351. An air traffic controller receives a change to the flight plan for an aircraft in the morning over the telephone. The air traffic controller compares the change with what appears on the radar and realizes that the information is incorrect. As a result, the air traffic controller can prevent an event.
Which of the following of the following examples is this scenario based on?
381. An organization decided not to put controls in place because of the high cost of implementing the controls compared to the cost of a potential fine.
Which of the following risk management strategies is the organization following?
347. An organization recently completed a security control assessment The organization determined some controls did not meet the existing security measures. Additional mitigations are needed to lessen the risk of the non-complaint controls.
Which of the following best describes these mitigations?
364. Several users have been violating corporate security policy by accessing inappropriate Sites on corporate-issued mobile devices while off campus. The senior leadership team wants all mobile devices to be hardened with controls that:
Limit the sites that can be accessed. Only allow access to internal resources while physically on campus. Restrict employees from downloading images from company email Whip of the following controls would best address this situation? (Select two).
400. A company has installed badge readers for building access, but discovers that unauthorized persons are unauthorized persons are in the corridors. What is the most likely cause?
370. A penetration tester was able to compromise a host using previously captured network traffic.
Which of the following is the result of this action?
346. An organization wants to secure a LAN/WLAN so users can authenticate and transport data securely. The solution needs to prevent on-path attacks and evil twin attacks.
Which of the following will best meet the organization's need?
410. Which Of the following will provide the best physical security countermeasures to Stop intruders?
(Select two).
385. Cloud security engineers are planning to allow and deny access to specific features in order to increase data security. Which of the following cloud features is the most appropriate to ensure access is granted properly?
393. A systems administrator is required to enforce MFA for corporate email account access, relying on the possession factor.
Which of the following authentication methods should the systems administrator choose? (Select two).
335. Which of the following should a Chief Information Security Officer consider using to take advantage of industry standard guidelines?
362. A Security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their devices, the following requirements must be met: Mobile device OSs must be patched up to the latest release. A screen lock must be enabled (passcode or biometric). Corporate data must be removed if the device is reported lost or stolen. Which of the following controls should the security engineer configure? (Select two).
384. A security architect is designing a remote access solution for a business partner. The business partner needs to access one Linux server at the company. The business partner wants to avid managing a password for authentication and additional software installation.
Which of the following should the architect recommend?
407. An annual information security has revealed that several OS-level configurations are not in compliance due to Outdated hardening standards the company is using.
Which Of the following would be best to use to update and reconfigure the OS.level security configurations?
396. Security analysts notice a server login from a user who has been on vacation for two weeks, The analysts confirm that the user did not log in to the system while on vacation After reviewing packet capture the analysts notice the following:
Which of the following occurred?
398. Which of the following best ensures minimal downtime for organizations with critical computer systems in earthquake-prone areas?
354. A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the company's mobile application. After reviewing the back-end server logs, the security analyst finds the following entries:
Which of the following is the most likely cause of the security control bypass?
372. The application development team is in the final stages of developing a new healthcare application. The team has requested copies of current PHI records to perform the final testing.
Which of the following would be the best way to safeguard this information without impeding the testing process?
333. A security team is providing input on the design of a secondary data center that has the following requirements:
- Anatural disaster at the primary site should not affect the secondary site. The secondary site should have the capability for failover during traffic surge situations.
- The secondary site must m eet the same physical security requirements as the primary site. The secondary site must provide pro tection against power surges and outages.
Which of the following should the security team recommend? (Select two).
360. A security engineer is investigating a penetration test report that states the company website is vulnerable to a web application attack. While checking the web logs from the time of the test, the engineer notices several invalid web form submissions using an unusual address:
"SELECT* FROM customername".
Which of the following is most likely being attempted?
402. An organization is repairing damage after an incident. Which Of the following controls is being
implemented?
373. The alert indicates an attacker entered thousands of characters into the text box of a web form. The web form was intended for legitimate customers to enter their phone numbers.
Which of the attacks has most likely occurred?
353. A security analyst needs to recommend a solution that will allow current Active Directory accounts and groups to be used for access controls on both network and remote-access devices.
Which of the following should the analyst recommend? (Select two).
382. Which of the following is the correct order of evidence from most to least volatile in forensic analysis?
411. Two organizations are discussing a possible merger Both Organizations Chief Fi-nancial Officers would like to safely share payroll data with each Other to de-termine if the pay scales for different roles are similar at both organizations.
Which Of the following techniques would be best to protect employee data while allowing the companies to successfully share this information?
392. Which of the following roles is responsible for defining the protection type and Classification type for a given set of files?
363. A security analyst received the following requirements for the deployment of a security camera
solution:
- The cameras must be viewable by the on-site security guards.
- The cameras must be able to communicate with the video storage server.
- The cameras must have the time synchronized automatically.
- The cameras must not be reachable directly via the internet.
- The servers for the cameras and video storage must be available for remote maintenance via the company VPN.
Which of the following should the security analyst recommend to securely meet the remote connectivity requirements?
359. A security administrator is using UDP port 514 to send a syslog through an unsecure network to the SIEM server. Which of the following is the best way for the administrator to improve the process?
413. Which Of the following vulnerabilities is exploited an attacker Overwrite a reg-ister with a malicious address that changes the execution path?
340. A security engineer updated an application on company workstations. The application was running before the update, but it is no longer launching successfully.
Which of the following most likely needs to be updated?
355. A security analyst is assisting a team of developers with best practices for coding. The security analyst would like to defend against the use of SQL injection attacks. Which of the following should the security analyst recommend first?
406. A company wants to build a new website to sell products online. The website wd I host a storefront application that allow visitors to add products to a shopping cart and pay for products using a credit card.
Which Of the following protocols ftf ould be most secure to implement?
404. Which Of the following is a primary security concern for a setting up a BYOD program?
376.
357. Security engineers are working on digital certificate management with the top priority of making administration easier. Which of the following certificates is the best option?
416. Which of the following types of controls is a turnstile?
342. A company recently completed the transition from data centers to the cloud. Which of the following solutions will best enable the company to detect security threats in applications that run in isolated environments within the cloud environment?
341. A user is trying unsuccessfully to send images via SMS. The user downloaded the images from a corporate email account on a work phone.
Which of the following policies is preventing the user from completing this action?
409. A government organization is developing an advanced Al defense system. Develop-ers are using information collected from third-party providers Analysts are no-ticing inconsistencies in the expected powers Of then learning and attribute the Outcome to a recent attack on one of the suppliers.
Which of the following IS the most likely reason for the inaccuracy of the system?
365. A security team is conducting a security review of a hosted data provider. The management team has asked the hosted data provider to share proof that customer data is being appropriately protected. Which of the following would provide the best proof that customer data is being protected?
343. A manager for the development team is concerned about reports showing a common set of vulnerabilities. The set of vulnerabilities is present on almost all of the applications developed by the team.
Which of the following approaches would be most effective for the manager to use to address this issue?
401. Which of the following measures ensures non-repudiation during a forensic examination?
forensic investigation?
375. A network security manager wants to implement periodic events that will test the security team's preparedness for incidents in a controlled and scripted manner, Which of the following concepts describes this scenario?
414. Which of the following automation use cases would best enhance the security posture Of an organization by rapidly updating permissions when employees leave a company Or change job roles internally?
418. Which of the following will increase cryptographic security?
387. A security analyst is investigating what appears to be unauthorized access to a corporate web application. The security analyst reviews the web server logs and finds the following entries:
Which of the following password attacks is taking place?
338.
349. An analyst is working on an investigation with multiple alarms for multiple hosts. The hosts show signs that they have been compromised by a fast-spreading worm.
Which of the following should be the next step to stop the spread?
412. A company wants the ability to restrict web access and monitor the websites that employees visit.
Which Of the following would best meet these requirements?
408. Which Of the following is the best method for ensuring non-repudiation?
350. Which of the following best describes a tool used by an organization to identitfy, log, and track any potential risks and corresponding risk information?
378. A backup operator wants to perform a backup to enhance the RTO and RPO in a highly time- and storage-efficient way that has no impact on production systems.
Which of the following backup types should the operator use?
371. An organization needs to implement more stringent controls over administrator/root credentials and service accounts. Requirements for the project include:
* Check-in/checkout of credentials
* The ability to use but not know the password
* Automated password changes
* Logging of access to credentials
Which of the following solutions would meet the requirements?
377. An engineer wants to inspect traffic to a cluster of web servers in a cloud environment.
Which of the following solutions should the engineer implement? (Select two).
403. A research company discovered that an unauthorized piece of software has been detected on a small number of machines in its lab The researchers collaborate with other machines using port 445 and on the internet using port 443 The unau-thorized software is starting to be seen on additional machines outside of the lab and is making outbound communications using HTTPS and SMS. The security team has been instructed to resolve the issue as quickly as possible while causing minimal disruption to the researchers.
Which of the following is the best course Of action in this scenario?
399. An audit has revealed that PII (Personally Identifiable Information) is being used in the development development environment of a critical application. The Chief Privacy Officer (CPO) insists that this data must be removed. However, the developers are concerned that without real data, they cannot perform functionality tests and search for specific data.
search for specific data. Which one should a security professional implement to meet both the requirements of both the CPO and the development team?
379. A company is developing a new initiative to reduce insider threats. Which of the following should the company focus on to make the greatest impact?
391. An organization has hired a security analyst to perform a penetration test The analyst captures 1Gb worth of inbound network traffic to the server and transfers the pcap back to the machine for analysis.
Which of the following tools should the analyst use to further review the pcap?
337. A systems integrator is installing a new access control system for a building. The new system will need to connect to the Company's AD server In order to validate current employees.
Which of the following should the systems integrator configure to be the most secure?
386. A building manager is concerned about people going in and out of the office during non-working hours.
Which of the following physical security controls would provide the best solution?
356. An employee's company email is configured with conditional access and requires that MFA is enabled and used. An example of MFA is a phone call and:
352. A company has numerous employees who store PHI data locally on devices. The Chief Information Officer wants to implement a solution to reduce external exposure of PHI but not affect the business. The first step the IT team should perform is to deploy a DLP solution:
397. Which of the following terms should be included in a contract to help a company monitor the ongoing security maturity Of a new vendor?
348. A contractor overhears a customer recite their credit card number during a confidential phone call. The credit card Information is later used for a fraudulent transaction. Which of the following social engineering techniques describes this scenario?
345. A security administrator would like to ensure all cloud servers will have software preinstalled for facilitating vulnerability scanning and continuous monitoring. Which of the following concepts should the administrator utilize?
361. A security analyst is investigating network issues between a workstation and a company server.The workstation and server occasionally experience service disruptions, and employees are forced to reconnect to the server. In addition, some reports indicate sensitive information is being eaked from the server to the public. The workstation IP address is 192.168.1.103, and the server IP address is 192.168.1.101. The analyst runs arp -a On a separate workstation and obtains the following results:
Which of the following is most likely occurring?
388. A network penetration tester has successfully gained access to a target machine.
Which of the following should the penetration tester do next?
419. Which of the following cloud models provides clients with servers, storage, and networks but nothing else?
380. Security analysts have noticed the network becomes flooded with malicious packets at specific times of the day. Which of the following should the analysts use to investigate this issue?
420. A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly Which of the following technologies should the IT manager use when implementing MFA?
390. A web architect would like to move a company's website presence to the cloud. One of the management team's key concerns is resiliency in case a cloud provider's data center or network connection goes down.
Which of the following should the web architect consider to address this concern?
417. A company's help desk has received calls about the wireless network being down and users being unable to connect to it The network administrator says all access points are up and running One of the help desk technicians notices the affected users are working in a building near the parking lot.
Which of the following is the most likely reason for the outage?
339. During a recent cybersecurity audit, the auditors pointed out various types of various types of vulnerabilities in the production area. The hardware in the production area runs applications that are important for production.
Which of the of the following describes what the company should do first to reduce the risk to the production hardware?
331. An attacker is targeting a company. The attacker notices that the company's employees frequently access a particular website. The attacker decides to infect the website with malware and hopes the employees' devices will also become infected.
Which of the following techniques is the attacker using?
369. Which of the following would be best to ensure data is saved to a location on a server, is easily scaled, and is centrally monitored?
344. A company is focused on reducing risks from removable media threats. Due to certain primary applications, removable media cannot be entirely prohibited at this time.
Which of the following best describes the company's approach?
A security manager is attempting to meet multiple security objectives in the next fiscal year. The
security manager has proposed the purchase of the following four items:
Vendor A:
1- Firewall
1-12 switch
Vendor B:
1- Firewall
1-12 switch
Which of the following security objectives is the security manager attempting to meet? (Select two).
389. A security analyst is currently addressing an active cyber incident. The analyst has been able to identify affected devices that are running a malicious application with a unique hash.
Which of the following is the next step according to the incident response process?
358. A company policy requires third-party suppliers to self-report data breaches within a specific time frame.
Which of the following third-party risk management policies is the company complying with?
383. Which of the following is constantly scanned by internet bots and has the highest risk of attack in the case of the default configurations?
395. A company's help desk has received calls about the wireless network being down and users being unable to connect to it. The network administrator says all access pcints are up and running. One of the help desk technicians notices the affected users are working in a near the parking Jot.
Which Of the following IS the most likely reason for the outage?
367. Which of the following would most likely include language prohibiting end users from accessing personal email from a company device?
332. While performing a threat-hunting exercise, a security analyst sees some unusual behavior occurring in an application when a user changes the display name. The security analyst decides to perform a static code analysis and receives the following pseudocode:
Which of the following attack types best describes the root cause of the unusual behavior?
A company is moving to new location. The systems administrator has provided the following server
room requirements to the facilities staff:
- Consistent power levels in case of brownouts or voltage spikes
- A minimum of 30 minutes runtime following a power outage
- Ability to trigger graceful shutdowns of critical systems.
Which of the following would BEST meet the requirements?
415. A large retail store's network was breached recently. and this news was made public. The Store did not lose any intellectual property, and no customer information was stolen. Although no fines were incurred as a result, the Store lost revenue after the breach. Which of the following is the most likely reason for this issue?
394. During an assessment, a systems administrator found several hosts running FTP and decided to immediately block FTP communications at the firewall.
Which of the following describes the greatest risk associated with using FTP?
334. An account was disabled atter several failed and successful login connections were made from various parts of the Word at various times. A security analysts investigating the issue.
Which of the following account policies has most likely triggered the deactivation action.
374. A security administrator recently used an internal CA to issue a certificate to a public application. A user tries to reach the application but receives a message stating, "Your connection is not private."
Which of the following is the best way to fix this issue?
405. A security analyst is taking part in an evaluation process that analyzes and categorizes threat actors Of real-world events in order to improve the incident response team's process.
Which Of the following is the analyst most likely participating in?
368. Which of the following describes software on network hardware that needs to be updated on a routine basis to help address possible vulnerabilities?