An internet company has created a new collaboration application. To expand the user base, the company wants to implement an option that allows users to log in to the application with the credentials of other popular websites. Which of the following should the company implement?

A. SSO

B. CHAP

C. 802.1x

D. OpenID

Which of the following threat actors is most likely to use a high level of sophistication and potentially zero-day exploits to target organizations and systems?

A. APT groups

B. Script kiddies

C. Hacktivists

D. Ethical hackers

Following a prolonged data center outage that affected web-based sales, a company has decided to move its operations to a private cloud solution. The security team has received the following requirements:
· There must be visibility into how teams are using cloud-based services.
· The company must be able to identify when data related to payment cards is being sent to the cloud.
· Data must be available regardless of the end user's geographic location.
· Administrators need a single pane-of-glass view into traffic and trends.
Which of the following should the security analyst recommend?

A. Create firewall rules to restrict traffic to other cloud service providers.

B. Install a DLP solution to monitor data in transit.

C. Implement a CASB solution.

D. configure a web-based content filter.

A manufacturing company has several one-off legacy information systems that cannot be migrated to a newer OS due to software compatibility issues. The OSs are still supported by the vendor, but the industrial software is no longer supported. The Chief Information Security officer has created a resiliency plan for these systems that will allow OS patches to be installed in a non-production environment, while also creating backups of the systems for recovery. Which of the following resiliency techniques will provide these capabilities?

A. Redundancy

B. RAID 1+5

C. Virtual machines

D. Full backups

Which of the following BEST reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?

A. Implement proper network access restrictions.

B. Initiate a bug bounty program.

C. Classify the system as shadow IT.

D. Increase the frequency of vulnerability scans.

A company is switching to a remote work model for all employees. All company and employee resources will be in the cloud. Employees must use their personal computers to access the cloud computing environment. The company will manage the operating system. Which of the following deployment models is the company implementing?

A. CYOD

B. MDM

C. COPE

D. VDI

The Chief Information Security officer of an organization needs to ensure recovery from ransomware would likely occur within the organization's agreed-upon RPOs and RTOs. Which of the following backup scenarios would best ensure recovery?

A. Hourly differential backups stored on a local SAN array

B. Daily full backups stored on premises in magnetic offline media

C. Daily differential backups maintained by a third-party cloud provider

D. Weekly full backups with daily incremental stored on a NAS drive

An organization routes all of its traffic through a VPN. Most users are remote and connect into a corporate data center that houses con dential information. There is a firewall at the internet border, followed by a DLP appliance, the VPN server, and the data center itself. Which of the following is the weakest design element?

A. The DLP appliance should be integrated into a NGFW.

B. Split-tunnel connections can negatively impact the DLP appliance’s performance.

C. Encrypted VPN traffic will not be inspected when entering or leaving the network.

D. Adding two hops in the VPN tunnel may slow down remote connections.

An external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the perimeter network and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will best assist with this investigation?

A. Perform a vulnerability scan to identify the weak spots.

B. Use a packet analyzer to investigate the NetFlow traffic.

C. Check the SIEM to review the correlated logs.

D. Require access to the routers to view current sessions.

After installing a patch on a security appliance, an organization realized a massive data ex ltration had occurred. Which of the following BEST describes the incident?

A. Supply chain attack

B. Ransomware attack

C. Cryptographic attack

D. Password attack

A company develops a complex platform that is composed of a single application. After several issues with upgrades, the systems administrator recommends breaking down the application into unique, independent modules. Which of the following best identifies the systems administrator's recommendation?

A. Virtualization

B. Serverless

C. Microservices

D. API gateway

DRAG DROP
A security engineer is setting up passwordless authentication for the first time.
INSTRUCTIONS
Drag and drop the MINIMUM set of commands to set this up and verify that it works. Commands may only be used once, and not all will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would best detect the presence of a rootkit in the future?

A. FDE

B. NIDS

C. EDR

D. DLP

A company has limited storage space available and an online presence that cannot be down for more than four hours. Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time in the event of a failure, while being mindful of the limited available storage space?

A. Implement full tape backups every Sunday at 8:00 p.m. and perform nightly tape rotations.

B. Implement differential backups every Sunday at 8:00 p.m. and nightly incremental backups at 8:00 p.m.

C. Implement nightly full backups every Sunday at 8:00 p.m.

D. Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m.

A security operations center wants to implement a solution that can execute files to test for malicious activity. The solution should provide a report of the files' activity against known threats. Which of the following should the security operations center implement?

A. the Harvester

B. Nessus

C. Cuckoo

D. Sn1per

A newly identified network access vulnerability has been found in the OS of legacy IoT devices. Which of the following would best mitigate this vulnerability quickly?

A. Insurance

B. Patching

C. Segmentation

D. Replacement

A systems administrator needs to implement an access control scheme that will allow an object's access policy to be determined by its owner.
Which of the following access control schemes BEST ts the requirements?

A. Role-based access control

B. Discretionary access control

C. Mandatory access control

D. Attribute-based access control

A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can integrate easily into a user's work flow, and can utilize employee-owned devices. Which of the following will meet these requirements?

A. Push notifications

B. Phone call

C. Smart card

D. offline backup codes

Developers are writing code and merging it into shared repositories several times a day, where it is tested automatically. Which of the following concepts does this best represent?

A. Functional testing

B. Stored procedures

C. Elasticity

D. Continuous integration

A Chief Information Security officer (CISO) is evaluating the dangers involved in deploying a new ERP system for the company. The CISO categorizes the system, selects the controls that apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system. Which of the following is the CISO using to evaluate the environment for this new ERP system?

A. The Diamond Model of Intrusion Analysis

B. CIS Critical Security Controls

C. NIST Risk Management Framework

D. ISO 27002

While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor?

A. Utilizing SIEM correlation engines

B. Deploying Net flow at the network border

C. Disabling session tokens for all sites

D. Deploying a WAF for the web server

A security engineer is reviewing log files after a third party discovered usernames and passwords for the organization's accounts. The engineer sees there was a change in the IP address for a vendor website one week earlier. This change lasted eight hours. Which of the following attacks was MOST likely used?

A. Man-in-the-middle

B. Spear-phishing

C. Evil twin

D. DNS poisoning

The following IP information was provided to internal auditors to help assess organizational security:

Which of the following tools would most likely be used to perform network reconnaissance and help understand what is accessible to all users? (Choose two.)

A. ipconfig

B. ping

C. chmod

D. netstat

E. traceroute

F. route

Which of the following control types would be BEST to use in an accounting department to reduce losses from fraudulent transactions?

A. Recovery

B. Deterrent

C. Corrective

D. Detective

DRAG DROP
A data owner has been tasked with assigning proper data classifications and destruction methods for various types of data contained within the environment.
INSTRUCTIONS
From the options below, drag each item to its appropriate classification as well as the MOST appropriate form of disposal.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Which of the following is the best method for ensuring non-repudiation?

A. SSO

B. Digital certificate

C. Token

D. SSH key

Which of the following actions would be recommended to improve an incident response process?

A. Train the team to identify the difference between events and incidents.

B. Modify access so the IT team has full access to the compromised assets.

C. Contact the authorities if a cybercrime is suspected.

D. Restrict communication surrounding the response to the IT team.

A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?

A. Hashing

B. Tokenization

C. Encryption

D. Segmentation

In the middle of a cyberattack, a security engineer removes the infected devices from the network and locks down all compromised accounts. In which of the following incident response phases is the security engineer currently operating?

A. identification

B. Preparation

C. Lessons learned

D. Eradication

E. Recovery

F. Containment

An administrator is configuring a firewall rule set for a subnet to only access DHCP, web pages, and SFTP, and to specifically block FTP. Which of the following would BEST accomplish this goal?

A. [Permission Source Destination Port]
Allow: Any Any 80 –
Allow: Any Any 443 –
Allow: Any Any 67 –
Allow: Any Any 68 –
Allow: Any Any 22 –
Deny: Any Any 21 –
Deny: Any Any

B. [Permission Source Destination Port]
Allow: Any Any 80 –
Allow: Any Any 443 –
Allow: Any Any 67 –
Allow: Any Any 68 –
Deny: Any Any 22 –
Allow: Any Any 21 –
Deny: Any Any

C. [Permission Source Destination Port]
Allow: Any Any 80 –
Allow: Any Any 443 –
Allow: Any Any 22 –
Deny: Any Any 67 –
Deny: Any Any 68 –
Deny: Any Any 21 –
Allow: Any Any

D. [Permission Source Destination Port]
Allow: Any Any 80 –
Allow: Any Any 443 –
Deny: Any Any 67 –
Allow: Any Any 68 –
Allow: Any Any 22 –
Allow: Any Any 21 –
Allow: Any Any

A new plug-and-play storage device was installed on a PC in the corporate environment. Which of the following safeguards will BEST help to protect the PC from malicious files on the storage device?

A. Change the default settings on the P

B. define the PC firewall rules to limit access.

C. Encrypt the disk on the storage device.

D. Plug the storage device in to the UPS.

Following a recent security breach, an analyst discovered that user permissions were added when joining another part of the organization but were not removed from existing groups. Which of the following policies would help to correct these issues in the future?

A. Service accounts

B. Account audits

C. Password complexity

D. Lockout policy

An employee finds a USB flash drive labeled "Salary Info" in an office parking lot. The employee picks up the USB flash drive, goes into the office, and plugs it into a laptop. Later, a technician inspects the laptop and realizes it has been compromised by malware. Which of the following types of social engineering attacks has occurred?

A. Smishing

B. Baiting

C. Tailgating

D. Pretexting

A security analyst is hardening a network infrastructure. The analyst is given the following requirements:
· Preserve the use of public IP addresses assigned to equipment on the core router. · Enable "in transport" encryption protection to the web server with the strongest ciphers.
Which of the following should the analyst implement to meet these requirements? (Choose two.)

A. configure VLANs on the core router.

B. configure NAT on the core router.

C. configure BGP on the core router.

D. Enable AES encryption on the web server.

E. Enable 3DES encryption on the web server.

F. Enable TLSv2 encryption on the web server.

A security engineer is deploying a new wireless network for a company. The company shares office space with multiple tenants. Which of the following should the engineer configure on the wireless network to ensure that con dential data is not exposed to unauthorized users?

A. EAP

B. TLS

C. HTTPS

D. AES

A security analyst is receiving numerous alerts reporting that the response time of an internet-facing application has been degraded. However, the internal network performance was not degraded. Which of the following MOST likely explains this behavior?

A. DNS poisoning

B. MAC flooding

C. DDoS attack

D. ARP poisoning

An organization wants to minimize the recovery time from backups in case of a disaster. Backups must be retained for one month, while minimizing the storage space used for backups. Which of the following is the best approach for a backup strategy?

A. Full monthly, incremental daily, and differential weekly

B. Full weekly and incremental daily

C. Full weekly and differential daily

D. Full daily

A user would like to install software and features that are not available with a mobile device's default software. Which of the following would all the user to install unauthorized software and enable new features?

A. SQLi

B. Cross-site scripting

C. Jailbreaking

D. Side loading

Which of the following is the most important security concern when using legacy systems to provide production service?

A. Instability

B. Lack of vendor support

C. Loss of availability

D. Use of insecure protocols

The Chief Security officer (CSO) at a major hospital wants to implement SSO to help improve security in the environment and protect patient data, particularly at shared terminals. The Chief Risk officer (CRO) is concerned that training and guidance have not been provided to frontline staff, and a risk analysis has not been performed. Which of the following is the MOST likely cause of the CRO's concerns?

A. SSO would simplify username and password management, making it easier for hackers to guess accounts.

B. SSO would reduce password fatigue, but staff would still need to remember more complex passwords.

C. SSO would reduce the password complexity for frontline staff.

D. SSO would reduce the resilience and availability of systems if the identity provider goes offline.

Which of the following is a benefit of including a risk management framework into an organization's security approach?

A. It defines expected service levels from participating supply chain partners to ensure system outages are remediated in a timely manner.

B. It identifies specific vendor products that have been tested and approved for use in a secure environment.

C. It provides legal assurances and remedies in the event a data breach occurs.

D. It incorporates control, development, policy, and management activities into IT operations.

Which of the following documents speci es what to do in the event of catastrophic loss of a physical or virtual system?

A. Data retention plan

B. Incident response plan

C. Disaster recovery plan

D. Communication plan

The Chief Information Security officer (CISO) has requested that a third-party vendor provide supporting documents that show proper controls are in place to protect customer data. Which of the following would be BEST for the third-party vendor to provide to the CISO?

A. GDPR compliance attestation

B. Cloud Security Alliance materials

C. SOC 2 Type 2 report

D. NIST RMF workbooks

A systems engineer thinks a business system has been compromised and is being used to ex ltrate data to a competitor. The engineer contacts the CSIRT. The CSIRT tells the engineer to immediately disconnect the network cable and to not do anything else. Which of the following is the most likely reason for this request?

A. The CSIRT thinks an insider threat is attacking the network.

B. Outages of business-critical systems cost too much money.

C. The CSIRT does not consider the systems engineer to be trustworthy.

D. Memory contents, including leless malware, are lost when the power is turned off.

Which of the following concepts BEST describes tracking and documenting changes to software and managing access to files and systems?

A. Version control

B. Continuous monitoring

C. Stored procedures

D. Automation

A security audit has revealed that a process control terminal is vulnerable to malicious users installing and executing software on the system. The terminal is beyond end-of-life support and cannot be upgraded, so it is placed on a protected network segment. Which of the following would be MOST effective to implement to further mitigate the reported vulnerability?

A. DNS sinkholing

B. DLP rules on the terminal

C. An IP blacklist

D. Application whitelisting

A security analyst needs to propose a remediation plan for each item in a risk register. The item with the highest priority requires employees to have separate logins for SaaS solutions and different password complexity requirements for each solution. Which of the following implementation plans will most likely resolve this security issue?

A. Creating a unified password complexity standard

B. Integrating each SaaS solution with the identity provider

C. Securing access to each SaaS by using a single wildcard certificate

D. configuring geofencing on each SaaS solution

A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?

A. SSO

B. LEAP

C. MFA

D. PEAP

An organization is building a single virtual environment that will host customer applications and data that require availability at all times. The data center that is hosting the environment will provide generator power and ISP services. Which of the following is the best solution to support the organization's requirement?

A. NIC teaming

B. Cloud backups

C. A load balancer appliance

D. UPS

As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the auditor do to complete the assessment?

A. User behavior analysis

B. Packet captures

C. configuration reviews

D. Log analysis