An organization maintains several environments in which patches are developed and tested before being deployed to an operational status. Which of the following is the environment in which patches will be deployed just prior to being put into an operational status? A: DevelopmentB: TestC: ProductionD: Staging
B: Test
An amusement park is implementing a biometric system that validates customers' fingerprints to ensure they are not sharing tickets. The park's owner values customers above all and would prefer customers' convenience over security. For this reason, which of the following features should the security team prioritize FIRST?A: Low FARB: Low efficacyC: Low FRRD: Low CER
C: Low FRR
A security engineer is deploying a new wireless network for a company. The company shares office space with multiple tenants.Which of the following should the engineer configure on the wireless network to ensure that confidential data is not exposed to unauthorized users?A: EAPB: TLSC: HTTPSD: AES
D: AES
An employee received a word processing file that was delivered as an email attachment. The subject line and email content enticed the employee to open the attachment. Which of the following attack vectors BEST matches this malware?A: Embedded Python CodeB: Macro-enabled fileC: Bash scriptingD: Credential-harvesting website
B: Macro enabled file
A security analyst is investigating suspicious traffic on the web server located at IP address 10.10.1.1. A search of the WAF logs reveals the following output: view imageWhich of the following is the MOST likely occuring?A: XSS AttackB: SQLi attackC: Replay attackD: XSEF Attack
B: SQLi attack
A cloud service provider has created an environment where customers can connect existing local networks to the cloud for additional computing resources and block internal HR applications from reaching the cloud. Which of the following cloud models is being used?A: PublicB: CommunityC: HybridD: Private
C: Hybrid
A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The file share is located in a local data center. Which of the following should the security architect recommend BEST meet the requirement?A: Fog computing and KVMsB: VDI and thin clients C: Private Cloud and DLPD: Full drive encryption and Thick Clients
B: VDI and Thin Clients
Which of the following employee roles is responsible for protecting an organization's collected personal information?A: CTOB: DPOC: CEOD: DBA
B: DPO
Which of the following is the BEST action to foster a consistent and auditable incident response process?A: Incent new hires to constantly update the document with external knowledge. B: Publish the document in a central repository that is easily accessible to the organization. C: Restrict eligibility to comment on the process to subject matter experts of each IT silo.D: Rotate CIRT members to foster a shared responsibility model in the organization.
D: Rotate CIRT members to foster a shared responsibility model in the organization.
A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has 100 databases that are on premises. Which of the following solutions will require the LEAST management and support from the company?A: SaaSB: IaaSC: PaaSD: SDN
A: SaaS
The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access. Which of the following is the BEST security solution to reduce this risk?A: CASBB: VPN ConcentratorC: MFAD: VPC Endpoint
A: CASB
Which of the following is assured when a user signs an email using a private key?A: Non-repudiationB: ConfidentialityC: AvailabilityD: Authentication
A: Non-repudiation
A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?A: Default system configurationB: Unsecure protocolsC: Lack of vendor supportD: Weak encryption
B: Unsecure Protocols
The president of a regional bank likes to frequently provide SOC tours to potential investors. Which of the following policiesBEST reduces the risk of malicious activity occurring after a tour?A: Password complexityB: Acceptable useC: Access controlD: Clean desk
D: Clean desk
A user's account is constantly being locked out. Upon further review, a security analyst found the following in the SIEM: view imageWhich of the following describes what is occurring?A: An attacker is utilizing a password-spraying attack against the account.B: An attacker is utilizing a dictionary attack against the account.C: An attacker is utilizing a brute-force attack against the account.D: An attacker is utilizing a rainbow table attack against the account.
C: An attacker is utilizing a brute-force attack against the account.
Which of the following would be the BEST way to analyze diskless malware that has infected a VDI?A: Shut down the VDI and copy off the event logs.B: Take a memory snapshot of the running system.C: Use NetFlow to identify command-and-control IPs.D: Run a full on-demand scan of the root volume.
C: Use NetFlow to identify command-and-control IPs.
During an incident response process involving a laptop, a host was identified as the entry point for malware. The management team would like to have the laptop restored and given back to the user. The cybersecurity analyst would like to continue investigating the intrusion on the host. Which of the following would allow the analyst to continue the investigation and also return the laptop to the user as soon as possible?A: ddB: memdumpC: tcpdumpD: head
B: memdump
Which of the following would BEST provide detective and corrective controls for thermal regulation?A: A smoke detectorB A fire alarmC An HVAC systemD: A fire suppression systemE: Guards
D: Fire suppression system
A company is auditing the manner in which its European customers' personal information is handled. Which of the following should the company consult?A: GDPRB: ISOC: NISTD: PCI DSS
A: GDPR
Two organizations plan to collaborate on the evaluation of new SIEM solutions for their respective companies. A combined effort from both organizations' SOC teams would speed up the effort. Which of the following can be written to document this agreement?A: MOUB: ISAC: SLAD: NDA
A: MOU
A security analyst is investigating some users who are being redirected to a fake website that resembles www.comptia.org. The following output was found on the naming server of the organization: VIEW IMAGEWhich of the following attacks has taken place?A: Domain reputationB: Domain hijackingC: DisassociationD: DNS poisoning
B: Domain Hijacking
A penetration tester was able to compromise an internal server and is now trying to pivot the current session in a network lateral movement. Which of the following tools, if available on the server, will provide the MOST useful information for the next assessment step?A: AutopsyB: CuckooC: memdumpD: Nmap
A: Autopsy
Which of the following are common VolP-associated vulnerabilities? (Choose two.)A: SPIMB: Vishingc: HoppingD: PhishingE: Credential harvestingF: Tailgating
A: SPIMand B: Vishing
During an incident response, an analyst applied rules to all inbound traffic on the border firewall and implemented ACLs on each critical server. Following an investigation, the company realizes it is still vulnerable because outbound traffic is not restricted, and the adversary is able to maintain a presence in the network. In which of the following stages of the Cyber Kill Chain is the adversary currently operating?A: ReconnaissanceB: Command and ControlC: Actions on objectiveD: Explotation
C: Actions on objective
Which of the following describes the continuous delivery software development methodology?A: WaterfallB: SpiralC: V-shapedD: Agile
D: Agile
A SOC operator is receiving continuous alerts from multiple Linux systems indicating that unsuccessful SSH attempts to a functional user ID have been attempted on each one of them in a short period of time. Which of the following BEST explains this behavior?A: Rainbow table attackB: Password sprayingC: Logic bombD: Malware Bot
A: Rainbow table attack
Which of the following describes the exploitation of an interactive process to gain access to restricted areas?A: PersistenceB: Buffer overflowC: Privilege escalationD: Pharming
C: Privilege Escalation
A security analyst wants to reference a standard to develop a risk management program. Which of the following is the BEST source for the analyst to use?A: SSAE SOC 2B: ISO 31000C:NIST CSFD: GDPR
C: NIST CSF
A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources. Which of the following risks would this training help to prevent?A: HoaxesB: SPIMsC: Identity FraudD: Credential harvesting
A: Hoaxes
After multiple on premises security solutions were migrated to the cloud, the incident response time increased. The analysts are spending a long time trying to trace information on different cloud consoles and correlating data in different formats. Which of the following can be used to optimize the incident response time?A: CASBB: VPCC: SWGD: CMS
C: SWG
Which of the following controls is used to make an organization initially aware of a data compromise?A: ProtectiveB: PreventativeC: CorrectiveD: Detective
D: Detective
Which of the following should be monitored by threat intelligence researchers who search for leaked credentials?A: Common Weakness EnumerationB: OSINTC: Dark webD: Vulnerability databases
C: Dark web
A systems administrator reports degraded performance on a virtual server. The administrator increases the virtual memory allocation, which improves conditions, but performance degrades again after a few days. The administrator runs an analysis tool and sees the following output:==3214== timeAttend.exe analyzed==3214== ERROR SUMMARY:==3214== malloc/free: in use at exit: 4608 bytes in 18 blocks.==3214== checked 82116 bytes==3214== definitely lost: 4608 bytes in 18 blocks.The administrator terminates the timeAttend.exe, observes system performance over the next few days, and notices that the system performance does not degrade. Which of the following issues is MOST likely occurring?A: DLL injectionB: API attackC: Buffer overflowD: Memory leak
D: memory leak
A security analyst is evaluating solutions to deploy an additional layer of protection for a web application. The goal is to allow only encrypted communications without relying on network devices. Which of the following can be implemented?A: HTTP security headerB: DNSSEC implementationC: SRTPD: S/MIME
A: HTTP Security header
A company discovered that terabytes of data have been exfiltrated over the past year after an employee clicked on an email link.The threat continued to evolve and remain undetected until a security analyst noticed an abnormal amount of external connections when the employee was not working. Which of the following is the MOST likely threat actor?A: Shadow ITB: Script kiddiesC: APTD: Insider threat
D: Insider Threat
Which of the following control types would be BEST to use in an accounting department to reduce losses from fraudulent transactions?A: RecoveryB: DeterrentC: CorrectiveD: Detective
D: Detective
Which of the following provides a calculated value for known vulnerabilities so organizations can prioritize mitigation steps?A: CVSSB: SIEMC: SOARD: CVE
A: CVSS
A forensics investigator is examining a number of unauthorized payments that were reported on the company's website. Some unusual log entries show users received an email for an unwanted mailing list and clicked on a link to attempt to unsubscribe.One of the users reported the email to the phishing team, and the forwarded email revealed the link to be:<a href="https://www.company.com/payto.do?routing=00001111&acct=22223334&amount=250">Click here to unsubscribe</a>Which of the following will the forensics investigator MOST likely determine has occurred?A: SQL iniectionB: Broken authenticationC: XSSD: XSRE
B: Broken Authentication
Which of the following risk management strategies would an organization use to maintain a legacy system with known risks for operational purposes?A:AcceptanceB: TransferenceC: AvoidanceD: Mitigation
A: acceptance
The Chief Information Security Officer (CISO) of a bank recently updated the incident response policy. The CISO is concerned that members of the incident response team do not understand their roles. The bank wants to test the policy but with the least amount of resources or impact. Which of the following BEST meets the requirements?A: Warm site failoverB: Tabletop walk-throughC:Parallel path testingD: Full outage simulation
C: Parallel path testing
A systems engineer wants to leverage a cloud-based architecture with low latency between network-connected devices that also reduces the bandwidth that is required by performing analytics directly on the endpoints. Which of the following would BEST meet the requirements? (Choose two.)A: Private cloudB: SaasC: Hybrid cloudD: laasE: DRaaSF: Fog computing
C: hybrid cloud andF: fog computing
An organization has hired a red team to simulate attacks on its security posture. Which of the following will the blue team do after detecting an loC?Cuertion ass or 211GcenaricQuestion ListA: Reimage the impacted workstations.B: Activate runbooks for incident response.C: Conduct forensics on the compromised system.D: Conduct passive reconnaissance to gather information.
C: Conduct forensics on the compromised system
An organization is planning to roll out a new mobile device policy and issue each employee a new laptop. These laptops would access the users' corporate operating system remotely and allow them to use the laptops for purposes outside of their job roles.Which of the following deployment models is being utilized?A: MDM and application managementB: BYOD and containersC: COPE and VDID: CYOD and VMs
B: BYOD and containers
Which of the following is a policy that provides a greater depth and breadth of knowledge across an organization?A: Asset management policyB: Separation of duties policyC: Acceptable use policyD: Job rotation policy
D: Job rotation policy
An organization is planning to open other data centers to sustain operations in the event of a natural disaster. Which of the following considerations would BEST support the organization's resiliency?A: Geographic dispersalB: Generator powerC: Fire suppressionD: Facility automation
A: Geographic dispersal
A major political party experienced a server breach. The hacker then publicly posted stolen internal communications concerning campaign strategies to give the opposition party an advantage. Which of the following BEST describes these threat actors?A; Semi-authorized hackersB; State actorsC: Script kiddiesD: Advanced persistent threats
B: State actors
A security analyst has been asked by the Chief Information Security Officer to: -develop a secure method of providing centralized management of infrastructure-reduce the need to constantly replace aging end user machines-provide a consistent user desktop experience<>Which of the following BEST meets these requirements?A; BYODB; Mobile device managementC; VDID; Containerization
C: VDI
A security forensics analyst is examining a virtual server. The analyst wants to preserve the present state of the virtual server, including memory contents. Which of the following backup types should be used?A: SnapshotB: DifferentialC: CloudD: FullE: Incremental
A: snapshot
A security analyst has been tasked with ensuring all programs that are deployed into the enterprise have been assessed in a runtime environment. Any critical issues found in the program must be sent back to the developer for verification and remediation. Which of the following BEST describes the type of assessment taking place?A: Input validationB: Dynamic code analysis C: FuzzingD: Manual code review
B: DYnamic code analysis
An administrator is experiencing issues when trying to upload a support file to a vendor. A pop-up message reveals that a payment card number was found in the file, and the file upload was blocked. Which of the following controls is most likely causing this issue and should be checked FIRST?A: DLPB: Firewall ruleC: Content filterD: MDME: Application allow list
A: DLP
Which of the following explains why RTO is included in a BIA?A: It identifies the amount of allowable downtime for an application or system.B: It prioritizes risks so the organization can allocate resources appropriately.C: It monetizes the loss of an asset and determines a break-even point for risk mitigation.D: It informs the backup approach so that the organization can recover data to a known time.
A: It identifies the amount of allowable downtime for an application or system.
A Chief Information Security Officer wants to ensure the organization is validating and checking the integrity of zone transfers.Which of the following solutions should be implemented?A: DNSSECB: LDAPSC: NGFWD: DLP
A: DNSSEC
A security analyst wants to fingerprint a web server. Which of the following tools will the security analyst MOST likely use to accomplish this task?A: nmap-pl-65535 192.168.0.10B: dig 192.168.0.10C: curl --head http://192.168.0.10D: ping 192.168.0.10
C: curl --head http://192.168.0.10
Which of the following will increase cryptographic security?A: High data entropyB: Algorithms that require less computing powerC: Longer key longevityD: Hashing
A: high data entropy
Which of the following would be indicative of a hidden audio file found inside of a piece of source code?A: Steganography B: Homomorphic encryptionC: Cipher suiteD: Blockchain
A: Steganography
Against the recommendation of the IT security analyst, a company set all user passwords on a server as "P@55wOrD". Upon review of the /etc/passwd file, an attacker found the followingalice:a8df3b6c4fd75f0617431fd248f35191df8d237f bob:2d250c5b2976603d757f324ebd59340df96a05e chris:ea981ec3285421d014108089f3f3f997ce0f4150Which of the following BEST explains why the encrypted passwords do not match?A: Perfect forward secrecyB: Key stretching C: SaltingD: Hashing
C: salting
An attacker has determined the best way to impact operations is to infiltrate third-party software vendors. Which of the following vectors is being exploited?A: Social mediaB: CloudC: Supply chainD: Social Engineering
C: supply chain
A social media company based in North America is looking to expand into new global markets and needs to maintain compliance with international standards. With which of the following is the company's data protection officer MOST likely concerned?A: NIST FrameworkB: ISO 27001C: GDPRD: PCI-DSS
A: NIST Framework
Which of the following is the GREATEST security concern when outsourcing code development to third-party contractors for an internet-facing application?A: Intellectual property theftB: Elevated privilegesC: Unknown backdoorD: Quality assurance
C: unknown backdoor
Which of the following is a risk that is specifically associated with hosting applications in the public cloud?A: Unsecured root accountsB: Zero-dayC: Shared tenancyD: Insider threat
C: Shared tenancy
A large bank with two geographically dispersed data centers is concerned about major power disruptions at both locations.Every day each location experiences very brief outages that last for a few seconds. However, during the summer a high risk of intentional brownouts that last up to an hour exists, particularly at one of the locations near an industrial smelter. Which of the following is the BEST solution to reduce the risk of data loss?A: Dual supplyB: GeneratorC: UPSD: POUE: Daily backups
B: Generator
Which of the following is a benefit of including a risk management framework into an organization's security approach? A: It defines expected service levels from participating supply chain partners to ensure system outages are remediated in a timely manner.B: It identifies specific vendor products that have been tested and approved for use in a secure environment.C: It provides legal assurances and remedies in the event a data breach occurs.D: It incorporates control, development, policy, and management activities into IT operations.
D: It incorporates control, development, policy, and management activities into IT operations.
A security analyst is designing the appropriate controls to limit unauthorized access to a physical site. The analyst has a directive to utilize the lowest possible budget. Which of the following would BEST meet the requirements?A: Preventive controlsB: Compensating controlsC: Deterrent controlsD: Detective controls
D: Detective controls
A user enters a username and a password at the login screen for a web portal. A few seconds later the following message appears on the screen:Please use a combination of numbers, special characters, and letters in the password field.Which of the following concepts does this message describe?A:Password complexityB: Password reuseC: Password historyD: Password age
A: password complexity
A company is implementing a DLP solution on the file server. The file server has PlI, financial information, and health information stored on it. Depending on what type of data that is hosted on the file server, the company wants different DLP rules assigned to the data. Which of the following should the company do to help accomplish this goal?A: Classify the data.B: Mask the data.C: Assign the application owner.D: Perform a risk analvsis.
A: classify the data
After a recent security incident, a security analyst discovered that unnecessary ports were open on a firewall policy for a web server. Which of the following firewall polices would be MOST secure for a web server? *view images
D
The Chief Compliance Officer from a bank has approved a background check policy for all new hires. Which of the following is the policy MOST likely protecting against? A: Preventing any current employees' siblings from working at the bank to prevent nepotismB: Hiring an employee who has been convicted of theft to adhere to industry complianceC: Filtering applicants who have added false information to resumes so they appear better qualifiedD: Ensuring no new hires have worked at other banks that may be trying to steal customer information
C: Filtering applicants who have added false information to resumes so they appear better qualified
After a recent external audit, the compliance team provided a list of several non-compliant, in-scope hosts that were not encrypting cardholder data at rest. Which of the following compliance frameworks would address the compliance team'sGREATEST concern?A: PCI DSSB:GDPRC: ISO 27001D: NIST CSF
A: PCI DSS
A company is under investigation for possible fraud. As part of the investigation, the authorities need to review all emails and ensure data is not deleted. Which of the following should the company implement to assist in the investigation?A: Legal hold B: Chain of custodyC: Data loss preventionD: Content filter
B: Chain of custody
DDoS attacks are causing an overload on the cluster of cloud servers. A security architect is researching alternatives to make the cloud environment respond to load fluctuation in a cost-effective way. Which of the following options BEST fulfills the architect's requirements?A: An orchestration solution that can adjust scalability of cloud assetsB: Use of multipath by adding more connections to cloud storageC: Cloud assets replicated on geographically distributed regionsD: An on-site backup that is displaved and only used when the load increases
D: An on-site backup that is displaved and only used when the load increases
A security incident has been resolved. Which of the following BEST describes the importance of the final phase of the incident response plan?A: It examines and documents how well the team responded, discovers what caused the incident, and determines how theincident can be avoided in the future.B: It returns the affected systems back into production once systems have been fully patched, data restored, and vulnerabilities addressed.C: It identifies the incident and the scope of the breach, how it affects the production environment, and the ingress point.D: It contains the affected svstems and disconnects them from the network, preventing further spread of the attack orbreach.
A: It examines and documents how well the team responded, discovers what caused the incident, and determines how theincident can be avoided in the future.
An audit identified PlI being utilized in the development environment of a critical application. The Chief Privacy Officer (CPO) is adamant that this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to BEST satisfy both the CPO's and the development team's requirements?A: Data anonymizationB: Data encrvotionC: Data maskingD: Data tokenization
A: data anonymization
A technician was dispatched to complete repairs on a server in a data center. While locating the server, the technician entered a restricted area without authorization. Which of the following security controls would BEST prevent this in the future?A: Use appropriate signage to mark all areas.B: Utilize cameras monitored by guards.C: Implement access control vestibules.D: Enforce escorts to monitor all visitors.
B: utilize cameras monitored by guards
An organization has developed an application that needs a patch to fix a critical vulnerability. In which of the following environments should the patch be deployed LAST?A: TestB: Staging C: DevelopmentD: Production
C: development
While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor?A: Utilizing SIEM correlation enginesB: Deploying Netflow at the network borderC: Disabling session tokens for all sitesD: Deploying a WAF for the web server
D: deploying a WAF for the web server
A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee's COPE tablet and passed to the competitor via cloud storage. Which of the following is the BEST remediation for this data leak?A: User trainingB: CASBC: MDMD: DLP
A: user training
Which of the following is a security best practice that ensures the integrity of aggregated log files within a SIEM?A: Set up hashing on the source log file servers that complies with local regulatory requirements.B: Back up the aggregated log files at least two times a day or as stated by local regulatory requirements.C: Write protect the aggregated log files and move them to an isolated server with limited access.D: Back up the source log files and archive them for at least six years or in accordance with local regulatory requirements.
A: Set up hashing on the source log file servers that complies with local regulatory requirements
A tax organization is working on a solution to validate the online submission of documents. The solution should be carried on a portable USB device that should be inserted on any computer that is transmitting a transaction securely. Which of the following is the BEST certificate for these requirements?A: User certificateB: Self-signed certificateC: Computer certificateD: Root certificate
B; self-signed certificate
A company wants to simplify the certificate management process. The company has a single domain with several dozen subdomains, all of which are publicly accessible on the internet. Which of the following BEST describes the type of certificate the company should implement?A: Subject alternative nameB: WildcardC: Self-signedD: Domain validation
B: wildcard
A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to update the application for compatibility with more secure libraries. Which of the following would be the MOST prudent course of action?A: Accept the risk if there is a clear road map for timely decommission.B: Deny the risk due to the end-of-life status of the application.C: Use containerization to segment the application from other applications to eliminate the risk.D: Outsource the application to a third-party developer group.
C: Use containerization to segment the application from other applications to eliminate the risk.
An organization implemented a process that compares the settings currently configured on systems against secure configuration guidelines in order to identify any gaps. Which of the following control types has the organization implemented?A: CompensatingB: CorrectiveC: PreventiveD: Detective
D: detective
Which of the following processes will eliminate data using a method that will allow the storage device to be reused after the process is complete?A: PulverizingB: OverwritingC: ShreddingD: Degaussing
B: Overwriting
A company recently experienced an inside attack using a corporate machine that resulted in data compromise. Analysis indicated an unauthorized change to the software circumvented technological protection measures. The analyst was tasked with determining the best method to ensure the integrity of the systems remains intact and local and remote boot attestation can take place. Which of the following would provide the BEST solution?A: HIPSB: FIMC: ТРМD: DLP
C: TPM
Which of the following organizations sets frameworks and controls for optimal security configuration on systems?A: ISOB: GDPRC: PCI DSSD: NIST
D: NIST
Digital signatures use asymmetric encryption. This means the message is encrypted with:A: the sender's private key and decrypted with the sender's public key.B: the sender's public key and decrypted with the sender's private key.C: the sender's private key and decrypted with the recipient's public key.D: the sender's public key and decrypted with the recipient's private key.
A: the sender's private key and decrypted with the sender's public key.
Which of the following can be used by a monitoring tool to compare values and detect password leaks without providing the actual credentials?A: HashingB: TokenizationC: MaskingD: Encryption
A: hashing
An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding the credit card statement with unusual purchases. Which of the following attacks took place?A: On-path attackB: Protocol poisoningC: Domain hijackingD: Bluejacking
A: on-path attack
Which of the following documents provides expectations at a technical level for quality, availability, and responsibilities?A: EOLB: SLAC: MOUD: EOSL
B: SLA
Business partners are working on a security mechanism to validate transactions securely. The requirement is for one company to be responsible for deploying a trusted solution that will register and issue artifacts used to sign, encrypt, and decrypt transaction files. Which of the following is the BEST solution to adopt?A: PKIB: BlockchainC: SAMLD: OAuth
A: PKI
Which of the following is a known security risk associated with data archives that contain financial information?A: Data can become a liability if archived longer than required by regulatory guidance.B: Data must be archived off-site to avoid breaches and meet business requirements.C: Companies are prohibited from providing archived data to e-discovery requests.D: Unencrypted archives should be preserved as long as possible and encrypted.
A: Data can become a liability if archived longer than required by regulatory guidance.
Which of the following secure coding techniques makes compromised code more difficult for hackers to use?A; ObfuscationB; NormalizationC: ExecutionD: Reuse
A: Obfuscation
The Chief Information Security Officer is concerned about employees using personal email rather than company email to communicate with clients and sending sensitive business information and PlI. Which of the following would be the BEST solution to install on the employees' workstations to prevent information from leaving the company's network?A: HIPSB: DLPC: HIDSD: EDR
D: EDR
Which of the following statements BEST describes zero-day exploits?A: When a zero-day exploit is discovered, the system cannot be protected by any means.B: Zero-day exploits have their own scoring category in CVSS.C: A zero-day exploit is initially undetectable, and no patch for it exists.D: Discovering zero-day exploits is always performed via bug bounty programs.
C: A zero-day exploit is initially undetectable, and no patch for it exists.
Due to unexpected circumstances, an IT company must vacate its main office, forcing all operations to alternate, off-site locations. Which of the following will the company MOST likely reference for guidance during this change?A: The business continuity planB: The retention policyC: The disaster recovery planD: The incident response plan
A: the business continuity plan
An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be used to accomplish this task?A: Application allow listB: SWGC: Host-based firewallD: VPN
B: SWG
A user is attempting to navigate to a website from inside the company network using a desktop. When the user types in the URL https://www.site.com, the user is presented with a certificate mismatch warning from the browser. The user does not receive a warning when visiting http://www.anothersite.com. Which of the following describes this attack?A: On-pathB: Domain hijackingC: DNS poisoningD: Evil twin
B: domain hijacking
A junior security analyst is conducting an analysis after passwords were changed on multiple accounts without users' interaction.The SIEM have multiple login entries with the following text:suspicious event - user: scheduledtasks successfully authenticate on AD on abnormal timesuspicious event - user: scheduledtasks failed to execute c:weekly_checkupslamazing-3rdparty-domain-assessment.pysuspicious event - user: scheduledtasks failed to execute c:weekly_checkups\secureyourAD-3rdparty-compliance.shsuspicious event - user: scheduledtasks successfully executed c:Iweekly_checkups\amazing-3rdparty-domain-assessment.pyWhich of the following is the MOST likely attack conducted on the environment?A: Malicious scriptB: Privilege escalationC: Domain hijackingD: DNS poisoning
A: Malicious Script
Which of the following control types fixes a previously identified issue and mitigates a risk?A: DetectiveB: CorrectiveC: PreventativeD: Finalized
C: Preventative
Which of the following would detect intrusions at the perimeter of an airport?A: SignageB: FencingC: Motion sensorsD: LightingE: Bollards
E: bollards
Users are presented with a banner upon each login to a workstation. The banner mentions that users are not entitled to any reasonable expectation of privacy and access is for authorized personnel only. In order to proceed past that banner, users must click the OK button. Which of the following is this an example of?A: AUPB: NDAC: SLAD: MOU
B: NDA
A SOC operator is analyzing a log file that contains the following entries: VIEW IMAGEWhich of the following explains these log entries?A: SQL injection and improper input-handling attemptsB: Cross-site scripting and resource exhaustion attemptsC: Command injection and directory traversal attemptsD: Error handling and privilege escalation attempts
C: Command injection and directory traversal attempts
A security analyst is receiving several alerts per user and is trying to determine if various logins are malicious. The security analyst would like to create a baseline of normal operations and reduce noise. Which of the following actions should the security analyst perform?A: Adjust the data flow from authentication sources to the SIEM.B: Disable email alerting and review the SIEM directly.C: Adjust the sensitivity levels of the SIEM correlation engine.D: Utilize behavioral analysis to enable the SIEM's learning mode.
B: Disable email alerting and review the SIEM directly.
A security analyst is tasked with defining the "something you are" factor of the company's MFA settings. Which of the following is BEST to use to complete the configuration?A: Gait analysisB: VeinC: Soft tokenD: HMAC-based, one-time password
B: Vein
An application developer accidentally uploaded a company's code-signing certificate private key to a public web server. The company is concerned about malicious use of its certificate. Which of the following should the company do FIRST?A: Delete the private key from the repository.B: Verify the public key is not exposed as well.C: Update the DLP solution to check for private keys.D: Revoke the code-signing certificate.
D: Revoke the code-signing certificate.
A customer service representative reported an unusual text message that was sent to the help desk. The message contained an unrecognized invoice number with a large balance due and a link to click for more details. Which of the following BEST describes this technique?A: VishingB: WhalingC: PhishingD: Smishing
D: Smishing
Which of the following is the FIRST environment in which proper, secure coding should be practiced?A: StageB: DevelopmentC: ProductionD: Test
A: Stage
A security analyst is concerned about critical vulnerabilities that have been detected on some applications running inside containers. Which of the following is the BEST remediation strategy?A:Update the base container Image and redeploy the environment.B: Include the containers in the regular patching schedule for servers.C: Patch each running container individually and test the application.D: Update the host in which the containers are running.
B: Include the containers in the regular patching schedule for servers.
A security policy states that common words should not be used as passwords. A security auditor was able to perform a dictionary attack against corporate credentials. Which of the following controls was being violated?A: Password complexityB: Password historyC: Password reuseD: Password length
A: Password complexity
A network engineer created two subnets that will be used for production and development servers. Per security policy production and development servers must each have a dedicated network that cannot communicate with one another directly. Which of the following should be deployed so that server administrators can access these devices?A: VLANSB: Internet proxy serversC: NIDSD: Jump servers
A: VLANS
Which of the following describes a social engineering technique that seeks to exploit a person's sense of urgency?A: A phishing email stating a cash settlement has been awarded but will expire soonB: A smishing message stating a package is scheduled for pickupC: A vishing call that requests a donation be made to a local charityD: A SPIM notification claiming to be undercover law enforcement investigating a cybercrime
C: A vishing call that requests a donation be made to a local charity
An organization wants to implement a biometric system with the highest likelihood that an unauthorized user will be denied access. Which of the following should the organization use to compare biometric solutions?A: ERRB: Difficulty of useC: CostD: FARE: CER
E: CER