A company wants to protect a specialized legacy platform that controls the physical flow of gas inside of pipes. Which of the following environments does the company need to secure to best achieve this goal?
While investigating a recent security breach an analyst finds that an attacker gained access by SOL infection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?
An IT security team is concerned about the confidentiality of documents left unattended in MFPs. Which of the following should the security team do to mitigate the situation?
During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?
A security analyst is evaluating a SaaS application that the human resources department would like to implement. The analyst requests a SOC 2 report from the SaaS vendor. Which of the following processes is the analyst most likely conducting?
A security administrator is reissuing a former employee ' s laptop. Which of the following is the best combination of data handling activities for the administrator to perform? (Select two).
The security team notices that the Always On VPN solution sometimes fails to connect. This leaves remote users unprotected because they cannot connect to the on-premises web proxy. Which of the following changes will best provide web protection in this scenario?
A company ' s website is www. Company. com Attackers purchased the domain wwww. company.com Which of the following types of attacks describes this example?
A company is working with a vendor to perform a penetration test Which of the following includes an estimate about the number of hours required to complete the engagement?
Which of the following cryptographic solutions protects data at rest?
Which of the following is the best way to validate the integrity and availability of a disaster recovery site?
Which of the following is the best method to reduce the attack surface of an enterprise network?
Which of the following actions must an organization take to comply with a person ' s request for the right to be forgotten?
Which of the following threat actors would most likely target an organization by using a logic bomb within an internally-developed application?
A security analyst receives an alert from a web server that contains the following logs:
GET /image?filename=../../../etc/passwd
Host: AcmeInc.web.net
useragent: python-request/2.27.1
GET /image?filename=../../../etc/shadow
Host: AcmeInc.web.net
useragent: python-request/2.27.1
Which of the following attacks is being attempted?
A store is setting up wireless access for their employees. Management wants to limit the number of access points while ensuring all areas of the store are covered. Which of the following tools will help management determine the number of access points needed?
An alert references attacks associated with a zero-day exploit. An analyst places a bastion host in the network to reduce the risk. Which type of control is being implemented?
Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two).
An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a “page not found” error message. Which of the following types of social engineering attacks occurred?
A security analyst learns that an attack vector, used as part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of the initial exploit. Which of the following logs should the analyst review first?
After multiple phishing simulations, the Chief Security Officer announces a new program that incentivizes employees to not click phishing links in the upcoming quarter. Which of the following security awareness execution techniques does this represent?
Which of the following is most likely to be used as a just-in-time reference document within a security operations center?
Which of the following is an algorithm performed to verify that data has not been modified?
A security analyst scans a company ' s public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?
A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?
Which of the following is the act of proving to a customer that software developers are trained on secure coding?
As part of new compliance audit requirements, multiple servers need to be segmented on different networks and should be reachable only from authorized internal systems. Which of the following would meet the requirements?
Which of the following would be best suited for constantly changing environments?
An external security assessment report indicates a high click rate on suspicious emails. The Chief Intelligence Security Officer (CISO) must reduce this behavior. Which of the following should the CISO do first?
The Chief Information Security Officer of an organization needs to ensure recovery from ransomware would likely occur within the organization ' s agreed-upon RPOs end RTOs. Which of the following backup scenarios would best ensure recovery?
Which of the following objectives is best achieved by a tabletop exercise?
A company asks a vendor to help its internal red team with a penetration test without providing too much detail about the infrastructure. Which of the following penetration testing methods does this scenario describe?
An organization is implementing a COPE mobile device management policy. Which of the following should the organization include in the COPE policy? (Select two).
A security team identifies a vulnerability in an application that the developers will not be able to patch for six months. Which of the following should the security team use to document this vulnerability?
During a recent log review, an analyst discovers evidence of successful injection attacks. Which of the following will best address this issue?
A company installed cameras and added signs to alert visitors that they are being recorded. Which of the following controls did the company implement? (Select two).
Which of the following cryptographic methods is preferred for securing communications with limited computing resources?
During a SQL update of a database, a temporary field that was created was replaced by an attacker in order to allow access to the system. Which of the following best describes this type of vulnerability?
A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors. Which of the following should the systems administrator use?
Which of the following is a possible consequence of a VM escape?
A security company informs its customers of a new vulnerability that affects web applications. The vulnerability does not have an available patch at the moment. Which of the following best describes this vulnerability?
A Chief Security Officer signs off on a request to allow inbound SMB and RDP from the internet to a single VLAN. Which of the following is the most likely explanation for this activity?
Following a security review, an organization must ensure users verify their identities against the company ' s identity services with individual credentials leveraging WPA2-Enterprise for wireless access. Which of the following configuration steps correctly applies RADIUS in this environment?
A security analyst must select a metric to determine the required investment in technology based on past availability incidents. Which of the following is the most relevant value to help select technology that mitigates risk and considers reliability?
Which of the following security concepts is accomplished when granting access after an individual has logged into a computer network?
Which of the following describes the reason for using an MDM solution to prevent jailbreaking?
Which of the following would enable a data center to remain operational through a multiday power outage?
The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?
A legacy device is being decommissioned and is no longer receiving updates or patches. Which of the following describes this scenario?
After reviewing the following vulnerability scanning report:
Server:192.168.14.6
Service: Telnet
Port: 23 Protocol: TCP
Status: Open Severity: High
Vulnerability: Use of an insecure network protocol
A security analyst performs the following test:
nmap -p 23 192.168.14.6 —script telnet-encryption
PORT STATE SERVICE REASON
23/tcp open telnet syn-ack
I telnet encryption:
| _ Telnet server supports encryption
Which of the following would the security analyst conclude for this reported vulnerability?
An administrator wants to perform a risk assessment without using proprietary company information. Which of the following methods should the administrator use to gather information?
Which of the following must be considered when designing a high-availability network? (Select two).
Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?
A company is in the process of cutting jobs to manage costs. The Chief Information Security Officer is concerned about the increased risk of an insider threat. Which of the following will most likely help the security awareness team address this potential threat?
A recent penetration test identified that an attacker could flood the MAC address table of network switches. Which of the following would best mitigate this type of attack?
An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?
Which of the following should a security team do first before a new web server goes live?
Which of the following is a prerequisite for a DLP solution?
A security engineer needs to quickly identify a signature from a known malicious file. Which of the following analysis methods would the security engineer most likely use?
A security analyst is reviewing the following logs:

Which of the following attacks is most likely occurring?
A database administrator is updating the company ' s SQL database, which stores credit card information for pending purchases. Which of the following is the best method to secure the data against a potential breach?
Which of the following is the best reason to perform a tabletop exercise?
A company receives an alert that a widely used network device vendor has been banned by the government. What will general counsel most likely be concerned with during hardware refresh?
Which of the following concepts protects sensitive information from unauthorized disclosure?
Which of the following best describes a common use of OSINT?
Which of the following is the best safeguard to protect against an extended power failure?
An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?
Client files can only be accessed by employees who need to know the information and have specified roles in the company. Which of the following best describes this security concept?
An organization has recently decided to implement SSO. The requirements are to leverage access tokens and focus on application authorization rather than user authentication. Which of the following solutions would the engineering team most likely configure?
Which of the following is a type of vulnerability that involves inserting scripts into web-based applications in order to take control of the client ' s web browser?
A university employee logged on to the academic server and attempted to guess the system administrators ' log-in credentials. Which of the following security measures should the university have implemented to detect the employee ' s attempts to gain access to the administrators ' accounts?
Which of the following can be used to compromise a system that is running an RTOS?
A security analyst learns that an attack vector, which was used as a part of a recent incident, was a well-known IoT device exploit. The analyst needs to review logs to identify the time of initial exploit. Which of the following logs should the analyst review first?
A company ' s end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?
Which of the following methods would most likely be used to identify legacy systems?
An IT manager is increasing the security capabilities of an organization after a data classification initiative determined that sensitive data could be exfiltrated from the environment. Which of the following solutions would mitigate the risk?
Which of the following must be considered when designing a high-availability network? (Choose two).
A company is concerned about the theft of client data from decommissioned laptops. Which of the following is the most cost-effective method to decrease this risk?
Which of the following vulnerabilities will lead to a successful attack that injects < IMG src= ' http://attackersite.net/mycode.sh ' > into a web application?
Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?
An administrator has configured a quarantine subnet for all guest devices that connect to the network. Which of the following would be best for the security team to configure on the MDM before allowing access to corporate resources?
Which of the following should be used to ensure that a new software release has not been modified before reaching the user?
Which of the following is an example of a data protection strategy that uses tokenization?
Which of the following should be deployed on an externally facing web server in order to establish an encrypted connection?
A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer data. Which of the following should the administrator do first?
An organization authorizes system deployment on the network after reducing the number of Category 1 vulnerabilities to zero. Which of the following is this scenario an example of?
A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?
While reviewing logs, a security administrator identifies the following code:
< script > function(send_info) < /script >
Which of the following best describes the vulnerability being exploited?
A security manager wants to reduce the number of steps required to identify and contain basic threats. Which of the following will help achieve this goal?
A systems administrator just purchased multiple network devices. Which of the following should the systems administrator perform to prevent attackers from accessing the devices by using publicly available information?
An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?
A wireless administrator sets up a new network in a small office using a password. The network must reduce the impact of brute-force attacks if the password is subjected to over-the-air interception. Which of the following security settings will help achieve this goal?
Which of the following is the most relevant reason a DPO would develop a data inventory?
An MSSP manages firewalls for hundreds of clients. Which of the following tools would be most helpful to create a standard configuration template in order to improve the efficiency of firewall changes?
A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?
Which of the following provides the best protection against unwanted or insecure communications to and from a device?
Which of the following explains how regular patching helps mitigate risks when securing an enterprise environment?
A security analyst is creating base for the server team to follow when hardening new devices for deployment. Which of the following beet describes what the analyst is creating?
Which of the following describes the process of concealing code or text inside a graphical image?
A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?
Which of the following best describe a penetration test that resembles an actual external attach?
Which of the following describes a situation where a user is authorized before being authenticated?
A certificate authority needs to post information about expired certificates. Which of the following would accomplish this task?
A Chief Information Security Officer wants to monitor the company ' s servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?
During a penetration test in a hypervisor, the security engineer is able to inject a malicious payload and access the host filesystem. Which of the following best describes this vulnerability?
The analyst wants to move data from production to the UAT server for testing the latest release. Which of the following strategies to protect data should the analyst use?
Which of the following best describes the concept of information being stored outside of its country of origin while still being subject to the laws and requirements of the country of origin?
An employee who was working remotely lost a mobile device containing company data. Which of the following provides the best solution to prevent future data loss?
After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?
Which of the following is the final step of the modem response process?
Which of the following is a use of CVSS?
Which of the following would most likely be used by attackers to perform credential harvesting?
Which of the following attacks primarily targets insecure networks?
Which of the following would be the best way to test resiliency in the event of a primary power failure?
A company recently decided to allow employees to work remotely. The company wants to protect us data without using a VPN. Which of the following technologies should the company Implement?
A company performs a vulnerability assessment and gets the following results:
Vulnerability | Server location | CVSS score
1 | Internet | 9.8
2 | Internal | 4.0
3 | Internet | 4.0
4 | Internal | 9.8
Which of the following vulnerabilities should the company patch first?
A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file ' s creator. Which of the following actions would most likely give the security analyst the information required?
Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?
Which of the following should a security operations center use to improve its incident response procedure?
While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.
Which of the following actions would prevent this issue?
During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Oncethe password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user ' s intranet account? (Select two).
A U.S.-based cloud-hosting provider wants to expand its data centers to new international locations. Which of the following should the hosting provider consider first?
A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next?
Which of the following is used to quantitatively measure the criticality of a vulnerability?
A security engineer receives reports of unauthorized devices on the organization ' s network. Which of the following best describes a secure and effective way to mitigate the risks?
The management team notices that new accounts that are set up manually do not always have correct access or permissions.
Which of the following automation techniques should a systems administrator use to streamline account creation?
Which of the following should an internal auditor check for first when conducting an audit of the organization’s risk management program?
A security analyst is investigating an alert that was produced by endpoint protection software. The analyst determines this event was a false positive triggered by an employee who attempted to download a file. Which of the following is the most likely reason the download was blocked?
To which of the following security categories does an EDR solution belong?
A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices. Which of the following vulnerabilities is the organization addressing?
A security engineer is working to address the growing risks that shadow IT services are introducing to the organization. The organization has taken a cloud-first approach end does not have an on-premises IT infrastructure. Which of the following would best secure the organization?
Which of the following should a technician perform to verify the integrity of a file transferred from one device to another?
An IT team rolls out a new management application that uses a randomly generated MFA token sent to the administrator’s phone. Despite this new MFA precaution, there is a security breach of the same software. Which of the following describes this kind of attack?
A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security learn propose to resolve the findings in the most complete way?
A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager should take?
Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.
Which of the following changes would allow users to access the site?
A security analyst is reviewing the following logs about a suspicious activity alert for a user ' s VPN log-ins. Which of the following malicious activity indicators triggered the alert?
✅Log Summary:
User logs in fromChicago, ILmultiple times, then suddenly a successful login appears fromRome, Italy, followed again by Chicago logins — all within ashort time span.
A company that has a large IT operation is looking to better control, standardize, and lower the time required to build new servers. Which of the following architectures will best achieve the company’s objectives?
A company decides to purchase an insurance policy. Which of the following risk management strategies is this company implementing?
An accounting employee recently used software that was not approved by the company. Which of the following risks does this most likely represent?
An organization recently started hosting a new service that customers access through a web portal. A security engineer needs to add to the existing security devices a new solution to protect this new service. Which of the following is the engineer most likely to deploy?
Which of the following best distinguishes hacktivists from insider threats?
A company is required to use certified hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware?
Which of the following strategies most effectively protects sensitive data at rest in a database?
Which of the following best represents how frequently an incident is expected to happen each year?
Executives at a company are concerned about employees accessing systems and information about sensitive company projects unrelated to the employees ' normal job duties. Which of the following enterprise security capabilities will the security team most likely deploy to detect that activity?
Which of the following agreements defines response time, escalation, and performance metrics?
Which of the following is a key reason to follow data retention policies during asset decommissioning?
An office wants to install a Wi-Fi network. The security team must ensure a secure design. The access points will be more powerful and use WPA3 with a 16-character randomized key. Which of the following should the security team do next?
A company wants to ensure that only authorized devices can enter an environment. Which of the following will the company most likely use to implement the control?
A security analyst reviews logs and finds a large number of malicious requests that have caused performance issues on the company ' s site. Which of the following would have most likely prevented this attack?
Which of the following best describe the benefits of a microservices architecture when compared to a monolithic architecture? (Select two).
Which of the following best describes the importance of implementing filesystem journaling?
An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic. Which of the following will help achieve these objectives?
Which of the following best explains a core principle of a Zero Trust security model?
Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?
During a penetration test, a vendor attempts to enter an unauthorized area using an access badge Which of the following types of tests does this represent?
Several customers want an organization to verify its security controls are operating effectively and have requested an independent opinion. Which of the following is the most efficient way to address these requests?
Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?
A company is in the process of cutting jobs to manage costs. The Chief Information Security Officer is concerned about the increased risk of an insider threat. Which of the following would most likely help the security awareness team address this potential threat?
A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?
Which of the following describes the difference between encryption and hashing?
Which of the following best explains why an organization would choose a warm site for disaster recovery?
Which of the following would best ensure a controlled version release of a new software application?
Which of the following most securely protects data at rest?
A recent black-box penetration test of http://example.com discovered that external
website vulnerabilities exist, such as directory traversals, cross-site scripting, cross-site forgery, and insecure protocols.
You are tasked with reducing the attack space and enabling secure protocols.
INSTRUCTIONS
Part 1
Use the drop-down menus to select the appropriate technologies for each location to implement a secure and resilient web architecture. Not all technologies will be used, and technologies may be used multiple times.
Part 2
Use the drop-down menus to select the appropriate command snippets from the drop-down menus. Each command section must be filled.




An employee receives a text message from an unknown number claiming to be the company ' s Chief Executive Officer and asking the employee to purchase several gift cards. Which of the following types of attacks does this describe?
Which of the following is an example of a false negative vulnerability detection in a scan report?
A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?
Which of the following most accurately describes the order in which a security engineer should implement secure baselines?
Which of the following should an organization use to protect its environment from external attacks conducted by an unauthorized hacker?
A company wants to get alerts when others are researching and doing reconnaissance on the company One approach would be to host a part of the Infrastructure online with known vulnerabilities that would appear to be company assets. Which of the following describes this approach?
A security team wants to work with the development team to ensure WAF policies are automatically created when applications are deployed. Which concept describes this capability?
An employee fell for a phishing scam, which allowed an attacker to gain access to a company PC. The attacker scraped the PC’s memory to find other credentials. Without cracking these credentials, the attacker used them to move laterally through the corporate network. Which of the following describes this type of attack?
An organization experiences data loss after several employees traveled to an area that is well-known for corporate espionage. The employees always used VPNs when connected to the hotel Wi-Fi, logged off their machines when not in use, and kept their doors locked when leaving their devices unattended. Which of the following will best prevent data loss events in the future?
An organization issued new laptops to all employees and wants to provide web filtering both in and out of the office without configuring additional access to the network. Which of the following types of web filtering should a systems administrator configure?
A security analyst investigates an incident in which a PowerShell script was identified as a potential IoC. Which of the following will best help the analyst identify an attempt to compromise the system?
A Chief Information Security Officer (CISO) develops information security policies that relate to the software development methodology. Which of the following will the CISO most likely include in the organization ' s documentation?
A company deploys a new server that a client must be able to access it at all times. Which of the following will support this availability requirement?
Which of the following is die most important security concern when using legacy systems to provide production service?
An administrator is reviewing a single server ' s security logs and discovers the following;
Which of the following best describes the action captured in this log file?
In which of the following will unencrypted PLC management traffic most likely be found?
A security administrator is implementing encryption on all hard drives in an organization. Which of the following security concepts is the administrator applying?
A company needs to determine whether authentication weaknesses in a customer-facing web application exist. Which of the following is the best technique to use?
A security analyst investigates abnormal outbound traffic from a corporate endpoint. The traffic is encrypted and uses non-standard ports. Which of the following data sources should the analyst use first to confirm whether this traffic is malicious?
An organization is required to provide assurance that its controls are properly designed and operating effectively. Which of the following reports will best achieve the objective?
Which of the following makes Infrastructure as Code (IaC) a preferred security architecture over traditional infrastructure models?
Which of the following best explains a concern with OS-based vulnerabilities?
Which of the following is the most likely motivation for a company administrator to look at an employee ' s personal information in a database?
A company is aware of a given security risk related to a specific market segment. The business chooses not to accept responsibility and target their services to a different market segment. Which of the following describes this risk management strategy?
Which of the following should be used to select a label for a file based on the file ' s value, sensitivity, or applicable regulations?
A company receives an alert that a network device vendor, which is widely used in the enterprise, has been banned by the government.
Which of the following will the company ' s general counsel most likely be concerned with during a hardware refresh of these devices?
Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?
A bank set up a new server that contains customers ' Pll. Which of the following should the bank use to make sure the sensitive data is not modified?
Which of the following security controls would best guard a payroll system against insider manipulation threats?
The Chief Information Security Officer (CISO) requires that new servers include hardware-level memory encryption. Which of the following data states does the CISO want to protect?
In order to strengthen a password and prevent a hacker from cracking it, a random string of 36 characters was added to the password. Which of the following best describes this technique?
While troubleshooting an internal resource ' s poor performance for an end user, a network engineer performs a traceroute on the end device and receives the following output:
C:\User > tracert 10.100.15.20
Tracing route to [internal.resource.org] 10.100.15.20
over a maximum of 30 hops:
1 200 ms 200 ms 200 ms 10.20.10.10
2 5 ms 3 ms 3 ms 10.20.10.1
3 20 ms 20 ms 10 ms 10.25.10.10
4 10 ms 8 ms 10 ms 10.30.110.1
5 5 ms 6 ms 3 ms 10.100.15.20
The engineer performs a traceroute from a device that is not experiencing poor performance but is connected to the same port. The engineer receives the following output:
C:\Engineer > tracert 10.100.15.20
Tracing route to [internal.resource.org] 10.100.15.20
over a maximum of 30 hops:
1 5 ms 3 ms 3 ms 10.20.10.1
2 20 ms 20 ms 10 ms 10.25.10.10
3 10 ms 8 ms 10 ms 10.30.110.1
4 5 ms 6 ms 3 ms 10.100.15.20
Which of the following is most likely occurring?
Which of the following allows for the attribution of messages to individuals?
A security team installs an IPS on an organization ' s network and needs to configure the system to detect and prevent specific network attacks. Which of the following settings should the team configure first within the IPS?
Which of the following involves an attempt to take advantage of database misconfigurations?
A security analyst must identify abnormal behavior on the server. Which of the following does the analyst most likely need to do?
An employee used a company ' s billing system to issue fraudulent checks. The administrator is looking for evidence of other occurrences of this activity. Which of the following should the administrator examine?
While reviewing a recent compromise, a forensics team discovers that there are hard-coded credentials in the database connection strings. Which of the following assessment types should be performed during software development to prevent this from reoccurring?
Which of the following best explains a concern with OS-based vulnerabilities?
A user is attempting to patch a critical system, but the patch fails to transfer. Which of the following access controls is most likely inhibiting the transfer?
A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

Which of the following is the most likely way a rogue device was allowed to connect?
An administrator is installing an SSL certificate on a new system. During testing, errors indicate that the certificate is not trusted. The administrator has verified with the issuing CA and has validated the private key. Which of the following should the administrator check for next?
A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies.
Which of the following is the most important consideration during development?
Which of the following is prevented by proper data sanitization?
A user would like to install software and features that are not available with a smartphone ' s default software. Which of the following would allow the user to install unauthorized software and enable new features?
During a risk treatment exercise, an administrator discovers a risk that cannot be mitigated. Which of the following best describes this situation?
An organization has a new regulatory requirement to implement corrective controls on a financial system. Which of the following is the most likely reason for the new requirement?
A security analyst has determined that a security breach would have a financial impact of $15,000 and is expected to occur twice within a three-year period. Which of the following is the ALE for this risk?
Which of the following security controls is a company implementing by deploying HIPS? (Select two)
An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in. so the security team wants to reduce the number of credentials each employee must maintain. Which of the following is the first step the security team should take?
Which of the following best explains how open service ports increase an organization ' s attack surface?
A security analyst reviews firewall configurations and finds that firewalls are configured to fail-open mode in the event of a crash. Which of the following describes the security risk associated with this configuration?
During a routine audit, an analyst discovers that a department at a high school uses a simul-ation program that was not properly vetted before deployment.
Which of the following threats is this an example of?
An administrator learns that users are receiving large quantities of unsolicited messages. The administrator checks the content filter and sees hundreds of messages sent to multiple users. Which of the following best describes this kind of attack?
After completing an annual external penetration test, a company receives the following guidance:
Decommission two unused web servers currently exposed to the internet.
Close 18 open and unused ports found on their existing production web servers.
Remove company email addresses and contact info from public domain registration records.
Which of the following does this represent?
Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?
A store is setting up wireless access for employees. Management wants to limit the number of access points while ensuring full coverage. Which tool will help determine how many access points are needed?
A company plans to secure its systems by:
Preventing users from sending sensitive data over corporate email
Restricting access to potentially harmful websites
Which of the following features should the company set up? (Select two).
A security professional discovers a folder containing an employee ' s personal information on the enterprise ' s shared drive. Which of the following best describes the data type the securityprofessional should use to identify organizational policies and standards concerning the storage of employees ' personal information?
A vendor salesperson is a personal friend of a company’s Chief Financial Officer (CFO). The company recently made a large purchase from the vendor, which was directly approved by the CFO. Which of the following best describes this situation?
Prior to implementing a design change, the change must go through multiple steps to ensure that it does not cause any security issues. Which of the following is most likely to be one of those steps?
After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?
Which of the following activities should a systems administrator perform to quarantine a potentially infected system?
A security architect wants to prevent employees from receiving malicious attachments by email. Which of the following functions should the chosen solution do?
An attacker floods an organization ' s VoIP phone system with thousands of requests. This causes legitimate calls to drop or fail to connect. Analysis shows the attacker faked internal extensions to trick users into answering calls and sharing sensitive information. Which of the following types of attacks has the attacker used in this incident? (Select two).
Which of the following metrics impacts the backup schedule as part of the BIA?
Which of the following should be used to prevent changes to system-level data?
An administrator has identified and fingerprinted specific files that will generate an alert if an attempt is made to email these files outside of the organization. Which of the following best describes the tool the administrator is using?
A security officer is implementing a security awareness program and is placing security-themed posters around the building and is assigning online user training. Which of the following would the security officer most likely implement?
Which of the following is a type of vulnerability that refers to the unauthorized installation of applications on a device through means other than the official application store?
A systems administrator wants to use a technical solution to explicitly define file permissions for the entire team. Which of the following should the administrator implement?
A company prepares for an upcoming regulatory audit. The company wants to perform a gap analysis in the most cost-effective way. Which of the following will help the company achieve this goal?
Two companies are in the process of merging. The companies need to decide how to standardize their information security programs. Which of the following would best align the security programs?
Which of the following is used to validate a certificate when it is presented to a user?
A new corporate policy requires all staff to use multifactor authentication to access company resources. Which of the following can be utilized to set up this form of identity and access management? (Select two)
An accountant is transferring information to a bank over FTP. Which of the following mitigations should the accountant use to protect the confidentiality of the data?
At the start of a penetration test, the tester checks OSINT resources for information about the client environment. Which of the following types of reconnaissance is the tester performing?
Employees sign an agreement that restricts specific activities when leaving the company. Violating the agreement can result in legal consequences. Which of the following agreements does this best describe?
Which of the following describes the procedures a penetration tester must follow while conducting a test?
Which of the following outlines the configuration, maintenance, and security roles between a cloud service provider and the customer?
An organization wants to deploy software in a container environment to increase security. Which of the following will limit the organization ' s ability to achieve this goal?
Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?
Which of the following is a common data removal option for companies that want to wipe sensitive data from hard drives in a repeatable manner but allow the hard drives to be reused?
Which of the following elements of digital forensics should a company use If It needs to ensure the integrity of evidence?
Which of the following is a reason why a forensic specialist would create a plan to preserve data after an modem and prioritize the sequence for performing forensic analysis?
A security analyst estimates that a small security incident will cost $10,000 and will occur twice per year. The analyst recommends a budget of $20,000 for next year. Which of the following does the $10,000 represent?
A few weeks after deploying additional email servers, a company begins to receive complaints that messages are going into recipients’ spam folders. Which of the following needs to be updated?
A program manager wants to ensure contract employees can only use the company’s computers Monday through Friday from 9 a.m. to 5 p.m. Which of the following would best enforce this access control?
A company wants to update its disaster recovery plan to include a dedicated location for immediate continued operations if a catastrophic event occurs. Which of the following options is best to include in the disaster recovery plan?
A security engineer needs to analyze the implications of moving proprietary company data from a local server to a public cloud storage service. Which of the following actions should the engineer take first?
An employee clicks a malicious link in an email that appears to be from the company ' s Chief Executive Officer. The employee ' s computer is infected with ransomware that encrypts the company ' s files. Which of the following is the most effective way for the company to prevent similar incidents in the future?
After a series of account compromises and credential misuse, a company hires a security manager to develop a security program. Which of the following steps should the security manager take first to increase security awareness?
An organization experiences a suspected data breach that affects sensitive client information. The incident response team must preserve logs, server images, and email communications related to the breach. Which of the following best describes this course of action?
A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline Which of the following should the analyst use?
An organization wants to ensure the integrity of compiled binaries in the production environment. Which of the following security measures would best support this objective?
A security analyst sees an increase of vulnerabilities on workstations after a deployment of a company group policy. Which of the following vulnerability types will the analyst most likely find on the workstations?
Which of the following agreements defines response time, escalation points, and performance metrics?
A network manager wants to protect the company ' s VPN by implementing multifactor authentication that uses:
. Something you know
. Something you have
. Something you are
Which of the following would accomplish the manager ' s goal?
Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?
Which of the following architectures is most suitable to provide redundancy for critical business processes?