Exam (elaborations)
sec+ prac exam #6 JD questions well answered to pass
- Course
- Institution
sec+ prac exam #6 JD questions well answered to pass
[Show more]
Seller
Follow
BukayoSaka120
Reviews received
Content preview
sec+ prac exam #6 JDDion Training wants to implement a technology within their corporate network to BEST mitigate the risk
that a zero-day virus might infect their workstations. Which of the following should be implemented
FIRST?
Application whitelisting
Host-based firewall
Anti-malware solution
Intrusion detection system - correct answer ✔✔Application whitelisting
Raj is working to deploy a new vulnerability scanner for an organization. He wants to verify the
information he gets is the most accurate view of the configurations on the organization's traveling
salespeople's laptops to determine if any configuration issues could lead to new vulnerabilities. Which of
the following technologies would work BEST to collect the configuration information in this situation?
Passive network monitoring
Server-based scanning
Non-credentialed scanning
Agent-based scanning - correct answer ✔✔Agent-based scanning
An analyst is reviewing the configuration of a triple-homed firewall that connects to the internet, a
private network, and one other network. Which of the following would best describe the third network
connected to this firewall?
Subnet
NIDS
DMZ
GPO - correct answer ✔✔DMZ
Taylor needs to sanitize hard drives from some leased workstations that are being returned to a supplier
at the end of the lease period. The workstations' hard drives contained sensitive corporate data. Which is
the most appropriate choice to ensure that data exposure doesn't occur during this process?
,Clear, validate, and document the sanitization of the drives
Clear the drives
The drives must be destroyed to ensure no data loss
Purge, validate, and document the sanitization of the drives - correct answer ✔✔Purge, validate, and
document the sanitization of the drives
Which type of agreement between companies and employees is used as a legal basis for protecting
information assets?
NDA
ISA
MOU
SLA - correct answer ✔✔NDA
Which of the protocols listed is NOT likely to be a trigger for a vulnerability scan alert when it is used to
support a virtual private network (VPN)?
SSLv2
SSLv3
IPSec
PPTP - correct answer ✔✔IPSec
You work as the incident response team lead at Fail to Pass Systems. Sierra, a system administrator,
believes an incident has occurred on the network and contacts the SOC. At 2:30 am, you are woken up
by a phone call from the CEO of Fail to Pass stating an incident has occurred and that you need to solve
this immediately. As you are getting dressed to drive into the office, your phone rings again. This time, it
is the CIO who starts asking you a lot of technical questions about the incident. The first you heard of this
incident was 5 minutes ago from the CEO, so you obviously don't have the answers to the CIO's
questions. Based on this scenario, which of the following issues needs to be documented in your lessons
learned report once this incident is resolved?
, A robust method of incident detection
An established incident response form for all employees to use to collect data
A call list/escalation list - correct answer ✔✔A call list/escalation list
What is a legal contract outlining the confidential material or information that will be shared by the
pentester and the organization during an assessment?
SOW
NDA
MSA
Corporate Policy - correct answer ✔✔NDA
You are working as part of a penetration testing team during an assessment of Dion Training's
headquarters. Your boss has requested that you search the recycle bins of the company for any
information that might be valuable during the reconnaissance phase of your attack. What type of social
engineering method are you performing?
Impersonation
Phishing
Whaling
Dumpster diving - correct answer ✔✔Dumpster diving
Which type of system would classify traffic as malicious or benign based on explicitly defined examples
of malicious and benign traffic?
Deep leaning
Generative adversarial network
Artificial intelligence
Machine learning - correct answer ✔✔Machine learning
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through EFT, credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying this summary from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller BukayoSaka120. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy this summary for R337,04. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
76799 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy summaries for 14 years now