A recent security breach exploited software vulnerabilities in the firewall and within the network management solution. Which of the following will MOST likely be used to identify when the breach occurred through each device?

A. SIEM correlation dashboards

B. Firewall syslog event logs

C. Network management solution login audit logs

D. Bandwidth monitors and interface sensors

Which of the following best describes a technique that compensates researchers for nding vulnerabilities?

A. Penetration testing

B. Code review

C. Wardriving

D. Bug bounty

An IT manager is estimating the mobile device budget for the upcoming year. Over the last five years, the number of devices that were replaced due to loss, damage, or theft steadily increased by 10%. Which of the following would BEST describe the estimated number of devices to be replaced next year?

A. ALE

B. ARO

C. RPO

D. SLE

An organization's corporate offices were destroyed due to a natural disaster, so the organization is now setting up offices in a temporary work space. Which of the following will the organization most likely consult?

A. The business continuity plan

B. The risk management plan

C. The communication plan

D. The incident response plan

A network engineer created two subnets that will be used for production and development servers. Per security policy production and development servers must each have a dedicated network that cannot communicate with one another directly. Which of the following should be deployed so that server administrators can access these devices?

A. VLANs

B. Internet proxy servers

C. NIDS

D. Jump servers

Server administrators want to configure a cloud solution so that computing memory and processor usage is maximized most efficiently across a number of virtual servers. They also need to avoid potential denial-of-service situations caused by availability. Which of the following should administrators configure to maximize system availability while efficiently utilizing available computing power?

A. Dynamic resource allocation

B. High availability

C. Segmentation

D. Container security

A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of the following would BEST meet this objective? (Choose two.)

A. Dual power supply

B. Off-site backups

C. Automatic OS upgrades

D. NIC teaming

E. Scheduled penetration testing

F. Network-attached storage

Which of the following is the GREATEST security concern when outsourcing code development to third-party contractors for an internet-facing application?

A. Intellectual property theft

B. Elevated privileges

C. Unknown backdoor

D. Quality assurance

Cloud security engineers are planning to allow and deny access to specific features in order to increase data security. Which of the following cloud features is the most appropriate to ensure access is granted properly?

A. API integrations

B. Auditing

C. Resource policies

D. Virtual networks

Which of the following is a targeted attack aimed at compromising users within a specific industry or group?

A. Watering hole

B. Typosquatting

C. Hoax

D. Impersonation

DRAG DROP
A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.
INSTRUCTIONS
From the options below, drag each item to its appropriate classification as well as the MOST appropriate form of disposal.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Which of the following BEST explains the reason why a server administrator would place a document named password.txt on the desktop of an administrator account on a server?

A. The document is a honey file and is meant to attract the attention of a cyberintruder.

B. The document is a backup file if the system needs to be recovered.

C. The document is a standard file that the OS needs to verify the login credentials.

D. The document is a keylogger that stores all keystrokes should the account be compromised.

Joe, an employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm Joe's identity before sending him the prize. Which of the following BEST describes this type of email?

A. Spear phishing

B. Whaling

C. Phishing

D. Vishing

A security administrator is trying to determine whether a server is vulnerable to a range of attacks. After using a tool, the administrator obtains the following output:

Which of the following attacks was successfully implemented based on the output?

A. Memory leak

B. Race conditions

C. SQL injection

D. Directory traversal

Which of the following involves the inclusion of code in the main codebase as soon as it is written?

A. Continuous monitoring

B. Continuous deployment

C. Continuous validation

D. Continuous integration

A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has a customer relationship management system on premises. Which of the following solutions will require the LEAST infrastructure and application support from the company?

A. SaaS

B. IaaS

C. PaaS

D. SDN

A news article states hackers have been selling access to IoT camera feeds. Which of the following is the MOST likely reason for this issue?

A. Outdated software

B. Weak credentials

C. Lack of encryption

D. Backdoors

Which of the following would be used to find the MOST common web-application vulnerabilities?

A. OWASP

B. MITRE ATT&CK

C. Cyber Kill Chain

D. SDLC

A cybersecurity incident response team at a large company receives notification that malware is present on several corporate desktops. No known indicators of compromise have been found on the network. Which of the following should the team do first to secure the environment?

A. Contain the impacted hosts.

B. Add the malware to the application blocklist.

C. Segment the core database server.

D. Implement firewall rules to block outbound beaconing.

Law enforcement o cials sent a company a notification that states electronically stored information and paper documents cannot be destroyed.
Which of the following explains this process?

A. Data breach notification

B. Accountability

C. Legal hold

D. Chain of custody

A security analyst is investigating an incident to determine what an attacker was able to do on a compromised laptop. The analyst reviews the following SIEM log:

Which of the following describes the method that was used to compromise the laptop?

A. An attacker was able to move laterally from PC1 to PC2 using a pass-the-hash attack.

B. An attacker was able to bypass application whitelisting by emailing a spreadsheet attachment with an embedded PowerShell in the file.

C. An attacker was able to install malware to the C:asdf234 folder and use it to gain administrator rights and launch Outlook.

D. An attacker was able to phish user credentials successfully from an Outlook user profile B

Developers are writing code and merging it into shared repositories several times a day, where it is tested automatically. Which of the following concepts does this best represent?

A. Functional testing

B. Stored procedures

C. Elasticity

D. Continuous integration

Which of the following would be MOST effective to contain a rapidly spreading attack that is affecting a large number of organizations?

A. Machine learning

B. DNS sinkhole

C. Blocklist

D. Honeypot

Which of the following BEST describes when an organization utilizes a ready-to-use application from a cloud provider?

A. IaaS

B. SaaS

C. PaaS

D. XaaS

During a recent penetration test, the tester discovers large amounts of data were ex ltrated over the course of 12 months via the internet. The penetration tester stops the test to inform the client of the findings. Which of the following should be the client's NEXT step to mitigate the issue?

A. Conduct a full vulnerability scan to identify possible vulnerabilities.

B. Perform containment on the critical servers and resources.

C. Review the firewall and identify the source of the active connection.

D. Disconnect the entire infrastructure from the internet.

A security analyst reviews web server logs and notices the following lines:

Which of the following vulnerabilities is the attacker trying to exploit?

A. Token reuse

B. SQLi

C. CSRF

D. XSS

HOTSPOT
You are a security administrator investigating a potential infection on a network.
INSTRUCTIONS
Click on each host and firewall. Review all logs to determine which host originated the infection and then identify if each remaining host is clean or infected.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

A security analyst was asked to evaluate a potential attack that occurred on a publicly accessible section of the company's website. The malicious actor posted an entry in an attempt to trick users into clicking the following:
Which of the following was most likely observed?

A. DLL injection

B. Session replay

C. SQLi

D. XSS

An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

A. Compromise

B. Retention

C. Analysis

D. Transfer

E. Inventory

A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes. Which of the following should the administrator set up to achieve this goal?

A. SPF

B. GPO

C. NAC

D. FIM

Which of the following describes the exploitation of an interactive process to gain access to restricted areas?

A. Persistence

B. Port scanning

C. Privilege escalation

D. Pharming

The Chief Information Security officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access. Which of the following is the BEST security solution to reduce this risk?

A. CASB

B. VPN concentrator

C. MFA

D. VPC endpoint

Which of the following risk management strategies would an organization use to maintain a legacy system with known risks for operational purposes?

A. Acceptance

B. Transference

C. Avoidance

D. Mitigation

During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers. Which of the following describes an attack method that relates to printing centers?

A. Whaling

B. Credential harvesting

C. Prepending

D. Dumpster diving

A security engineer obtained the following output from a threat intelligence source that recently performed an attack on the company's server:

Which of the following BEST describes this kind of attack?

A. Directory traversal

B. SQL injection

C. API

D. Request forgery

An IT security manager requests a report on company information that is publicly available. The manager's concern is that malicious actors will be able to access the data without engaging in active reconnaissance. Which of the following is the MOST efficient approach to perform the analysis?

A. Provide a domain parameter to theHarvester tool.

B. Check public DNS entries using dnsenum.

C. Perform a Nessus vulnerability scan targeting a public company’s IP.

D. Execute nmap using the options: scan all ports and sneaky mode.

Which of the following is the MOST relevant security check to be performed before embedding third-party libraries in developed code?

A. Check to see if the third party has resources to create dedicated development and staging environments.

B. Verify the number of companies that downloaded the third-party code and the number of contributions on the code repository.

C. Assess existing vulnerabilities affecting the third-party code and the remediation efficiency of the libraries’ developers.

D. Read multiple penetration-testing reports for environments running software that reused the library.

Which of the following, if compromised, can indirectly impact systems' availability by imposing inadequate environmental conditions for the hardware to operate properly?

A. SCADA

B. TPM

C. HSM

D. HVAC

A security analyst is responding to a malware incident at a company. The malware connects to a command-and-control server on the internet in order to function. Which of the following should the security analyst implement first?

A. Network segmentation

B. IP-based firewall rules

C. Mobile device management

D. Content ller

Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?

A. SSAE SOC 2

B. PCI DSS

C. GDPR

D. ISO 31000

A company is implementing a vendor's security tool in the cloud. The security director does not want to manage users and passwords specific to this tool but would rather utilize the company's standard user directory. Which of the following should the company implement?

A. 802.1X

B. SAML

C. RADIUS

D. CHAP

Which of the following is most likely associated with introducing vulnerabilities on a corporate network by the deployment of unapproved software?

A. Hacktivists

B. Script kiddies

C. Competitors

D. Shadow IT

Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster. Which of the following best describes this meeting?

A. Penetration test

B. Continuity of operations planning

C. Tabletop exercise

D. Simulation

A manufacturing organization wants to control and monitor access from the internal business network to the segregated production network, while ensuring minimal exposure of the production network to devices. Which of the following solutions would best accomplish this goal?

A. Proxy server

B. NGFW

C. WAF

D. Jump server

Which of the following is the FIRST environment in which proper, secure coding should be practiced?

A. Stage

B. Development

C. Production

D. Test

Which biometric error would allow an unauthorized user to access a system?

A. False acceptance

B. False entrance

C. False rejection

D. False denial

A social media company based in North America is looking to expand into new global markets and needs to maintain compliance with international standards.
With which of the following is the company's data protection officer MOST likely concerned?

A. NIST Framework

B. ISO 27001

C. GDPR

D. PCI-DSS

A security administrator is evaluating remote access solutions for employees who are geographically dispersed. Which of the following would provide the MOST secure remote access? (Choose two.)

A. IPSec

B. SFTP

C. SRTP

D. LDAPS

E. S/MIME

F. SSL VPN

The security team installed video cameras in a prominent location in the building lobby. Which of the following best describe this type of control? (Choose two.)

A. Technical

B. Detective

C. Deterrent

D. Managerial

E. Compensating

F. Corrective

A company was recently breached, Part of the company's new cybersecurity strategy is tofficentralize the logs from all security devices. Which of the following components forwards the logs to a central source?

A. Log enrichment

B. Log aggregation

C. Log parser

D. Log collector