ILLINOIS SECURITY CONTRACTOR LICENSING
ACTUAL EXAM AND PRACTICE TESTS NEWEST
WITH COMPLETE QUESTIONS AND CORRECT
DETAILED ANSWERS| BRAND NEW VERSION!
Which of the following is a reason why a forensic specialist would create a plan to
preserve data after an incident and prioritize the sequence for performing forensic
analysis?
A. Order of volatility
B. Preservation of event logs
C. Chain of custody
D. Compliance with legal hold
B. Preservation of event logs
In which of the following scenarios is tokenization the best privacy technique to use?
A. Providing pseudo-anonymization for social media user accounts
B. Serving as a second factor for authentication requests
C. Enabling established customers to safely store credit card information
D. Masking personal information inside databases by segmenting data
Reveal Solution
C. Enabling established customers to safely store credit card information
A new vulnerability enables a type of malware that allows the unauthorized movement
of data from a system. Which of the following would detect this behavior?
A. Implementing encryption
B. Monitoring outbound traffic
C. Using default settings
D. Closing all open ports
B. Monitoring outbound traffic
A systems administrator is auditing all company servers to ensure they meet the
minimum security baseline. While auditing a Linux server, the systems administrator
observes the /etc/shadow file has permissions beyond the baseline recommendation.
Which of the following commands should the systems administrator use to resolve this
issue?
A. chmod
B. grep
C. dd
D. passwd
Reveal Solution
A. chmod
A security team received the following requirements for a new BYOD program that will
allow employees to use personal smartphones to access business email:• Sensitive
customer data must be safeguarded.• Documents from managed sources should not be
opened in unmanaged destinations.• Sharing of managed documents must be
disabled.• Employees should not be able to download emailed images to their devices.•
Personal photos and contact lists must be kept private.• IT must be able to remove data
from lost/stolen devices or when an employee no longer works for the company.Which
1|Page
,of the following are the best features to enable to meet these requirements? (Choose
two.)
A. Remote wipe
B. VPN connection
C. Biometric authentication
D. Device location tracking
E. Geofencing
F. Application approve list
G. Containerization
A, G
Which of the following security controls is used to isolate a section of the network and
its externally available resources from the internal corporate network in order to reduce
the number of possible attacks?
A. Faraday cages
B. Air gap
C. Vaulting
D. Proximity readers
B. Air gap
A security analyst is responding to a malware incident at a company. The malware
connects to a command-and-control server on the internet in order to function. Which of
the following should the security analyst implement first?
A. Network segmentation
B. IP-based firewall rules
C. Mobile device management
D. Content filler
B. IP-based firewall rules
A company wants to begin taking online orders for products but has decided to
outsource payment processing to limit risk. Which of the following best describes what
the company should request from the payment processor?
A. ISO 27001 certification documents
B. Proof of PCI DSS compliance
C. A third-party SOC 2 Type 2 report
D. Audited GDPR policies
B. Proof of PCI DSS compliance
An employee in the accounting department receives an email containing a demand for
payment for services performed by a vendor. However, the vendor is not in the vendor
management database. Which of the following is this scenario an example of?
A. Pretexting
B. Impersonation
C. Ransomware
D. Invoice scam
D. Invoice scam
A company has had several malware incidents that have been traced back to users
accessing personal SaaS applications on the internet from the company network. The
company has a policy that states users can only access business-related cloud
applications from within the company network. Which of the following technical solutions
2|Page
,should be used to enforce the policy?
A. Implement single sign-on using an identity provider
B. Leverage a cloud access security broker.
C. Configure cloud security groups
D. Install a virtual private cloud endpoint
B. Leverage a cloud access security broker.
A security analyst is reviewing an IDS alert and sees the
following:C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe -noP -exe
byPass -nonI -wind hidden -no1 -c dir;findstr /s maldinuv %USERPROFILE%\\*.lnk >
%USERPROFILE%\Documents\iijlqe.ps1;%USERPROFILE%\Documents\iijlqe.psi;exit
Which of the following triggered the IDS alert?
A. Bluesnarfing attack
B. URL redirection attack
C. Fileless malware execution
D. Macro-based denial of service
C. Fileless malware execution
A company wants to implement MFA> Which of the following enables the additional
factor while using a smart card?
A. PIN
B. Hardware token
C. User ID
D. SMS
A. PIN
A server administrator is reporting performance issues when accessing all internal
resources. Upon further investigation, the security team notices the following:• A user's
endpoint has been compromised and is broadcasting its MAC as the default gateway's
MAC throughout the LAN.• Traffic to and from that endpoint is significantly greater than
all other similar endpoints on the LAN.• Network ports on the LAN are not properly
configured.• Wired traffic is not being encrypted properly.Which of the following attacks
is most likely occurring?
A. DDoS
B. MAC flooding
C. ARP poisoning
D. DHCP snooping
C. ARP poisoning
A security analyst is reviewing the following system command history on a computer
that was recently utilized in a larger attack on the corporate infrastructure:
C:\sysadmin>whoami
domain\localuser
C:\sysadmin>psexec.exe -s cmd
PsExec v2.0 - Execute processes remotely
Microsoft Windows [Version 10]
C:\Windows\system32>whoami
3|Page
, nt authority\system
Which of the following best describes what the analyst has discovered?
A. A successful privilege escalation attack by a local user
B. A user determining what level of permissions the user has
C. A systems administrator performing routine maintenance
D. An attempt to utilize living-off-the-land binaries
A. A successful privilege escalation attack by a local user
During a forensic investigation, an analyst uses software to create a checksum of the
affected subject's email file. Which of the following is the analyst practicing?
A. Chain of custody
B. Data recovery
C. Non-repudiation
D. Integrity
D. Integrity
A software company has a shared codebase for multiple projects using the following
strategy:
• Unused features are deactivated but still present on the code.
• New customer requirements trigger additional development work.
Which of the following will most likely occur when the company uses this strategy?
A. Malicious code
B. Dead code
C. Outsourced code
D. Code obfuscation
B. Dead code
A security audit of an organization revealed that most of the IT staff members have
domain administrator credentials and do not change the passwords regularly. Which of
the following solutions should the security team propose to resolve the findings in the
most complete way?
A. Creating group policies to enforce password rotation on domain administrator
credentials
B. Reviewing the domain administrator group, removing all unnecessary administrators,
and rotating all passwords
C. Integrating the domain administrator's group with an IdP and requiring SSO with MFA
for all access
D. Securing domain administrator credentials in a PAM vault and controlling access with
role-based access contro
B. Reviewing the domain administrator group, removing all unnecessary administrators,
and rotating all passwords
Which of the following best describes a threat actor who is attempting to use commands
found on a public code repository?
A. Script kiddie
B. State actor
4|Page
ACTUAL EXAM AND PRACTICE TESTS NEWEST
WITH COMPLETE QUESTIONS AND CORRECT
DETAILED ANSWERS| BRAND NEW VERSION!
Which of the following is a reason why a forensic specialist would create a plan to
preserve data after an incident and prioritize the sequence for performing forensic
analysis?
A. Order of volatility
B. Preservation of event logs
C. Chain of custody
D. Compliance with legal hold
B. Preservation of event logs
In which of the following scenarios is tokenization the best privacy technique to use?
A. Providing pseudo-anonymization for social media user accounts
B. Serving as a second factor for authentication requests
C. Enabling established customers to safely store credit card information
D. Masking personal information inside databases by segmenting data
Reveal Solution
C. Enabling established customers to safely store credit card information
A new vulnerability enables a type of malware that allows the unauthorized movement
of data from a system. Which of the following would detect this behavior?
A. Implementing encryption
B. Monitoring outbound traffic
C. Using default settings
D. Closing all open ports
B. Monitoring outbound traffic
A systems administrator is auditing all company servers to ensure they meet the
minimum security baseline. While auditing a Linux server, the systems administrator
observes the /etc/shadow file has permissions beyond the baseline recommendation.
Which of the following commands should the systems administrator use to resolve this
issue?
A. chmod
B. grep
C. dd
D. passwd
Reveal Solution
A. chmod
A security team received the following requirements for a new BYOD program that will
allow employees to use personal smartphones to access business email:• Sensitive
customer data must be safeguarded.• Documents from managed sources should not be
opened in unmanaged destinations.• Sharing of managed documents must be
disabled.• Employees should not be able to download emailed images to their devices.•
Personal photos and contact lists must be kept private.• IT must be able to remove data
from lost/stolen devices or when an employee no longer works for the company.Which
1|Page
,of the following are the best features to enable to meet these requirements? (Choose
two.)
A. Remote wipe
B. VPN connection
C. Biometric authentication
D. Device location tracking
E. Geofencing
F. Application approve list
G. Containerization
A, G
Which of the following security controls is used to isolate a section of the network and
its externally available resources from the internal corporate network in order to reduce
the number of possible attacks?
A. Faraday cages
B. Air gap
C. Vaulting
D. Proximity readers
B. Air gap
A security analyst is responding to a malware incident at a company. The malware
connects to a command-and-control server on the internet in order to function. Which of
the following should the security analyst implement first?
A. Network segmentation
B. IP-based firewall rules
C. Mobile device management
D. Content filler
B. IP-based firewall rules
A company wants to begin taking online orders for products but has decided to
outsource payment processing to limit risk. Which of the following best describes what
the company should request from the payment processor?
A. ISO 27001 certification documents
B. Proof of PCI DSS compliance
C. A third-party SOC 2 Type 2 report
D. Audited GDPR policies
B. Proof of PCI DSS compliance
An employee in the accounting department receives an email containing a demand for
payment for services performed by a vendor. However, the vendor is not in the vendor
management database. Which of the following is this scenario an example of?
A. Pretexting
B. Impersonation
C. Ransomware
D. Invoice scam
D. Invoice scam
A company has had several malware incidents that have been traced back to users
accessing personal SaaS applications on the internet from the company network. The
company has a policy that states users can only access business-related cloud
applications from within the company network. Which of the following technical solutions
2|Page
,should be used to enforce the policy?
A. Implement single sign-on using an identity provider
B. Leverage a cloud access security broker.
C. Configure cloud security groups
D. Install a virtual private cloud endpoint
B. Leverage a cloud access security broker.
A security analyst is reviewing an IDS alert and sees the
following:C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe -noP -exe
byPass -nonI -wind hidden -no1 -c dir;findstr /s maldinuv %USERPROFILE%\\*.lnk >
%USERPROFILE%\Documents\iijlqe.ps1;%USERPROFILE%\Documents\iijlqe.psi;exit
Which of the following triggered the IDS alert?
A. Bluesnarfing attack
B. URL redirection attack
C. Fileless malware execution
D. Macro-based denial of service
C. Fileless malware execution
A company wants to implement MFA> Which of the following enables the additional
factor while using a smart card?
A. PIN
B. Hardware token
C. User ID
D. SMS
A. PIN
A server administrator is reporting performance issues when accessing all internal
resources. Upon further investigation, the security team notices the following:• A user's
endpoint has been compromised and is broadcasting its MAC as the default gateway's
MAC throughout the LAN.• Traffic to and from that endpoint is significantly greater than
all other similar endpoints on the LAN.• Network ports on the LAN are not properly
configured.• Wired traffic is not being encrypted properly.Which of the following attacks
is most likely occurring?
A. DDoS
B. MAC flooding
C. ARP poisoning
D. DHCP snooping
C. ARP poisoning
A security analyst is reviewing the following system command history on a computer
that was recently utilized in a larger attack on the corporate infrastructure:
C:\sysadmin>whoami
domain\localuser
C:\sysadmin>psexec.exe -s cmd
PsExec v2.0 - Execute processes remotely
Microsoft Windows [Version 10]
C:\Windows\system32>whoami
3|Page
, nt authority\system
Which of the following best describes what the analyst has discovered?
A. A successful privilege escalation attack by a local user
B. A user determining what level of permissions the user has
C. A systems administrator performing routine maintenance
D. An attempt to utilize living-off-the-land binaries
A. A successful privilege escalation attack by a local user
During a forensic investigation, an analyst uses software to create a checksum of the
affected subject's email file. Which of the following is the analyst practicing?
A. Chain of custody
B. Data recovery
C. Non-repudiation
D. Integrity
D. Integrity
A software company has a shared codebase for multiple projects using the following
strategy:
• Unused features are deactivated but still present on the code.
• New customer requirements trigger additional development work.
Which of the following will most likely occur when the company uses this strategy?
A. Malicious code
B. Dead code
C. Outsourced code
D. Code obfuscation
B. Dead code
A security audit of an organization revealed that most of the IT staff members have
domain administrator credentials and do not change the passwords regularly. Which of
the following solutions should the security team propose to resolve the findings in the
most complete way?
A. Creating group policies to enforce password rotation on domain administrator
credentials
B. Reviewing the domain administrator group, removing all unnecessary administrators,
and rotating all passwords
C. Integrating the domain administrator's group with an IdP and requiring SSO with MFA
for all access
D. Securing domain administrator credentials in a PAM vault and controlling access with
role-based access contro
B. Reviewing the domain administrator group, removing all unnecessary administrators,
and rotating all passwords
Which of the following best describes a threat actor who is attempting to use commands
found on a public code repository?
A. Script kiddie
B. State actor
4|Page
