ACTUAL Exam Questions and CORRECT
Answers
Any changes in behavior or deviation from baselines that result in an alert is an activity that's
part of: - CORRECT ANSWER - Continuous monitoring
Because virtual machines run separately from the physical host operating system, and they are
commonly leveraged for sandbox testing, security measures such as disabling unnecessary
services, and applying updates, are not applicable. - CORRECT ANSWER - False
Which of the following is NOT a best practice for securing wireless environments? - CORRECT
ANSWER - Broadcasting the access point SSID using proper network name only
Which of the following is an example of restricting access to files based on the identity of the
user or group? - CORRECT ANSWER - Discretionary Access Control
Which of the following is a common environmental reconnaissance task that is performed to help
gain insight on how an organization's networked systems are connected, or mapping the
network? - CORRECT ANSWER - Topology discovery
For most efficient logging activities and analysis, it is a best practice to only log and monitor
incoming firewall traffic. - CORRECT ANSWER - False
Social engineering attacks attempt to convince a person to unwittingly take some action which
will help an attacker. - CORRECT ANSWER - True
If you were setting up an IDS with the desire to detect exploits for unknown or unreleased
vulnerabilities which type of IDS would you use? - CORRECT ANSWER - Anomaly
detection
, The 20 critical security controls developed by the Center for Internet Security, also known as the
SANS Top 20, are constructed using a combination of information learned from: - CORRECT
ANSWER - Known attacks, effective defenses, industry experts
Which of the following vulnerability scan methods uses push technology and is dependent on
network connectivity? - CORRECT ANSWER - Server-based
The federal version of certification and accreditation guidance that applies to departments and
agencies within the Department of Defense is: - CORRECT ANSWER - DIACAP
Which of the following assessment types is performed with the penetration testers having zero
insight into the target organization's network topology, and the organization's security team is
unaware a penetration test is occurring? - CORRECT ANSWER - Black box
The Open Web Application Security Project publishes the OWASP Top 10, which summarizes
feedback from the community in order to compile the Top 10 application vulnerabilities,
including the associated risks, impacts, and mitigations for each. What is the main reason a
developer wouldn't solely rely on this guidance? - CORRECT ANSWER - An
organization's prioritized threat may not be within the top 10
Which security mechanism can social engineering help bypass? - CORRECT ANSWER -
All of the above
Which of the following is a potential consequence of not limiting or protecting communications
during an incident? - CORRECT ANSWER - All of the above
The requirements identified for a vulnerability management process many times drive the
vulnerability scanning frequency. - CORRECT ANSWER - True
Which one of the following can be managed through group policies (GPO)? - CORRECT
ANSWER - All of the above