Which of the following provides the details about the terms of a test with a third-party penetration tester?

A. Rules of engagement

B. Supply chain analysis

C. Right to audit clause

D. Due diligence

Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Choose two.)

A. Channels by which the organization communicates with customers

B. The reporting mechanisms for ethics violations

C. Threat vectors based on the industry in which the organization operates

D. Secure software development training for all personnel

E. Cadence and duration of training events

F. Retraining requirements for individuals who fail phishing simulations

A user would like to install software and features that are not available with a smartphone's default software. Which of the following would allow the user to install unauthorized software and enable new features?

A. SQLi

B. Cross-site scripting

C. Jailbreaking

D. Side loading

HOTSPOT -
You are a security administrator investigating a potential infection on a network.
INSTRUCTIONS -
Click on each host and firewall. Review all logs to determine which host originated the infection and then identify if each remaining host is clean or infected.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
 
 
 
 
 
 
 

A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?

A. Hashing

B. Tokenization

C. Encryption

D. Segmentation

A company is decommissioning its physical servers and replacing them with an architecture that will reduce the number of individual operating systems. Which of the following strategies should the company use to achieve this security requirement?

A. Microservices

B. Containerization

C. Virtualization

D. Infrastructure as code

A security administrator is working to secure company data on corporate laptops in case the laptops are stolen. Which of the following solutions should the administrator consider?

A. Disk encryption

B. Data loss prevention

C. Operating system hardening

D. Boot security

A security administrator needs a method to secure data in an environment that includes some form of checks so track any changes. Which of the following should the administrator set up to achieve this goal?

A. SPF

B. GPO

C. NAC

D. FIM

A new employee logs in to the email system for the first time and notices a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company. Which of the following attack vectors is most likely being used?

A. Business email

B. Social engineering

C. Unsecured network

D. Default credentials

Client files can only be accessed by employees who need to know the information and have specified roles in the company. Which of the following best describes this security concept?

A. Availability

B. Confidentiality

C. Integrity

D. Non-repudiation

Which of the following is a common data removal option for companies that want to wipe sensitive data from hard drives in a repeatable manner but allow the hard drives to be reused?

A. Sanitization

B. Formatting

C. Degaussing

D. Defragmentation

The management team notices that new accounts that are set up manually do not always have correct access or permissions.
Which of the following automation techniques should a systems administrator use to streamline account creation?

A. Guard rail script

B. Ticketing workflow

C. Escalation script

D. User provisioning script

Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?

A. Client

B. Third-party vendor

C. Cloud provider

D. DBA

The Chief Information Security Officer (CISO) at a large company would like to gain an understanding of how the company's security policies compare to the requirements imposed by external regulators. Which of the following should the CISO use?

A. Penetration test

B. Internal audit

C. Attestation

D. External examination

Which of the following phases of an incident response involves generating reports?

A. Recovery

B. Preparation

C. Lessons learned

D. Containment

During an annual review of the system design, an engineer identified a few issues with the currently released design. Which of the following should be performed next according to best practices?

A. Risk management process

B. Product design process

C. Design review process

D. Change control process

A security analyst is reviewing the source code of an application in order to identify misconfigurations and vulnerabilities. Which of the following kinds of analysis best describes this review?

A. Dynamic

B. Static

C. Gap

D. Impact

Easy-to-guess passwords led to an account compromise. The current password policy requires at least 12 alphanumeric characters, one uppercase character, one lowercase character, a password history of two passwords, a minimum password age of one day, and a maximum password age of 90 days. Which of the following would reduce the risk of this incident from happening again? (Choose two.)

A. Increasing the minimum password length to 14 characters.

B. Upgrading the password hashing algorithm from MD5 to SHA-512.

C. Increasing the maximum password age to 120 days.

D. Reducing the minimum password length to ten characters.

E. Reducing the minimum password age to zero days.

F. Including a requirement for at least one special character.

Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?

A. Fines

B. Audit findings

C. Sanctions

D. Reputation damage

A company's end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?

A. Concurrent session usage

B. Secure DNS cryptographic downgrade

C. On-path resource consumption

D. Reflected denial of service

During a recent company safety stand-down, the cyber-awareness team gave a presentation on the importance of cyber hygiene. One topic the team covered was best practices for printing centers. Which of the following describes an attack method that relates to printing centers?

A. Whaling

B. Credential harvesting

C. Prepending

D. Dumpster diving

A systems administrator is advised that an external web server is not functioning property. The administrator reviews the following firewall logs containing traffic going to the web server:
 
Which of the following attacks is likely occurring?

A. DDoS

B. Directory traversal

C. Brute-force

D. HTTPS downgrade

An organization recently updated its security policy to include the following statement:
Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application.
Which of the following best explains the security technique the organization adopted by making this addition to the policy?

A. Identify embedded keys

B. Code debugging

C. Input validation

D. Static code analysis

Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?

A. Hacktivist

B. Whistleblower

C. Organized crime

D. Unskilled attacker

A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?

A. Application

B. IPS/IDS

C. Network

D. Endpoint

While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.
Which of the following actions would prevent this issue?

A. Documenting the new policy in a change request and submitting the request to change management

B. Testing the policy in a non-production environment before enabling the policy in the production network

C. Disabling any intrusion prevention signatures on the “deny any” policy prior to enabling the new policy

D. Including an “allow any” policy above the “deny any” policy

Which of the following is used to quantitatively measure the criticality of a vulnerability?

A. CVE

B. CVSS

C. CIA

D. CERT

An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?

A. Deploy multifactor authentication.

B. Decrease the level of the web filter settings.

C. Implement security awareness training.

D. Update the acceptable use policy.

A company needs to keep the fewest records possible, meet compliance needs, and ensure destruction of records that are no longer needed. Which of the following best describes the policy that meets these requirements?

A. Security policy

B. Classification policy

C. Retention policy

D. Access control policy

Which of the following incident response activities ensures evidence is properly handled?

A. E-discovery

B. Chain of custody

C. Legal hold

D. Preservation

An organization’s internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to best protect against similar attacks in the future?

A. NGFW

B. WAF

C. TLS

D. SD-WAN

A company is required to perform a risk assessment on an annual basis. Which of the following types of risk assessments does this requirement describe?

A. Continuous

B. Ad hoc

C. Recurring

D. One time

Which of the following alert types is the most likely to be ignored over time?

A. True positive

B. True negative

C. False positive

D. False negative

A company is experiencing a web services outage on the public network. The services are up and available but inaccessible. The network logs show a sudden increase in network traffic that is causing the outage. Which of the following attacks is the organization experiencing?

A. ARP poisoning

B. Brute force

C. Buffer overflow

D. DDoS

An enterprise has been experiencing attacks focused on exploiting vulnerabilities in older browser versions with well-known exploits. Which of the following security solutions should be configured to best provide the ability to monitor and block these known signature-based attacks?

A. ACL

B. DLP

C. IDS

D. IPS

After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?

A. Retain the emails between the security team and affected customers for 30 days.

B. Retain any communications related to the security breach until further notice.

C. Retain any communications between security members during the breach response.

D. Retain all emails from the company to affected customers for an indefinite period of time.

An incident analyst finds several image files on a hard disk. The image files may contain geolocation coordinates. Which of the following best describes the type of information the analyst is trying to extract from the image files?

A. Log data

B. Metadata

C. Encrypted data

D. Sensitive data

Which of the following is the best resource to consult for information on the most common application exploitation methods?

A. OWASP

B. STIX

C. OVAL

D. Threat intelligence feed

E. Common Vulnerabilities and Exposures

A business needs a recovery site but does not require immediate failover. The business also wants to reduce the workload required to recover from an outage. Which of the following recovery sites is the best option?

A. Hot

B. Cold

C. Warm

D. Geographically dispersed

An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.
Which of the following best describes the user’s activity?

A. Penetration testing

B. Phishing campaign

C. External audit

D. Insider threat

Which of the following security concepts is accomplished with the installation of a RADIUS server?

A. CIA

B. AAA

C. ACL

D. PEM

A security administrator needs to create firewall rules for the following protocols: RTP, SIP, H.323. and SRTP. Which of the following does this rule set support?

A. RTOS

B. VoIP

C. SoC

D. HVAC

A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?

A. Default credentials

B. Non-segmented network

C. Supply chain vendor

D. Vulnerable software

A city municipality lost its primary data center when a tornado hit the facility. Which of the following should the city staff use immediately after the disaster to handle essential public services?

A. BCP

B. Communication plan

C. DRP

D. IRP

Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?

A. IDS

B. ACL

C. EDR

D. NAC

A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?

A. Enumeration

B. Sanitization

C. Destruction

D. Inventory

A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work. Which of the following is the best option?

A. Send out periodic security reminders.

B. Update the content of new hire documentation.

C. Modify the content of recurring training.

D. Implement a phishing campaign.

Which of the following describes effective change management procedures?

A. Approving the change after a successful deployment

B. Having a backout plan when a patch fails

C. Using a spreadsheet for tracking changes

D. Using an automatic change control bypass for security updates

Which of the following enables the use of an input field to run commands that can view or manipulate data?

A. Cross-site scripting

B. Side loading

C. Buffer overflow

D. SQL injection

A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?

A. Testing input validation on the user input fields

B. Performing code signing on company-developed software

C. Performing static code analysis on the software

D. Ensuring secure cookies are use