A company wants the ability to restrict web access and monitor the websites that employees visit. Which of the following would best meet these requirements?

A. Internet proxy

B. VPN

C. WAF

D. Firewall

A network administrator is concerned about users being exposed to malicious content when accessing company cloud applications. The administrator wants to be able to block access to sites based on the AUP. The users must also be protected because many of them work from home or at remote locations, providing on-site customer support. Which of the following should the administrator employ to meet these criteria?

A. Implement NA

B. Implement an SW

C. Implement a URL filter.

D. Implement an MDM.

A Chief Information Security officer wants to ensure the organization is validating and checking the integrity of zone transfers. Which of the following solutions should be implemented?

A. DNSSEC

B. LDAPS

C. NGFW

D. DLP

A public relations team will be taking a group of guests on a tour through the facility of a large e- commerce company. The day before the tour, the company sends out an email to employees to ensure all whiteboards are cleaned and all desks are cleared. The company is MOST likely trying to protect against:

A. loss of proprietary information.

B. damage to the company’s reputation.

C. social engineering.

D. credential exposure.

Which of the following best describes an environment where a business owns the application and operating system but requires the resources to host them in the cloud?

A. IaaS

B. XaaS

C. PaaS

D. SaaS

A company is moving its retail website to a public cloud provider. The company wants to tokenize credit card data but not allow the cloud provider to see the stored credit card information. Which of the following would BEST meet these objectives?

A. WAF

B. CASB

C. VPN

D. TLS

While troubleshooting service disruption on a mission-critical server, a technician discovered the user account that was configured to run automated processes was disabled because the user s password failed to meet password complexity requirements. Which of the following would be the best solution to securely prevent future issues?

A. Using an administrator account to run the processes and disabling the account when it is not in use

B. Implementing a shared account the team can use to run automated processes

C. configuring a service account to run the processes

D. Removing the password complexity requirements for the user account

An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer map the existing controls? (Choose two.)

A. ISO

B. PCIDSS

C. SOC

D. GDPR

E. CSA

F. NIST

An organization is outlining data stewardship roles and responsibilities. Which of the following employee roles would determine the purpose of data and how to process it?

A. Data custodian

B. Data controller

C. Data protection officer

D. Data processor

Which of the following risk management strategies would an organization use to maintain a legacy system with known risks for operational purposes?

A. Acceptance

B. Transference

C. Avoidance

D. Mitigation

A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident. The systems administrator has just informed investigators that other log files are available for review. Which of the following did the administrator most likely configure that will assist the investigators?

A. Memory dumps

B. The syslog server

C. The application logs

D. The log retention policy

Following a recent security breach, an analyst discovered that user permissions were added when joining another part of the organization but were not removed from existing groups. Which of the following policies would help to correct these issues in the future?

A. Service accounts

B. Account audits

C. Password complexity

D. Lockout policy

An employee who is using a mobile device for work, is required to use a fingerprint to unlock the device. Which of the following is this an example of?

A. Something you know

B. Something you are

C. Something you have

D. Somewhere you are

Which of the following best describes a legal hold?

A. It occurs during litigation and requires retention of both electronic and physical documents.

B. It occurs during a risk assessment and requires retention of risk-related documents.

C. It occurs during incident recovery and requires retention of electronic documents.

D. It occurs during a business impact analysis and requires retention of documents categorized as personally identifiable information.

A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area.
Which of the following would MOST likely have prevented this breach?

A. A firewall

B. A device pin

C. A USB data blocker

D. Biometrics

Which of the following terms should be included in a contract to help a company monitor the ongoing security maturity of a new vendor?

A. A right-to-audit clause allowing for annual security audits

B. Requirements for event logs to be kept for a minimum of 30 days

C. Integration of threat intelligence in the company’s AV

D. A data-breach clause requiring disclosure of significant data loss

During a security assessment, a security analyst finds a file with overly permissive permissions. Which of the following tools will allow the analyst to reduce the permissions for the existing users and groups and remove the set-user-ID bit from the file?

A. ls

B. ch flags

C. chmod

D. lsof

E. setuid

Which of the following secure application development concepts aims to block verbose error messages from being shown in a user's interface?

A. OWASP

B. Obfuscation/camou age

C. Test environment

D. Prevention of information exposure

Two hospitals merged into a single organization. The privacy officer requested a review of all records to ensure encryption was used during record storage, in compliance with regulations. During the review, the officer discovered that medical diagnosis codes and patient names were left unsecured. Which of the following types of data does this combination BEST represent?

A. Personal health information

B. Personally identifiable information

C. Tokenized data

D. Proprietary data

A user wanted to catch up on some work over the weekend but had issues logging in to the corporate network using a VPN. On Monday, the user opened a ticket for this issue but was able to log in successfully. Which of the following BEST describes the policy that is being implemented?

A. Time-based logins

B. Geofencing

C. Network location

D. Password history

A company needs tofficentralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective?

A. Security information and event management

B. A web application firewall

C. A vulnerability scanner

D. A next-generation firewall

An organization's corporate offices were destroyed due to a natural disaster, so the organization is now setting up offices in a temporary work space. Which of the following will the organization most likely consult?

A. The business continuity plan

B. The risk management plan

C. The communication plan

D. The incident response plan

A security investigation revealed that malicious software was installed on a server using a server administrator's credentials. During the investigation, the server administrator explained that Telnet was regularly used to log in. Which of the following most likely occurred?

A. A spraying attack was used to determine which credentials to use

B. A packet capture tool was used to steal the password

C. A remote-access Trojan was used to install the malware

D. A dictionary attack was used to log in as the server administrator

A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the best mitigation strategy to prevent this from happening in the future?

A. User training

B. CASB

C. MDM

D. EDR

Which of the following is the FIRST environment in which proper, secure coding should be practiced?

A. Stage

B. Development

C. Production

D. Test

Which of the following ensures an organization can continue to do business with minimal interruption in the event of a major disaster?

A. Business recovery plan

B. Incident response plan

C. Communication plan

D. Continuity of operations plan

Business partners are working on a security mechanism to validate transactions securely. The requirement is for one company to be responsible for deploying a trusted solution that will register and issue artifacts used to sign, encrypt, and decrypt transaction files. Which of the following is the BEST solution to adopt?

A. PKI

B. Blockchain

C. SAML

D. OAuth

A network administrator would like to configure a site-to-site VPN utilizing IPSec. The administrator wants the tunnel to be established with data integrity, encryption, authentication, and anti-replay functions. Which of the following should the administrator use when configuring the VPN?

A. AH

B. EDR

C. ESP

D. DNSSEC

An employee receives an email stating the employee won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm employee's identity before sending the prize. Which of the following best describes this type of email?

A. Spear phishing

B. Whaling

C. Phishing

D. Vishing

Which of the following threat vectors would appear to be the most legitimate when used by a malicious actor to impersonate a company?

A. Phone call

B. Instant message

C. Email

D. Text message

Which of the following is a known security risk associated with data archives that contain financial information?

A. Data can become a liability if archived longer than required by regulatory guidance.

B. Data must be archived off-site to avoid breaches and meet business requirements.

C. Companies are prohibited from providing archived data to e-discovery requests.

D. Unencrypted archives should be preserved as long as possible and encrypted.

An organization suffered numerous multiday power outages at its current location. The Chief Executive officer wants to create a disaster recovery strategy to resolve this issue. Which of the following options offer low-cost solutions? (Choose two.)

A. Warm site

B. Generator

C. Hot site

D. Cold site

E. Cloud backups

F. UPS

An organization just experienced a major cyberattack incident. The attack was well coordinated, sophisticated, and highly skilled. Which of the following targeted the organization?

A. Shadow IT

B. An insider threat

C. A hacktivist

D. An advanced persistent threat

Historically, a company has had issues with users plugging in personally owned removable media devices into corporate computers. As a result, the threat of malware incidents is almost constant. Which of the following would best help prevent the malware from being installed on the computers?

A. AUP

B. NGFW

C. DLP

D. EDR

Which of the following can a security director use to prioritize vulnerability patching within a company's IT environment?

A. SOAR

B. CVSS

C. SIEM

D. CVE

Which of the following best describes the process of adding a secret value to extend the length of stored passwords?

A. Hashing

B. Quantum communications

C. Salting

D. Perfect forward secrecy

Which of the following is the MOST effective control against zero-day vulnerabilities?

A. Network segmentation

B. Patch management

C. Intrusion prevention system

D. Multiple vulnerability scanners

While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network switches. Which of the following is the security analyst MOST likely observing?

A. SNMP traps

B. A Telnet session

C. An SSH connection

D. SFTP traffic

Unauthorized devices have been detected on the internal network. The devices' locations were traced to Ethernet ports located in conference rooms. Which of the following would be the best technical controls to implement to prevent these devices from accessing the internal network?

A. NAC

B. DLP

C. IDS

D. MFA

During an investigation, events from two affected servers in the same subnetwork occurred at the same time:
Server 1: 192.168.10.1 [01/Apr/2021:06:00:00 PST] SAN access denied for user 'admin' Server 2: 192.168.10.6 [01/Apr/2021:06:01:01 CST] SAN access successful for user 'admin'
Which of the following should be consistently configured to prevent the issue seen in the logs?

A. Geolocation

B. TOTP

C. NTP

D. MFA

A Chief Security officer is looking for a solution that can reduce the occurrence of customers receiving errors from back-end infrastructure when systems go offline unexpectedly. The security architect would like the solution to help maintain session persistence. Which of the following would BEST meet the requirements?

A. Reverse proxy

B. NIC teaming

C. Load balancer

D. Forward proxy

Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day to-day work activities?

A. Encrypted

B. Intellectual property

C. Critical

D. Data in transit

A security analyst is evaluating the risks of authorizing multiple security solutions to collect data from the company's cloud environment. Which of the following is an immediate consequence of these integrations?

A. Non-compliance with data sovereignty rules

B. Loss of the vendors interoperability support

C. Mandatory deployment of a SIEM solution

D. Increase in the attack surface

A company wants to begin taking online orders for products but has decided to outsource payment processing to limit risk. Which of the following best describes what the company should request from the payment processor?

A. ISO 27001 certi cation documents

B. Proof of PCI DSS compliance

C. A third-party SOC 2 Type 2 report

D. Audited GDPR policies

Which of the following should customers who are involved with UI developer agreements be concerned with when considering the use of these products on highly sensitive projects?

A. Weak configurations

B. Integration activities

C. Unsecure user accounts

D. Outsourced code development

A security team received the following requirements for a new BYOD program that will allow employees to use personal smartphones to access business email:
· Sensitive customer data must be safeguarded.
· Documents from managed sources should not be opened in unmanaged destinations.
· Sharing of managed documents must be disabled.
· Employees should not be able to download emailed images to their devices.
· Personal photos and contact lists must be kept private.
· IT must be able to remove data from lost/stolen devices or when an employee no longer works for the company.
Which of the following are the best features to enable to meet these requirements? (Choose two.)

A. Remote wipe

B. VPN connection

C. Biometric authentication

D. Device location tracking

E. Geofencing

F. Application approve list

An organization recently released a software assurance policy that requires developers to run code scans each night on the repository. After the first night, the security team alerted the developers that more than 2,000 findings were reported and need to be addressed. Which of the following is the MOST likely cause for the high number of findings?

A. The vulnerability scanner was not properly configured and generated a high number of false positives.

B. Third-party libraries have been loaded into the repository and should be removed from the codebase.

C. The vulnerability scanner found several memory leaks during runtime, causing duplicate reports for the same issue.

D. The vulnerability scanner was not loaded with the correct benchmarks and needs to be updated.

An information security manager for an organization is completing a PCI DSS self-assessment for the first time. Which of the following is the MOST likely reason for this type of assessment?

A. An international expansion project is currently underway.

B. Outside consultants utilize this tool to measure security maturity.

C. The organization is expecting to process credit card information.

D. A government regulator has requested this audit to be completed.

Which of the following organizations sets frameworks and controls for optimal security configuration on systems?

A. ISO

B. GDPR

C. PCI DSS

D. NIST

Local guidelines require that all information systems meet a minimum security baseline to be compliant. Which of the following can security administrators use to assess their system configurations against the baseline?

A. SOAR playbook

B. Security control matrix

C. Risk management framework

D. Benchmarks