be Isidora's next action?Disable the use of cookies on this service.Request that the vendor rewrite the interface to avoid this vulnerability.Investigate the contents of the cookie.Shut down the DNS service.

143 Zara is prioritizing vulnerability scans and would like to base the frequency of scanning on the information asset value. Which of the following criteria would be most appropriate for her to use in this analysis?Cost of hardware acquisitionCost of hardware replacementTypes of information processedDepreciated hardware cost

144 Laura is working to upgrade her organization's vulnerability management program. She would like to add technology that is capable of retrieving the configurations of systems, even when they are highly secured. Many systems use local authentication, and she wants to avoid the burden of maintaining accounts on all of those systems. What technology should Laura consider to meet her requirement?Credentialed scanningUncredentialed scanningServer-based scanningAgent-based scanning

145 Javier discovered the vulnerability shown here in a system on his network. He is unsure what system component is affected. What type of service is causing this vulnerability?Backup serviceDatabase serviceFile sharingWeb service

146 Alicia runs a vulnerability scan of a server being prepared for production and finds the vulnerability shown here. Which one of the following actions is least likely to reduce this risk?Block all connections on port 22.Upgrade OpenSSH.Disable AES-GCM in the server configuration.Install a network IPS in front of the server.

147 After scanning his organization's email server, Singh discovered the vulnerability shown here. What is the most effective response that Singh can take in this situation?Upgrade to the most recent version of Microsoft Exchange.Upgrade to the most recent version of Microsoft Windows.Implement the use of strong encryption.No action is required.

148 A SQL injection exploit typically gains access to a database by exploiting a vulnerability in a(n)__________.Operating systemWeb applicationDatabase serverFirewallUse the following scenario to answer questions 149–151.Ryan ran a vulnerability scan of one of his organization's production systems and received the report shown here. He would like to understand this vulnerability better and then remediate the issue.

149 Ryan will not be able to correct the vulnerability for several days. In the meantime, he would like to configure his intrusion prevention system to watch for issues related to this vulnerability. Which one of the following protocols would an attacker use to exploit this vulnerability?SSHHTTPSFTPRDP

150 Which one of the following actions could Ryan take to remediate the underlying issue without disrupting business activity?Disable the IIS service.Apply a security patch.Modify the web application.Apply IPS rules.

151 If an attacker is able to exploit this vulnerability, what is the probable result that will have the highest impact on the organization?Administrative control of the serverComplete control of the domainAccess to configuration informationAccess to web application logs

152 Ted is configuring vulnerability scanning for a file server on his company's internal network. The server is positioned on the network as shown here. What types of vulnerability scans should Ted perform to balance the efficiency of scanning effort with expected results?Ted should not perform scans of servers on the internal network.Ted should only perform internal vulnerability scans.Ted should only perform external vulnerability scans.Ted should perform both internal and external vulnerability scans.

153 Zahra is attempting to determine the next task that she should take on from a list of security priorities. Her boss told her that she should focus on activities that have the most “bang for the buck.” Of the tasks shown here, which should she tackle first?Task 1Task 2Task 3Task 4

154 Kyong manages the vulnerability scans for his organization. The senior director that oversees Kyong's group provides a report to the CIO on a monthly basis on operational activity, and he includes the number of open critical vulnerabilities. He would like to provide this information to his director in as simple a manner as possible each month. What should Kyong do?Provide the director with access to the scanning system.Check the system each month for the correct number and email it to the director.Configure a report that provides the information to automatically send to the director's email at the proper time each month.Ask an administrative assistant to check the system and provide the director with the information.

155 Morgan is interpreting the vulnerability scan from her organization's network, shown here. She would like to determine which vulnerability to remediate first. Morgan would like to focus on vulnerabilities that are most easily exploitable by someone outside her organization. Assuming the firewall is properly configured, which one of the following vulnerabilities should Morgan give the highest priority?Severity 5 vulnerability in the workstationSeverity 1 vulnerability in the file serverSeverity 5 vulnerability in the web serverSeverity 1 vulnerability in the mail server

156 Mike runs a vulnerability scan against his company's virtualization environment and finds the vulnerability shown here in several of the virtual hosts. What action should Mike take?No action is necessary because this is an informational report.Mike should disable HTTP on the affected devices.Mike should upgrade the version of OpenSSL on the affected devices.Mike should immediately upgrade the hypervisor.

157 Juan recently scanned a system and found that it was running services on ports 139 and 445. What operating system is this system most likely running?UbuntuMacOSCentOSWindows

158 Gene is concerned about the theft of sensitive information stored in a database. Which one of the following vulnerabilities would pose the most direct threat to this information?SQL injectionCross-site scriptingBuffer overflowDenial of service

159 Which one of the following protocols is not likely to trigger a vulnerability scan alert when used to support a virtual private network (VPN)?IPsecSSL v2PPTPSSL v3

160 Rahul ran a vulnerability scan of a server that will be used for credit card processing in his environment and received a report containing the vulnerability shown here. What action must Rahul take?Remediate the vulnerability when possible.Remediate the vulnerability prior to moving the system into production and rerun the scan to obtain a clean result.Remediate the vulnerability within 90 days of moving the system to production.No action is required.Use the following scenario to answer questions 161–162.Aaron is scanning a server in his organization's data center and receives the vulnerability report shown here. The service is exposed only to internal hosts.

161 What is the normal function of the service with this vulnerability?File transferWeb hostingTime synchronizationNetwork addressing

162 What priority should Aaron place on remediating this vulnerability?Aaron should make this vulnerability his highest priority.Aaron should remediate this vulnerability urgently but does not need to drop everything.Aaron should remediate this vulnerability within the next month.Aaron does not need to assign any priority to remediating this vulnerability.

163 Without access to any additional information, which one of the following vulnerabilities would you consider the most severe if discovered on a production web server?CGI generic SQL injectionWeb application information disclosureWeb server uses basic authentication without HTTPSWeb server directory enumeration

164 Gina ran a vulnerability scan on three systems that her organization is planning to move to production and received the results shown here. How many of these issues should Gina require be resolved before moving to production?013All of these issues should be resolved

165 Ji-won recently restarted an old vulnerability scanner that had not been used in more than a year. She booted the scanner, logged in, and configured a scan to run. After reading the scan results, she found that the scanner was not detecting known vulnerabilities that were detected by other scanners. What is the most likely cause of this issue?The scanner is running on an outdated operating system.The scanner's maintenance subscription is expired.Ji-won has invalid credentials on the scanner.The scanner does not have a current, valid IP address.

166 Isabella runs both internal and external vulnerability scans of a web server and detects a possible SQL injection vulnerability. The vulnerability only appears in the internal scan and does not appear in the external scan. When Isabella checks the server logs, she sees the requests coming from the internal scan and sees some requests from the external scanner but no evidence that a SQL injection exploit was attempted by the external scanner. What is the most likely explanation for these results?A host firewall is blocking external network connections to the web server.A network firewall is blocking external network connections to the web server.A host IPS is blocking some requests to the web server.A network IPS is blocking some requests to the web server.

167 Rick discovers the vulnerability shown here in a server running in his datacenter. What characteristic of this vulnerability should concern him the most?It is the subject of a recent security bulletin.It has a CVSS score of 7.6.There are multiple Bugtraq and CVE IDs.It affects kernel-mode drivers.

168 Carla is designing a vulnerability scanning workflow and has been tasked with selecting the person responsible for remediating vulnerabilities. Which one of the following people would normally be in the best position to remediate a server vulnerability?Cybersecurity analystSystem administratorNetwork engineerIT manager

169 During a recent vulnerability scan, Ed discovered that a web server running on his network has access to a database server that should be restricted. Both servers are running on his organization's VMware virtualization platform. Where should Ed look first to configure a security control to restrict this access?VMwareDatacenter firewallPerimeter (Internet) firewallIntrusion prevention system

170 Carl runs a vulnerability scan of a mail server used by his organization and receives the vulnerability report shown here. What action should Carl take to correct this issue?Carl does not need to take any action because this is an informational report.Carl should replace SSL with TLS on this server.Carl should disable weak ciphers.Carl should upgrade OpenSSL.

171 Renee is configuring a vulnerability scanner that will run scans of her network. Corporate policy requires the use of daily vulnerability scans. What would be the best time to configure the scans?During the day when operations reach their peak to stress test systemsDuring the evening when operations are minimal to reduce the impact on systems During lunch hour when people have stepped away from their systems but there is still considerable loadOn the weekends when the scans may run unimpeded

172 Ahmed is reviewing the vulnerability scan report from his organization's central storage service and finds the results shown here. Which action can Ahmed take that will be effective in remediating the highest-severity issue possible?Upgrade to SNMP v3.Disable the use of RC4.Replace the use of SSL with TLS.Disable remote share enumeration.Use the following scenario to answer questions 173–174.Glenda ran a vulnerability scan of workstations in her organization. She noticed that many of the workstations reported the vulnerability shown here. She would like to not only correct this issue but also prevent the likelihood of similar issues occurring in the future.

173 What action should Glenda take to achieve her goals?Glenda should uninstall Chrome from all workstations and replace it with Internet Explorer.Glenda should manually upgrade Chrome on all workstations.Glenda should configure all workstations to automatically upgrade Chrome.Glenda does not need to take any action.

174 What priority should Glenda place on remediating this vulnerability?Glenda should make this vulnerability her highest priority.Glenda should remediate this vulnerability urgently but does not need to drop everything.Glenda should remediate this vulnerability within the next several months.Glenda does not need to assign any priority to remediating this vulnerability.

175 After reviewing the results of a vulnerability scan, Gabriella discovered a flaw in her Oracle database server that may allow an attacker to attempt a direct connection to the server. She would like to review NetFlow logs to determine what systems have connected to the server recently. What TCP port should Gabriella expect to find used for this communication?443143315218080

176 Greg runs a vulnerability scan of a server in his organization and finds the results shown here. What is the most likely explanation for these results?The organization is running web services on nonstandard ports.The scanner is providing a false positive error report.The web server has mirrored ports available.The server has been compromised by an attacker.

177 Binh is reviewing a vulnerability scan of his organization's VPN appliance. He wants to remove support for any insecure ciphers from the device. Which one of the following ciphers should he remove?ECDHE-RSA-AES128-SHA256AES256-SHA256DHE-RSA-AES256-GCM-SHA384EDH-RSA-DES-CBC3-SHA

178 Terry recently ran a vulnerability scan against his organization's credit card processing environment that found a number of vulnerabilities. Which vulnerabilities must he remediate in order to have a “clean” scan under PCI DSS standards?Critical vulnerabilitiesCritical and high vulnerabilitiesCritical, high, and moderate vulnerabilitiesCritical, high, moderate, and low vulnerabilities

179 Himari discovers the vulnerability shown here on several Windows systems in her organization. There is a patch available, but it requires compatibility testing that will take several days to complete. What type of file should Himari be watchful for because it may directly exploit this vulnerability?Private key filesWord documentsImage filesEncrypted files

180 During a vulnerability scan, Patrick discovered that the configuration management agent installed on all of his organization's Windows servers contains a serious vulnerability. The manufacturer is aware of this issue, and a patch is available. What process should Patrick follow to correct this issue?Immediately deploy the patch to all affected systems.Deploy the patch to a single production server for testing and then deploy to all servers if that test is successful.Deploy the patch in a test environment and then conduct a staged rollout in production.Disable all external access to systems until the patch is deployed.

181 Aaron is configuring a vulnerability scan for a Class C network and is trying to choose a port setting from the list shown here. He would like to choose a scan option that will efficiently scan his network but also complete in a reasonable period of time. Which setting would be most appropriate?NoneFullStandard ScanLight Scan

182 Haruto is reviewing the results of a vulnerability scan, shown here, from a web server in his organization. Access to this server is restricted at the firewall so that it may not be accessed on port 80 or 443. Which of the following vulnerabilities should Haruto still address?OpenSSL versionCookie information disclosureTRACK/TRACE methodsHaruto does not need to address any of these vulnerabilities because they are not exposed to the outside world

183 Brian is considering the use of several different categories of vulnerability plug-ins. Of the types listed here, which is the most likely to result in false positive reports?Registry inspectionBanner grabbingService interrogationFuzzing

184 Binh conducts a vulnerability scan and finds three different vulnerabilities, with the CVSS scores shown here. Which vulnerability should be his highest priority to fix, assuming all three fixes are of equal difficulty?Vulnerability 1Vulnerability 2Vulnerability 3Vulnerabilities 1 and 3 are equal in priority

185 Which one of the following is not an appropriate criterion to use when prioritizing the remediation of vulnerabilities?Network exposure of the affected systemDifficulty of remediationSeverity of the vulnerabilityAll of these are appropriate.

186 Landon is preparing to run a vulnerability scan of a dedicated Apache server that his organization is planning to move into a DMZ. Which one of the following vulnerability scans is least likely to provide informative results?Web application vulnerability scanDatabase vulnerability scanPort scanNetwork vulnerability scan

187 Ken recently received the vulnerability report shown here that affects a file server used by his organization. What is the primary nature of the risk introduced by this vulnerability?ConfidentialityIntegrityAvailabilityNonrepudiation

188 Aadesh is creating a vulnerability management program for his company. He has limited scanning resources and would like to apply them to different systems based on the sensitivity and criticality of the information that they handle. What criteria should Aadesh use to determine the vulnerability scanning frequency?Data remanenceData privacyData classificationData privacy

189 Tom recently read a media report about a ransomware outbreak that was spreading rapidly across the Internet by exploiting a zero-day vulnerability in Microsoft Windows. As part of a comprehensive response, he would like to include a control that would allow his organization to effectively recover from a ransomware infection. Which one of the following controls would best achieve Tom's objective?Security patchingHost firewallsBackupsIntrusion prevention systems

190 Kaitlyn discovered the vulnerability shown here on a workstation in her organization. Which one of the following is not an acceptable method for remediating this vulnerability?Upgrade WinRARUpgrade WindowsRemove WinRARReplace WinRAR with an alternate compression utility

191 Brent ran a vulnerability scan of several network infrastructure devices on his network and obtained the result shown here. What is the extent of the impact that an attacker could have by exploiting this vulnerability directly?Denial of serviceTheft of sensitive informationNetwork eavesdroppingReconnaissance

192 Yashvir runs the cybersecurity vulnerability management program for his organization. He sends a database administrator a report of a missing database patch that corrects a high severity security issue. The DBA writes back to Yashvir that he has applied the patch. Yashvir reruns the scan, and it still reports the same vulnerability. What should he do next?Mark the vulnerability as a false positive.Ask the DBA to recheck the database.Mark the vulnerability as an exception.Escalate the issue to the DBA's manager.

193 Manya is reviewing the results of a vulnerability scan and identifies the issue shown here in one of her systems. She consults with developers who check the code and assure her that it is not vulnerable to SQL injection attacks. An independent auditor confirms this for Manya. What is the most likely scenario?This is a false positive report.The developers are wrong, and the vulnerability exists.The scanner is malfunctioning.The database server is misconfigured.

194 Erik is reviewing the results of a vulnerability scan and comes across the vulnerability report shown here. Which one of the following services is least likely to be affected by this vulnerability?HTTPSHTTPSSHVPNUse the following scenario to answer questions 195–196.Larry recently discovered a critical vulnerability in one of his organization's database servers during a routine vulnerability scan. When he showed the report to a database administrator, the administrator responded that they had corrected the vulnerability by using a vendor-supplied workaround because upgrading the database would disrupt an important process. Larry verified that the workaround is in place and corrects the vulnerability.

195 How should Larry respond to this situation?Mark the report as a false positive.Insist that the administrator apply the vendor patch.Mark the report as an exception.Require that the administrator submit a report describing the workaround after each vulnerability scan.

196 What is the most likely cause of this report?The vulnerability scanner requires an update.The vulnerability scanner depends on version detection.The database administrator incorrectly applied the workaround.Larry misconfigured the scan.

197 Mila ran a vulnerability scan of a server in her organization and found the vulnerability shown here. What is the use of the service affected by this vulnerability?Web serverDatabase serverEmail serverDirectory server

198 Margot discovered that a server in her organization has a SQL injection vulnerability. She would like to investigate whether attackers have attempted to exploit this vulnerability. Which one of the following data sources is least likely to provide helpful information? NetFlow logsWeb server logsDatabase logsIDS logs

199 Krista is reviewing a vulnerability scan report and comes across the vulnerability shown here. She comes from a Linux background and is not as familiar with Windows administration. She is not familiar with the runas command mentioned in this vulnerability. What is the closest Linux equivalent command?sudogrepsups

200 After scanning a web application for possible vulnerabilities, Barry received the result shown here. Which one of the following best describes the threat posed by this vulnerability?An attacker can eavesdrop on authentication exchanges.An attacker can cause a denial-of-service attack on the web application.An attacker can disrupt the encryption mechanism used by this server.An attacker can edit the application code running on this server.

201 Javier ran a vulnerability scan of a network device used by his organization and discovered the vulnerability shown here. What type of attack would this vulnerability enable?Denial of serviceInformation theftInformation alterationReconnaissance

202 Akari scans a Windows server in her organization and finds that it has multiple critical vulnerabilities, detailed in the report shown here. What action can Akari take that will have the most significant impact on these issues without creating a long-term outage?Configure the host firewall to block inbound connections.Apply security patches.Disable the guest account on the server.Configure the server to only use secure ciphers.

203 Ben is preparing to conduct a vulnerability scan for a new client of his security consulting organization. Which one of the following steps should Ben perform first?Conduct penetration testing.Run a vulnerability evaluation scan.Run a discovery scan.Obtain permission for the scans.

204 Katherine coordinates the remediation of security vulnerabilities in her organization and is attempting to work with a system engineer on the patching of a server to correct a moderate impact vulnerability. The engineer is refusing to patch the server because of the potential interruption to a critical business process that runs on the server. What would be the most reasonable course of action for Katherine to take?Schedule the patching to occur during a regular maintenance cycle.Exempt the server from patching because of the critical business impact.Demand that the server be patched immediately to correct the vulnerability.Inform the engineer that if he does not apply the patch within a week that Katherine will file a complaint with his manager.

205 During a recent vulnerability scan of workstations on her network, Andrea discovered the vulnerability shown here. Which one of the following actions is least likely to remediate this vulnerability?Remove JRE from workstations.Upgrade JRE to the most recent version.Block inbound connections on port 80 using the host firewall.Use a web content filtering system to scan for malicious traffic.

206 Grace ran a vulnerability scan and detected an urgent vulnerability in a public-facing web server. This vulnerability is easily exploitable and could result in the complete compromise of the server. Grace wants to follow best practices regarding change control while also mitigating this threat as quickly as possible. What would be Grace's best course of action?Initiate a high-priority change through her organization's change management process and wait for the change to be approved.Implement a fix immediately and document the change after the fact.Schedule a change for the next quarterly patch cycle.Initiate a standard change through her organization's change management process.

207 Doug is preparing an RFP for a vulnerability scanner for his organization. He needs to know the number of systems on his network to help determine the scanner requirements. Which one of the following would not be an easy way to obtain this information?ARP tablesAsset management toolDiscovery scanResults of scans recently run by a consultant

208 Mary runs a vulnerability scan of her entire organization and shares the report with another analyst on her team. An excerpt from that report appears here. Her colleague points out that the report contains only vulnerabilities with severities of 3, 4, or 5. What is the most likely cause of this result?The scan sensitivity is set to exclude low-importance vulnerabilities.Mary did not configure the scan properly.Systems in the datacenter do not contain any level 1 or 2 vulnerabilities.The scan sensitivity is set to exclude high-impact vulnerabilities.

209 Mikhail is reviewing the vulnerability shown here, which was detected on several servers in his environment. What action should Mikhail take?Block TCP/IP access to these servers from external sources.Upgrade the operating system on these servers.Encrypt all access to these servers.No action is necessary.

210 Which one of the following approaches provides the most current and accurate information about vulnerabilities present on a system because of the misconfiguration of operating system settings?On-demand vulnerability scanningContinuous vulnerability scanningScheduled vulnerability scanningAgent-based monitoringUse the following scenario to answer questions 211–213.Pete recently conducted a broad vulnerability scan of all the servers and workstations in his environment. He scanned the following three networks:DMZ network that contains servers with public exposureWorkstation network that contains workstations that are allowed outbound access onlyInternal server network that contains servers exposed only to internal systemsHe detected the following vulnerabilities:Vulnerability 1: A SQL injection vulnerability on a DMZ server that would grant access to a database server on the internal network (severity 5/5)Vulnerability 2: A buffer overflow vulnerability on a domain controller on the internal server network (severity 3/5)Vulnerability 3: A missing security patch on several hundred Windows workstations on the workstation network (severity 2/5)Vulnerability 4: A denial-of-service vulnerability on a DMZ server that would allow an attacker to disrupt a public-facing website (severity 2/5)Vulnerability 5: A denial-of-service vulnerability on an internal server that would allow an attacker to disrupt an internal website (severity 4/5)Note that the severity ratings assigned to these vulnerabilities are directly from the vulnerability scanner and were not assigned by Pete.

211 Absent any other information, which one of the vulnerabilities in the report should Pete remediate first?Vulnerability 1Vulnerability 2Vulnerability 3Vulnerability 4

212 Pete is working with the desktop support manager to remediate vulnerability 3. What would be the most efficient way to correct this issue?Personally visit each workstation to remediate the vulnerability.Remotely connect to each workstation to remediate the vulnerability.Perform registry updates using a remote configuration tool.Apply the patch using a GPO.

213 Pete recently conferred with the organization's CISO, and the team is launching an initiative designed to combat the insider threat. They are particularly concerned about the theft of information by employees seeking to exceed their authorized access. Which one of the vulnerabilities in this report is of greatest concern given this priority?Vulnerability 2Vulnerability 3Vulnerability 4Vulnerability 5

214 Wanda recently discovered the vulnerability shown here on a Windows server in her organization. She is unable to apply the patch to the server for six weeks because of operational issues. What workaround would be most effective in limiting the likelihood that this vulnerability would be exploited?Restrict interactive logins to the system.Remove Microsoft Office from the server.Remove Internet Explorer from the server.Apply the security patch.

215 Garrett is configuring vulnerability scanning for a new web server that his organization is deploying on its DMZ network. The server hosts the company's public website. What type of scanning should Garrett configure for best results?Garrett should not perform scanning of DMZ systems.Garrett should perform external scanning only.Garrett should perform internal scanning only.Garrett should perform both internal and external scanning.

216 Frank recently ran a vulnerability scan and identified a POS terminal that contains an unpatchable vulnerability because of running an unsupported operating system. Frank consults with his manager and is told that the POS is being used with full knowledge of management and, as a compensating control, it has been placed on an isolated network with no access to other systems. Frank's manager tells him that the merchant bank is aware of the issue. How should Frank handle this situation?Document the vulnerability as an approved exception.Explain to his manager that PCI DSS does not permit the use of unsupported operating systems.Decommission the POS system immediately to avoid personal liability.Upgrade the operating system immediately.

217 James is configuring vulnerability scans of a dedicated network that his organization uses for processing credit card transactions. What types of scans are least important for James to include in his scanning program?Scans from a dedicated scanner on the card processing networkScans from an external scanner on his organization's networkScans from an external scanner operated by an approved scanning vendorAll three types of scans are equally important.

218 Helen performs a vulnerability scan of one of the internal LANs within her organization and finds a report of a web application vulnerability on a device. Upon investigation, she discovers that the device in question is a printer. What is the most likely scenario in this case?The printer is running an embedded web server.The report is a false positive result.The printer recently changed IP addresses.Helen inadvertently scanned the wrong network.

219 Joe discovered a critical vulnerability in his organization's database server and received permission from his supervisor to implement an emergency change after the close of business. He has eight hours before the planned change window. In addition to planning the technical aspects of the change, what else should Joe do to prepare for the change?Ensure that all stakeholders are informed of the planned outage.Document the change in his organization's change management system.Identify any potential risks associated with the change.All of the above.

220 Julian recently detected the vulnerability shown here on several servers in his environment. Because of the critical nature of the vulnerability, he would like to block all access to the affected service until it is resolved using a firewall rule. He verifies that the following TCP ports are open on the host firewall. Which one of the following does Julian not need to block to restrict access to this service?137139389445

221 Ted recently ran a vulnerability scan of his network and was overwhelmed with results. He would like to focus on the most important vulnerabilities. How should Ted reconfigure his vulnerability scanner?Increase the scan sensitivity.Decrease the scan sensitivity.Increase the scan frequency.Decrease the scan frequency.

222 After running a vulnerability scan, Janet discovered that several machines on her network are running Internet Explorer 8 and reported the vulnerability shown here. Which one of the following would not be a suitable replacement browser for these systems?Internet Explorer 11Google ChromeMozilla FirefoxMicrosoft Edge

223 Sunitha discovered the vulnerability shown here in an application developed by her organization. What application security technique is most likely to resolve this issue?Bounds checkingNetwork segmentationParameter handlingTag removal

224 Sherry runs a vulnerability scan and receives the high-level results shown here. Her priority is to remediate the most important vulnerabilities first. Which system should be her highest priority?ABCD

225 Victor is configuring a new vulnerability scanner. He set the scanner to run scans of his entire datacenter each evening. When he went to check the scan reports at the end of the week, he found that they were all incomplete. The scan reports noted the error “Scan terminated due to start of preempting job.” Victor has no funds remaining to invest in the vulnerability scanning system. He does want to cover the entire datacenter. What should he do to ensure that scans complete?Reduce the number of systems scanned.Increase the number of scanners.Upgrade the scanner hardware.Reduce the scanning frequency.

226 Vanessa ran a vulnerability scan of a server and received the results shown here. Her boss instructed her to prioritize remediation based on criticality. Which issue should she address first?Remove the POP server.Remove the FTP server.Upgrade the web server.Remove insecure cryptographic protocols.

227 Gil is configuring a scheduled vulnerability scan for his organization using the QualysGuard scanner. If he selects the Relaunch On Finish scheduling option shown here, what will be the result?The scan will run once each time the schedule occurs.The scan will run twice each time the schedule occurs.The scan will run twice the next time the schedule occurs and once on each subsequent schedule interval.The scan will run continuously until stopped.

228 Terry is reviewing a vulnerability scan of a Windows server and came across the vulnerability shown here. What is the risk presented by this vulnerability?An attacker may be able to execute a buffer overflow and execute arbitrary code on the server.An attacker may be able to conduct a denial-of-service attack against this server.An attacker may be able to determine the operating system version on this server.There is no direct vulnerability, but this information points to other possible vulnerabilities on the server.

229 Andrea recently discovered the vulnerability shown here on the workstation belonging to a system administrator in her organization. What is the major likely threat that should concern Andrea?An attacker could exploit this vulnerability to take control of the administrator's workstation.An attacker could exploit this vulnerability to gain access to servers managed by the administrator.An attacker could exploit this vulnerability to prevent the administrator from using the workstation.An attacker could exploit this vulnerability to decrypt sensitive information stored on the administrator's workstation.

230 Mateo completed the vulnerability scan of a server in his organization and discovered the results shown here. Which one of the following is not a critical remediation action dictated by these results?Remove obsolete software.Reconfigure the host firewall.Apply operating system patches.Apply application patches.

231 Tom's company is planning to begin a bring your own device (BYOD) policy for mobile devices. Which one of the following technologies allows the secure use of sensitive information on personally owned devices, including providing administrators with the ability to wipe corporate information from the device without affecting personal data?Remote wipeStrong passwordsBiometric authenticationContainerization

232 Sally discovered during a vulnerability scan that a system that she manages has a high-priority vulnerability that requires a patch. The system is behind a firewall and there is no imminent threat, but Sally wants to get the situation resolved as quickly as possible. What would be her best course of action?Initiate a high-priority change through her organization's change management process.Implement a fix immediately and then document the change after the fact.Implement a fix immediately and then inform her supervisor of her action and the rationale.Schedule a change for the next quarterly patch cycle.

233 Gene runs a vulnerability scan of his organization's datacenter and produces a summary report to share with his management team. The report includes the chart shown here. When Gene's manager reads the report, she points out that the report is burying important details because it is highlighting too many unimportant issues. What should Gene do to resolve this issue?Tell his manager that all vulnerabilities are important and should appear on the report.Create a revised version of the chart using Excel.Modify the sensitivity level of the scan.Stop sharing reports with the management team.

234 Avik recently conducted a PCI DSS vulnerability scan of a web server and noted a critical PHP vulnerability that required an upgrade to correct. She applied the update. How soon must Avik repeat the scan?Within 30 daysAt the next scheduled quarterly scanAt the next scheduled annual scanImmediately

235 Chandra's organization recently upgraded the firewall protecting the network where they process credit card information. This network is subject to the provisions of PCI DSS. When is Chandra required to schedule the next vulnerability scan of this network?ImmediatelyWithin one monthBefore the start of next monthBefore the end of the quarter following the upgrade

236 Fahad is concerned about the security of an industrial control system that his organization uses to monitor and manage systems in their factories. He would like to reduce the risk of an attacker penetrating this system. Which one of the following security controls would best mitigate the vulnerabilities in this type of system?Network segmentationInput validationMemory protectionRedundancy

237 Glenda routinely runs vulnerability scans of servers in her organization. She is having difficulty with one system administrator who refuses to correct vulnerabilities on a server used as a jump box by other IT staff. The server has had dozens of vulnerabilities for weeks and would require downtime to repair. One morning, her scan reports that all of the vulnerabilities suddenly disappeared overnight, while other systems in the same scan are reporting issues. She checks the service status dashboard, and the service appears to be running properly with no outages reported in the past week. What is the most likely cause of this result?The system administrator corrected the vulnerabilities.The server is down.The system administrator blocked the scanner.The scan did not run.

238 Raphael discovered during a vulnerability scan that an administrative interface to one of his storage systems was inadvertently exposed to the Internet. He is reviewing firewall logs and would like to determine whether any access attempts came from external sources. Which one of the following IP addresses reflects an external source?10.15.1.10012.8.1.100172.16.1.100192.168.1.100

239 Nick is configuring vulnerability scans for his network using a third-party vulnerability scanning service. He is attempting to scan a web server that he knows exposes a CIFS file share and contains several significant vulnerabilities. However, the scan results only show ports 80 and 443 as open. What is the most likely cause of these scan results?The CIFS file share is running on port 443.A firewall configuration is preventing the scan from succeeding.The scanner configuration is preventing the scan from succeeding.The CIFS file share is running on port 80.

240 Thomas learned this morning of a critical security flaw that affects a major service used by his organization and requires immediate patching. This flaw was the subject of news reports and is being actively exploited. Thomas has a patch and informed stakeholders of the issue and received permission to apply the patch during business hours. How should he handle the change management process?Thomas should apply the patch and then follow up with an emergency change request after work is complete.Thomas should initiate a standard change request but apply the patch before waiting for approval.Thomas should work through the standard change approval process and wait until it is complete to apply the patch.Thomas should file an emergency change request and wait until it is approved to apply the patch.

241 After running a vulnerability scan of systems in his organization's development shop, Mike discovers the issue shown here on several systems. What is the best solution to this vulnerability?Apply the required security patches to this framework.Remove this framework from the affected systems.Upgrade the operating system of the affected systems.No action is necessary.

242 Tran is preparing to conduct vulnerability scans against a set of workstations in his organization. He is particularly concerned about system configuration settings. Which one of the following scan types will give him the best results?Unauthenticated scanCredentialed scanExternal scanInternal scan

243 Brian is configuring a vulnerability scan of all servers in his organization's datacenter. He is configuring the scan to only detect the highest-severity vulnerabilities. He would like to empower system administrators to correct issues on their servers but also have some insight into the status of those remediations. Which approach would best serve Brian's interests?Give the administrators access to view the scans in the vulnerability scanning system.Send email alerts to administrators when the scans detect a new vulnerability on their servers.Configure the vulnerability scanner to open a trouble ticket when they detect a new vulnerability on a server.Configure the scanner to send reports to Brian who can notify administrators and track them in a spreadsheet.

244 Xiu Ying is configuring a new vulnerability scanner for use in her organization's datacenter. Which one of the following values is considered a best practice for the scanner's update frequency?DailyWeeklyMonthlyQuarterly

245 Ben was recently assigned by his manager to begin the remediation work on the most vulnerable server in his organization. A portion of the scan report appears here. What remediation action should Ben take first?Install patches for Adobe Flash.Install patches for Firefox.Run Windows Update.Remove obsolete software.

246 Tom is planning a series of vulnerability scans and wants to ensure that the organization is meeting its customer commitments with respect to the scans' performance impact. What two documents should Tom consult to find these obligations?SLAs and MOUsSLAs and DRPsDRPs and BIAsBIAs and MOUs

247 Zhang Wei is evaluating the success of his vulnerability management program and would like to include some metrics. Which one of the following would be the least useful metric?Time to resolve critical vulnerabilitiesNumber of open critical vulnerabilities over timeTotal number of vulnerabilities reportedNumber of systems containing critical vulnerabilities

248 Zhang Wei completed a vulnerability scan of his organization's virtualization platform from an external host and discovered the vulnerability shown here. How should he react?This is a critical issue that requires immediate adjustment of firewall rules.This issue has a very low severity and does not require remediation.This issue should be corrected as time permits.This is a critical issue, and Zhang Wei should shut down the platform until it is corrected.

249 Elliott runs a vulnerability scan of one of the servers belonging to his organization and finds the results shown here. Which one of these statements is not correct?This server requires one or more Linux patches.This server requires one or more Oracle database patches.This server requires one or more Firefox patches.This server requires one or more MySQL patches.

250 Donna is working with a system engineer who wants to remediate vulnerabilities in a server that he manages. Of the report templates shown here, which would be most useful to the engineer?Qualys Top 20 ReportPCI Technical ReportExecutive ReportTechnical Report

251 Abdul received the vulnerability report shown here for a server in his organization. The server runs a legacy application that cannot easily be updated. What risks does this vulnerability present?Unauthorized access to files stored on the serverTheft of credentialsEavesdropping on communicationsAll of the above

252 Tom runs a vulnerability scan of the file server shown here.He receives the vulnerability report shown next. Assuming that the firewall is configured properly, what action should Tom take immediately?Block RDP access to this server from all hosts.Review and secure server accounts.Upgrade encryption on the server.No action is required.

253 Dave is running a vulnerability scan of a client's network for the first time. The client has never run such a scan and expects to find many results. What security control is likely to remediate the largest portion of the vulnerabilities discovered in Dave's scan?Input validationPatchingIntrusion prevention systemsEncryption

254 Kai is planning to patch a production system to correct a vulnerability detected during a scan. What process should she follow to correct the vulnerability but minimize the risk of a system failure?Kai should deploy the patch immediately on the production system.Kai should wait 60 days to deploy the patch to determine whether bugs are reported.Kai should deploy the patch in a sandbox environment to test it prior to applying it in production.Kai should contact the vendor to determine a safe timeframe for deploying the patch in production.

255 William is preparing a legal agreement for his organization to purchase services from a vendor. He would like to document the requirements for system availability, including the vendor's allowable downtime for patching. What type of agreement should William use to incorporate this requirement?MOUSLABPABIA

256 Given no other information, which one of the following vulnerabilities would you consider the greatest threat to information confidentiality?HTTP TRACE/TRACK methods enabledSSL Server with SSL v3 enabled vulnerabilityphpinfo information disclosure vulnerabilityWeb application SQL injection vulnerability

257 Which one of the following mobile device strategies is most likely to result in the introduction of vulnerable devices to a network?COPETLSBYODMDM

258 Sophia discovered the vulnerability shown here on one of the servers running in her organization. What action should she take?Decommission this server.Run Windows Update to apply security patches.Require strong encryption for access to this server.No action is required.

259 Ling recently completed the security analysis of a web browser deployed on systems in her organization and discovered that it is susceptible to a zero-day integer overflow attack. Who is in the best position to remediate this vulnerability in a manner that allows continued use of the browser?LingThe browser developerThe network administratorThe domain administrator

260 Jeff's team is preparing to deploy a new database service, and he runs a vulnerability scan of the test environment. This scan results in the four vulnerability reports shown here. Jeff is primarily concerned with correcting issues that may lead to a confidentiality breach. Which vulnerability should Jeff remediate first?Rational ClearCase Portscan Denial of Service vulnerabilityNon-Zero Padding Bytes Observed in Ethernet PacketsOracle Database TNS Listener Poison Attack vulnerabilityHidden RPC Services

261 Eric is a security consultant and is trying to sell his services to a new client. He would like to run a vulnerability scan of their network prior to their initial meeting to show the client the need for added security. What is the most significant problem with this approach?Eric does not know the client's infrastructure design.Eric does not have permission to perform the scan.Eric does not know what operating systems and applications are in use.Eric does not know the IP range of the client's systems.

262 Renee is assessing the exposure of her organization to the denial-of-service vulnerability in the scan report shown here. She is specifically interested in determining whether an external attacker would be able to exploit the denial-of-service vulnerability. Which one of the following sources of information would provide her with the best information to complete this assessment?Server logsFirewall rulesIDS configurationDLP configuration

263 Mary is trying to determine what systems in her organization should be subject to vulnerability scanning. She would like to base this decision on the criticality of the system to business operations. Where should Mary turn to best find this information?The CEOSystem namesIP addressesAsset inventory

264 Paul ran a vulnerability scan of his vulnerability scanner and received the result shown here. What is the simplest fix to this issue?Upgrade Nessus.Remove guest accounts.Implement TLS encryption.Renew the server certificate.

265 Kamea is designing a vulnerability management system for her organization. Her highest priority is conserving network bandwidth. She does not have the ability to alter the configuration or applications installed on target systems. What solution would work best in Kamea's environment to provide vulnerability reports?Agent-based scanningServer-based scanningPassive network monitoringPort scanning

266 Aki is conducting a vulnerability scan when he receives a report that the scan is slowing down the network for other users. He looks at the performance configuration settings shown here. Which setting would be most likely to correct the issue?Enable safe checks.Stop scanning hosts that become unresponsive during the scan.Scan IP addresses in random order.Max simultaneous hosts per scan.

267 Laura received a vendor security bulletin that describes a zero-day vulnerability in her organization's main database server. This server is on a private network but is used by publicly accessible web applications. The vulnerability allows the decryption of administrative connections to the server. What reasonable action can Laura take to address this issue as quickly as possible?Apply a vendor patch that resolves the issue.Disable all administrative access to the database server.Require VPN access for remote connections to the database server.Verify that the web applications use strong encryption.

268 Emily discovered the vulnerability shown here on a server running in her organization. What is the most likely underlying cause for this vulnerability?Failure to perform input validationFailure to use strong passwordsFailure to encrypt communicationsFailure to install antimalware software

269 Raul is replacing his organization's existing vulnerability scanner with a new product that will fulfill that functionality moving forward. As Raul begins to build the policy, he notices some conflicts in the scanning settings between different documents. Which one of the following document sources should Raul give the highest priority when resolving these conflicts?NIST guidance documentsVendor best practicesCorporate policyConfiguration settings from the prior system

270 Rex recently ran a vulnerability scan of his organization's network and received the results shown here. He would like to remediate the server with the highest number of the most serious vulnerabilities first. Which one of the following servers should be on his highest priority list?10.0.102.5810.0.16.5810.0.46.11610.0.69.232

271 Abella is configuring a vulnerability scanning tool. She recently learned about a privilege escalation vulnerability that requires the user already have local access to the system. She would like to ensure that her scanners are able to detect this vulnerability as well as future similar vulnerabilities. What action can she take that would best improve the scanner's ability to detect this type of issue?Enable credentialed scanning.Run a manual vulnerability feed update.Increase scanning frequency.Change the organization's risk appetite.

272 Kylie reviewed the vulnerability scan report for a web server and found that it has multiple SQL injection and cross-site scripting vulnerabilities. What would be the least difficult way for Kylie to address these issues?Install a web application firewall.Recode the web application to include input validation.Apply security patches to the server operating system.Apply security patches to the web server service.

273 Pietro is responsible for distributing vulnerability scan reports to system engineers who will remediate the vulnerabilities. What would be the most effective and secure way for Pietro to distribute the reports?Pietro should configure the reports to generate automatically and provide immediate, automated notification to administrators of the results.Pietro should run the reports manually and send automated notifications after he reviews them for security purposes.Pietro should run the reports on an automated basis and then manually notify administrators of the results after he reviews them.Pietro should run the reports manually and then manually notify administrators of the results after he reviews them.

274 Karen ran a vulnerability scan of a web server used on her organization's internal network. She received the report shown here. What circumstances would lead Karen to dismiss this vulnerability as a false positive?The server is running SSL v2.The server is running SSL v3.The server is for internal use only.The server does not contain sensitive information.

275 Which one of the following vulnerabilities is the most difficult to confirm with an external vulnerability scan?Cross-site scriptingCross-site request forgeryBlind SQL injectionUnpatched web server

276 Ann would like to improve her organization's ability to detect and remediate security vulnerabilities by adopting a continuous monitoring approach. Which one of the following is not a characteristic of a continuous monitoring program?Analyzing and reporting findingsConducting forensic investigations when a vulnerability is exploitedMitigating the risk associated with findingsTransferring the risk associated with a finding to a third party

277 Holly ran a scan of a server in her datacenter and the most serious result was the vulnerability shown here. What action is most commonly taken to remediate this vulnerability?Remove the file from the server.Edit the file to limit information disclosure.Password protect the file.Limit file access to a specific IP range.

278 Nitesh would like to identify any systems on his network that are not registered with his asset management system because he is concerned that they might not be remediated to his organization's current security configuration baseline. He looks at the reporting console of his vulnerability scanner and sees the options shown here. Which of the following report types would be his best likely starting point?Technical ReportHigh Severity ReportQualys Patch ReportUnknown Device Report

279 What strategy can be used to immediately report configuration changes to a vulnerability scanner?Scheduled scansContinuous monitoringAutomated remediationAutomatic updates

280 During a recent vulnerability scan, Mark discovered a flaw in an internal web application that allows cross-site scripting attacks. He spoke with the manager of the team responsible for that application and was informed that he discovered a known vulnerability and the manager worked with other leaders and determined that the risk is acceptable and does not require remediation. What should Mark do?Object to the manager's approach and insist on remediation.Mark the vulnerability as a false positive.Schedule the vulnerability for remediation in six months.Mark the vulnerability as an exception.

281 Jacquelyn recently read about a new vulnerability in Apache web servers that allows attackers to execute arbitrary code from a remote location. She verified that her servers have this vulnerability, but this morning's vulnerability scan report shows that the servers are secure. She contacted the vendor and determined that they have released a signature for this vulnerability and it is working properly at other clients. What action can Jacquelyn take that will most likely address the problem efficiently?Add the web servers to the scan.Reboot the vulnerability scanner.Update the vulnerability feed.Wait until tomorrow's scan.

282 Vincent is a security manager for a U.S. federal government agency subject to FISMA. Which one of the following is not a requirement that he must follow for his vulnerability scans to maintain FISMA compliance?Run complete scans on at least a monthly basis.Use tools that facilitate interoperability and automation.Remediate legitimate vulnerabilities.Share information from the vulnerability scanning process.

283 Sharon is designing a new vulnerability scanning system for her organization. She must scan a network that contains hundreds of unmanaged hosts. Which of the following techniques would be most effective at detecting system configuration issues in her environment?Agent-based scanningCredentialed scanningServer-based scanningPassive network monitoringUse the following scenario to answer questions 284–286.Arlene ran a vulnerability scan of a VPN server used by contractors and employees to gain access to her organization's network. An external scan of the server found the vulnerability shown here.

284 Which one of the following hash algorithms would not trigger this vulnerability?MD4MD5SHA-1SHA-256

285 What is the most likely result of failing to correct this vulnerability?All users will be able to access the site.All users will be able to access the site, but some may see an error message.Some users will be unable to access the site.All users will be unable to access the site.

286 How can Arlene correct this vulnerability?Reconfigure the VPN server to only use secure hash functions.Request a new certificate.Change the domain name of the server.Implement an intrusion prevention system.

287 After reviewing the results of a vulnerability scan, Bruce discovered that many of the servers in his organization are susceptible to a brute-force SSH attack. He would like to determine what external hosts attempted SSH connections to his servers and is reviewing firewall logs. What TCP port would relevant traffic most likely use?2263614331521

288 Joaquin runs a vulnerability scan of the network devices in his organization and sees the vulnerability report shown here for one of those devices. What action should he take?No action is necessary because this is an informational report.Upgrade the version of the certificate.Replace the certificate.Verify that the correct ciphers are being used.

289 Lori is studying vulnerability scanning as she prepares for the CySA+ exam. Which of the following is not one of the principles she should observe when preparing for the exam to avoid causing issues for her organization?Run only nondangerous scans on production systems to avoid disrupting a production service.Run scans in a quiet manner without alerting other IT staff to the scans or their results to minimize the impact of false information.Limit the bandwidth consumed by scans to avoid overwhelming an active network link.Run scans outside of periods of critical activity to avoid disrupting the business.

290 Meredith is configuring a vulnerability scan and would like to configure the scanner to perform credentialed scans. Of the menu options shown here, which will allow her to directly configure this capability?Manage Discovery ScansConfigure Scan SettingsConfigure Search ListsSet Up Host Authentication

291 Norman is working with his manager to implement a vulnerability management program for his company. His manager tells him that he should focus on remediating critical and high-severity risks and that the organization does not want to spend time worrying about risks rated medium or lower. What type of criteria is Norman's manager using to make this decision?Risk appetiteFalse positiveFalse negativeData classification

292 After running a vulnerability scan against his organization's VPN server, Luis discovered the vulnerability shown here. What type of cryptographic situation does a birthday attack leverage?Unsecured keyMeet-in-the-middleMan-in-the-middleCollision

293 Meredith recently ran a vulnerability scan on her organization's accounting network segment and found the vulnerability shown here on several workstations. What would be the most effective way for Meredith to resolve this vulnerability?Remove Flash Player from the workstations.Apply the security patches described in the Adobe bulletin.Configure the network firewall to block unsolicited inbound access to these workstations.Install an intrusion detection system on the network.

294 Nabil is the vulnerability manager for his organization and is responsible for tracking vulnerability remediation. There is a critical vulnerability in a network device that Nabil has handed off to the device's administrator, but it has not been resolved after repeated reminders to the engineer. What should Nabil do next?Threaten the engineer with disciplinary action.Correct the vulnerability himself.Mark the vulnerability as an exception.Escalate the issue to the network administrator's manager.

295 Sara's organization has a well-managed test environment. What is the most likely issue that Sara will face when attempting to evaluate the impact of a vulnerability remediation by first deploying it in the test environment?Test systems are not available for all production systems.Production systems require a different type of patch than test systems.Significant configuration differences exist between test and production systems.Test systems are running different operating systems than production systems.

296 How many vulnerabilities listed in the report shown here are significant enough to warrant immediate remediation in a typical operating environment?221450

297 Maria discovered an operating system vulnerability on a system on her network. After tracing the IP address, she discovered that the vulnerability is on a proprietary search appliance installed on her network. She consulted with the responsible engineer who informed her that he has no access to the underlying operating system. What is the best course of action for Maria?Contact the vendor to obtain a patch.Try to gain access to the underlying operating system and install the patch.Mark the vulnerability as a false positive.Wait 30 days and rerun the scan to see whether the vendor corrected the vulnerability.

298 Which one of the following types of data is subject to regulations in the United States that specify the minimum frequency of vulnerability scanning?Driver's license numbersInsurance recordsCredit card dataMedical records

299 Chang is responsible for managing his organization's vulnerability scanning program. He is experiencing issues with scans aborting because the previous day's scans are still running when the scanner attempts to start the current day's scans. Which one of the following solutions is least likely to resolve Chang's issue?Add a new scanner.Reduce the scope of the scans.Reduce the sensitivity of the scans.Reduce the frequency of the scans.

300 Trevor is working with an application team on the remediation of a critical SQL injection vulnerability in a public-facing service. The team is concerned that deploying the fix will require several hours of downtime and that will block customer transactions from completing. What is the most reasonable course of action for Trevor to suggest?Wait until the next scheduled maintenance window.Demand that the vulnerability be remediated immediately.Schedule an emergency maintenance for an off-peak time later in the day.Convene a working group to assess the situation.

301 While conducting a vulnerability scan of his organization's datacenter, Annika discovers that the management interface for the organization's virtualization platform is exposed to the scanner. In typical operating circumstances, what is the proper exposure for this interface?InternetInternal networksNo exposureManagement network

302 Bhanu is scheduling vulnerability scans for her organization's datacenter. Which one of the following is a best practice that Bhanu should follow when scheduling scans?Schedule scans so that they are spread evenly throughout the day.Schedule scans so that they run during periods of low activity.Schedule scans so that they all begin at the same time.Schedule scans so that they run during periods of peak activity to simulate performance under load.

303 Kevin is concerned that an employee of his organization might fall victim to a phishing attack and wishes to redesign his social engineering awareness program. What type of threat is he most directly addressing?Nation-stateHacktivistUnintentional insiderIntentional insider

304 Alan recently reviewed a vulnerability report and determined that an insecure direct object reference vulnerability existed on the system. He implemented a remediation to correct the vulnerability. After doing so, he verifies that his actions correctly mitigated the vulnerability. What term best describes the initial vulnerability report?True positiveTrue negativeFalse positiveFalse negative

305 Gwen is reviewing a vulnerability report and discovers that an internal system contains a serious flaw. After reviewing the issue with her manager, they decide that the system is sufficiently isolated and they will take no further action. What risk management strategy are they adopting?Risk avoidanceRisk mitigationRisk transferenceRisk acceptance

306 Thomas discovers a vulnerability in a web application that is part of a proprietary system developed by a third-party vendor and he does not have access to the source code. Which one of the following actions can he take to mitigate the vulnerability without involving the vendor?Apply a patchUpdate the source codeDeploy a web application firewallConduct dynamic testing

307 Kira is using the aircrack-ng tool to perform an assessment of her organization’s security. She ran a scan and is now reviewing the results. Which one of the following issues is she most likely to detect with this tool?Insecure WPA keySQL injection vulnerabilityCross-site scripting vulnerabilityMan-in-the-middle attack

308 Walt is designing his organization’s vulnerability management program and is working to identify potential inhibitors to vulnerability remediation. He has heard concern from functional leaders that remediating vulnerabilities will impact the ability of a new system to fulfill user requests. Which one of the following inhibitors does not apply to this situation?Degrading functionalityOrganizational governanceLegacy systemsBusiness process interruption