Which of the following security controls is most likely being used when a critical legacy server is segmented into a private network?

A. Deterrent

B. Corrective

C. Compensating

D. Preventive

Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card?

A. Encryption

B. Hashing

C. Masking

D. Tokenization

Which of the following describes the category of data that is most impacted when it is lost?

A. Confidential

B. Public

C. Private

D. Critical

Which of the following security measures is required when using a cloud-based platform for IoT management?

A. Encrypted connection

B. Federated identity

C. Firewall

D. Single sign-on

Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?

A. Reporting structure for the data privacy officer

B. Request process for data subject access

C. Role as controller or processor

D. Physical location of the company

A recent penetration test identified that an attacker could flood the MAC address table of network switches. Which of the following would best mitigate this type of attack?

A. Load balancer

B. Port security

C. IPS

D. NGFW

After conducting a vulnerability scan, a systems administrator notices that one of the identified vulnerabilities is not present on the systems that were scanned. Which of the following describes this example?

A. False positive

B. False negative

C. True positive

D. True negative

An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

A. Smishing

B. Disinformation

C. Impersonating

D. Whaling

To improve the security at a data center, a security administrator implements a CCTV system and posts several signs about the possibility of being filmed. Which of the following best describe these types of controls? (Choose two.)

A. Preventive

B. Deterrent

C. Corrective

D. Directive

E. Compensating

F. Detective

Which of the following should a security operations center use to improve its incident response procedure?

A. Playbooks

B. Frameworks

C. Baselines

D. Benchmarks

Which of the following is a feature of a next-generation SIEM system?

A. Virus signatures

B. Automated response actions

C. Security agent deployment

D. Vulnerability scanning

Which of the following describes an executive team that is meeting in a board room and testing the company's incident response plan?

A. Continuity of operations

B. Capacity planning

C. Tabletop exercise

D. Parallel processing

A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies. Which of the following is the most important consideration during development?

A. Scalability

B. Availability

C. Cost

D. Ease of deployment

Which of the following agreement types defines the time frame in which a vendor needs to respond?

A. SOW

B. SLA

C. MOA

D. MOU

A company is decommissioning its physical servers and replacing them with an architecture that will reduce the number of individual operating systems. Which of the following strategies should the company use to achieve this security requirement?

A. Microservices

B. Containerization

C. Virtualization

D. Infrastructure as code

An important patch for a critical application has just been released, and a systems administrator is identifying all of the systems requiring the patch. Which of the following must be maintained in order to ensure that all systems requiring the patch are updated?

A. Asset inventory

B. Network enumeration

C. Data certification

D. Procurement process

Employees located off-site must have access to company resources in order to complete their assigned tasks. These employees utilize a solution that allows remote access without interception concerns. Which of the following best describes this solution?

A. Proxy server

B. NGFW

C. VPN

D. Security zone

A security analyst is investigating an application server and discovers that software on the server is behaving abnormally. The software normally runs batch jobs locally and does not generate traffic, but the process is now generating outbound traffic over random high ports. Which of the following vulnerabilities has likely been exploited in this software?

A. Memory injection

B. Race condition

C. Side loading

D. SQL injection

A company allows customers to upload PDF documents to its public e-commerce website. Which of the following would a security analyst most likely recommend?

A. Utilizing attack signatures in an IDS

B. Enabling malware detection through a UTM

C. Limiting the affected servers with a load balancer

D. Blocking command injections via a WAF

The Chief Information Security Officer (CISO) has determined the company is non-compliant with local data privacy regulations. The CISO needs to justify the budget request for more resources. Which of the following should the CISO present to the board as the direct consequence of non-compliance?

A. Fines

B. Reputational damage

C. Sanctions

D. Contractual implications

Which of the following methods would most likely be used to identify legacy systems?

A. Bug bounty program

B. Vulnerability scan

C. Package monitoring

D. Dynamic analysis

Which of the following alert types is the most likely to be ignored over time?

A. True positive

B. True negative

C. False positive

D. False negative

Which of the following phases of an incident response involves generating reports?

A. Recovery

B. Preparation

C. Lessons learned

D. Containment

A security analyst developed a script to automate a trivial and repeatable task. Which of the following best describes the benefits of ensuring other team members understand how the script works?

A. To reduce implementation cost

B. To identify complexity

C. To remediate technical debt

D. To prevent a single point of failure

A user would like to install software and features that are not available with a smartphone's default software. Which of the following would allow the user to install unauthorized software and enable new features?

A. SQLi

B. Cross-site scripting

C. Jailbreaking

D. Side loading

Which of the following methods can be used to detect attackers who have successfully infiltrated a network? (Choose two.)

A. Tokenization

B. CI/CD

C. Honeypots

D. Threat modeling

E. DNS sinkhole

F. Data obfuscation

A company is reviewing options to enforce user logins after several account takeovers. The following conditions must be met as part of the solution:
•	Allow employees to work remotely or from assigned offices around the world.
•	Provide a seamless login experience.
•	Limit the amount of equipment required.
Which of the following best meets these conditions?

A. Trusted devices

B. Geotagging

C. Smart cards

D. Time-based logins

Which of the following teams is best suited to determine whether a company has systems that can be exploited by a potential, identified vulnerability?

A. Purple team

B. Blue team

C. Red team

D. White team

An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?

A. Deploy multifactor authentication.

B. Decrease the level of the web filter settings.

C. Implement security awareness training.

D. Update the acceptable use policy.

The executive management team is mandating the company develop a disaster recovery plan. The cost must be kept to a minimum, and the money to fund additional internet connections is not available. Which of the following would be the best option?

A. Hot site

B. Cold site

C. Failover site

D. Warm site

A user downloaded software from an online forum. After the user installed the software, the security team observed external network traffic connecting to the user's computer on an uncommon port. Which of the following is the most likely explanation of this unauthorized connection?

A. The software had a hidden keylogger.

B. The software was ransomware.

C. The user’s computer had a fileless virus.

D. The software contained a backdoor.

After creating a contract for IT contractors, the human resources department changed several clauses. The contract has gone through three revisions. Which of the following processes should the human resources department follow to track revisions?

A. Version validation

B. Version changes

C. Version updates

D. Version control

Easy-to-guess passwords led to an account compromise. The current password policy requires at least 12 alphanumeric characters, one uppercase character, one lowercase character, a password history of two passwords, a minimum password age of one day, and a maximum password age of 90 days. Which of the following would reduce the risk of this incident from happening again? (Choose two.)

A. Increasing the minimum password length to 14 characters.

B. Upgrading the password hashing algorithm from MD5 to SHA-512.

C. Increasing the maximum password age to 120 days.

D. Reducing the minimum password length to ten characters.

E. Reducing the minimum password age to zero days.

F. Including a requirement for at least one special character.

Which of the following security concepts is accomplished with the installation of a RADIUS server?

A. CIA

B. AAA

C. ACL

D. PEM

A software development team asked a security administrator to recommend techniques that should be used to reduce the chances of the software being reverse engineered. Which of the following should the security administrator recommend?

A. Digitally signing the software

B. Performing code obfuscation

C. Limiting the use of third-party libraries

D. Using compile flags

An administrator needs to perform server hardening before deployment. Which of the following steps should the administrator take? (Choose two.)

A. Disable default accounts.

B. Add the server to the asset inventory.

C. Remove unnecessary services.

D. Document default passwords.

E. Send server logs to the SIEM.

F. Join the server to the corporate domain.

Which of the following is a possible factor for MFA?

A. Something you exhibit

B. Something you have

C. Somewhere you are

D. Someone you know

A Chief Information Security Officer would like to conduct frequent, detailed reviews of systems and procedures to track compliance objectives. Which of the following will be the best method to achieve this objective?

A. Third-party attestation

B. Penetration testing

C. Internal auditing

D. Vulnerability scans

A network team segmented a critical, end-of-life server to a VLAN that can only be reached by specific devices but cannot be reached by the perimeter network. Which of the following best describe the controls the team implemented? (Choose two.)

A. Managerial

B. Physical

C. Corrective

D. Detective

E. Compensating

F. Technical

G. Deterrent

Which of the following best describes the risk present after controls and mitigating factors have been applied?

A. Residual

B. Avoided

C. Inherent

D. Operational

A network engineer deployed a redundant switch stack to increase system availability. However, the budget can only cover the cost of one ISP connection. Which of the following best describes the potential risk factor?

A. The equipment MTBF is unknown.

B. The ISP has no SLA.

C. An RPO has not been determined.

D. There is a single point of failure.

A threat actor was able to use a username and password to log in to a stolen company mobile device. Which of the following provides the best solution to increase mobile data security on all employees' company mobile devices?

A. Application management

B. Full disk encryption

C. Remote wipe

D. Containerization

A user, who is waiting for a flight at an airport, logs in to the airline website using the public Wi-Fi, ignores a security warning and purchases an upgraded seat. When the flight lands, the user finds unauthorized credit card charges. Which of the following attacks most likely occurred?

A. Replay attack

B. Memory leak

C. Buffer overflow attack

D. On-path attack

An organization completed a project to deploy SSO across all business applications last year. Recently, the finance department selected a new cloud-based accounting software vendor. Which of the following should most likely be configured during the new software deployment?

A. RADIUS

B. SAML

C. EAP

D. OpenID

A company wants to ensure that the software it develops will not be tampered with after the final version is completed. Which of the following should the company most likely use?

A. Hashing

B. Encryption

C. Baselines

D. Tokenization

During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers. Which of the following describes an attack method that relates to printing centers?

A. Whaling

B. Credential harvesting

C. Prepending

D. Dumpster diving

A security administrator is hardening corporate systems and applying appropriate mitigations by consulting a real-world knowledge base for adversary behavior. Which of the following would be best for the administrator to reference?

A. MITRE ATT&CK

B. CSIRT

C. CVSS

D. SOAR

Which of the following most likely describes why a security engineer would configure all outbound emails to use S/MIME digital signatures?

A. To meet compliance standards

B. To increase delivery rates

C. To block phishing attacks

D. To ensure non-repudiation

An architect has a request to increase the speed of data transfer using JSON requests externally. Currently, the organization uses SFTP to transfer data files. Which of the following will most likely meet the requirements?

A. A website-hosted solution

B. Cloud shared storage

C. A secure email solution

D. Microservices using API

An incident analyst finds several image files on a hard disk. The image files may contain geolocation coordinates. Which of the following best describes the type of information the analyst is trying to extract from the image files?

A. Log data

B. Metadata

C. Encrypted data

D. Sensitive data