What type of authentication factor relies on the user's biometric characteristics, such as a fingerprint, a face, or an iris?

What is a common example of something you have that can be used to generate a one-time password (OTP) or a code to access a VPN?

Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?

What is a common example of something you are that can be used to scan and verify the user's identity to access a VPN?

What is the process of using software, hardware, or other tools to perform tasks that would otherwise require human intervention or manual effort?

Which of the following can automation be used for in relation to security settings on servers?

What type of security technique involves checking user input for malicious or unexpected data before processing by an application?

Which of the following is not a special character that the organization's security policy aims to remove from user input?

What technique is used to hide information within another medium, such as an image or audio file?

If an organization wants to prevent embedded keys from being included in their source code, which security technique should they adopt?

What is the process of converting data into a fixed-size string of characters, which cannot be reversed?

Which of the following security techniques involves replacing sensitive data with fictitious data?

What is the primary purpose of audits in a banking environment?

In a penetration testing engagement, what type of reconnaissance involves sending packets or requests to a target and analyzing the responses?

What is the most common data loss path for an air-gapped network?

Which of the following is NOT a purpose of audits in a banking environment?

What type of reconnaissance involves observing network activity without directly interacting with the target?

How can an air-gapped network be compromised despite being physically isolated?

What is the primary technique used by attackers in a Business Email Compromise (BEC) attack?

In the given scenario, what is the attacker's goal in requesting gift cards?

How does the attacker make the email appear to be from an executive in the given scenario?

What is the purpose of capacity planning in the context of business continuity strategy?

Which of the following is NOT a common tactic used by BEC attackers?

In the context of business continuity planning, what does the term 'geographic dispersion' refer to?

What is the primary goal of social engineering?

In the given scenario, what technique was the suspicious caller employing?

Which of the following is the most appropriate mitigation strategy for suspicious connections between internal endpoints?

Which practice is most effective in preventing insider threats related to malicious code introduction?

What is the primary purpose of a host-based firewall?

Which of the following is not a common social engineering technique?