A user is requesting Telnet access to manage a remote development web server. Insecure protocols are not allowed for use within any environment. Which of the following should be configured to allow remote access to this server?

A. HTTPS

B. SNMPv3

C. SSH

D. RDP

E. SMTP

After conducting a vulnerability scan, a systems administrator notices that one of the identified vulnerabilities is not present on the systems that were scanned. Which of the following describes this example?

A. False positive

B. False negative

C. True positive

D. True negative

HOTSPOT -
Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS -
Not all attacks and remediation actions will be used.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
 

An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?

A. Deploy multifactor authentication.

B. Decrease the level of the web filter settings.

C. Implement security awareness training.

D. Update the acceptable use policy.

Which of the following security concepts is accomplished with the installation of a RADIUS server?

A. CIA

B. AAA

C. ACL

D. PEM

A systems administrator is advised that an external web server is not functioning property. The administrator reviews the following firewall logs containing traffic going to the web server:
 
Which of the following attacks is likely occurring?

A. DDoS

B. Directory traversal

C. Brute-force

D. HTTPS downgrade

An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

A. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53

B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

C. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53

D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

The Chief Information Security Officer (CISO) has determined the company is non-compliant with local data privacy regulations. The CISO needs to justify the budget request for more resources. Which of the following should the CISO present to the board as the direct consequence of non-compliance?

A. Fines

B. Reputational damage

C. Sanctions

D. Contractual implications

Malware spread across a company's network after an employee visited a compromised industry blog. Which of the following best describes this type of attack?

A. Impersonation

B. Disinformation

C. Watering-hole

D. Smishing

An important patch for a critical application has just been released, and a systems administrator is identifying all of the systems requiring the patch. Which of the following must be maintained in order to ensure that all systems requiring the patch are updated?

A. Asset inventory

B. Network enumeration

C. Data certification

D. Procurement process

A security engineer is installing an IPS to block signature-based attacks in the environment.
Which of the following modes will best accomplish this task?

A. Monitor

B. Sensor

C. Audit

D. Active

A security administrator needs a method to secure data in an environment that includes some form of checks so track any changes. Which of the following should the administrator set up to achieve this goal?

A. SPF

B. GPO

C. NAC

D. FIM

Which of the following best describes a social engineering attack that uses a targeted electronic messaging campaign aimed at a Chief Executive Officer?

A. Whaling

B. Spear phishing

C. Impersonation

D. Identity fraud

Which of the following security controls is most likely being used when a critical legacy server is segmented into a private network?

A. Deterrent

B. Corrective

C. Compensating

D. Preventive

A business needs a recovery site but does not require immediate failover. The business also wants to reduce the workload required to recover from an outage. Which of the following recovery sites is the best option?

A. Hot

B. Cold

C. Warm

D. Geographically dispersed

Client files can only be accessed by employees who need to know the information and have specified roles in the company. Which of the following best describes this security concept?

A. Availability

B. Confidentiality

C. Integrity

D. Non-repudiation

Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?

A. Insider

B. Unskilled attacker

C. Nation-state

D. Hacktivist

A security analyst developed a script to automate a trivial and repeatable task. Which of the following best describes the benefits of ensuring other team members understand how the script works?

A. To reduce implementation cost

B. To identify complexity

C. To remediate technical debt

D. To prevent a single point of failure

A company is reviewing options to enforce user logins after several account takeovers. The following conditions must be met as part of the solution:
•	Allow employees to work remotely or from assigned offices around the world.
•	Provide a seamless login experience.
•	Limit the amount of equipment required.
Which of the following best meets these conditions?

A. Trusted devices

B. Geotagging

C. Smart cards

D. Time-based logins

Which of the following physical controls can be used to both detect and deter? (Choose two.)

A. Lighting

B. Fencing

C. Signage

D. Sensor

E. Bollard

F. Lock

Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?

A. Code scanning for vulnerabilities

B. Open-source component usage

C. Quality assurance testing

D. Peer review and approval

A company's marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?

A. Processor

B. Custodian

C. Subject

D. Owner

A security analyst reviews domain activity logs and notices the following:
 
Which of the following is the best explanation for what the security analyst has discovered?

A. The user jsmith’s account has been locked out.

B. A keylogger is installed on jsmith’s workstation.

C. An attacker is attempting to brute force jsmith’s account.

D. Ransomware has been deployed in the domain.

HOTSPOT -
You are a security administrator investigating a potential infection on a network.
INSTRUCTIONS -
Click on each host and firewall. Review all logs to determine which host originated the infection and then identify if each remaining host is clean or infected.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
 
 
 
 
 
 
 

A systems administrator deployed a monitoring solution that does not require installation on the endpoints that the solution is monitoring. Which of the following is described in this scenario?

A. Agentless solution

B. Client-based soon

C. Open port

D. File-based solution

Which of the following teams combines both offensive and defensive testing techniques to protect an organization's critical systems?

A. Red

B. Blue

C. Purple

D. Yellow

A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the act of ignoring detected activity in the future?

A. Tuning

B. Aggregating

C. Quarantining

D. Archiving

A company prevented direct access from the database administrators’ workstations to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers?

A. Jump server

B. RADIUS

C. HSM

D. Load balancer

Which of the following is used to add extra complexity before using a one-way data transformation algorithm?

A. Key stretching

B. Data masking

C. Steganography

D. Salting

The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have most likely prevented this from happening?

A. Using least privilege

B. Changing the default password

C. Assigning individual user IDs

D. Reviewing logs more frequently

An attacker posing as the Chief Executive Officer calls an employee and instructs the employee to buy gift cards. Which of the following techniques is the attacker using?

A. Smishing

B. Disinformation

C. Impersonating

D. Whaling

An administrator is reviewing a single server's security logs and discovers the following:
 
Which of the following best describes the action captured in this log file?

A. Brute-force attack

B. Privilege escalation

C. Failed password audit

D. Forgotten password by the user

A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?

A. Serverless framework

B. Type 1 hypervisor

C. SD-WAN

D. SDN

A development team is launching a new public-facing web product. The Chief Information Security Officer has asked that the product be protected from attackers who use malformed or invalid inputs to destabilize the system. Which of the following practices should the development team implement?

A. Fuzzing

B. Continuous deployment

C. Static code analysis

D. Manual peer review

Which of the following is the best reason an organization should enforce a data classification policy to help protect its most sensitive information?

A. End users will be required to consider the classification of data that can be used in documents.

B. The policy will result in the creation of access levels for each level of classification.

C. The organization will have the ability to create security requirements based on classification levels.

D. Security analysts will be able to see the classification of data within a document before opening it.

A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?

A. Enumeration

B. Sanitization

C. Destruction

D. Inventory

Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked. Which of the following changes would allow users to access the site?

A. Creating a firewall rule to allow HTTPS traffic

B. Configuring the IPS to allow shopping

C. Tuning the DLP rule that detects credit card data

D. Updating the categorization in the content filter

While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.
Which of the following actions would prevent this issue?

A. Documenting the new policy in a change request and submitting the request to change management

B. Testing the policy in a non-production environment before enabling the policy in the production network

C. Disabling any intrusion prevention signatures on the “deny any” policy prior to enabling the new policy

D. Including an “allow any” policy above the “deny any” policy

An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?

A. Real-time recovery

B. Hot

C. Cold

D. Warm

A security team is addressing a risk associated with the attack surface of the organization's web application over port 443. Currently, no advanced network security capabilities are in place. Which of the following would be best to set up? (Choose two.)

A. NIDS

B. Honeypot

C. Certificate revocation list

D. HIPS

E. WAF

F. SIEM

A bank set up a new server that contains customers' PII. Which of the following should the bank use to make sure the sensitive data is not modified?

A. Full disk encryption

B. Network access control

C. File integrity monitoring

D. User behavior analytics

Which of the following threat vectors is most commonly utilized by insider threat actors attempting data exfiltration?

A. Unidentified removable devices

B. Default network device credentials

C. Spear phishing emails

D. Impersonation of business units through typosquatting

An organization recently updated its security policy to include the following statement:
Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web application.
Which of the following best explains the security technique the organization adopted by making this addition to the policy?

A. Identify embedded keys

B. Code debugging

C. Input validation

D. Static code analysis

Which of the following is required for an organization to properly manage its restore process in the event of system failure?

A. IRP

B. DRP

C. RPO

D. SDLC

Which of the following methods can be used to detect attackers who have successfully infiltrated a network? (Choose two.)

A. Tokenization

B. CI/CD

C. Honeypots

D. Threat modeling

E. DNS sinkhole

F. Data obfuscation

Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?

A. Risk tolerance

B. Risk transfer

C. Risk register

D. Risk analysis

A security analyst is reviewing the source code of an application in order to identify misconfigurations and vulnerabilities. Which of the following kinds of analysis best describes this review?

A. Dynamic

B. Static

C. Gap

D. Impact

A network team segmented a critical, end-of-life server to a VLAN that can only be reached by specific devices but cannot be reached by the perimeter network. Which of the following best describe the controls the team implemented? (Choose two.)

A. Managerial

B. Physical

C. Corrective

D. Detective

E. Compensating

F. Technical

G. Deterrent

A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?

A. Clustering servers

B. Geographic dispersion

C. Load balancers

D. Off-site backups

A security analyst and the management team are reviewing the organizational performance of a recent phishing campaign. The user click-through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do?

A. Place posters around the office to raise awareness of common phishing activities.

B. Implement email security filters to prevent phishing emails from being delivered.

C. Update the EDR policies to block automatic execution of downloaded programs.

D. Create additional training for users to recognize the signs of phishing attempts.