A security architect at a large, multinational organization is concerned about the complexities and overhead of managing multiple encryption keys securely in a multicloud provider environment. The security architect is looking for a solution with reduced latency to allow the incorporation of the organization's existing keys and to maintain consistent, centralized control and management regardless of the data location. Which of the following would best meet the architect's objectives?

A. Trusted Platform Module

B. IaaS

C. HSMaaS

D. PaaS

A security administrator installed a new web server. The administrator did this to increase the capacity for an application due to resource exhaustion on another server. Which of the following algorithms should the administrator use to split the number of the connections on each server in half?

A. Weighted response

B. Round-robin

C. Least connection

D. Weighted least connection

A company currently uses passwords for logging in to company-owned devices and wants to add a second authentication factor. Per corporate policy, users are not allowed to have smartphones at their desks. Which of the following would meet these requirements?

A. Smart card

B. PIN code

C. Knowledge-based question

D. Secret key

Which of the following is the MOST effective way to detect security flaws present on third-party libraries embedded on software before it is released into production?

A. Employ different techniques for server- and client-side validations

B. Use a different version control system for third-party libraries

C. Implement a vulnerability scan to assess dependencies earlier on SDLC

D. Increase the number of penetration tests before software release

Which of the following social engineering attacks BEST describes an email that is primarily intended to mislead recipients into forwarding the email to others?

A. Hoaxing

B. Pharming

C. Watering-hole

D. Phishing

Which of the following can best protect against an employee inadvertently installing malware on a company system?

A. Host-based firewall

B. System isolation

C. Least privilege

D. Application allow list

A security manager has tasked the security operations center with locating all web servers that respond to an unsecure protocol. Which of the following commands could an analyst run to find the requested servers?

A. nslookup 10.10.10.0

B. nmap -p 80 10.10.10.0/24

C. pathping 10.10.10.0 -p 80

D. ne -l -p 80

Multiple beaconing activities to a malicious domain have been observed. The malicious domain is hosting malware from various endpoints on the network. Which of the following technologies would be BEST to correlate the activities between the different endpoints?

A. Firewall

B. SIEM

C. IPS

D. Protocol analyzer

A security analyst discovers that one of the web APIs is being abused by an unknown third party. Logs indicate that the third party is attempting to manipulate the parameters being passed to the API endpoint. Which of the following solutions would best help to protect against the attack?

A. DLP

B. SIEM

C. NIDS

D. WAF

Due to unexpected circumstances, an IT company must vacate its main office, forcing all operations to alternate, off-site locations. Which of the following will the company MOST likely reference for guidance during this change?

A. The business continuity plan

B. The retention policy

C. The disaster recovery plan

D. The incident response plan

A cybersecurity administrator has a reduced team and needs to operate an on-premises network and security infrastructure efficiently. To help with the situation, the administrator decides to hire a service provider. Which of the following should the administrator use?

A. SDP

B. AAA

C. IaaS

D. MSSP

E. Microservices

Joe, an employee, receives an email stating he won the lottery. The email includes a link that requests a name, mobile phone number, address, and date of birth be provided to confirm Joe's identity before sending him the prize. Which of the following BEST describes this type of email?

A. Spear phishing

B. Whaling

C. Phishing

D. Vishing

A network administrator has been alerted that web pages are experiencing long load times. After determining it is not a routing or DNS issue, the administrator logs in to the router, runs a command, and receives the following output:
CPU 0 percent busy, from 300 sec ago
1 sec ave: 99 percent busy
5 sec ave: 97 percent busy
1 min ave: 83 percent busy
Which of the following is the router experiencing?

A. DDoS attack

B. Memory leak

C. Buffer over flow

D. Resource exhaustion

Which of the following types of disaster recovery plan exercises requires the least interruption to IT operations?

A. Parallel

B. Full-scale

C. Tabletop

D. Simulation

A company has drafted an insider-threat policy that prohibits the use of external storage devices. Which of the following would BEST protect the company from data ex ltration via removable media?

A. Monitoring large data transfer transactions in the firewall logs

B. Developing mandatory training to educate employees about the removable media policy

C. Implementing a group policy to block user access to system files

D. Blocking removable-media devices and write capabilities using a host-based security tool

A large bank with two geographically dispersed data centers is concerned about major power disruptions at both locations. Every day each location experiences very brief outages that last for a few seconds. However, during the summer a high risk of intentional brownouts that last up to an hour exists, particularly at one of the locations near an industrial smelter. Which of the following is the BEST solution to reduce the risk of data loss?

A. Dual supply

B. Generator

C. UPS

D. POU

E. Daily backups

Which of the following can work as an authentication method and as an alerting mechanism for unauthorized access attempts?

A. Smart card

B. Push notifications

C. Attestation service

D. HMAC-based

E. one-time password

An employee who is using a mobile device for work, is required to use a fingerprint to unlock the device. Which of the following is this an example of?

A. Something you know

B. Something you are

C. Something you have

D. Somewhere you are

A user is having network connectivity issues when working from a coffee shop. The user has used the coffee shop as a workspace for several months without any issues. None of the other customers at the coffee shop are experiencing these issues. A help desk analyst at the user's company reviews the following Wi-Fi log:

Which of the following best describes what is causing this issue?

A. Another customer has configured a rogue access point.

B. The coffee shop network is using multiple frequencies.

C. A denial-of-service attack by disassociation is occurring.

D. An evil twin access point is being utilized.

After segmenting the network, the network manager wants to control the traffic between the segments. Which of the following should the manager use to control the network traffic?

A. A DMZ

B. A VPN

C. A VLAN

D. An ACL

A company is switching to a remote work model for all employees. All company and employee resources will be in the cloud. Employees must use their personal computers to access the cloud computing environment. The company will manage the operating system. Which of the following deployment models is the company implementing?

A. CYOD

B. MDM

C. COPE

D. VDI

A security analyst is investigating an incident that was first reported as an issue connecting to network shares and the Internet. While reviewing logs and tool output, the analyst sees the following:

Which of the following attacks has occurred?

A. IP conflict

B. Pass-the-hash

C. MAC flooding

D. Directory traversal

E. ARP poisoning

An incident response technician collected a mobile device during an investigation. Which of the following should the technician do to maintain chain of custody?

A. Document the collection and require a sign-off when possession changes.

B. Lock the device in a safe or other secure location to prevent theft or alteration.

C. Place the device in a Faraday cage to prevent corruption of the data.

D. Record the collection in a blockchain-protected public ledger.

An organization is migrating several SaaS applications that support SSO. The security manager wants to ensure the migration is completed securely. Which of the following application integration aspects should the organization consider before focusing into underlying implementation details? (Choose two.)

A. The back-end directory source

B. The identity federation protocol

C. The hashing method

D. The encryption method

E. The registration authority

F. The certificate authority

A company has limited storage space available and an online presence that cannot be down for more than four hours. Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time in the event of a failure, while being mindful of the limited available storage space?

A. Implement full tape backups every Sunday at 8:00 p.m. and perform nightly tape rotations.

B. Implement differential backups every Sunday at 8:00 p.m. and nightly incremental backups at 8:00 p.m.

C. Implement nightly full backups every Sunday at 8:00 p.m.

D. Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m.

A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources.
Which of the following risks would this training help to prevent?

A. Hoaxes

B. SPIMs

C. Identity fraud

D. Credential harvesting

A company recently experienced a major breach. An investigation concludes that customer credit card data was stolen and ex ltrated through a dedicated business partner connection to a vendor, who is not held to the same security control standards. Which of the following is the most likely source of the breach?

A. Side channel

B. Supply chain

C. Cryptographic downgrade

D. Malware

A security team will be outsourcing several key functions to a third party and will require that:
· Several of the functions will carry an audit burden
· Attestations will be performed several times a year
· Reports will be generated on a monthly basis
Which of the following best describes the document that is used to define these requirements and stipulate how and when they are performed by the third party?

A. MOU

B. AUP

C. SLA

D. MSA

Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data processors?

A. SSAE SOC 2

B. PCI DSS

C. GDPR

D. ISO 31000

A cloud service provider has created an environment where customers can connect existing local networks to the cloud for additional computing resources and block internal HR applications from reaching the cloud. Which of the following cloud models is being used?

A. Public

B. Community

C. Hybrid

D. Private

A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to be non-disruptive and user friendly. Which of the following technologies should the IT manager use when implementing MFA?

A. One-time passwords

B. Email tokens

C. Push notifications

D. Hardware authentication

A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?

A. Change the default settings on the P

B. define the PC firewall rules to limit access.

C. Encrypt the disk on the storage device.

D. Plug the storage device in to the UPS.

An organization would like to remediate the risk associated with its cloud service provider not meeting its advertised 99.999% availability metrics. Which of the following should the organization consult for the exact requirements for the cloud provider?

A. SLA

B. BPA

C. NDA

D. MOU

A company discovered that terabytes of data have been ex ltrated over the past year after an employee clicked on an email link. The threat continued to evolve and remain undetected until a security analyst noticed an abnormal amount of external connections when the employee was not working. Which of the following is the MOST likely threat actor?

A. Shadow IT

B. Script kiddies

C. APT

D. Insider threat

Which of the following are common VoIP-associated vulnerabilities? (Choose two.)

A. SPIM

B. Vishing

C. Hopping

D. Phishing

E. Credential harvesting

F. Tailgating

Which of the following secure coding techniques makes compromised code more difficult for hackers to use?

A. Obfuscation

B. Normalization

C. Execution

D. Reuse

Which of the following supplies non-repudiation during a forensics investigation?

A. Dumping volatile memory contents first

B. Duplicating a drive with dd

C. Using a SHA-2 signature of a drive image

D. Logging everyone in contact with evidence

E. Encrypting sensitive data

A company recently experienced a data breach and the source was determined to be an executive who was charging a phone in a public area.
Which of the following would MOST likely have prevented this breach?

A. A firewall

B. A device pin

C. A USB data blocker

D. Biometrics

An employee recently resigned from a company. The employee was responsible for managing and supporting weekly batch jobs over the past five years. A few weeks after the employee resigned, one of the batch jobs failed and caused a major disruption. Which of the following would work best to prevent this type of incident from reoccurring?

A. Job rotation

B. Retention

C. Outsourcing

D. Separation of duties

Which of the following control types xes a previously identified issue and mitigates a risk?

A. Detective

B. Corrective

C. Preventative

D. Finalized

A security analyst is reviewing logs on a server and observes the following output:

Which of the following is the security analyst observing?

A. A rainbow table attack

B. A password-spraying attack

C. A dictionary attack

D. A keylogger attack

A company wants the ability to restrict web access and monitor the websites that employees visit. Which of the following would best meet these requirements?

A. Internet proxy

B. VPN

C. WAF

D. Firewall

While investigating a recent security breach, an analyst finds that an attacker gained access by SQL injection through a company website. Which of the following should the analyst recommend to the website developers to prevent this from reoccurring?

A. Secure cookies

B. Input sanitization

C. Code signing

D. Blocklist

A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?

A. SSO

B. LEAP

C. MFA

D. PEAP

Which of the following describes the BEST approach for deploying application patches?

A. Apply the patches to systems in a testing environment, then to systems in a staging environment, and nally to production systems.

B. Test the patches in a staging environment, develop against them in the development environment, and then apply them to the production systems.

C. Test the patches in a test environment, apply them to the production systems, and then apply them to a staging environment.

D. Apply the patches to the production systems, apply them in a staging environment, and then test all of them in a testing environment.

An audit report indicates multiple suspicious attempts to access company resources were made. These attempts were not detected by the company. Which of the following would be the best solution to implement on the company's network?

A. Intrusion prevention system

B. Proxy server

C. Jump server

D. Security zones

A security analyst has been tasked with ensuring all programs that are deployed into the enterprise have been assessed in a runtime environment. Any critical issues found in the program must be sent back to the developer for verification and remediation. Which of the following BEST describes the type of assessment taking place?

A. Input validation

B. Dynamic code analysis

C. Fuzzing

D. Manual code review

While investigating a recent security incident, a security analyst decides to view all network connections on a particular server. Which of the following would provide the desired information?

A. arp

B. nslookup

C. netstat

D. nmap

Which of the following tools is effective in preventing a user from accessing unauthorized removable media?

A. USB data blocker

B. Faraday cage

C. Proximity reader

D. Cable lock

A privileged user at a company stole several proprietary documents from a server. The user also went into the log files and deleted all records of the incident. The systems administrator has just informed investigators that other log files are available for review. Which of the following did the administrator most likely configure that will assist the investigators?

A. Memory dumps

B. The syslog server

C. The application logs

D. The log retention policy