Which of the following teams is best suited to determine whether a company has systems that can be exploited by a potential, identified vulnerability?

A. Purple team

B. Blue team

C. Red team

D. White team

Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?

A. Jailbreaking

B. Memory injection

C. Resource reuse

D. Side loading

Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

A. Key stretching

B. Data masking

C. Steganography

D. Salting

An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?

A. Exception

B. Segmentation

C. Risk transfer

D. Compensating controls

A company is required to perform a risk assessment on an annual basis. Which of the following types of risk assessments does this requirement describe?

A. Continuous

B. Ad hoc

C. Recurring

D. One time

A security administrator is performing an audit on a stand-alone UNIX server, and the following message is immediately displayed:
(Error 13): /etc/shadow: Permission denied.
Which of the following best describes the type of tool that is being used?

A. Pass-the-hash monitor

B. File integrity monitor

C. Forensic analysis

D. Password cracker

An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

A. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53

B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

C. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53

D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Choose two.)

A. Application

B. Authentication

C. DHCP

D. Network

E. Firewall

F. Database

The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?

A. Shadow IT

B. Insider threat

C. Data exfiltration

D. Service disruption

A hosting provider needs to prove that its security controls have been in place over the last six months and have sufficiently protected customer data. Which of the following would provide the best proof that the hosting provider has met the requirements?

A. NIST CSF

B. SOC 2 Type 2 report

C. CIS Top 20 compliance reports

D. Vulnerability report

Which of the following best describes a social engineering attack that uses a targeted electronic messaging campaign aimed at a Chief Executive Officer?

A. Whaling

B. Spear phishing

C. Impersonation

D. Identity fraud

A company needs to keep the fewest records possible, meet compliance needs, and ensure destruction of records that are no longer needed. Which of the following best describes the policy that meets these requirements?

A. Security policy

B. Classification policy

C. Retention policy

D. Access control policy

Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?

A. Impact analysis

B. Scheduled downtime

C. Backout plan

D. Change management boards

During a penetration test, a vendor attempts to enter an unauthorized area using an access badge. Which of the following types of tests does this represent?

A. Defensive

B. Passive

C. Offensive

D. Physical

An organization is leveraging a VPN between its headquarters and a branch location. Which of the following is the VPN protecting?

A. Data in use

B. Data in transit

C. Geographic restrictions

D. Data sovereignty

Which of the following describes effective change management procedures?

A. Approving the change after a successful deployment

B. Having a backout plan when a patch fails

C. Using a spreadsheet for tracking changes

D. Using an automatic change control bypass for security updates

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO’s report?

A. Insider threat

B. Hacktivist

C. Nation-state

D. Organized crime

An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?

A. Deploy multifactor authentication.

B. Decrease the level of the web filter settings.

C. Implement security awareness training.

D. Update the acceptable use policy.

Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

A. Risk tolerance

B. Risk transfer

C. Risk register

D. Risk analysis

A coffee shop owner wants to restrict internet access to only paying customers by prompting them for a receipt number. Which of the following is the best method to use given this requirement?

A. WPA3

B. Captive portal

C. PSK

D. IEEE 802.1X

Which of the following methods would most likely be used to identify legacy systems?

A. Bug bounty program

B. Vulnerability scan

C. Package monitoring

D. Dynamic analysis

A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.
SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?

A. Digital forensics

B. E-discovery

C. Incident response

D. Threat hunting

A systems administrator is working on a solution with the following requirements:
• Provide a secure zone.
• Enforce a company-wide access control policy.
• Reduce the scope of threats.
Which of the following is the systems administrator setting up?

A. Zero Trust

B. AAA

C. Non-repudiation

D. CIA

Which of the following describes the maximum allowance of accepted risk?

A. Risk indicator

B. Risk level

C. Risk score

D. Risk threshold

A security engineer is installing an IPS to block signature-based attacks in the environment.
Which of the following modes will best accomplish this task?

A. Monitor

B. Sensor

C. Audit

D. Active

A user would like to install software and features that are not available with a smartphone's default software. Which of the following would allow the user to install unauthorized software and enable new features?

A. SQLi

B. Cross-site scripting

C. Jailbreaking

D. Side loading

A systems administrator deployed a monitoring solution that does not require installation on the endpoints that the solution is monitoring. Which of the following is described in this scenario?

A. Agentless solution

B. Client-based soon

C. Open port

D. File-based solution

A business needs a recovery site but does not require immediate failover. The business also wants to reduce the workload required to recover from an outage. Which of the following recovery sites is the best option?

A. Hot

B. Cold

C. Warm

D. Geographically dispersed

A security analyst locates a potentially malicious video file on a server and needs to identify both the creation date and the file's creator. Which of the following actions would most likely give the security analyst the information required?

A. Obtain the file’s SHA-256 hash.

B. Use hexdump on the file’s contents.

C. Check endpoint logs.

D. Query the file’s metadata.

A user downloaded software from an online forum. After the user installed the software, the security team observed external network traffic connecting to the user's computer on an uncommon port. Which of the following is the most likely explanation of this unauthorized connection?

A. The software had a hidden keylogger.

B. The software was ransomware.

C. The user’s computer had a fileless virus.

D. The software contained a backdoor.

A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work. Which of the following is the best option?

A. Send out periodic security reminders.

B. Update the content of new hire documentation.

C. Modify the content of recurring training.

D. Implement a phishing campaign.

Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule. Which of the following best describes this form of security control?

A. Physical

B. Managerial

C. Technical

D. Operational

A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?

A. Serverless architecture

B. Thin clients

C. Private cloud

D. Virtual machines

A security analyst is investigating a workstation that is suspected of outbound communication to a command-and-control server. During the investigation, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next?

A. IPS

B. Firewall

C. AСL

D. Windows security

A systems administrator would like to create a point-in-time backup of a virtual machine. Which of the following should the administrator use?

A. Replication

B. Simulation

C. Snapshot

D. Containerization

During an annual review of the system design, an engineer identified a few issues with the currently released design. Which of the following should be performed next according to best practices?

A. Risk management process

B. Product design process

C. Design review process

D. Change control process

The Chief Information Security Officer (CISO) has determined the company is non-compliant with local data privacy regulations. The CISO needs to justify the budget request for more resources. Which of the following should the CISO present to the board as the direct consequence of non-compliance?

A. Fines

B. Reputational damage

C. Sanctions

D. Contractual implications

A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks.
Which of the following analysis elements did the company most likely use in making this decision?

A. MTTR

B. RTO

C. ARO

D. MTBF

Which of the following vulnerabilities is exploited when an attacker overwrites a register with a malicious address?

A. VM escape

B. SQL injection

C. Buffer overflow

D. Race condition

Which of the following describes an executive team that is meeting in a board room and testing the company's incident response plan?

A. Continuity of operations

B. Capacity planning

C. Tabletop exercise

D. Parallel processing

Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Choose two.)

A. The device has been moved from a production environment to a test environment.

B. The device is configured to use cleartext passwords.

C. The device is moved to an isolated segment on the enterprise network.

D. The device is moved to a different location in the enterprise.

E. The device’s encryption level cannot meet organizational standards.

F. The device is unable to receive authorized updates.

Which of the following is classified as high availability in a cloud environment?

A. Access broker

B. Cloud HSM

C. WAF

D. Load balancer

Which of the following alert types is the most likely to be ignored over time?

A. True positive

B. True negative

C. False positive

D. False negative

A company wants to implement MFA. Which of the following enables the additional factor while using a smart card?

A. PIN

B. Hardware token

C. User ID

D. SMS

A security administrator would like to protect data on employees’ laptops. Which of the following encryption techniques should the security administrator use?

A. Partition

B. Asymmetric

C. Full disk

D. Database

A security practitioner completes a vulnerability assessment on a company’s network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?

A. Conduct an audit.

B. Initiate a penetration test.

C. Rescan the network.

D. Submit a report.

A company needs to provide administrative access to internal resources while minimizing the traffic allowed through the security boundary. Which of the following methods is most secure?

A. Implementing a bastion host

B. Deploying a perimeter network

C. Installing a WAF

D. Utilizing single sign-on

A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

A. Default credentials

B. Non-segmented network

C. Supply chain vendor

D. Vulnerable software

A security analyst scans a company's public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

A. Changing the remote desktop port to a non-standard number

B. Setting up a VPN and placing the jump server inside the firewall

C. Using a proxy for web connections from the remote desktop server

D. Connecting the remote server to the domain and increasing the password length

A security analyst recently read a report about a flaw in several of the organization's printer models that causes credentials to be sent over the network in cleartext, regardless of the encryption settings. Which of the following would be best to use to validate this finding?

A. Wireshark

B. netcat

C. Nessus

D. Nmap