Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis. Which of the following types of controls is the company setting up?

A.

Corrective

B.

Preventive

C.

Detective

D.

Deterrent

Full Access
Question # 5

A new employee logs in to the email system for the first time and notices a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company. Which of the following attack vectors is most likely being used?

A.

Business email

B.

Social engineering

C.

Unsecured network

D.

Default credentials

Full Access
Question # 6

A user is attempting to patch a critical system, but the patch fails to transfer. Which of the following access controls is most likely inhibiting the transfer?

A.

Attribute-based

B.

Time of day

C.

Role-based

D.

Least privilege

Full Access
Question # 7

The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:

Which of the following most likely describes attack that took place?

A.

Spraying

B.

Brute-force

C.

Dictionary

D.

Rainbow table

Full Access
Question # 8

Which of the following can a security director use to prioritize vulnerability patching within a company's IT environment?

A.

SOAR

B.

CVSS

C.

SIEM

D.

CVE

Full Access
Question # 9

Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?

A.

Client

B.

Third-party vendor

C.

Cloud provider

D.

DBA

Full Access
Question # 10

A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?

A.

SSO

B.

LEAP

C.

MFA

D.

PEAP

Full Access
Question # 11

Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?

A.

Encryption

B.

Hashing

C.

Masking

D.

Tokenization

Full Access
Question # 12

A systems administrator notices that one of the systems critical for processing customer transactions is running an end-of-life operating system. Which of the following techniques would increase enterprise security?

A.

Installing HIDS on the system

B.

Placing the system in an isolated VLAN

C.

Decommissioning the system

D.

Encrypting the system's hard drive

Full Access
Question # 13

Which of the following should be used to ensure an attacker is unable to read the contents of a mobile device's drive if the device is lost?

A.

TPM

B.

ECC

C.

FDE

D.

HSM

Full Access
Question # 14

Which of the following is the most likely to be included as an element of communication in a security awareness program?

A.

Reporting phishing attempts or other suspicious activities

B.

Detecting insider threats using anomalous behavior recognition

C.

Verifying information when modifying wire transfer data

D.

Performing social engineering as part of third-party penetration testing

Full Access
Question # 15

A security team is setting up a new environment for hosting the organization's on-premises software application as a cloud-based service. Which of the following should the team ensure is in place in order for the organization to follow security best practices?

A.

Visualization and isolation of resources

B.

Network segmentation

C.

Data encryption

D.

Strong authentication policies

Full Access
Question # 16

A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users. Which of the following would be a good use case for this task?

A.

Off-the-shelf software

B.

Orchestration

C.

Baseline

D.

Policy enforcement

Full Access
Question # 17

An administrator is reviewing a single server's security logs and discovers the following;

Which of the following best describes the action captured in this log file?

A.

Brute-force attack

B.

Privilege escalation

C.

Failed password audit

D.

Forgotten password by the user

Full Access
Question # 18

A security administrator would like to protect data on employees’ laptops. Which of the following encryption techniques should the security administrator use?

A.

Partition

B.

Asymmetric

C.

Full disk

D.

Database

Full Access
Question # 19

A security analyst needs to propose a remediation plan 'or each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution. Which of the following implementation plans will most likely resolve this security issue?

A.

Creating a unified password complexity standard

B.

Integrating each SaaS solution with the Identity provider

C.

Securing access to each SaaS by using a single wildcard certificate

D.

Configuring geofencing on each SaaS solution

Full Access
Question # 20

Which of the following should a company use to provide proof of external network security testing?

A.

Business impact analysis

B.

Supply chain analysis

C.

Vulnerability assessment

D.

Third-party attestation

Full Access
Question # 21

A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks.

Which of the following analysis elements did the company most likely use in making this decision?

A.

IMTTR

B.

RTO

C.

ARO

D.

MTBF

Full Access
Question # 22

A company is utilizing an offshore team to help support the finance department. The company wants to keep the data secure by keeping it on a company device but does not want to provide equipment to the offshore team. Which of the following should the company implement to meet this requirement?

A.

VDI

B.

MDM

C.

VPN

D.

VPC

Full Access
Question # 23

During a security incident, the security operations team identified sustained network traffic from a malicious IP address:

10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization’s network. Which of the following fulfills this request?

A.

access-list inbound deny ig source 0.0.0.0/0 destination 10.1.4.9/32

B.

access-list inbound deny ig source 10.1.4.9/32 destination 0.0.0.0/0

C.

access-list inbound permit ig source 10.1.4.9/32 destination 0.0.0.0/0

D.

access-list inbound permit ig source 0.0.0.0/0 destination 10.1.4.9/32

Full Access
Question # 24

A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?

A.

Logging all NetFlow traffic into a SIEM

B.

Deploying network traffic sensors on the same subnet as the servers

C.

Logging endpoint and OS-specific security logs

D.

Enabling full packet capture for traffic entering and exiting the servers

Full Access
Question # 25

A vendor needs to remotely and securely transfer files from one server to another using the command line. Which of the following protocols should be Implemented to allow for this type of access? (Select two).

A.

SSH

B.

SNMP

C.

RDP

D.

S/MIME

E.

SMTP

F.

SFTP

Full Access
Question # 26

An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?

A.

Data in use

B.

Data in transit

C.

Geographic restrictions

D.

Data sovereignty

Full Access
Question # 27

An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

A.

Smishing

B.

Disinformation

C.

Impersonating

D.

Whaling

Full Access
Question # 28

Which of the following is an example of a data protection strategy that uses tokenization?

A.

Encrypting databases containing sensitive data

B.

Replacing sensitive data with surrogate values

C.

Removing sensitive data from production systems

D.

Hashing sensitive data in critical systems

Full Access
Question # 29

A company is changing its mobile device policy. The company has the following requirements:

    Company-owned devices

    Ability to harden the devices

    Reduced security risk

    Compatibility with company resources

Which of the following would best meet these requirements?

A.

BYOD

B.

CYOD

C.

COPE

D.

COBO

Full Access
Question # 30

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

A.

Application

B.

IPS/IDS

C.

Network

D.

Endpoint

Full Access
Question # 31

A company's end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?

A.

Concurrent session usage

B.

Secure DNS cryptographic downgrade

C.

On-path resource consumption

D.

Reflected denial of service

Full Access
Question # 32

A company is implementing a vendor's security tool in the cloud. The security director does not want to manage users and passwords specific to this tool but would rather utilize the company's standard user directory. Which of the following should the company implement?

A.

802.1X

B.

SAML

C.

RADIUS

D.

CHAP

Full Access
Question # 33

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?

A.

Secured zones

B.

Subject role

C.

Adaptive identity

D.

Threat scope reduction

Full Access
Question # 34

Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

A.

Key stretching

B.

Data masking

C.

Steganography

D.

Salting

Full Access
Question # 35

Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?

A.

SIEM

B.

DLP

C.

IDS

D.

SNMP

Full Access
Question # 36

Which of the following control types is AUP an example of?

A.

Physical

B.

Managerial

C.

Technical

D.

Operational

Full Access
Question # 37

A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

Which of the following is the most likely way a rogue device was allowed to connect?

A.

A user performed a MAC cloning attack with a personal device.

B.

A DMCP failure caused an incorrect IP address to be distributed

C.

An administrator bypassed the security controls for testing.

D.

DNS hijacking let an attacker intercept the captive portal traffic.

Full Access
Question # 38

Which of the following Is a common, passive reconnaissance technique employed by penetration testers in the early phases of an engagement?

A.

Open-source intelligence

B.

Port scanning

C.

Pivoting

D.

Exploit validation

Full Access
Question # 39

An organization has too many variations of a single operating system and needs to standardize the arrangement prior to pushing the system image to users. Which of the following should the organization implement first?

A.

Standard naming convention

B.

Mashing

C.

Network diagrams

D.

Baseline configuration

Full Access
Question # 40

After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable?

A.

Console access

B.

Routing protocols

C.

VLANs

D.

Web-based administration

Full Access
Question # 41

A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company's network. Which of the following should be configured on the existing network infrastructure to best prevent this activity?

A.

Port security

B.

Web application firewall

C.

Transport layer security

D.

Virtual private network

Full Access
Question # 42

Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?

A.

Digital signatures

B.

Salting

C.

Hashing

D.

Perfect forward secrecy

Full Access
Question # 43

Which of the following best represents an application that does not have an on-premises requirement and is accessible from anywhere?

A.

Pass

B.

Hybrid cloud

C.

Private cloud

D.

IaaS

E.

SaaS

Full Access
Question # 44

Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?

A.

Provisioning resources

B.

Disabling access

C.

Reviewing change approvals

D.

Escalating permission requests

Full Access
Question # 45

Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two).

A.

Fencing

B.

Video surveillance

C.

Badge access

D.

Access control vestibule

E.

Sign-in sheet

F.

Sensor

Full Access
Question # 46

An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources. Which of the following would be the best solution?

A.

RDP server

B.

Jump server

C.

Proxy server

D.

Hypervisor

Full Access
Question # 47

Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?

A.

Impact analysis

B.

Scheduled downtime

C.

Backout plan

D.

Change management boards

Full Access
Question # 48

An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?

A.

Hardening

B.

Employee monitoring

C.

Configuration enforcement

D.

Least privilege

Full Access
Question # 49

Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.

Which of the following changes would allow users to access the site?

A.

Creating a firewall rule to allow HTTPS traffic

B.

Configuring the IPS to allow shopping

C.

Tuning the DLP rule that detects credit card data

D.

Updating the categorization in the content filter

Full Access
Question # 50

A company implemented an MDM policy 10 mitigate risks after repealed instances of employees losing company-provided mobile phones. In several cases. The lost phones were used maliciously to perform social engineering attacks against other employees. Which of the following MDM features should be configured to best address this issue? (Select two).

A.

Screen locks

B.

Remote wipe

C.

Full device encryption

D.

Push notifications

E.

Application management

F.

Geolocation

Full Access
Question # 51

While investigating a recent security breach an analyst finds that an attacker gained access by SOL infection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

A.

Secure cookies

B.

Input sanitization

C.

Code signing

D.

Blocklist

Full Access
Question # 52

Which of the following describes the maximum allowance of accepted risk?

A.

Risk indicator

B.

Risk level

C.

Risk score

D.

Risk threshold

Full Access
Question # 53

A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies.

Which of the following is the most important consideration during development?

A.

Scalability

B.

Availability

C.

Cost

D.

Ease of deployment

Full Access
Question # 54

Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?

A.

Remote access points should fail closed.

B.

Logging controls should fail open.

C.

Safety controls should fail open.

D.

Logical security controls should fail closed.

Full Access
Question # 55

Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach affecting offshore offices. Which of the following is this an example of?

A.

Tabletop exercise

B.

Penetration test

C.

Geographic dispersion

D.

Incident response

Full Access
Question # 56

A website user is locked out of an account after clicking an email link and visiting a different website Web server logs show the user's password was changed, even though the user did not change the password. Which of the following is the most likely cause?

A.

Cross-sue request forgery

B.

Directory traversal

C.

ARP poisoning

D.

SQL injection

Full Access
Question # 57

An administrator is Investigating an incident and discovers several users’ computers were Infected with malware after viewing files mat were shared with them. The administrator discovers no degraded performance in the infected machines and an examination of the log files does not show excessive failed logins. Which of the following attacks Is most likely the cause of the malware?

A.

Malicious flash drive

B.

Remote access Trojan

C.

Brute-forced password

D.

Cryptojacking

Full Access
Question # 58

Which of the following is the best way to validate the integrity and availability of a disaster recovery site?

A.

Lead a simulated failover.

B.

Conduct a tabletop exercise.

C.

Periodically test the generators.

D.

Develop requirements for database encryption.

Full Access
Question # 59

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?

A.

Serverless framework

B.

Type 1 hvpervisor

C.

SD-WAN

D.

SDN

Full Access
Question # 60

A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?

A.

Cross-site scripting

B.

Buffer overflow

C.

Jailbreaking

D.

Side loading

Full Access
Question # 61

A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the act of ignoring detected activity in the future?

A.

Tuning

B.

Aggregating

C.

Quarantining

D.

Archiving

Full Access
Question # 62

The Chief Information Security Officer (CISO) at a large company would like to gain an understanding of how the company's security policies compare to the requirements imposed by external regulators. Which of the following should the CISO use?

A.

Penetration test

B.

Internal audit

C.

Attestation

D.

External examination

Full Access
Question # 63

An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned. one of the batch jobs talked and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?

A.

Job rotation

B.

Retention

C.

Outsourcing

D.

Separation of duties

Full Access
Question # 64

Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

A.

Risk tolerance

B.

Risk transfer

C.

Risk register

D.

Risk analysis

Full Access
Question # 65

The management team notices that new accounts that are set up manually do not always have correct access or permissions.

Which of the following automation techniques should a systems administrator use to streamline account creation?

A.

Guard rail script

B.

Ticketing workflow

C.

Escalation script

D.

User provisioning script

Full Access
Question # 66

A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system. Which of the following would detect this behavior?

A.

Implementing encryption

B.

Monitoring outbound traffic

C.

Using default settings

D.

Closing all open ports

Full Access
Question # 67

Which of the following aspects of the data management life cycle is most directly impacted by local and international regulations?

A.

Destruction

B.

Certification

C.

Retention

D.

Sanitization

Full Access
Question # 68

A company is implementing a vendor's security tool in the cloud. The security director does not want to manage users and passwords specific to this tool but would rather utilize the company's standard user directory. Which of the following should the company implement?

A.

802.1X

B.

SAML

C.

RADIUS

D.

CHAP

Full Access
Question # 69

Which of the following would be the best way to block unknown programs from executing?

A.

Access control list

B.

Application allow list.

C.

Host-based firewall

D.

DLP solution

Full Access
Question # 70

A security analyst is creating base for the server team to follow when hardening new devices for deployment. Which of the following beet describes what the analyst is creating?

A.

Change management procedure

B.

Information security policy

C.

Cybersecurity framework

D.

Secure configuration guide

Full Access
Question # 71

After a recent ransomware attack on a company's system, an administrator reviewed the log files. Which of the following control types did the administrator use?

A.

Compensating

B.

Detective

C.

Preventive

D.

Corrective

Full Access
Question # 72

The Chief Information Security Officer of an organization needs to ensure recovery from ransomware would likely occur within the organization's agreed-upon RPOs end RTOs. Which of the following backup scenarios would best ensure recovery?

A.

Hourly differential backups stored on a local SAN array

B.

Dally full backups stored on premises in magnetic offline media

C.

Daly differential backups maintained by a third-party cloud provider

D.

Weekly full backups with daily incremental stored on a NAS drive

Full Access
Question # 73

An organization has a new regulatory requirement to implement corrective controls on a financial system. Which of the following is the most likely reason for the new requirement?

A.

To defend against insider threats altering banking details

B.

To ensure that errors are not passed to other systems

C.

To allow for business insurance to be purchased

D.

To prevent unauthorized changes to financial data

Full Access
Question # 74

Which of the following is a hardware-specific vulnerability?

A.

Firmware version

B.

Buffer overflow

C.

SQL injection

D.

Cross-site scripting

Full Access
Question # 75

Which of the following threat vectors is most commonly utilized by insider threat actors attempting data exfiltration?

A.

Unidentified removable devices

B.

Default network device credentials

C.

Spear phishing emails

D.

Impersonation of business units through typosquatting

Full Access
Question # 76

Which of the following best describe a penetration test that resembles an actual external attach?

A.

Known environment

B.

Partially known environment

C.

Bug bounty

D.

Unknown environment

Full Access
Question # 77

A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?

A.

Enumeration

B.

Sanitization

C.

Destruction

D.

Inventory

Full Access
Question # 78

In which of the following scenarios is tokenization the best privacy technique 10 use?

A.

Providing pseudo-anonymization tor social media user accounts

B.

Serving as a second factor for authentication requests

C.

Enabling established customers to safely store credit card Information

D.

Masking personal information inside databases by segmenting data

Full Access
Question # 79

Which of the following is used to validate a certificate when it is presented to a user?

A.

OCSP

B.

CSR

C.

CA

D.

CRC

Full Access
Question # 80

A vendor needs to remotely and securely transfer files from one server to another using the command line. Which of the following protocols should be Implemented to allow for this type of access? (Select two).

A.

SSH

B.

SNMP

C.

RDP

D.

S/MIME

E.

SMTP

F.

SFTP

Full Access
Question # 81

A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

A.

Place posters around the office to raise awareness of common phishing activities.

B.

Implement email security filters to prevent phishing emails from being delivered

C.

Update the EDR policies to block automatic execution of downloaded programs.

D.

Create additional training for users to recognize the signs of phishing attempts.

Full Access
Question # 82

Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?

A.

Configure all systems to log scheduled tasks.

B.

Collect and monitor all traffic exiting the network.

C.

Block traffic based on known malicious signatures.

D.

Install endpoint management software on all systems.

Full Access
Question # 83

Which of the following most accurately describes the order in which a security engineer should implement secure baselines?

A.

Deploy, maintain, establish

B.

Establish, maintain, deploy

C.

Establish, deploy, maintain

D.

Deploy, establish, maintain

Full Access
Question # 84

Which of the following best describe a penetration test that resembles an actual external attach?

A.

Known environment

B.

Partially known environment

C.

Bug bounty

D.

Unknown environment

Full Access
Question # 85

An IT security team is concerned about the confidentiality of documents left unattended in MFPs. Which of the following should the security team do to mitigate the situation?

A.

Educate users about the importance of paper shredder devices.

B.

Deploy an authentication factor that requires ln-person action before printing.

C.

Install a software client m every computer authorized to use the MFPs.

D.

Update the management software to utilize encryption.

Full Access
Question # 86

Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?

A.

IDS

B.

ACL

C.

EDR

D.

NAC

Full Access
Question # 87

An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a “page not found” error message. Which of the following types of social engineering attacks occurred?

A.

Brand impersonation

B.

Pretexting

C.

Typosquatting

D.

Phishing

Full Access
Question # 88

A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work. Which of the following is the best option?

A.

Send out periodic security reminders.

B.

Update the content of new hire documentation.

C.

Modify the content of recurring training.

D Implement a phishing campaign

Full Access
Question # 89

A systems administrator is redesigning now devices will perform network authentication. The following requirements need to be met:

• An existing Internal certificate must be used.

• Wired and wireless networks must be supported

• Any unapproved device should be Isolated in a quarantine subnet

• Approved devices should be updated before accessing resources

Which of the following would best meet the requirements?

A.

802.IX

B.

EAP

C.

RADIUS

D.

WPA2

Full Access
Question # 90

Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk?

A.

ARO

B.

RTO

C.

RPO

D.

ALE

E.

SLE

Full Access
Question # 91

An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Select two).

A.

Application

B.

Authentication

C.

DHCP

D.

Network

E.

Firewall

F.

Database

Full Access
Question # 92

An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?

A.

Secured zones

B.

Subject role

C.

Adaptive identity

D.

Threat scope reduction

Full Access
Question # 93

Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster. Which of the following best describes this meeting?

A.

Penetration test

B.

Continuity of operations planning

C.

Tabletop exercise

D.

Simulation

Full Access
Question # 94

Which of the following is required for an organization to properly manage its restore process in the event of system failure?

A.

IRP

B.

DRP

C.

RPO

D.

SDLC

Full Access
Question # 95

The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have most likely prevented this from happening'?

A.

Using least privilege

B.

Changing the default password

C.

Assigning individual user IDs

D.

Reviewing logs more frequently

Full Access
Question # 96

Which of the following describes the understanding between a company and a client about what will be provided and the accepted time needed to provide the company with the resources?

A.

SLA

B.

MOU

C.

MOA

D.

BPA

Full Access
Question # 97

A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.

SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?

A.

[Digital forensics

B.

E-discovery

C.

Incident response

D.

Threat hunting

Full Access
Question # 98

Which of the following involves an attempt to take advantage of database misconfigurations?

A.

Buffer overflow

B.

SQL injection

C.

VM escape

D.

Memory injection

Full Access
Question # 99

Which of the following is an algorithm performed to verify that data has not been modified?

A.

Hash

B.

Code check

C.

Encryption

D.

Checksum

Full Access
Question # 100

A company is concerned about the theft of client data from decommissioned laptops. Which of the following is the most cost-effective method to decrease this risk?

A.

Wiping

B.

Recycling

C.

Shredding

D.

Deletion

Full Access
Question # 101

Company A jointly develops a product with Company B, which is located in a different country. Company A finds out that their intellectual property is being shared with unauthorized companies. Which of the following has been breached?

A.

SLA

B.

AUP

C.

SOW

D.

MOA

Full Access
Question # 102

The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

A.

Shadow IT

B.

Insider threat

C.

Data exfiltration

D.

Service disruption

Full Access
Question # 103

A security administrator recently reset local passwords and the following values were recorded in the system:

Which of the following in the security administrator most likely protecting against?

A.

Account sharing

B.

Weak password complexity

C.

Pass-the-hash attacks

D.

Password compromise

Full Access
Question # 104

A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next?

A.

IPS

B.

Firewall

C.

ACL

D.

Windows security

Full Access
Question # 105

A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager should take?

A.

Set the maximum data retention policy.

B.

Securely store the documents on an air-gapped network.

C.

Review the documents' data classification policy.

D.

Conduct a tabletop exercise with the team.

Full Access
Question # 106

A company is developing a critical system for the government and storing project information on a fileshare. Which of the following describes how this data will most likely be classified? (Select two).

A.

Private

B.

Confidential

C.

Public

D.

Operational

E.

Urgent

F.

Restricted

Full Access
Question # 107

Which of the following data roles is responsible for identifying risks and appropriate access to data?

A.

Owner

B.

Custodian

C.

Steward

D.

Controller

Full Access
Question # 108

Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

A.

Red

B.

Blue

C.

Purple

D.

Yellow

Full Access
Question # 109

A systems administrator is auditing all company servers to ensure. They meet the minimum security baseline While auditing a Linux server, the systems administrator observes the /etc/shadow file has permissions beyond the baseline recommendation. Which of the following commands should the systems administrator use to resolve this issue?

A.

chmod

B.

grep

C.

dd

D.

passwd

Full Access
Question # 110

You are security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.

Full Access
Question # 111

The Chief Information Security Officer wants to put security measures in place to protect PlI. The organization needs to use its existing labeling and classification system to accomplish this goal. Which of the following would most likely be configured to meet the requirements?

A.

Tokenization

B.

S/MIME

C.

DLP

D.

MFA

Full Access
Question # 112

A security analyst scans a company's public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

A.

Changing the remote desktop port to a non-standard number

B.

Setting up a VPN and placing the jump server inside the firewall

C.

Using a proxy for web connections from the remote desktop server

D.

Connecting the remote server to the domain and increasing the password length

Full Access
Question # 113

The Chief Information Security Officer of an organization needs to ensure recovery from ransomware would likely occur within the organization's agreed-upon RPOs end RTOs. Which of the following backup scenarios would best ensure recovery?

A.

Hourly differential backups stored on a local SAN array

B.

Dally full backups stored on premises in magnetic offline media

C.

Daly differential backups maintained by a third-party cloud provider

D.

Weekly full backups with daily incremental stored on a NAS drive

Full Access
Question # 114

The Cruel Information Security Officer (CISO) asks a security analyst to install an OS update to a production VM that has a 99% uptime SLA. The CISO tells me analyst the installation must be done as quickly as possible. Which of the following courses of action should the security analyst take first?

A.

Log in to the server and perform a health check on the VM.

B.

Install the patch Immediately.

C.

Confirm that the backup service is running.

D.

Take a snapshot of the VM.

Full Access
Question # 115

A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?

A.

A worm is propagating across the network.

B.

Data is being exfiltrated.

C.

A logic bomb is deleting data.

D.

Ransomware is encrypting files.

Full Access
Question # 116

A systems administrate wants to implement a backup solution. the solution needs to allow recovery of the entire system, including the operating system, in case of a disaster. Which of the following backup types should the administrator consider?

A.

Incremental

B.

Storage area network

C.

Differential

D.

Image

Full Access
Question # 117

After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?

A.

Insider threat

B.

Email phishing

C.

Social engineering

D.

Executive whaling

Full Access
Question # 118

Which of the following examples would be best mitigated by input sanitization?

A.

B.

nmap - 10.11.1.130

C.

Email message: "Click this link to get your free gift card."

D.

Browser message: "Your connection is not private."

Full Access
Question # 119

A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security learn propose to resolve the findings in the most complete way?

A.

Creating group policies to enforce password rotation on domain administrator credentials

B.

Reviewing the domain administrator group, removing all unnecessary administrators, and rotating all passwords

C.

Integrating the domain administrator's group with an IdP and requiring SSO with MFA for all access

D.

Securing domain administrator credentials in a PAM vault and controlling access with role-based access control

Full Access
Question # 120

An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?

A.

Privilege escalation

B.

Buffer overflow

C.

SQL injection

D.

Pass-the-hash

Full Access
Question # 121

Two companies are in the process of merging. The companies need to decide how to standardize their information security programs. Which of the following would best align the security programs?

A.

Shared deployment of CIS baselines

B.

Joint cybersecurity best practices

C.

Both companies following the same CSF

D.

Assessment of controls in a vulnerability report

Full Access
Question # 122

A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

Which of the following is the most likely way a rogue device was allowed to connect?

A.

A user performed a MAC cloning attack with a personal device.

B.

A DMCP failure caused an incorrect IP address to be distributed

C.

An administrator bypassed the security controls for testing.

D.

DNS hijacking let an attacker intercept the captive portal traffic.

Full Access
Question # 123

The Chief Information Security Officer wants to put security measures in place to protect PlI. The organization needs to use its existing labeling and classification system to accomplish this goal. Which of the following would most likely be configured to meet the requirements?

A.

Tokenization

B.

S/MIME

C.

DLP

D.

MFA

Full Access
Question # 124

Which of the following is the best way to provide secure remote access for employees while minimizing the exposure of a company's internal network?

A.

VPN

B.

LDAP

C.

FTP

D.

RADIUS

Full Access