Question 1

During an endpoint security audit, you are tasked with identifying potential risks associated with Portable Executable (PE) files. Which of the following scenarios highlights a critical security risk posed by malicious PE files?

Options :

A : PE files can execute scripts written in languages like Python or JavaScript.

B : PE files can load dynamic link libraries (DLLs) from untrusted locations, enabling DLL hijacking.

C : PE files automatically delete themselves after execution to evade forensic analysis.

D : PE files can overwrite BIOS firmware, permanently disabling the system.

Answer: B

Question 2

A company employs a signature-based Intrusion Prevention System (IPS) as its primary defense mechanism. Recently, the network was compromised by a zero-day attack. Which of the following statements correctly describe the limitations of the signature-based system in this context? (Choose two)

Options :

A : The system is optimized to identify behavioral anomalies in network traffic.

B : The system relies heavily on heuristic analysis to identify unknown malware.

C : The system lacks the ability to identify polymorphic malware.

D : The system provides effective protection against advanced persistent threats (APTs).

E : The system cannot detect new threats without predefined signatures.

Answer: C,E

Question 3

In the context of the AAA framework, which of the following best illustrates the accounting component’s functionality?

Options :

A : Granting users access to specific network segments based on predefined policies.

B : Providing users with access tokens to securely verify their identity on the network.

C : Ensuring that user credentials are encrypted during the authentication process.

D : Keeping a detailed log of a user’s login time, duration of access, and resources utilized during their session.

Answer: D

Question 4

What are two capabilities of identity threat detection and response (ITDR)? (Choose two.)

Options :

A : Securing individual devices

B : Matching risks to signatures

C : Scanning for excessive logins

D : Analyzing access management logs

Answer: C,D

Question 5

A medium-sized enterprise is experiencing an unusual spike in malware alerts across their endpoints. The security team is tasked with responding swiftly to prevent the spread of malware. They are debating whether to use incident response (IR) tools or engage a Managed Detection and Response (MDR) service. Which of the following is the most appropriate course of action, given the scenario?

Options :

A : Engage an MDR provider to immediately take over threat hunting and containment.

B : Rely on antivirus software to mitigate the threat while the team gathers information.

C : Use the organization-s SIEM to generate detailed reports for further analysis.

D : Deploy an IR tool to isolate affected endpoints and conduct forensic analysis.

Answer: A

Free Cybersecurity-Practitioner Mock Exam – Practice Online Confidently

Buying Options: