A security team is addressing a risk associated with the attack surface of the organization's web application over port 443. Currently, no advanced network security capabilities are in place. Which of the following would be best to set up? (Choose two.)

A. NIDS

B. Honeypot

C. Certificate revocation list

D. HIPS

E. WAF

F. SIEM

A company is working with a vendor to perform a penetration test. Which of the following includes an estimate about the number of hours required to complete the engagement?

A. SOW

B. BPA

C. SLA

D. NDA

A security officer is implementing a security awareness program and has placed security-themed posters around the building and assigned online user training. Which of the following will the security officer most likely implement?

A. Password policy

B. Access badges

C. Phishing campaign

D. Risk assessment

Which of the following would be best suited for constantly changing environments?

A. RTOS

B. Containers

C. Embedded systems

D. SCADA

An architect has a request to increase the speed of data transfer using JSON requests externally. Currently, the organization uses SFTP to transfer data files. Which of the following will most likely meet the requirements?

A. A website-hosted solution

B. Cloud shared storage

C. A secure email solution

D. Microservices using API

The author of a software package is concerned about bad actors repackaging and inserting malware into the software. The software download is hosted on a website, and the author exclusively controls the website's contents. Which of the following techniques would best ensure the software's integrity?

A. Input validation

B. Code signing

C. Secure cookies

D. Fuzzing

An administrator is installing an LDAP browser tool in order to view objects in the corporate LDAP directory. Secure connections to the LDAP server are required. When the browser connects to the server, certificate errors are being displayed, and then the connection is terminated. Which of the following is the most likely solution?

A. The administrator should allow SAN certificates in the browser configuration.

B. The administrator needs to install the server certificate into the local truststore.

C. The administrator should request that the secure LDAP port be opened to the server.

D. The administrator needs to increase the TLS version on the organization’s RA.

Which of the following scenarios describes a possible business email compromise attack?

A. An employee receives a gift card request in an email that has an executive’s name in the display field of the email.

B. Employees who open an email attachment receive messages demanding payment in order to access files.

C. A service desk employee receives an email from the HR director asking for log-in credentials to a cloud administrator account.

D. An employee receives an email with a link to a phishing site that is designed to look like the company’s email portal.

A company prevented direct access from the database administrators’ workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?

A. Jump server

B. RADIUS

C. HSM

D. Load balancer

A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

A. Place posters around the office to raise awareness of common phishing activities.

B. Implement email security filters to prevent phishing emails from being delivered.

C. Update the EDR policies to block automatic execution of downloaded programs.

D. Create additional training for users to recognize the signs of phishing attempts.

A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks.
Which of the following analysis elements did the company most likely use in making this decision?

A. MTTR

B. RTO

C. ARO

D. MTBF

Several employees received a fraudulent text message from someone claiming to be the Chief Executive Officer (CEO). The message stated:
“I’m in an airport right now with no access to email. I need you to buy gift cards for employee recognition awards. Please send the gift cards to following email address.”
Which of the following are the best responses to this situation? (Choose two).

A. Cancel current employee recognition gift cards.

B. Add a smishing exercise to the annual company training.

C. Issue a general email warning to the company.

D. Have the CEO change phone numbers.

E. Conduct a forensic investigation on the CEO’s phone.

F. Implement mobile device management.

Which of the following provides the details about the terms of a test with a third-party penetration tester?

A. Rules of engagement

B. Supply chain analysis

C. Right to audit clause

D. Due diligence

Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?

A. Impact analysis

B. Scheduled downtime

C. Backout plan

D. Change management boards

Malware spread across a company's network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?

A. Impersonation

B. Disinformation

C. Watering-hole

D. Smishing

Which of the following is a common data removal option for companies that want to wipe sensitive data from hard drives in a repeatable manner but allow the hard drives to be reused?

A. Sanitization

B. Formatting

C. Degaussing

D. Defragmentation

A user is requesting Telnet access to manage a remote development web server. Insecure protocols are not allowed for use within any environment. Which of the following should be configured to allow remote access to this server?

A. HTTPS

B. SNMPv3

C. SSH

D. RDP

E. SMTP

Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?

A. Client

B. Third-party vendor

C. Cloud provider

D. DBA

A company is reviewing options to enforce user logins after several account takeovers. The following conditions must be met as part of the solution:
•	Allow employees to work remotely or from assigned offices around the world.
•	Provide a seamless login experience.
•	Limit the amount of equipment required.
Which of the following best meets these conditions?

A. Trusted devices

B. Geotagging

C. Smart cards

D. Time-based logins

One of a company's vendors sent an analyst a security bulletin that recommends a BIOS update. Which of the following vulnerability types is being addressed by the patch?

A. Virtualization

B. Firmware

C. Application

D. Operating system

Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

A. Risk tolerance

B. Risk transfer

C. Risk register

D. Risk analysis

A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

A. Open-source intelligence

B. Bug bounty

C. Red team

D. Penetration testing

An organization completed a project to deploy SSO across all business applications last year. Recently, the finance department selected a new cloud-based accounting software vendor. Which of the following should most likely be configured during the new software deployment?

A. RADIUS

B. SAML

C. EAP

D. OpenID

Which of the following physical controls can be used to both detect and deter? (Choose two.)

A. Lighting

B. Fencing

C. Signage

D. Sensor

E. Bollard

F. Lock

Which of the following threat actors is the most likely to be motivated by profit?

A. Hacktivist

B. Insider threat

C. Organized crime

D. Shadow IT

An organization requests a third-party full-spectrum analysis of its supply chain. Which of the following would the analysis team use to meet this requirement?

A. Vulnerability scanner

B. Penetration test

C. SCAP

D. Illumination tool

A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?

A. Hashing

B. Tokenization

C. Encryption

D. Segmentation

During a penetration test, a flaw in the internal PKI was exploited to gain domain administrator rights using specially crafted certificates. Which of the following remediation tasks should be completed as part of the cleanup phase?

A. Updating the CRL

B. Patching the CA

C. Changing passwords

D. Implementing SOAR

Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?

A. To track the status of patching installations

B. To find shadow IT cloud deployments

C. To continuously the monitor hardware inventory

D. To hunt for active attackers in the network

Easy-to-guess passwords led to an account compromise. The current password policy requires at least 12 alphanumeric characters, one uppercase character, one lowercase character, a password history of two passwords, a minimum password age of one day, and a maximum password age of 90 days. Which of the following would reduce the risk of this incident from happening again? (Choose two.)

A. Increasing the minimum password length to 14 characters.

B. Upgrading the password hashing algorithm from MD5 to SHA-512.

C. Increasing the maximum password age to 120 days.

D. Reducing the minimum password length to ten characters.

E. Reducing the minimum password age to zero days.

F. Including a requirement for at least one special character.

A manager receives an email that contains a link to receive a refund. After hovering over the link, the manager notices that the domain's URL points to a suspicious link. Which of the following security practices helped the manager to identify the attack?

A. End user training

B. Policy review

C. URL scanning

D. Plain text email

After creating a contract for IT contractors, the human resources department changed several clauses. The contract has gone through three revisions. Which of the following processes should the human resources department follow to track revisions?

A. Version validation

B. Version changes

C. Version updates

D. Version control

An engineer moved to another team and is unable to access the new team's shared folders while still being able to access the shared folders from the former team. After opening a ticket, the engineer discovers that the account was never moved to the new group. Which of the following access controls is most likely causing the lack of access?

A. Role-based

B. Discretionary

C. Time of day

D. Least privilege

Which of the following agreement types defines the time frame in which a vendor needs to respond?

A. SOW

B. SLA

C. MOA

D. MOU

A bank set up a new server that contains customers' PII. Which of the following should the bank use to make sure the sensitive data is not modified?

A. Full disk encryption

B. Network access control

C. File integrity monitoring

D. User behavior analytics

During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?

A. Analysis

B. Lessons learned

C. Detection

D. Containment

Which of the following can be used to identify potential attacker activities without affecting production servers?

A. Honeypot

B. Video surveillance

C. Zero Trust

D. Geofencing

A utility company is designing a new platform that will host all the virtual machines used by business applications. The requirements include:
•	A starting baseline of 50% memory utilization
•	Storage scalability
•	Single circuit failure resilience
Which of the following best meets all of these requirements?

A. Connecting dual PDUs to redundant power supplies

B. Transitioning the platform to an IaaS provider

C. Configuring network load balancing for multiple paths

D. Deploying multiple large NAS devices for each host

Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Choose two.)

A. The device has been moved from a production environment to a test environment.

B. The device is configured to use cleartext passwords.

C. The device is moved to an isolated segment on the enterprise network.

D. The device is moved to a different location in the enterprise.

E. The device’s encryption level cannot meet organizational standards.

F. The device is unable to receive authorized updates.

A security administrator is working to secure company data on corporate laptops in case the laptops are stolen. Which of the following solutions should the administrator consider?

A. Disk encryption

B. Data loss prevention

C. Operating system hardening

D. Boot security

During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization’s network. Which of the following fulfills this request?

A. access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32

B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0

C. access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0

D. access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

A. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53

B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

C. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53

D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

After reviewing the following vulnerability scanning report:
 
A security analyst performs the following test:
 
Which of the following would the security analyst conclude for this reported vulnerability?

A. It is a false positive.

B. A rescan is required.

C. It is considered noise.

D. Compensating controls exist.

An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a “page not found” error message. Which of the following types of social engineering attacks occurred?

A. Brand impersonation

B. Pretexting

C. Typosquatting

D. Phishing

Which of the following would be the best way to handle a critical business application that is running on a legacy server?

A. Segmentation

B. Isolation

C. Hardening

D. Decommissioning

A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?

A. Accept

B. Transfer

C. Mitigate

D. Avoid

A security analyst developed a script to automate a trivial and repeatable task. Which of the following best describes the benefits of ensuring other team members understand how the script works?

A. To reduce implementation cost

B. To identify complexity

C. To remediate technical debt

D. To prevent a single point of failure

After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?

A. Group Policy

B. Content filtering

C. Data loss prevention

D. Access control lists

Employees located off-site must have access to company resources in order to complete their assigned tasks. These employees utilize a solution that allows remote access without interception concerns. Which of the following best describes this solution?

A. Proxy server

B. NGFW

C. VPN

D. Security zone

A systems administrator notices that the research and development department is not using the company VPN when accessing various company-related services and systems. Which of the following scenarios describes this activity?

A. Espionage

B. Data exfiltration

C. Nation-state attack

D. Shadow IT