A systems administrator wants to implement a secure wireless network requiring wireless clients to pre-register with the company and install a PKI client certificate prior to being able to connect to the wireless network. Which of the following should the systems administrator configure?

A. EAP-TTLS

B. EAP-TLS

C. EAP-FAST

D. EAP with PEAP

E. EAP with MSCHAPv2

During a security audit of a company's network, unsecure protocols were found to be in use. A network administrator wants to ensure browser-based access to company switches is using the most secure protocol. Which of the following protocols should be implemented?

A. SSH2

B. TLS1.2

C. SSL1.3

D. SNMPv3

A user has attempted to access data at a higher classification level than the user's account is currently authorized to access. Which of the following access control models has been applied to this user's account?

A. MAC

B. DAC

C. RBAC

D. ABAC

A systems administrator is configuring a new network switch for TACACS+ management and authentication.
Which of the following must be configured to provide authentication between the switch and the TACACS+ server?

A. 802.1X

B. SSH

C. Shared secret

D. SNMPv3

E. CHAP

Which of the following network vulnerability scan indicators BEST validates a successful, active scan?

A. The scan job is scheduled to run during off-peak hours.

B. The scan output lists SQL injection attack vectors.

C. The scan data identifies the use of privileged-user credentials.

D. The scan results identify the hostname and IP address.

A security analyst discovers that a company's username and password database was posted on an Internet forum. The username and passwords are stored in plain text. Which of the following would mitigate the damage done by this type of data exfiltration in the future?

A. Create DLP controls that prevent documents from leaving the network

B. Implement salting and hashing.

C. Configure the web content filter to block access to the forum.

D. Increase password complexity requirements.

A systems administrator wants to protect data stored on mobile devices that are used to scan and record assets in a warehouse. The control must automatically destroy the secure container of mobile devices if they leave the warehouse. Which of the following should the administrator implement? (Choose two.)

A. Geofencing

B. Remote wipe

C. Near-field communication

D. Push notification services

E. Containerization

Which of the following is a benefit of credentialed vulnerability scans?

A. Credentials provide access to scan documents to identify possible data theft.

B. The vulnerability scanner is able to inventory software on the target.

C. A scan will reveal data loss in real time.

D. Black-box testing can be performed.

Users report the following message appears when browsing to the company's secure site: This website cannot be trusted. Which of the following actions should a security analyst take to resolve these messages? (Choose two.)

A. Verify the certificate has not expired on the server.

B. Ensure the certificate has a .pfx extension on the server.

C. Update the root certificate into the client computer certificate store.

D. Install the updated private key on the web server.

E. Have users clear their browsing history and relaunch the session.

An engineer is configuring a wireless network using PEAP for the authentication protocol. Which of the following is required?

A. 802.11n support on the WAP

B. X.509 certificate on the server

C. CCMP support on the network switch

D. TLS 1.0 support on the client

A company is implementing a tool to mask all PII when moving data from a production server to a testing server. Which of the following security techniques is the company applying?

A. Data wiping

B. Steganography

C. Data obfuscation

D. Data sanitization

A technician must configure a firewall to block external DNS traffic from entering a network.
Which of the following ports should they block on the firewall?

A. 53

B. 110

C. 143

D. 443

An organization is concerned about video emissions from users' desktops. Which of the following is the BEST solution to implement?

A. Screen filters

B. Shielded cables

C. Spectrum analyzers

D. Infrared detection

A company would like to prevent the use of a known set of applications from being used on company computers.
Which of the following should the security administrator implement?

A. Whitelisting

B. Anti-malware

C. Application hardening

D. Blacklisting

E. Disable removable media

A company has won an important government contract. Several employees have been transferred from their existing projects to support a new contract. Some of the employees who have transferred will be working long hours and still need access to their project information to transition work to their replacements.
Which of the following should be implemented to validate that the appropriate offboarding process has been followed?

A. Separation of duties

B. Time-of-day restrictions

C. Permission auditing

D. Mandatory access control

A company has a team of penetration testers. This team has located a file on the company file server that they believe contains cleartext usernames followed by a hash. Which of the following tools should the penetration testers use to learn more about the content of this file?

A. Exploitation framework

B. Vulnerability scanner

C. Netcat

D. Password cracker

Which of the following would provide a safe environment for an application to access only the resources needed to function while not having access to run at the system level?

A. Sandbox

B. Honeypot

C. GPO

D. DMZ

In a lessons-learned report, it is suspected that a well-organized, well-funded, and extremely sophisticated group of attackers may have been responsible for a breach at a nuclear facility. Which of the following describes the type of actors that may have been implicated?

A. Nation-state

B. Hacktivist

C. Insider

D. Competitor

A security administrator suspects that a DDoS attack is affecting the DNS server. The administrator accesses a workstation with the hostname of workstation01 on the network and obtains the following output from the ipconfig command:
 
The administrator successfully pings the DNS server from the workstation. Which of the following commands should be issued from the workstation to verify the
DDoS attack is no longer occuring?

A. dig www.google.com

B. dig 192.168.1.254

C. dig workstation01.com

D. dig 192.168.1.26

An incident responder is preparing to acquire images and files from a workstation that has been compromised. The workstation is still powered on and running.
Which of the following should be acquired LAST?

A. Application files on hard disk

B. Processor cache

C. Processes in running memory

D. Swap space

While working on an incident, Joe, a technician, finished restoring the OS and applications on a workstation from the original media. Joe is about to begin copying the user's files back onto the hard drive.
Which of the following incident response steps is Joe working on now?

A. Recovery

B. Eradication

C. Containment

D. Identification

An administrator has configured a new Linux server with the FTP service. Upon verifying that the service was configured correctly, the administrator has several users test the FTP service. Users report that they are able to connect to the FTP service and download their personal files, however, they cannot transfer new files to the server.
Which of the following will most likely fix the uploading issue for the users?

A. Create an ACL to allow the FTP service write access to user directories

B. Set the Boolean selinux value to allow FTP home directory uploads

C. Reconfigure the ftp daemon to operate without utilizing the PSAV mode

D. Configure the FTP daemon to utilize PAM authentication pass through user permissions

An attacker has obtained the user ID and password of a datacenter's backup operator and has gained access to a production system. Which of the following would be the attacker's NEXT action?

A. Perform a passive reconnaissance of the network.

B. Initiate a confidential data exfiltration process.

C. Look for known vulnerabilities to escalate privileges.

D. Create an alternate user ID to maintain persistent access.

In terms of encrypting data, which of the following is BEST described as a way to safeguard password data by adding random data to it in storage?

A. Using salt

B. Using hash algorithms

C. Implementing elliptical curve

D. Implementing PKI

A company's IT staff is given the task of securely disposing of 100 server HDDs. The security team informs the IT staff that the data must not be accessible by a third party after disposal. Which of the following is the MOST time-efficient method to achieve this goal?

A. Use a degausser to sanitize the drives.

B. Remove the platters from the HDDs and shred them.

C. Perform a quick format of the HDD drives.

D. Use software to zero fill all of the hard drives.

An organization wishes to provide better security for its name resolution services. Which of the following technologies BEST supports the deployment of DNSSEC at the organization?

A. LDAP

B. TPM

C. TLS

D. SSL

E. PKI

Which of the following attacks specifically impact data availability?

A. DDoS

B. Trojan

C. MITM

D. Rootkit

A security administrator has received multiple calls from the help desk about customers who are unable to access the organization's web server. Upon reviewing the log files, the security administrator determines multiple open requests have been made from multiple IP addresses, which is consuming system resources.
Which of the following attack types does this BEST describe?

A. DDoS

B. DoS

C. Zero day

D. Logic bomb

Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?

A. The document is a honeyfile and is meant to attract the attention of a cyberintruder.

B. The document is a backup file if the system needs to be recovered.

C. The document is a standard file that the OS needs to verify the login credentials.

D. The document is a keylogger that stores all keystrokes should the account be compromised.

A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives?

A. Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares.

B. Purchase cyber insurance from a reputable provider to reduce expenses during an incident.

C. Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization’s susceptibility to phishing attacks.

D. Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.

An incident involving a workstation that is potentially infected with a virus has occurred. The workstation may have sent confidential data to an unknown internet server.
Which of the following should a security analyst do FIRST?

A. Make a copy of everything in memory on the workstation.

B. Turn off the workstation.

C. Consult information security policy.

D. Run a virus scan.

Which of the following should be used to implement voice encryption?

A. SSLv3

B. VDSL

C. SRTP

D. VoIP

Which of the following implements two-factor authentication on a VPN?

A. Username, password, and source IP

B. Public and private keys

C. HOTP token and logon credentials

D. Source and destination IP addresses

Every morning, a systems administrator monitors failed login attempts on the company's log management server. The administrator notices the DBAdmin account has five failed username and/or password alerts during a ten-minute window. The systems administrator determines the user account is a dummy account used to attract attackers.
Which of the following techniques should the systems administrator implement?

A. Role-based access control

B. Honeypot

C. Rule-based access control

D. Password cracker

A technician is configuring a wireless guest network. After applying the most recent changes the technician finds the new devices can no longer find the wireless network by name but existing devices are still able to use the wireless network.
Which of the following security measures did the technician MOST likely implement to cause this Scenario?

A. Deactivation of SSID broadcast

B. Reduction of WAP signal output power

C. Activation of 802.1X with RADIUS

D. Implementation of MAC filtering

E. Beacon interval was decreased

Which of the following terms BEST describes an exploitable vulnerability that exists but has not been publicly disclosed yet?

A. Design weakness

B. Zero-day

C. Logic bomb

D. Trojan

A help desk is troubleshooting user reports that the corporate website is presenting untrusted certificate errors to employees and customers when they visit the website. Which of the following is the MOST likely cause of this error, provided the certificate has not expired?

A. The certificate was self signed, and the CA was not imported by employees or customers

B. The root CA has revoked the certificate of the intermediate CA

C. The valid period for the certificate has passed, and a new certificate has not been issued

D. The key escrow server has blocked the certificate from being validated

A company wants to implement a wireless network with the following requirements:
✑ All wireless users will have a unique credential.
✑ User certificates will not be required for authentication.
✑ The company's AAA infrastructure must be utilized.
✑ Local hosts should not store authentication tokens.
Which of the following should be used in the design to meet the requirements?

A. EAP-TLS

B. WPS

C. PSK

D. PEAP

A systems administrator has implemented multiple websites using host headers on the same server. The server hosts two websites that require encryption and other websites where encryption is optional. Which of the following should the administrator implement to encrypt web traffic for the required websites?

A. Extended domain validation

B. TLS host certificate

C. OCSP stapling

D. Wildcard certificate

Which of the following explains why vendors publish MD5 values when they provide software patches for their customers to download over the Internet?

A. The recipient can verify integrity of the software patch.

B. The recipient can verify the authenticity of the site used to download the patch.

C. The recipient can request future updates to the software using the published MD5 value.

D. The recipient can successfully activate the new software patch.

A user loses a COPE device. Which of the following should the user do NEXT to protect the data on the device?

A. Call the company help desk to remotely wipe the device.

B. Report the loss to authorities.

C. Check with corporate physical security for the device.

D. Identify files that are potentially missing on the device.

A remote user (User1) is unable to reach a newly provisioned corporate windows workstation. The system administrator has been given the following log files from the VPN, corporate firewall and workstation host.
 
Which of the following is preventing the remote user from being able to access the workstation?

A. Network latency is causing remote desktop service request to time out

B. User1 has been locked out due to too many failed passwords

C. Lack of network time synchronization is causing authentication mismatches

D. The workstation has been compromised and is accessing known malware sites

E. The workstation host firewall is not allowing remote desktop connections

Joe, an employee, knows he is going to be fired in three days. Which of the following is Joe?

A. An insider threat

B. A competitor

C. A hacktivist

D. A state actor

A portable data storage device has been determined to have malicious firmware.
Which of the following is the BEST course of action to ensure data confidentiality?

A. Format the device

B. Re-image the device

C. Perform virus scan in the device

D. Physically destroy the device

A security analyst has identified malware that is propagating automatically to multiple systems on the network. Which of the following types of malware is MOST likely impacting the network?

A. Virus

B. Worm

C. Logic bomb

D. Backdoor

An employee in the finance department receives an email, which appears to come from the Chief Financial Officer (CFO), instructing the employee to immediately wire a large sum of money to a vendor. Which of the following BEST describes the principles of social engineering used? (Choose two.)

A. Familiarity

B. Scarcity

C. Urgency

D. Authority

E. Consensus

Which of the following specifically describes the exploitation of an interactive process to access otherwise restricted areas of the OS?

A. Privilege escalation

B. Pivoting

C. Process affinity

D. Buffer overflow

As part of a new BYOD rollout, a security analyst has been asked to find a way to securely store company data on personal devices.
Which of the following would BEST help to accomplish this?

A. Require the use of an eight-character PIN.

B. Implement containerization of company data.

C. Require annual AUP sign-off.

D. Use geofencing tools to unlock devices while on the premises.

A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security-related bugs making it into production.
Which of the following development methodologies is the team MOST likely using now?

A. Agile

B. Waterfall

C. Scrum

D. Spiral

A security analyst is mitigating a pass-the-hash vulnerability on a Windows infrastructure.
Given the requirement, which of the following should the security analyst do to MINIMIZE the risk?

A. Enable CHAP

B. Disable NTLM

C. Enable Kerebos

D. Disable PAP