Which of the following precautions MINIMIZES the risk from network attacks directed at multifunction printers, as well as the impact on functionality at the same time?

A. Isolating the systems using VLANs

B. Installing a software-based IPS on all devices

C. Enabling full disk encryption

D. Implementing a unique user PIN access functions

Which of the following uses tokens between the identity provider and the service provider to authenticate and authorize users to resources?

A. RADIUS

B. SSH

C. OAuth

D. MSCHAP

Given the output:
 
Which of the following account management practices should the security engineer use to mitigate the identified risk?

A. Implement least privilege

B. Eliminate shared accounts.

C. Eliminate password reuse.

D. Implement two-factor authentication

An incident responder is preparing to acquire images and files from a workstation that has been compromised. The workstation is still powered on and running.
Which of the following should be acquired LAST?

A. Application files on hard disk

B. Processor cache

C. Processes in running memory

D. Swap space

The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality.
Which of the following equipment MUST be deployed to guard against unknown threats?

A. Cloud-based antivirus solution, running as local admin, with push technology for definition updates

B. Implementation of an off-site datacenter hosting all company data, as well as deployment of VDI for all client computing needs

C. Host-based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs

D. Behavior-based IPS with a communication link to a cloud-based vulnerability and threat feed

An internal intranet site is required to authenticate users and restrict access to content to only those who are authorized to view it. The site administrator previously encountered issues with credential spoofing when using the default NTLM setting and wants to move to a system that will be more resilient to replay attacks. Which of the following should the administrator implement?

A. NTLMv2

B. TACACS+

C. Kerberos

D. Shibboleth

A group of developers is collaborating to write software for a company. The developers need to work in subgroups and control who has access to their modules.
Which of the following access control methods is considered user-centric?

A. Time-based

B. Mandatory

C. Rule-based

D. Discretionary

Which of the following serves to warn users against downloading and installing pirated software on company devices?

A. AUP

B. NDA

C. ISA

D. BPA

In a lessons-learned report, it is suspected that a well-organized, well-funded, and extremely sophisticated group of attackers may have been responsible for a breach at a nuclear facility. Which of the following describes the type of actors that may have been implicated?

A. Nation-state

B. Hacktivist

C. Insider

D. Competitor

Upon learning about a user who has reused the same password for the past several years, a security specialist reviews the logs. The following is an extraction of the report after the most recent password change requirement:
 
Which of the following security controls is the user's behavior targeting?

A. Password expiration

B. Password history

C. Password complexity

D. Password reuse

A network administrator was concerned during an audit that users were able to use the same passwords the day after a password change policy took effect. The following settings are in place:
✑ Users must change their passwords every 30 days.
Users cannot reuse the last 10 passwords.
 
Which of the following settings would prevent users from being able to immediately reuse the same passwords?

A. Minimum password age of five days

B. Password history of ten passwords

C. Password length greater than ten characters

D. Complex passwords must be used

A small enterprise decides to implement a warm site to be available for business continuity in case of a disaster. Which of the following BEST meets its requirements?

A. A fully operational site that has all the equipment in place and full data backup tapes on site

B. A site used for its data backup storage that houses a full-time network administrator

C. An operational site requiring some equipment to be relocated as well as data transfer to the site

D. A site staffed with personnel requiring both equipment and data to be relocated there in case of disaster.

A company moved into a new building next to a sugar mill. Cracks have been discovered in the walls of the server room, which is located on the same side as the sugar mill loading docks. The cracks are believed to have been caused by heavy trucks. Moisture has begun to seep into the server room, causing extreme humidification problems and equipment failure. Which of the following BEST describes the type of threat the organization faces?

A. Foundational

B. Man-made

C. Environmental

D. Natural

After a systems administrator installed and configured Kerberos services, several users experienced authentication issues. Which of the following should be installed to resolve these issues?

A. RADIUS server

B. NTLM service

C. LDAP service

D. NTP server

Which of the following specifically describes the exploitation of an interactive process to access otherwise restricted areas of the OS?

A. Privilege escalation

B. Pivoting

C. Process affinity

D. Buffer overflow

Which of the following BEST explains `likelihood of occurrence`?

A. The chance that an event will happen regardless of how much damage it may cause

B. The overall impact to the organization once all factors have been considered

C. The potential for a system to have a weakness or flaw that might be exploited

D. The probability that a threat actor will target and attempt to exploit an organization’s systems

While reviewing the wireless router, the systems administrator of a small business determines someone is spoofing the MAC address of an authorized device.
Given the table below:
 
Which of the following should be the administrator's NEXT step to detect if there is a rogue system without impacting availability?

A. Conduct a ping sweep.

B. Physically check each system.

C. Deny Internet access to the ג€UNKNOWNג€ hostname.

D. Apply MAC filtering.

The IT department needs to prevent users from installing untested applications.
Which of the following would provide the BEST solution?

A. Job rotation

B. Least privilege

C. Account lockout

D. Antivirus

A security researcher is tracking an adversary by noting its attacks and techniques based on its capabilities, infrastructure, and victims. Which of the following is the researcher MOST likely using?

A. The Diamond Model of Intrusion Analysis

B. The Cyber Kill Chain

C. The MITRE CVE database

D. The incident response process

Which of the following threats has sufficient knowledge to cause the MOST danger to an organization?

A. Competitors

B. Insiders

C. Hacktivists

D. Script kiddies

A Chief Information Officer (CIO) is concerned that encryption keys might be exfiltrated by a contractor. The CIO wants to keep control over key visibility and management. Which of the following would be the BEST solution for the CIO to implement?`

A. HSM

B. CA

C. SSH

D. SSL

Moving laterally within a network once an initial exploit is used to gain persistent access for the purpose of establishing further control of a system is known as:

A. pivoting.

B. persistence.

C. active reconnaissance.

D. a backdoor.

A company exchanges information with a business partner. An annual audit of the business partner is conducted against the SLA in order to verify:

A. Performance and service delivery metrics

B. Backups are being performed and tested

C. Data ownership is being maintained and audited

D. Risk awareness is being adhered to and enforced

A security analyst is investigating a security breach. Upon inspection of the audit an access logs, the analyst notices the host was accessed and the /etc/passwd file was modified with a new entry for username `gotcha` and user ID of 0. Which of the following are the MOST likely attack vector and tool the analyst should use to determine if the attack is still ongoing? (Select TWO)

A. Logic bomb

B. Backdoor

C. Keylogger

D. Netstat

E. Tracert

F. Ping

Joe recently assumed the role of data custodian for this organization. While cleaning out an unused storage safe, he discovers several hard drives that are labeled
`unclassified` and awaiting destruction. The hard drives are obsolete and cannot be installed in any of his current computing equipment. Which of the following is the BEST method for disposing of the hard drives?

A. Burning

B. Wiping

C. Purging

D. Pulverizing

A technician is implementing 802.1X with dynamic VLAN assignment based on a user Active Directory group membership. Which of the following configurations supports the VLAN definitions?

A. RADIUS attribute

B. SAML tag

C. LDAP path

D. Shibboleth IdP

A security administrator has been tasked with improving the overall security posture related to desktop machines on the network. An auditor has recently that several machines with confidential customer information displayed in the screens are left unattended during the course of the day.
Which of the following could the security administrator implement to reduce the risk associated with the finding?

A. Implement a clean desk policy

B. Security training to prevent shoulder surfing

C. Enable group policy based screensaver timeouts

D. Install privacy screens on monitors

A black hat hacker is enumerating a network and wants to remain covert during the process. The hacker initiates a vulnerability scan. Given the task at hand the requirement of being covert, which of the following statements BEST indicates that the vulnerability scan meets these requirements?

A. The vulnerability scanner is performing an authenticated scan.

B. The vulnerability scanner is performing local file integrity checks.

C. The vulnerability scanner is performing in network sniffer mode.

D. The vulnerability scanner is performing banner grabbing.

A technician is recommending preventive physical security controls for a server room. Which of the following would the technician MOST likely recommend?
(Choose two.)

A. Geofencing

B. Video surveillance

C. Protected cabinets

D. Mantrap

E. Key exchange

F. Authorized personnel signage

Which of the following is MOST likely caused by improper input handling?

A. Loss of database tables

B. Untrusted certificate warning

C. Power off reboot loop

D. Breach of firewall ACLs

A network technician discovered the usernames and passwords used for network device configuration have been compromised by a user with a packet sniffer.
Which of the following would secure the credentials from sniffing?

A. Implement complex passwords

B. Use SSH for remote access

C. Configure SNMPv2 for device management

D. Use TFTP to copy device configuration

A bank is experiencing a DoS attack against an application designed to handle 500 IP-based sessions. in addition, the perimeter router can only handle 1Gbps of traffic.
Which of the following should be implemented to prevent a DoS attacks in the future?

A. Deploy multiple web servers and implement a load balancer

B. Increase the capacity of the perimeter router to 10 Gbps

C. Install a firewall at the network to prevent all attacks

D. Use redundancy across all network devices and services

As part of a corporate merger, two companies are combining resources. As a result, they must transfer files through the Internet in a secure manner. Which of the following protocols would BEST meet this objective? (Choose two.)

A. LDAPS

B. SFTP

C. HTTPS

D. DNSSEC

E. SRTP

Given the following requirements:
✑ Help to ensure non-repudiation
✑ Capture motion in various formats
Which of the following physical controls BEST matches the above descriptions?

A. Camera

B. Mantrap

C. Security guard

D. Motion sensor

A NIPS administrator needs to install a new signature to observe the behavior of a worm that may be spreading over SMB. Which of the following signatures should be installed on the NIPS?

A. PERMIT from ANY:ANY to ANY:445 regex ‘.*SMB.*’

B. DROP from ANY:445 to ANY:445 regex ‘.*SMB.*’

C. DENY from ANY:ANY to ANY:445 regex ‘.*SMB.*’

D. RESET from ANY:ANY to ANY:445 regex ‘.*SMB.*’

Which of the following is a deployment concept that can be used to ensure only the required OS access is exposed to software applications?

A. Staging environment

B. Sandboxing

C. Secure baseline

D. Trusted OS

A stock trading company had the budget for enhancing its secondary datacenter approved. Since the main site is in a hurricane-affected area and the disaster recovery site is 100mi (161km) away, the company wants to ensure its business is always operational with the least amount of man hours needed. Which of the following types of disaster recovery sites should the company implement?

A. Hot site

B. Warm site

C. Cold site

D. Cloud-based site

An employer requires that employees use a key-generating app on their smartphones to log into corporate applications. In terms of authentication of an individual, this type of access policy is BEST defined as:

A. Something you have.

B. Something you know.

C. Something you do.

D. Something you are.

During an audit, the auditor requests to see a copy of the identified mission-critical applications as well as their disaster recovery plans. The company being audited has an SLA around the applications it hosts. With which of the following is the auditor MOST likely concerned?

A. ARO/ALE

B. MTTR/MTBF

C. RTO/RPO

D. Risk assessment

In which of the following risk management strategies would cybersecurity insurance be used?

A. Transference

B. Avoidance

C. Acceptance

D. Mitigation

An organization requires users to provide their fingerprints to access an application. To improve security, the application developers intend to implement multifactor authentication. Which of the following should be implemented?

A. Use a camera for facial recognition

B. Have users sign their name naturally

C. Require a palm geometry scan

D. Implement iris recognition

A systems administrator needs to configure an SSL remote access VPN according to the following organizational guidelines:
✑ The VPN must support encryption of header and payload.
✑ The VPN must route all traffic through the company's gateway.
Which of the following should be configured on the VPN concentrator?

A. Full tunnel

B. Transport mode

C. Tunnel mode

D. IPSec

During a data breach cleanup, it is discovered that not all of the sites involved have the necessary data wiping tools. The necessary tools are quickly distributed to the required technicians, but when should this problem BEST be revisited?

A. Reporting

B. Preparation

C. Mitigation

D. Lessons Learned

Which of the following is the MAIN disadvantage of using SSO?

A. The architecture can introduce a single point of failure.

B. Users need to authenticate for each resource they access.

C. It requires an organization to configure federation.

D. The authentication is transparent to the user.

New magnetic locks were ordered for an entire building. In accordance with company policy, employee safety is the top priority.
In case of a fire where electricity is cut, which of the following should be taken into consideration when installing the new locks?

A. Fail safe

B. Fault tolerance

C. Fail secure

D. Redundancy

An active/passive configuration has an impact on:

A. confidentiality

B. integrity

C. availability

D. non-repudiation

A security administrator is investigating a possible account compromise. The administrator logs onto a desktop computer, executes the command notepad.exe c:
Tempqkakforlkgfkja.1og, and reviews the following:
Lee,rI have completed the task that was assigned to merrespectfullyrJohnr https://www.portal.comrjohnuserrilovemycat2
Given the above output, which of the following is the MOST likely cause of this compromise?

A. Virus

B. Worm

C. Rootkit

D. Keylogger

A company has critical systems that are hosted on an end-of-life OS. To maintain operations and mitigate potential vulnerabilities, which of the following BEST accomplishes this objective?

A. Use application whitelisting.

B. Employ patch management.

C. Disable the default administrator account.

D. Implement full-disk encryption.

A global gaming console manufacturer is launching a new gaming platform to its customers.
Which of the following controls reduces the risk created by malicious gaming customers attempting to circumvent control by way of modifying consoles?

A. Firmware version control

B. Manual software upgrades

C. Vulnerability scanning

D. Automatic updates

E. Network segmentation

F. Application firewalls

Which of the following vulnerability types would the type of hacker known as a script kiddie be MOST dangerous against?

A. Passwords written on the bottom of a keyboard

B. Unpatched exploitable Internet-facing services

C. Unencrypted backup tapes

D. Misplaced hardware token