Give me the loot - SYC.pdf

CompTIA Security + SY0-701 305 Questions & Answers Page 1 of 63 QUESTION 1 Which of the following threat actors is the most likely to be hired by a foreign government to a ack cri cal systems located in other countries? A. Hack vist B. Whistleblower C. Organized crime D. Unskilled a acker Correct Answer: C QUESTION 2 Which of the following is used to add extra complexity before using a one-way data transforma on algorithm? A. Key stretching B. Data masking C. Steganography D. Sal ng Correct Answer: D QUESTION 3 An employee clicked a link in an email from a payment website that asked the employee to update contact informa on. The employee entered the log-in informa on but received a “page not found” error message. Which of the following types of social engineering a acks occurred? A. Brand impersona on B. Pretex ng C. Typosqua ng D. Phishing Correct Answer: D QUESTION 4 An enterprise is trying to limit outbound DNS traﬃc origina ng from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following ﬁrewall ACLs will accomplish this goal? A. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53 Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53 B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53 C. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53 D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53 Correct Answer: C QUESTION 5 A data administrator is conﬁguring authen ca on for a SaaS applica on and would like to reduce the number of creden als employees need to maintain. The company prefers to use domain creden als to access new SaaS applica ons. Which of the following methods would allow this func onality? A. SSO B. LEAP C. MFA D. PEAP Correct Answer: A Page 2 of 63 QUESTION 6 Which of the following scenarios describes a possible business email compromise a ack? A. An employee receives a gi card request in an email that has an execu ve’s name in the display ﬁeld o he email. B. Employees who open an email a achment receive messages demanding payment in order to accessﬁles. C. A service desk employee receives an email from the HR director asking for log-in creden als to a cloudadministrator account. D. An employee receives an email with a link to a phishing site that is designed to look like the company’semail portal. Correct Answer: A QUESTION 7 A company prevented direct access from the database administrators’ worksta ons to the network segment that contains database servers. Which of the following should a database administrator use to access the database servers? A. Jump server B. RADIUS C. HSM D. Load balancer Correct Answer: A QUESTION 8 An organiza on’s internet-facing website was compromised when an a acker exploited a buﬀer overﬂow. Which of the following should the organiza on deploy to best protect against similar a acks in the future? A. NGFW B. WAF C. TLS D. SD-WAN Correct Answer: B QUESTION 9 An administrator no ces that several users are logging in from suspicious IP addresses. A er speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the aﬀected users’ passwords. Which of the following should the administrator implement to prevent this type of a ack from succeeding in the future? A. Mul factor authen ca on B. Permissions assignment C. Access management D. D. Password complexity Correct Answer: A QUESTION 10 An employee receives a text message that appears to have been sent by the payroll department and is asking for creden al veriﬁca on. Which of the following social engineering techniques are being a empted? (Choose two.) A. Typosqua ng B. Phishing C. Impersona on D. Vishing E. Smishing F. Misinforma on Correct Answer: CE Page 3 of 63 QUESTION 11 Several employees received a fraudulent text message from someone claiming to be the Chief Execu ve Oﬃcer (CEO). The message stated: “I’m in an airport right now with no access to email. I need you to buy gi cards for employee recogni on awards. Please send the gi cards to following email address.” Which of the following are the best responses to this situa on? (Choose two). A. Cancel current employee recogni on gi cards. B. Add a smishing exercise to the annual company training. C. Issue a general email warning to the company. D. Have the CEO change phone numbers. E. Conduct a forensic inves ga on on the CEO’s phone. F. Implement mobile device management. Correct Answer: BC QUESTION 12 A company is required to use cer ﬁed hardware when building networks. Which of the following best addresses the risks associated with procuring counterfeit hardware? A. A thorough analysis of the supply chain B. A legally enforceable corporate acquisi on policy C. A right to audit clause in vendor contracts and SOWs D. An in-depth penetra on test of all suppliers and vendors Correct Answer: A QUESTION 13 Which of the following provides the details about the terms of a test with a third-party penetra on tester? A. Rules of engagement B. Supply chain analysis C. Right to audit clause D. Due diligence Correct Answer: A QUESTION 14 A penetra on tester begins an engagement by performing port and service scans against the client environment according to the rules of engagement. Which of the following reconnaissance types is the tester performing? A. Ac ve B. Passive C. Defensive D. Oﬀensive Correct Answer: A QUESTION 15 Which of the following is required for an organiza on to properly manage its restore process in the event of system failure? A. IRP B. DRP C. RPO D. SDLC Correct Answer: B QUESTION 16 Which of the following vulnerabili es is associated with installing so ware outside of a manufacturer’s approved so ware repository? A. Jailbreaking B. Memory injec on C. Resource reuse D. Side loading Correct Answer: D Page 4 of 63 QUESTION 17 A security analyst is reviewing the following logs: Which of the following a acks is most likely occurring? A. Password spraying B. Account forgery C. Pass-the-hash D. Brute-force Correct Answer: A QUESTION 18 An analyst is evalua ng the implementa on of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate? A. Secured zones B. Subject role C. Adap ve iden ty D. Threat scope reduc on Correct Answer: A QUESTION 19 An engineer needs to ﬁnd a solu on that creates an added layer of security by preven ng unauthorized access to internal company resources. Which of the following would be the best solu on? A. RDP server B. Jump server C. Proxy server D. Hypervisor Correct Answer: B QUESTION 20 A company’s web ﬁlter is conﬁgured to scan the URL for strings and deny access when matches are found. Which of the following search strings should an analyst employ to prohibit access to non-encrypted websites? A. encryp on=oﬀ B. h p:// C. www.*.com D. :443 Correct Answer: B QUESTION 21 During a security incident, the security opera ons team iden ﬁed sustained network traﬃc from a malicious IP address: 10.1.4.9. A security analyst is crea ng an inbound ﬁrewall rule to block the IP address from accessing the organiza on’s network. Which of the following fulﬁlls this request? A. access-list inbound deny ip source 0.0.0.0/0 des na on 10.1.4.9/32 B. access-list inbound deny ip source 10.1.4.9/32 des na on 0.0.0.0/0 C. access-list inbound permit ip source 10.1.4.9/32 des na on 0.0.0.0/0D. access-list inbound permit ip source 0.0.0.0/0 des na on 10.1.4.9/32 Correct Answer: B Page 5 of 63 QUESTION 22 A company needs to provide administra ve access to internal resources while minimizing the traﬃc allowed through the security boundary. Which of the following methods is most secure? A. Implemen ng a bas on host B. Deploying a perimeter network C. Installing a WAF D. U lizing single sign-on Correct Answer: A QUESTION 23 A security analyst is reviewing alerts in the SIEM related to poten al malicious network traﬃc coming from an employee’s corporate laptop. The security analyst has determined that addi onal data about the executable running on the machine is necessary to con nue the inves ga on. Which of the following logs should the analyst use as a data source? A. Applica on B. IPS/IDS C. Network D. Endpoint Correct Answer: D QUESTION 24 A cyber opera ons team informs a security analyst about a new tac c malicious actors are using to compromise networks. SIEM alerts have not yet been conﬁgured. Which of the following best describes what the security analyst should do to iden fy this behavior? A. Digital forensics B. E-discovery C. Incident response D. Threat hun ng Correct Answer: D QUESTION 25 A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent? A. Accept B. Transfer C. Mi gate D. Avoid Correct Answer: B QUESTION 26 A security administrator would like to protect data on employees’ laptops. Which of the following encryp on techniques should the security administrator use? A. Par on B. Asymmetric C. Full disk D. Database Correct Answer: C QUESTION 27 Which of the following security control types does an acceptable use policy best represent? A. Detec ve B. Compensa ng C. Correc ve D. Preven ve Correct Answer: D Page 6 of 63 QUESTION 28 An IT manager informs the en re help desk staﬀ that only the IT manager and the help desk lead will have access to the administrator console of the help desk so ware. Which of the following security techniques is the IT manager se ng up? A. Hardening B. Employee monitoring C. Conﬁgura on enforcement D. Least privilege Correct Answer: D QUESTION 29 Which of the following is the most likely to be used to document risks, responsible par es, and thresholds? A. Risk tolerance B. Risk transfer C. Risk register D. Risk analysis Correct Answer: C QUESTION 30 Which of the following should a security administrator adhere to when se ng up a new set of ﬁrewall rules? A. Disaster recovery plan B. Incident response procedure C. Business con nuity plan D. Change management procedure Correct Answer: D QUESTION 31 A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing applica on. The company will compensate researchers based on the vulnerabili es discovered. Which of the following best describes the program the company is se ng up? A. Open-source intelligence B. Bug bounty C. Red team D. Penetra on tes ng Correct Answer: B QUESTION 32 Which of the following threat actors is the most likely to use large ﬁnancial resources to a ack cri cal systems located in other countries? A. Insider B. Unskilled a acker C. Na on-state D. Hack vist Correct Answer: C QUESTION 33 Which of the following enables the use of an input ﬁeld to run commands that can view or manipulate data? A. Cross-site scrip ng B. Side loading C. Buﬀer overﬂow D. SQL injec on Correct Answer: D Page 7 of 63 QUESTION 34 Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work ac vi es? A. Encrypted B. Intellectual property C. Cri cal D. Data in transit Correct Answer: B QUESTION 35 A company has begun labeling all laptops with asset inventory s ckers and associa ng them with employee IDs. Which of the following security beneﬁts do these ac ons provide? (Choose two.) A. If a security incident occurs on the device, the correct employee can be no ﬁed. B. The security team will be able to send user awareness training to the appropriate device. C. Users can be mapped to their devices when conﬁguring so ware MFA tokens. D. User-based ﬁrewall policies can be correctly targeted to the appropriate laptops. E. When conduc ng penetra on tes ng, the security team will be able to target the desired laptops. F. Company data can be accounted for when the employee leaves the organiza on. Correct Answer: AF QUESTION 36 A technician wants to improve the situa onal and environmental awareness of exis ng users as they transi on from remote to in-oﬃce work. Which of the following is the best op on? A. Send out periodic security reminders. B. Update the content of new hire documenta on. C. Modify the content of recurring training. D. Implement a phishing campaign. Correct Answer: C QUESTION 37 A newly appointed board member with cybersecurity knowledge wants the board of directors to receive a quarterly report detailing the number of incidents that impacted the organiza on. The systems administrator is crea ng a way to present the data to the board of directors. Which of the following should the systems administrator use? A. Packet captures B. Vulnerability scans C. Metadata D. Dashboard Correct Answer: D QUESTION 38 A systems administrator receives the following alert from a ﬁle integrity monitoring tool: The hash of the cmd.exe ﬁle has changed. The systems administrator checks the OS logs and no ces that no patches were applied in the last two months. Which of the following most likely occurred? A. The end user changed the ﬁle permissions. B. A cryptographic collision was detected. C. A snapshot of the ﬁle system was taken. D. A rootkit was deployed. Correct Answer: D QUESTION 39 Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment? A. Client B. Third-party vendor C. Cloud provider D. DBA Correct Answer: A Page 8 of 63 QUESTION 40 A client asked a security company to provide a document outlining the project, the cost, and the comple on me frame. Which of the following documents should the company provide to the client? A. MSA B. SLA C. BPA D. SOW Correct Answer: D QUESTION 41 A security team is reviewing the ﬁndings in a report that was delivered a er a third party performed a penetra on test. One of the ﬁndings indicated that a web applica on form ﬁeld is vulnerable to cross-site scrip ng. Which of the following applica on security techniques should the security analyst recommend the developer implement to prevent this vulnerability? A. Secure cookies B. Version control C. Input valida on D. Code signing Correct Answer: C QUESTION 42 Which of the following must be considered when designing a high-availability network? (Choose two). A. Ease of recovery B. Ability to patch C. Physical isola on D. Responsiveness E. A ack surface F. Extensible authen ca on Correct Answer: AD QUESTION 43 A technician needs to apply a high-priority patch to a produc on system. Which of the following steps should be taken ﬁrst? A. Air gap the system. B. Move the system to a diﬀerent network segment. C. Create a change control request. D. Apply the patch to the system. Correct Answer: C QUESTION 44 Which of the following describes the reason root cause analysis should be conducted as part of incident response? A. To gather IoCs for the inves ga on B. To discover which systems have been aﬀected C. To eradicate any trace of malware on the network D. To prevent future incidents of the same nature Correct Answer: D QUESTION 45 Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment? A. Fines B. Audit ﬁndings C. Sanc ons D. Reputa on damage Correct Answer: A QUESTION 46 A company is developing a business con nuity strategy and needs to determine how many staﬀ members would be required to sustain the business in the case of a disrup on. Which of the following best describes this step? A. Capacity planning B. Redundancy C. Geographic dispersion D. Tabletop exercise Correct Answer: A Page 9 of 63 QUESTION 47 A company’s legal department dra ed sensi ve documents in a SaaS applica on and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most eﬀec ve way to limit this access? A. Data masking B. Encryp on C. Geoloca on policy D. Data sovereignty regula on Correct Answer: C QUESTION 48 Which of the following is a hardware-speciﬁc vulnerability? A. Firmware version B. Buﬀer overﬂow C. SQL injec on D. Cross-site scrip ng Correct Answer: A QUESTION 49 While troubleshoo ng a ﬁrewall conﬁgura on, a technician determines that a “deny any” policy should be added to the bo om of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following ac ons would prevent this issue? A. Documen ng the new policy in a change request and submi ng the request to change management B. Tes ng the policy in a non-produc on environment before enabling the policy in the produc on network C. Disabling any intrusion preven on signatures on the “deny any” policy prior to enabling the new policy D. Including an “allow any” policy above the “deny any” policy Correct Answer: B QUESTION 50 An organiza on is building a new backup data center with cost-beneﬁt as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario? A. Real- me recovery B. Hot C. Cold D. Warm Correct Answer: C QUESTION 51 A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy? A. Enumera on B. Sani za on C. Destruc on D. Inventory Correct Answer: B QUESTION 52 A systems administrator works for a local hospital and needs to ensure pa ent data is protected and secure. Which of the following data classiﬁca ons should be used to secure pa ent data? A. Private B. Cri cal C. Sensi ve D. Public Correct Answer: C Page 10 of 63 QUESTION 53 A U.S.-based cloud-hos ng provider wants to expand its data centers to new interna onal loca ons. Which of the following should the hos ng provider consider ﬁrst? A. Local data protec on regula ons B. Risks from hackers residing in other countries C. Impacts to exis ng contractual obliga ons D. Time zone diﬀerences in log correla on Correct Answer: A QUESTION 54 Which of the following would be the best way to block unknown programs from execu ng? A. Access control list B. Applica on allow list C. Host-based ﬁrewall D. DLP solu on Correct Answer: B QUESTION 55 A company hired a consultant to perform an oﬀensive security assessment covering penetra on tes ng and social engineering. Which of the following teams will conduct this assessment ac vity? A. White B. Purple C. Blue D. Red Correct Answer: D QUESTION 56 A so ware development manager wants to ensure the authen city of the code created by the company. Which of the following op ons is the most appropriate? A. Tes ng input valida on on the user input ﬁelds B. Performing code signing on company-developed so ware C. Performing sta c code analysis on the so ware D. Ensuring secure cookies are use Correct Answer: B QUESTION 57 Which of the following can be used to iden fy poten al a acker ac vi es without aﬀec ng produc on servers? A. Honeypot B. Video surveillance C. Zero Trust D. Geofencing Correct Answer: A QUESTION 58 During an inves ga on, an incident response team a empts to understand the source of an incident. Which of the following incident response ac vi es describes this process? A. Analysis B. Lessons learned C. Detec on D. Containment Correct Answer: A Page 11 of 63 QUESTION 59 A security prac oner completes a vulnerability assessment on a company’s network and ﬁnds several vulnerabili es, which the opera ons team remediates. Which of the following should be done next? A. Conduct an audit. B. Ini ate a penetra on test. C. Rescan the network. D. Submit a report. Correct Answer: C QUESTION 60 An administrator was no ﬁed that a user logged in remotely a er hours and copied large amounts of data to a personal device. Which of the following best describes the user’s ac vity? A. Penetra on tes ng B. Phishing campaign C. External audit D. Insider threat Correct Answer: D QUESTION 61 Which of the following allows for the a ribu on of messages to individuals? A. Adap ve iden ty B. Non-repudia on C. Authen ca on D. Access logs Correct Answer: B QUESTION 62 Which of the following is the best way to consistently determine on a daily basis whether security se ngs on servers have been modiﬁed? A. Automa on B. Compliance checklist C. A esta on D. Manual audit Correct Answer: A QUESTION 63 Which of the following tools can assist with detec ng an employee who has accidentally emailed a ﬁle containing a customer’s PII? A. SCAP B. NetFlow C. An virus D. DLP Correct Answer: D QUESTION 64 An organiza on recently updated its security policy to include the following statement: Regular expressions are included in source code to remove special characters such as $, |, ;. &, `, and ? from variables set by forms in a web applica on. Which of the following best explains the security technique the organiza on adopted by making this addi on to the policy? A. Iden fy embedded keys B. Code debugging C. Input valida on D. Sta c code analysis Correct Answer: C Page 12 of 63 QUESTION 65 A security analyst and the management team are reviewing the organiza onal performance of a recent phishing campaign. The user click- through rate exceeded the acceptable risk threshold, and the management team wants to reduce the impact when a user clicks on a link in a phishing message. Which of the following should the analyst do? A. Place posters around the oﬃce to raise awareness of common phishing ac vi es. B. Implement email security ﬁlters to prevent phishing emails from being delivered. C. Update the EDR policies to block automa c execu on of downloaded programs. D. Create addi onal training for users to recognize the signs of phishing a empts. Correct Answer: C QUESTION 66 Which of the following has been implemented when a host-based ﬁrewall on a legacy Linux system allows connec ons from only speciﬁc internal IP addresses? A. Compensa ng control B. Network segmenta on C. Transfer of risk D. SNMP traps Correct Answer: A QUESTION 67 The management team no ces that new accounts that are set up manually do not always have correct access or permissions. Which of the following automa on techniques should a systems administrator use to streamline account crea on? A. Guard rail script B. Ticke ng workﬂow C. Escala on script D. User provisioning script Correct Answer: D QUESTION 68 A company is planning to set up a SIEM system and assign an analyst to review the logs on a weekly basis. Which of the following types of controls is the company se ng up? A. Correc ve B. Preven ve C. Detec ve D. D. Deterrent Correct Answer: C QUESTION 69 A systems administrator is looking for a low-cost applica on-hos ng solu on that is cloud-based. Which of the following meets these requirements? A. Serverless framework B. Type 1 hypervisor C. SD-WAN D. SDN Correct Answer: A QUESTION 70 A security opera ons center determines that the malicious ac vity detected on a server is normal. Which of the following ac vi es describes the act of ignoring detected ac vity in the future? A. Tuning B. Aggrega ng C. Quaran ning D. Archiving Correct Answer: A Page 13 of 63 QUESTION 71 A security analyst reviews domain ac vity logs and no ces the following: Which of the following is the best explana on for what the security analyst has discovered? A. The user jsmith’s account has been locked out. B. A keylogger is installed on jsmith’s worksta on. C. An a acker is a emp ng to brute force jsmith’s account. D. Ransomware has been deployed in the domain. Correct Answer: C QUESTION 72 A company is concerned about weather events causing damage to the server room and down me. Which of the following should the company consider? A. Clustering servers B. Geographic dispersion C. Load balancers D. Oﬀ-site backups Correct Answer: B QUESTION 73 Which of the following is a primary security concern for a company se ng up a BYOD program? A. End of life B. Buﬀer overﬂow C. VM escape D. Jailbreaking Correct Answer: D QUESTION 74 A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware a acks. Which of the following analysis elements did the company most likely use in making this decision? A. MTTR B. RTO C. ARO D. MTBF Correct Answer: C QUESTION 75 Which of the following is the most likely to be included as an element of communica on in a security awareness program? A. Repor ng phishing a empts or other suspicious ac vi es B. Detec ng insider threats using anomalous behavior recogni on C. Verifying informa on when modifying wire transfer data D. Performing social engineering as part of third-party penetra on tes ng Correct Answer: A Page 14 of 63 QUESTION 76 HOTSPOT Select the appropriate a ack and remedia on from each drop-down list to label the corresponding a ack with its remedia on. INSTRUCTIONS Not all a acks and remedia on ac ons will be used. If at any me you would like to bring back the ini al state of the simula on, please click the Reset All bu on. Hot Area: Correct Answer: Page 15 of 63 Page 16 of 63 QUESTION 77 HOTSPOT You are a security administrator inves ga ng a poten al infec on on a network. INSTRUCTIONS Click on each host and ﬁrewall. Review all logs to determine which host originated the infec on and then iden fy if each remaining host is clean or infected. If at any me you would like to bring back the ini al state of the simula on, please click the Reset All bu on. Page 17 of 63 Page 18 of 63 Page 19 of 63 Page 20 of 63 Page 21 of 63 Hot Area: Page 22 of 63 Correct Answer: Page 23 of 63 85 https://ExamPracticeTests.com Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibili es? A. Prepara on B. Recovery C. Lessons learned D. Analysis Correct Answer: A 86 A er a recent vulnerability scan, a security engineer needs to harden the routers within the corporate network. Which of the following is the most appropriate to disable? A. Console access B. Rou ng protocols C. VLANs D. Web-based administra on Correct Answer: D 87 A security administrator needs a method to secure data in an environment that includes some form of checks so track any changes. Which of the following should the administrator set up to achieve this goal? A. SPF B. GPO C. NAC D. FIM Correct Answer: D 88 An administrator is reviewing a single server's security logs and discovers the following: Which of the following best describes the ac on captured in this log ﬁle? A. Brute-force a ack B. Privilege escala on C. Failed password audit D. Forgo en password by the user Correct Answer: A 89 Page 24 of 63 A security engineer is implemen ng FDE for all laptops in an organiza on. Which of the following are the most important for the engineer to consider as part of the planning process? (Choose two.) A. Key escrow B. TPM presence C. Digital signatures D. Data tokeniza on E. Public key management F. Cer ﬁcate authority linking Correct Answer: AB 90 A security analyst scans a company's public network and discovers a host is running a remote desktop that can be used to access the produc on network. Which of the following changes should the security analyst recommend? A. Changing the remote desktop port to a non-standard number B. Se ng up a VPN and placing the jump server inside the ﬁrewall C. Using a proxy for web connec ons from the remote desktop server D. Connec ng the remote server to the domain and increasing the password length Correct Answer: B 91 An enterprise has been experiencing a acks focused on exploi ng vulnerabili es in older browser versions with well-known exploits. Which of the following security solu ons should be conﬁgured to best provide the ability to monitor and block these known signature- based a acks? A. ACL B. DLP C. IDS D. IPS Correct Answer: C 92 Security controls in a data center are being reviewed to ensure data is properly protected and that human life considera ons are included. Which of the following best describes how the controls should be set up? A. Remote access points should fail closed. B. Logging controls should fail open. C. Safety controls should fail open. D. Logical security controls should fail closed. Correct Answer: C 93 Which of the following would be best suited for constantly changing environments? A. RTOS B. Containers C. Embedded systems D. SCADA Correct Answer: B 94 Which of the following incident response ac vi es ensures evidence is properly handled? A. E-discovery B. Chain of custody C. Legal hold D. Preserva on Correct Answer: A Page 25 of 63 95 An accoun ng clerk sent money to an a acker's bank account a er receiving fraudulent instruc ons to use a new account. Which of the following would most likely prevent this ac vity in the future? A. Standardizing security incident repor ng B. Execu ng regular phishing campaigns C. Implemen ng insider threat detec on measures D. Upda ng processes for sending wire transfers Correct Answer: D 96 A systems administrator is crea ng a script that would save me and prevent human error when performing account crea on for a large number of end users. Which of the following would be a good use case for this task? A. Oﬀ-the-shelf so ware B. Orchestra on C. Baseline D. Policy enforcement Correct Answer: B 97 A company's marke ng department collects, modiﬁes, and stores sensi ve customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer? A. Processor B. Custodian C. Subject D. Owner Correct Answer: C 98 Which of the following describes the maximum allowance of accepted risk? A. Risk indicator B. Risk level C. Risk score D. Risk threshold Correct Answer: D 99 A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of me during non-business hours. Which of the following is most likely occurring? A. A worm is propaga ng across the network. B. Data is being exﬁltrated. C. A logic bomb is dele ng data. D. Ransomware is encryp ng ﬁles. Correct Answer: B 100 A technician is opening ports on a ﬁrewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system? A. Default creden als B. Non-segmented network C. Supply chain vendor D. Vulnerable so ware Correct Answer: C Page 26 of 63 101 A systems administrator is working on a solu on with the following requirements: Provide a secure zone. Enforce a company-wide access control policy. Reduce the scope of threats. Which of the following is the systems administrator se ng up? A. Zero Trust B. AAA C. Non-repudia onD. CIA Correct Answer: A 102 Which of the following involves an a empt to take advantage of database misconﬁgura ons? A. Buﬀer overﬂow B. SQL injec on C. VM escape D. Memory injec on Correct Answer: B 103 Which of the following is used to validate a cer ﬁcate when it is presented to a user? A. OCSP B. CSR C. CA D. CRC Correct Answer: A 104 One of a company's vendors sent an analyst a security bulle n that recommends a BIOS update. Which of the following vulnerability types is being addressed by the patch? A. Virtualiza on B. Firmware C. Applica on D. Opera ng system Correct Answer: B 105 Which of the following is used to quan ta vely measure the cri cality of a vulnerability? A. CVE B. CVSSC. CIA D. CERT Correct Answer: B 106 Which of the following ac ons could a security engineer take to ensure worksta ons and servers are properly monitored for unauthorized changes and so ware? A. Conﬁgure all systems to log scheduled tasks. B. Collect and monitor all traﬃc exi ng the network. C. Block traﬃc based on known malicious signatures. D. Install endpoint management so ware on all systems Correct Answer: D 107 An organiza on is leveraging a VPN between its headquarters and a branch loca on. Which of the following is the VPN protec ng? A. Data in use B. Data in transit C. Geographic restric ons D. Data sovereignty Correct Answer: B Page 27 of 63 108 A er reviewing the following vulnerability scanning report: A security analyst performs the following test: Which of the following would the security analyst conclude for this reported vulnerability? A. It is a false posi ve. B. A rescan is required. C. It is considered noise. D. Compensa ng controls exist. Correct Answer: D 109 An organiza on disabled unneeded services and placed a ﬁrewall in front of a business-cri cal legacy system. Which of the following best describes the ac ons taken by the organiza on? A. Excep on B. Segmenta on C. Risk transfer D. Compensa ng controls Correct Answer: B 110 A security consultant needs secure, remote access to a client environment. Which of the following should the security consultant most likely use to gain access? A. EAP B. DHCP C. IPSec D. NAT Correct Answer: C 111 Which of the following should a systems administrator use to ensure an easy deployment of resources within the cloud provider? A. So ware as a service B. Infrastructure as code C. Internet of Things D. So ware-deﬁned networking Correct Answer: B 112 A er a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Oﬃcer wanted credit card informa on in order to close an invoice. Which of the following topics did the user recognize from the training? A. Insider threat B. Email phishing C. Social engineering D. Execu ve whaling Page 28 of 63 Correct Answer: C 113 A security administrator is deploying a DLP solu on to prevent the exﬁltra on of sensi ve customer data. Which of the following should the administrator do ﬁrst? A. Block access to cloud storage websites. B. Create a rule to block outgoing email a achments. C. Apply classiﬁca ons to the data. D. Remove all user permissions from shares on the ﬁle server. Correct Answer: C 114 An administrator assists the legal and compliance team with ensuring informa on about customer transac ons is archived for the proper me period. Which of the following data policies is the administrator carrying out? A. Compromise B. Reten on C. Analysis D. Transfer E. Inventory Correct Answer: B 115 A company is working with a vendor to perform a penetra on test. Which of the following includes an es mate about the number of hours required to complete the engagement? A. SOW B. BPA C. SLA D. NDA Correct Answer: A 116 A Chief Informa on Security Oﬃcer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO’s report? A. Insider threat B. Hack vist C. Na on-state D. Organized crime Correct Answer: D 117 Which of the following prac ces would be best to prevent an insider from introducing malicious code into a company's development process? A. Code scanning for vulnerabili es B. Open-source component usage C. Quality assurance tes ng D. Peer review and approval Correct Answer: D 118 Which of the following can best protect against an employee inadvertently installing malware on a company system? A. Host-based ﬁrewall B. System isola on C. Least privilege D. Applica on allow list Correct Answer: D Page 29 of 63 119 A company is adding a clause to its AUP that states employees are not allowed to modify the opera ng system on mobile devices. Which of the following vulnerabili es is the organiza on addressing? A. Cross-site scrip ng B. Buﬀer overﬂow C. Jailbreaking D. Side loading Correct Answer: C 120 Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Choose two.) A. Fencing B. Video surveillance C. Badge access D. Access control ves bule E. Sign-in sheet F. Sensor Correct Answer: CD 121 An organiza on would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use to accomplish this goal? A. Segmenta on B. Isola on C. Patching D. Encryp on Correct Answer: A 122 Which of the following is the most common data loss path for an air-gapped network? A. Bas on host B. Unsecured Bluetooth C. Unpatched OS D. Removable devices Correct Answer: D 123 Malware spread across a company's network a er an employee visited a compromised industry blog. Which of the following best describes this type of a ack? A. Impersona on B. Disinforma on C. Watering-hole D. Smishing Correct Answer: C 124 An organiza on is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organiza on is looking for a so ware solu on that will allow it to reduce traﬃc on the VPN and internet circuit, while s ll providing encrypted tunnel access to the data center and monitoring of remote employee internet traﬃc. Which of the following will help achieve these objec ves? A. Deploying a SASE solu on to remote employees B. Building a load-balanced VPN solu on with redundant internet C. Purchasing a low-cost SD-WAN solu on for VPN traﬃc D. Using a cloud provider to create addi onal VPN concentrators Correct Answer: A Page 30 of 63 125 Which of the following is the best reason to complete an audit in a banking environment? A. Regulatory requirement B. Organiza onal change C. Self-assessment requirement D. Service-level requirement Correct Answer: A 126 Which of the following security concepts is the best reason for permissions on a human resources ﬁleshare to follow the principle of least privilege? A. Integrity B. Availability C. Conﬁden ality D. Non-repudia on Correct Answer: C 127 Which of the following are cases in which an engineer should recommend the decommissioning of a network device? (Choose two.) A. The device has been moved from a produc on environment to a test environment. B. The device is conﬁgured to use cleartext passwords. C. The device is moved to an isolated segment on the enterprise network. D. The device is moved to a diﬀerent loca on in the enterprise. E. The device's encryp on level cannot meet organiza onal standards. F. The device is unable to receive authorized updates. Correct Answer: EF 128 A company is required to perform a risk assessment on an annual basis. Which of the following types of risk assessments does this requirement describe? A. Con nuous B. Ad hoc C. Recurring D. One me Correct Answer: C 129 A er a recent ransomware a ack on a company's system, an administrator reviewed the log ﬁles. Which of the following control types did the administrator use? A. Compensa ng B. Detec ve C. Preven ve D. Correc ve Correct Answer: B 130 Which of the following exercises should an organiza on use to improve its incident response process? A. Tabletop B. Replica on C. Failover D. Recovery Correct Answer: A Page 31 of 63 131 Which of the following best ensures minimal down me and data loss for organiza ons with cri cal compu ng equipment located in earthquake-prone areas? A. Generators and UPS B. Oﬀ-site replica on C. Redundant cold sites D. High availability networking Correct Answer: B 132 A newly iden ﬁed network access vulnerability has been found in the OS of legacy IoT devices. Which of the following would best mi gate this vulnerability quickly? A. Insurance B. Patching C. Segmenta on D. Replacement Correct Answer: C 133 A er an audit, an administrator discovers all users have access to conﬁden al data on a ﬁle server. Which of the following should the administrator use to restrict access to the data quickly? A. Group Policy B. Content ﬁltering C. Data loss preven on D. Access control lists Correct Answer: D 134 A client demands at least 99.99% up me from a service provider's hosted security services. Which of the following documents includes the informa on the service provider should return to the client? A. MOA B. SOW C. MOU D. SLA Correct Answer: D 135 A company is discarding a classiﬁed storage array and hires an outside vendor to complete the disposal. Which of the following should the company request from the vendor? A. Cer ﬁca on B. Inventory list C. Classiﬁca on D. Proof of ownership Correct Answer: A 136 A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider? A. Geographic dispersion B. Pla orm diversity C. Hot site D. Load balancing Correct Answer: A 137 A security analyst locates a poten ally malicious video ﬁle on a server and needs to iden fy both the crea on date and the ﬁle's creator. Which of the following ac ons would most likely give the security analyst the informa on required? A. Obtain the ﬁle's SHA-256 hash. B. Use hexdump on the ﬁle's contents. C. Check endpoint logs. D. Query the ﬁle's metadata. Page 32 of 63 Correct Answer: D 138 Which of the following teams combines both oﬀensive and defensive tes ng techniques to protect an organiza on's cri cal systems? A. Red B. Blue C. PurpleD. Yellow Correct Answer: C 139 A small business uses kiosks on the sales ﬂoor to display product informa on for customers. A security team discovers the kiosks use end-of-life opera ng systems. Which of the following is the security team most likely to document as a security implica on of the current architecture? A. Patch availability B. Product so ware compa bility C. Ease of recovery D. Cost of replacement Correct Answer: A 140 Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organiza on when a new vulnerability is disclosed? A. A full inventory of all hardware and so ware B. Documenta on of system classiﬁca ons C. A list of system owners and their departments D. Third-party risk assessment documenta on Correct Answer: A 141 Which of the following best prac ces gives administrators a set period to perform changes to an opera onal system to ensure availability and minimize business impacts? A. Impact analysis B. Scheduled down me C. Backout plan D. Change management boards Correct Answer: B 142 A company must ensure sensi ve data at rest is rendered unreadable. Which of the following will the company most likely use? A. Hashing B. Tokeniza on C. Encryp on D. Segmenta on Correct Answer: C 143 A legacy device is being decommissioned and is no longer receiving updates or patches. Which of the following describes this scenario? A. End of business B. End of tes ng C. End of support D. End of life Correct Answer: D 144 A bank insists all of its vendors must prevent data loss on stolen laptops. Which of the following strategies is the bank requiring? A. Encryp on at rest B. Masking C. Data classiﬁca on D. Permission restric ons Correct Answer: A Page 33 of 63 145 A company's end users are repor ng that they are unable to reach external websites. A er reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is ﬂooded with inbound traﬃc. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing? A. Concurrent session usage B. Secure DNS cryptographic downgrade C. On-path resource consump on D. Reﬂected denial of service Correct Answer: D 146 A systems administrator wants to prevent users from being able to access data based on their responsibili es. The administrator also wants to apply the required access structure via a simpliﬁed format. Which of the following should the administrator apply to the site recovery resource group? A. RBAC B. ACL C. SAML D. GPO Correct Answer: A 147 During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and le ers, and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet proﬁle. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to mul ple sites based on a user's intranet account? (Choose two.) A. Federa on B. Iden ty prooﬁng C. Password complexity D. Default password changes E. Password manager F. Open authen ca on Correct Answer: AC 148 Which of the following describes a security aler ng and monitoring tool that collects system, applica on, and network logs from mul ple sources in a centralized system? A. SIEM B. DLP C. IDS D. SNMP Correct Answer: A 149 A network manager wants to protect the company's VPN by implemen ng mul factor authen ca on that uses: Something you know Something you have Something you are Which of the following would accomplish the manager's goal? A. Domain name, PKI, GeoIP lookup B. VPN IP address, company ID, facial structure C. Password, authen ca on token, thumbprint D. Company URL, TLS cer ﬁcate, home address Correct Answer: C Page 34 of 63 150 Which of the following would be the best way to handle a cri cal business applica on that is running on a legacy server? A. Segmenta on B. Isola on C. Hardening D. Decommissioning Correct Answer: A 151 Which of the following vulnerabili es is exploited when an a acker overwrites a register with a malicious address? A. VM escape B. SQL injec on C. Buﬀer overﬂow D. Race condi on Correct Answer: C 152 A er a company was compromised, customers ini ated a lawsuit. The company's a orneys have requested that the security team ini ate a legal hold in response to the lawsuit. Which of the following describes the ac on the security team will most likely be required to take? A. Retain the emails between the security team and aﬀected customers for 30 days. B. Retain any communica ons related to the security breach un l further no ce. C. Retain any communica ons between security members during the breach response. D. Retain all emails from the company to aﬀected customers for an indeﬁnite period of me. Correct Answer: B 153 Which of the following describes the process of concealing code or text inside a graphical image? A. Symmetric encryp on B. Hashing C. Data masking D. Steganography Correct Answer: D 154 An employee receives a text message from an unknown number claiming to be the company’s Chief Execu ve Oﬃcer and asking the employee to purchase several gi cards. Which of the following types of a acks does this describe? A. Vishing B. Smishing C. Pretex ng D. Phishing Correct Answer: B 155 Which of the following risk management strategies should an enterprise adopt ﬁrst if a legacy applica on is cri cal to business opera ons and there are preventa ve controls that are not yet implemented? A. Mi gate B. Accept C. Transfer D. Avoid Correct Answer: A 156 Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control ves bule. Which of the following best describes this form of security control? A. Physical B. Managerial C. Technical D. Opera onal Correct Answer: A Page 35 of 63 157 The local administrator account for a company's VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have most likely prevented this from happening? A. Using least privilege B. Changing the default password C. Assigning individual user IDs D. Reviewing logs more frequently Correct Answer: B 158 Which of the following is the best way to secure an on-site data center against intrusion from an insider? A. Bollards B. Access badge C. Mo on sensor D. Video surveillance Correct Answer: B 159 An engineer moved to another team and is unable to access the new team's shared folders while s ll being able to access the shared folders from the former team. A er opening a cket, the engineer discovers that the account was never moved to the new group. Which of the following access controls is most likely causing the lack of access? A. Role-based B. Discre onary C. Time of day D. Least privilege Correct Answer: A 160 Which of the following factors are the most important to address when formula ng a training curriculum plan for a security awareness program? (Choose two.) A. Channels by which the organiza on communicates with customers B. The repor ng mechanisms for ethics viola ons C. Threat vectors based on the industry in which the organiza on operates D. Secure so ware development training for all personnel E. Cadence and dura on of training events F. Retraining requirements for individuals who fail phishing simula ons Correct Answer: BF 161 A network administrator is working on a project to deploy a load balancer in the company's cloud environment. Which of the following fundamental security requirements does this project fulﬁl? A. Privacy B. Integrity C. Conﬁden ality D. Availability Correct Answer: D 162 A systems administrator is changing the password policy within an enterprise environment and wants this update implemented on all systems as quickly as possible. Which of the following opera ng system security measures will the administrator most likely use? A. Deploying PowerShell scripts B. Pushing GPO update C. Enabling PAP D. Upda ng EDR proﬁles Correct Answer: B Page 36 of 63 163 Which of the following would be most useful in determining whether the long-term cost to transfer a risk is less than the impact of the risk? A. ARO B. RTO C. RPO D. ALEE. SLE Correct Answer: D 164 In order to strengthen a password and prevent a hacker from cracking it, a random string of 36 characters was added to the password. Which of the following best describes this technique? A. Key stretching B. Tokeniza on C. Data masking D. Sal ng Correct Answer: D 165 A technician is deploying a new security camera. Which of the following should the technician do? A. Conﬁgure the correct VLAN. B. Perform a vulnerability scan. C. Disable unnecessary ports. D. Conduct a site survey. Correct Answer: C 166 A company is experiencing a web services outage on the public network. The services are up and available but inaccessible. The network logs show a sudden increase in network traﬃc that is causing the outage. Which of the following a acks is the organiza on experiencing? A. ARP poisoning B. Brute force C. Buﬀer overﬂow D. DDoS Correct Answer: D 167 Which of the following threat actors is the most likely to be mo vated by proﬁt? A. Hack vist B. Insider threat C. Organized crime D. Shadow IT Correct Answer: C 168 An organiza on experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to iden fy the impacted host? (Choose two.) A. Applica on B. Authen ca on C. DHCP D. Network E. Firewall F. Database Correct Answer: CE Page 37 of 63 169 During a penetra on test, a vendor a empts to enter an unauthorized area using an access badge. Which of the following types of tests does this represent? A. Defensive B. Passive C. Oﬀensive D. Physical Correct Answer: D 170 A systems administrator uses a key to encrypt a message being sent to a peer in a diﬀerent branch oﬃce. The peer then uses the same key to decrypt the message. Which of the following describes this example? A. Symmetric B. Asymmetric C. Hashing D. Sal ng Correct Answer: A 171 A visitor plugs a laptop into a network jack in the lobby and is able to connect to the company's network. Which of the following should be conﬁgured on the exis ng network infrastructure to best prevent this ac vity? A. Port security B. Web applica on ﬁrewall C. Transport layer security D. Virtual private network Correct Answer: A 172 A security administrator is reissuing a former employee's laptop. Which of the following is the best combina on of data handling ac vi es for the administrator to perform? (Choose two.) A. Data reten on B. Cer ﬁca on C. Destruc on D. Classiﬁca on E. Sani za on F. Enumera on Correct Answer: CE 173 A systems administrator would like to deploy a change to a produc on system. Which of the following must the administrator submit to demonstrate that the system can be restored to a working state in the event of a performance issue? A. Backout plan B. Impact analysis C. Test procedure D. Approval procedure Correct Answer: A 174 A company is redesigning its infrastructure and wants to reduce the number of physical servers in use. Which of the following architectures is best suited for this goal? A. Serverless B. Segmenta on C. Virtualiza on D. Microservices Correct Answer: C Page 38 of 63 175 A bank set up a new server that contains customers' PII. Which of the following should the bank use to make sure the sensi ve data is not modiﬁed? A. Full disk encryp on B. Network access control C. File integrity monitoring D. User behavior analy cs Correct Answer: C 176 Users at a company are repor ng they are unable to access the URL for a new retail website because it is ﬂagged as gambling and is being blocked. Which of the following changes would allow users to access the site? A. Crea ng a ﬁrewall rule to allow HTTPS traﬃc B. Conﬁguring the IPS to allow shopping C. Tuning the DLP rule that detects credit card data D. Upda ng the categoriza on in the content ﬁlter Correct Answer: D 177 Which of the following most impacts an administrator's ability to address CVEs discovered on a server? A. Rescanning requirements B. Patch availability C. Organiza onal impact D. Risk tolerance Correct Answer: B 178 Which of the following describes eﬀec ve change management procedures? A. Approving the change a er a successful deployment B. Having a backout plan when a patch fails C. Using a spreadsheet for tracking changes D. Using an automa c change control bypass for security updates Correct Answer: B 179 The CIRT is reviewing an incident that involved a human resources recruiter exﬁltra ng sensi ve company data. The CIRT found that the recruiter was able to use HTTP over port 53 to upload documents to a web server. Which of the following security infrastructure devices could have iden ﬁed and blocked this ac vity? A. WAF u lizing SSL decryp on B. NGFW u lizing applica on inspec on C. UTM u lizing a threat feed D. SD-WAN u lizing IPSec Correct Answer: B 180 An enterprise is working with a third party and needs to allow access between the internal networks of both par es for a secure ﬁle migra on. The solu on needs to ensure encryp on is applied to all traﬃc that is traversing the networks. Which of the following solu ons should most likely be implemented? A. EAP B. IPSec C. SD-WAN D. TLS Correct Answer: B Page 39 of 63 181 An administrator has iden ﬁed and ﬁngerprinted speciﬁc ﬁles that will generate an alert if an a empt is made to email these ﬁles outside of the organiza on. Which of the following best describes the tool the administrator is using? A. DLP B. SNMP traps C. SCAP D. IPS Correct Answer: A 182 A so ware developer released a new applica on and is distribu ng applica on ﬁles via the developer's website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded ﬁles? A. Hashes B. Cer ﬁcates C. Algorithms D. Sal ng Correct Answer: A 183 An organiza on wants to limit poten al impact to its log-in database in the event of a breach. Which of the following op ons is the security team most likely to recommend? A. Tokeniza on B. Hashing C. Obfusca on D. Segmenta on Correct Answer: B 184 An administrator ﬁnds that all user worksta ons and servers are displaying a message that is associated with ﬁles containing an extension of.ryk. Which of the following types of infec ons is present on the systems? A. Virus B. Trojan C. Spyware D. Ransomware Correct Answer: D 185 A systems administrator is advised that an external web server is not func oning property. The administrator reviews the following ﬁrewall logs containing traﬃc going to the web server: Which of the following a acks is likely occurring? A. DDoS B. Directory traversal C. Brute-force D. HTTPS downgrade Correct Answer: A Page 40 of 63 186 An organiza on would like to calculate the me needed to resolve a hardware issue with a server. Which of the following risk management processes describes this example? A. Recovery point objec ve B. Mean me between failures C. Recovery me objec ve D. Mean me to repair Correct Answer: D 187 A security engineer is installing an IPS to block signature-based a acks in the environment. Which of the following modes will best accomplish this task? A. Monitor B. Sensor C. Audit D. Ac ve Correct Answer: D Reference: h ps://www.geeksforgeeks.org/intrusion-preven on-system-ips/ 188 An IT manager is increasing the security capabili es of an organiza on a er a data classiﬁca on ini a ve determined that sensi ve data could be exﬁltrated from the environment. Which of the following solu ons would mi gate the risk? A. XDR B. SPF C. DLP D. DMARC Correct Answer: C Reference: h ps://g b.com/2022/07/06/xdr-extended-detec on-and-response-vs-dlp/ 189 Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network? A. IDS B. ACL C. EDR D. NAC Correct Answer: C Reference: h ps://www.malwarebytes.com/solu ons 190 Client ﬁles can only be accessed by employees who need to know the informa on and have speciﬁed roles in the company. Which of the following best describes this security concept? A. Availability B. Conﬁden ality C. Integrity D. Non-repudia on Correct Answer: B 191 Which of the following describes the category of data that is most impacted when it is lost? A. Conﬁden al B. Public C. Private D. Cri cal Correct Answer: D Reference: h ps://corporateﬁnanceins tute.com/resources/data-science/data-loss/ Page 41 of 63 192 A new employee logs in to the email system for the ﬁrst me and no ces a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company. Which of the following a ack vectors is most likely being used? A. Business email B. Social engineering C. Unsecured network D. Default creden als Correct Answer: B 193 Which of the following describes the understanding between a company and a client about what will be provided and the accepted me needed to provide the company with the resources? A. SLA B. MOU C. MOA D. BPA Correct Answer: A Reference: h ps://blog.logrocket.com/product-management/service-level-agreement-sla-deﬁni ontemplates-examples/ 194 A company that is located in an area prone to hurricanes is developing a disaster recovery plan and looking at site considera ons that allow the company to immediately con nue opera ons. Which of the following is the best type of site for this company? A. Cold B. Ter ary C. Warm D. Hot Correct Answer: D Reference: h ps://www.nakivo.com/blog/overview-disaster-recovery-sites/ 195 Which of the following security controls is most likely being used when a cri cal legacy server is segmented into a private network? A. Deterrent B. Correc ve C. Compensa ng D. Preven ve Correct Answer: C Reference: h ps://www.infosecurity-magazine.com/blogs/protec ng-legacy-systems-modern-1/ 196 Which of the following best describes the prac ce of researching laws and regula ons related to informa on security opera ons within a speciﬁc industry? A. Compliance repor ng B. GDPR C. Due diligence D. A esta on Correct Answer: C 197 Which of the following considera ons is the most important for an organiza on to evaluate as it establishes and maintains a data privacy program? A. Repor ng structure for the data privacy oﬃcer B. Request process for data subject access C. Role as controller or processor D. Physical loca on of the company Correct Answer: C Reference: h ps://www.pivotpointsecurity.com/10-most-important-steps-to-build-a-data-privacy-program/ Page 42 of 63 198 A security analyst is inves ga ng a worksta on that is suspected of outbound communica on to a command-and-control server. During the inves ga on, the analyst discovered that logs on the endpoint were deleted. Which of the following logs would the analyst most likely look at next? A. IPS B. Firewall C. AСL D. Windows security Correct Answer: B 199 An IT manager is pu ng together a documented plan describing how the organiza on will keep opera ng in the event of a global incident. Which of the following plans is the IT manager crea ng? A. Business con nuity B. Physical security C. Change management D. Disaster recovery Correct Answer: A Reference: h ps://creately.com/guides/incident-management/ 200 A business needs a recovery site but does not require immediate failover. The business also wants to reduce the workload required to recover from an outage. Which of the following recovery sites is the best op on? A. Hot B. Cold C. Warm D. Geographically dispersed Correct Answer: C Reference: h ps://www.nakivo.com/blog/overview-disaster-recovery-sites/ 201 A security team is se ng up a new environment for hos ng the organiza on's on-premises so ware applica on as a cloud-based service. Which of the following should the team ensure is in place in order for the organiza on to follow security best prac ces? A. Virtualiza on and isola on of resources B. Network segmenta on C. Data encryp on D. Strong authen ca on policies Correct Answer: A Reference: h ps://www.microso.com/en-us/security/blog/2023/07/05/11-best-prac ces-for-securing-datain-cloud-services/ 202 A manager receives an email that contains a link to receive a refund. A er hovering over the link, the manager no ces that the domain's URL points to a suspicious link. Which of the following security prac ces helped the manager to iden fy the a ack? A. End user training B. Policy review C. URL scanning D. Plain text email Correct Answer: A 203 A company wants to verify that the so ware the company is deploying came from the vendor the company purchased the so ware from. Which of the following is the best way for the company to conﬁrm this informa on? A. Validate the code signature. B. Execute the code in a sandbox. C. Search the executable for ASCII strings. D. Generate a hash of the ﬁles. Correct Answer: A Reference: h ps://seon.io/resources/comparisons/iden ty-veriﬁca on-so ware-tools/ Page 43 of 63 204 A systems administrator no ces that one of the systems cri cal for processing customer transac ons is running an end-of-life opera ng system. Which of the following techniques would increase enterprise security? A. Installing HIDS on the system B. Placing the system in an isolated VLAN C. Decommissioning the system D. Encryp ng the system's hard drive Correct Answer: B Reference: h ps://resources.trendmicro.com/rs/945-CXD-062/images/ WP01_Protec ng_EOS_Systems_190719US_web.pdf 205 The Chief Informa on Security Oﬃcer (CISO) at a large company would like to gain an understanding of how the company's security policies compare to the requirements imposed by external regulators. Which of the following should the CISO use? A. Penetra on test B. Internal audit C. A esta on D. External examina on Correct Answer: B Reference: h ps://www.pwc.com/us/en/services/consul ng/cybersecurity-risk-regulatory/sec-ﬁnalcybersecurity-disclosure-rules/ciso- role-in-cyber-disclosure.html 206 A systems administrator no ces that the research and development department is not using the company VPN when accessing various company-related services and systems. Which of the following scenarios describes this ac vity? A. Espionage B. Data exﬁltra on C. Na on-state a ack D. Shadow IT Correct Answer: D 207 The marke ng department set up its own project management so ware without telling the appropriate departments. Which of the following describes this scenario? A. Shadow IT B. Insider threat C. Data exﬁltra on D. Service disrup on Correct Answer: A Reference: h ps://www.for net.com/resources/cyberglossary/shadow-it 208 Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints? A. To track the status of patching installa ons B. To ﬁnd shadow IT cloud deployments C. To con nuously the monitor hardware inventory D. To hunt for ac ve a ackers in the network Correct Answer: A Reference: h ps://www.syxsense.com/why-vulnerability-security-scanning-is-crucial-for-endpointmanagement 209 Which of the following is classiﬁed as high availability in a cloud environment? A. Access broker B. Cloud HSM C. WAF D. Load balancer Correct Answer: D Reference: h ps://www.economize.cloud/glossary/high-availability Page 44 of 63 210 Which of the following security measures is required when using a cloud-based pla orm for IoT management? A. Encrypted connec on B. Federated iden ty C. Firewall D. Single sign-on Correct Answer: A Reference: h ps://learn.microso.com/en-us/azure/iot/iot-overview-security 211 Which of the following threat vectors is most commonly u lized by insider threat actors a emp ng data exﬁltra on? A. Uniden ﬁed removable devices B. Default network device creden als C. Spear phishing emails D. Impersona on of business units through typosqua ng Correct Answer: A Reference: h ps://www.iansresearch.com/resources/all-blogs/post/security-blog/2022/06/09/insider-dataexﬁltra on---threats-and- new-challenges 212 Which of the following methods to secure credit card data is best to use when a requirement is to see only the last four numbers on a credit card? A. Encryp on B. Hashing C. Masking D. Tokeniza on Correct Answer: C Reference: h ps://money.stackexchange.com/ques ons/98951/credit-card-number-masking-goodprac ces-rules-law-regula ons 213 The Chief Informa on Security Oﬃcer (CISO) has determined the company is non-compliant with local data privacy regula ons. The CISO needs to jus fy the budget request for more resources. Which of the following should the CISO present to the board as the direct consequence of non-compliance? A. Fines B. Reputa onal damage C. Sanc ons D. Contractual implica ons Correct Answer: A Reference: h ps://educa on.securi.ai/cer ﬁca ons/privacyops/privacy/data-protec on-consequences/ 214 Which of the following alert types is the most likely to be ignored over me? A. True posi ve B. True nega ve C. False posi ve D. False nega ve Correct Answer: C Reference: h ps://ﬁeldeﬀect.com/blog/cyber-security-alert-fa gue 215 A security analyst is inves ga ng an applica on server and discovers that so ware on the server is behaving abnormally. The so ware normally runs batch jobs locally and does not generate traﬃc, but the process is now genera ng outbound traﬃc over random high ports. Which of the following vulnerabili es has likely been exploited in this so ware? A. Memory injec on B. Race condi on C. Side loading D. SQL injec on Correct Answer: A Reference: h ps://blog.netwrix.com/2022/08/04/open-port-vulnerabili es-list/ Page 45 of 63 216 An important patch for a cri cal applica on has just been released, and a systems administrator is iden fying all of the systems requiring the patch. Which of the following must be maintained in order to ensure that all systems requiring the patch are updated? A. Asset inventory B. Network enumera on C. Data cer ﬁca on D. Procurement process Correct Answer: A Reference: h ps://www.motadata.com/blog/patch-management/ 217 Which of the following should a security opera ons center use to improve its incident response procedure? A. Playbooks B. Frameworks C. Baselines D. Benchmarks Correct Answer: A Reference: h ps://radiantsecurity.ai/learn/soc-incident-response/ 218 Which of the following describes an execu ve team that is mee ng in a board room and tes ng the company's incident response plan? A. Con nuity of opera ons B. Capacity planning C. Tabletop exercise D. Parallel processing Correct Answer: C Reference: h ps://www.businesstechweekly.com/cybersecurity/network-security/incident-response-plantes ng/ 219 A healthcare organiza on wants to provide a web applica on that allows individuals to digitally report health emergencies. Which of the following is the most important considera on during development? A. Scalability B. Availability C. Cost D. Ease of deployment Correct Answer: B Reference: h ps://healthcareready.org/wp-content/uploads/2019/12/HCR_Telehealth_Brief_SCREEN_2.pdf 220 Which of the following agreement types deﬁnes the me frame in which a vendor needs to respond? A. SOW B. SLA C. MOA D. MOU Correct Answer: B Reference: h ps://aws.amazon.com/what-is/service-level-agreement/ 221 Which of the following is a feature of a next-genera on SIEM system? A. Virus signatures B. Automated response ac ons C. Security agent deployment D. Vulnerability scanning Correct Answer: B Reference: h ps://panther.com/cyber-explained/next-gen-siem/ Page 46 of 63 222 To improve the security at a data center, a security administrator implements a CCTV system and posts several signs about the possibility of being ﬁlmed. Which of the following best describe these types of controls? (Choose two.) A. Preven ve B. Deterrent C. Correc ve D. Direc ve E. Compensa ng F. Detec ve Correct Answer: BF Reference: h ps://hiksec.com/secure-spaces-with-cctv-and-access-control-systems/ 223 Which of the following examples would be best mi gated by input sani za on? A. alert("Warning!"); B. nmap - 10.11.1.130 C. Email message: "Click this link to get your free gi card." D. Browser message: "Your connec on is not private." Correct Answer: A Reference: h ps://cheatsheetseries.owasp.org/cheatsheets/Input_Valida on_Cheat_Sheet.html 224 An a acker posing as the Chief Execu ve Oﬃcer calls an employee and instructs the employee to buy gi cards. Which of the following techniques is the a acker using? A. Smishing B. Disinforma on C. Impersona ng D. Whaling Correct Answer: C Reference: h ps://digitalsecurityguide.eset.com/en-us/impersona on-when-an-a acker-is-posing-as-theceo 225 A er conduc ng a vulnerability scan, a systems administrator no ces that one of the iden ﬁed vulnerabili es is not present on the systems that were scanned. Which of the following describes this example? A. False posi ve B. False nega ve C. True posi ve D. True nega ve Correct Answer: A Reference: h ps://www.itgovernance.co.uk/blog/vulnerability-scans-false-posi ves-the-importance-ofsani sing-input 226 A recent penetra on test iden ﬁed that an a acker could ﬂood the MAC address table of network switches. Which of the following would best mi gate this type of a ack? A. Load balancer B. Port security C. IPS D. NGFW Correct Answer: B Reference: h ps://www.interserver.net/ ps/kb/mac-ﬂooding-prevent/ 227 A user would like to install so ware and features that are not available with a smartphone's default so ware. Which of the following would allow the user to install unauthorized so ware and enable new features? A. SQLi B. Cross-site scrip ng C. Jailbreaking D. Side loading Correct Answer: C Reference: h ps://www.wikihow.com/Allow-Apps-from-Unknown-Sources-on-Android Page 47 of 63 228 Which of the following phases of an incident response involves genera ng reports? A. Recovery B. Prepara on C. Lessons learned D. Containment Correct Answer: C Reference: h ps://subrosacyber.com/en/blog/what-are-the-phases-of-incident-response 229 Which of the following methods would most likely be used to iden fy legacy systems? A. Bug bounty program B. Vulnerability scan C. Package monitoring D. Dynamic analysis Correct Answer: B Reference: h ps://www.stackscale.com/blog/legacy-systems/ 230 Employees located oﬀ-site must have access to company resources in order to complete their assigned tasks. These employees u lize a solu on that allows remote access without intercep on concerns. Which of the following best describes this solu on? A. Proxy server B. NGFW C. VPN D. Security zone Correct Answer: C Reference: h ps://www.beyondiden ty.com/resource/secure-remote-access-what-is-it-and-best-prac ces 231 A company allows customers to upload PDF documents to its public e-commerce website. Which of the following would a security analyst most likely recommend? A. U lizing a ack signatures in an IDS B. Enabling malware detec on through a UTM C. Limi ng the aﬀected servers with a load balancer D. Blocking command injec ons via a WAF Correct Answer: B Reference: h ps://blog.ﬁlestack.com/secure-ﬁle-upload/ 232 A security analyst developed a script to automate a trivial and repeatable task. Which of the following best describes the beneﬁts of ensuring other team members understand how the script works? A. To reduce implementa on cost B. To iden fy complexity C. To remediate technical debt D. To prevent a single point of failure Correct Answer: D Reference: h ps://www.lambdatest.com/blog/automa on-scripts/ 233 A company is decommissioning its physical servers and replacing them with an architecture that will reduce the number of individual opera ng systems. Which of the following strategies should the company use to achieve this security requirement? A. Microservices B. Containeriza on C. Virtualiza on D. Infrastructure as code Correct Answer: B Reference: h ps://phoenixnap.com/blog/server-consolida on Page 48 of 63 234 An administrator needs to perform server hardening before deployment. Which of the following steps should the administrator take? (Choose two.) A. Disable default accounts. B. Add the server to the asset inventory. C. Remove unnecessary services. D. Document default passwords. E. Send server logs to the SIEM. F. Join the server to the corporate domain. Correct Answer: AC Reference: h ps://www.ninjaone.com/blog/steps-of-a-server-hardening-process/ 235 A Chief Informa on Security Oﬃcer would like to conduct frequent, detailed reviews of systems and procedures to track compliance objec ves. Which of the following will be the best method to achieve this objec ve? A. Third-party a esta on B. Penetra on tes ng C. Internal audi ng D. Vulnerability scans Correct Answer: C Reference: h ps://www.iansresearch.com/resources/all-blogs/post/security-blog/2021/04/26/key-metricsfor-a-ciso-dashboard 236 Which of the following security concepts is accomplished with the installa on of a RADIUS server? A. CIA B. AAA C. ACL D. PEM Correct Answer: B Reference: h ps://www.for net.com/resources/cyberglossary/radius-protocol 237 A er crea ng a contract for IT contractors, the human resources department changed several clauses. The contract has gone through three revisions. Which of the following processes should the human resources department follow to track revisions? A. Version valida on B. Version changes C. Version updates D. Version control Correct Answer: D Reference: h ps://www.contractlogix.com/contract-management/how-to-track-changes-be er-in-contractmanagement/ 238 The execu ve management team is manda ng the company develop a disaster recovery plan. The cost must be kept to a minimum, and the money to fund addi onal internet connec ons is not available. Which of the following would be the best op on? A. Hot site B. Cold site C. Failover site D. Warm site Correct Answer: B Reference: h ps://www.pslightwave.com/disaster-recovery-plans-three-site-strategies-you-should-consider/ 239 An administrator at a small business no ces an increase in support calls from employees who receive a blocked page message a er trying to navigate to a spoofed website. Which of the following should the administrator do? A. Deploy mul factor authen ca on. B. Decrease the level of the web ﬁlter se ngs. C. Implement security awareness training. D. Update the acceptable use policy. Correct Answer: C Reference: h ps://us.norton.com/blog/malware/website-spooﬁng Page 49 of 63 240 Which of the following teams is best suited to determine whether a company has systems that can be exploited by a poten al, iden ﬁed vulnerability? A. Purple team B. Blue team C. Red team D. White team Correct Answer: C Reference: h ps://www.ibm.com/topics/penetra on-tes ng 241 A company is reviewing op ons to enforce user logins a er several account takeovers. The following condi ons must be met as part of the solu on: Allow employees to work remotely or from assigned oﬃces around the world. Provide a seamless login experience. Limit the amount of equipment required. Which of the following best meets these condi ons? A. Trusted devices B. Geotagging C. Smart cards D. Time-based logins Correct Answer: A Reference: h ps://techcommunity.microso.com/t5/microso -365-blog/enable-a-seamless-remote-workexperience-for-your- users/ba-p/1673025 242 Which of the following methods can be used to detect a ackers who have successfully inﬁltrated a network? (Choose two.) A. Tokeniza on B. CI/CD C. Honeypots D. Threat modeling E. DNS sinkhole F. Data obfusca on Correct Answer: CE Reference: h ps://cyberthreatportal.com/types-of-network-a acks-and-preven on/ 243 A company wants to ensure that the so ware it develops will not be tampered with a er the ﬁnal version is completed. Which of the following should the company most likely use? A. Hashing B. Encryp on C. Baselines D. Tokeniza on Correct Answer: A Reference: h ps://www.securityscien st.net/blog/protect-all-forms-of-code-from-unauthorized-access-andtampering-6-prac ces/ 244 An organiza on completed a project to deploy SSO across all business applica ons last year. Recently, the ﬁnance department selected a new cloud-based accoun ng so ware vendor. Which of the following should most likely be conﬁgured during the new so ware deployment? A. RADIUS B. SAML C. EAP D. OpenID Correct Answer: B Reference: h ps://learn.microso.com/en-us/entra/iden ty/enterprise-apps/add-applica on-portal-setup-sso Page 50 of 63 245 A user, who is wai ng for a ﬂight at an airport, logs in to the airline website using the public Wi-Fi, ignores a security warning and purchases an upgraded seat. When the ﬂight lands, the user ﬁnds unauthorized credit card charges. Which of the following a acks most likely occurred? A. Replay a ack B. Memory leak C. Buﬀer overﬂow a ack D. On-path a ack Correct Answer: D Reference: h ps://securityaﬀairs.com/159003/security/public-wi-ﬁ-a acks.html 246 A network engineer deployed a redundant switch stack to increase system availability. However, the budget can only cover the cost of one ISP connec on. Which of the following best describes the poten al risk factor? A. The equipment MTBF is unknown. B. The ISP has no SLA. C. An RPO has not been determined. D. There is a single point of failure. Correct Answer: D Reference: h ps://www.lancom-systems.com/ﬁleadmin/download/techpaper/LANCOM-Techpaper-Switchdesign-guide-redundancy- concepts.pdf 247 A network team segmented a cri cal, end-of-life server to a VLAN that can only be reached by speciﬁc devices but cannot be reached by the perimeter network. Which of the following best describe the controls the team implemented? (Choose two.) A. Managerial B. Physical C. Correc ve D. Detec ve E. Compensa ng F. Technical G. Deterrent Correct Answer: EF Reference: h ps://www.adventuresinsecurity.com/Files/VLAN_network_segmenta on_and_security.pdf 248 A threat actor was able to use a username and password to log in to a stolen company mobile device. Which of the following provides the best solu on to increase mobile data security on all employees' company mobile devices? A. Applica on management B. Full disk encryp on C. Remote wipe D. Containeriza on Correct Answer: D Reference: h ps://brightsec.com/blog/mobile-security-6-ways-to-protect-mobile-devices/ 249 Which of the following best describes the risk present a er controls and mi ga ng factors have been applied? A. Residual B. Avoided C. Inherent D. Opera onal Correct Answer: A Reference: h ps://linfordco.com/blog/linking-monitoring-risks-controls/ Page 51 of 63 250 A so ware development team asked a security administrator to recommend techniques that should be used to reduce the chances of the so ware being reverse engineered. Which of the following should the security administrator recommend? A. Digitally signing the so ware B. Performing code obfusca on C. Limi ng the use of third-party libraries D. Using compile ﬂags Correct Answer: B Reference: h ps://www.sofpro.com/blog/so ware-reverse-engineering-protec on 251 Which of the following is a possible factor for MFA? A. Something you exhibit B. Something you have C. Somewhere you are D. Someone you know Correct Answer: B Reference: h ps://jumpcloud.com/blog/diﬀerent-factors-of-mul -factor-authen ca on-mfa 252 Easy-to-guess passwords led to an account compromise. The current password policy requires at least 12 alphanumeric characters, one uppercase character, one lowercase character, a password history of two passwords, a minimum password age of one day, and a maximum password age of 90 days. Which of the following would reduce the risk of this incident from happening again? (Choose two.) A. Increasing the minimum password length to 14 characters. B. Upgrading the password hashing algorithm from MD5 to SHA-512. C. Increasing the maximum password age to 120 days. D. Reducing the minimum password length to ten characters. E. Reducing the minimum password age to zero days. F. Including a requirement for at least one special character. Correct Answer: AF Reference: h ps://www.infosecurity-magazine.com/news-features/reduce-risk-password-compromise/ 253 A user downloaded so ware from an online forum. A er the user installed the so ware, the security team observed external network traﬃc connec ng to the user's computer on an uncommon port. Which of the following is the most likely explana on of this unauthorized connec on? A. The so ware had a hidden keylogger. B. The so ware was ransomware. C. The user's computer had a ﬁleless virus. D. The so ware contained a backdoor. Correct Answer: D Reference: h ps://support.microso.com/en-us/windows/protect-your-pc-from-poten ally-unwantedapplica ons-c7668a25-174e- 3b78-0191-faf0607f7a6e 254 A u lity company is designing a new pla orm that will host all the virtual machines used by business applica ons. The requirements include: A star ng baseline of 50% memory u liza on Storage scalability Single circuit failure resilience Which of the following best meets all of these requirements? A. Connec ng dual PDUs to redundant power supplies B. Transi oning the pla orm to an IaaS provider C. Conﬁguring network load balancing for mul ple paths D. Deploying mul ple large NAS devices for each host Correct Answer: B Reference: h ps://www.lucidchart.com/blog/reliability-availability-in-cloud-compu ng Page 52 of 63 255 Which of the following best describes a use case for a DNS sinkhole? A. A ackers can see a DNS sinkhole as a highly valuable resource to iden fy a company's domainstructure. B. A DNS sinkhole can be used to draw employees away from known-good websites to malicious onesowned by the a acker. C. A DNS sinkhole can be used to capture traﬃc to known-malicious domains used by a ackers. D. A DNS sinkhole can be set up to a ract poten al a ackers away from a company's network resources. Correct Answer: C Reference: h ps://bluecatnetworks.com/blog/dns-sinkhole-a-tool-to-help-thwart-cybera acks/ 256 An incident analyst ﬁnds several image ﬁles on a hard disk. The image ﬁles may contain geoloca on coordinates. Which of the following best describes the type of informa on the analyst is trying to extract from the image ﬁles? A. Log data B. Metadata C. Encrypted data D. Sensi ve data Correct Answer: B Reference: h ps://products.aspose.app/gis/geotag-photo 257 Which of the following most likely describes why a security engineer would conﬁgure all outbound emails to use S/MIME digital signatures? A. To meet compliance standards B. To increase delivery rates C. To block phishing a acks D. To ensure non-repudia on Correct Answer: D Reference: h ps://www.digicert.com/faq/email-trust/what-is-smime-or-encrypted-email 258 During a recent company safety stand-down, the cyber-awareness team gave a presenta on on the importance of cyber hygiene. One topic the team covered was best prac ces for prin ng centers. Which of the following describes an a ack method that relates to prin ng centers? A. Whaling B. Creden al harves ng C. Prepending D. Dumpster diving Correct Answer: D Reference: h ps://www.lmgsecurity.com/how-criminals-are-hacking-printers-to-take-over-your-en renetwork/ 259 Which of the following considera ons is the most important regarding cryptography used in an IoT device? A. Resource constraints B. Available bandwidth C. The use of block ciphers D. The compa bility of the TLS version Correct Answer: A Reference: h ps://www.geeksforgeeks.org/cryptography-in-iot-internet-of-things/ 260 A coﬀee shop owner wants to restrict internet access to only paying customers by promp ng them for a receipt number. Which of the following is the best method to use given this requirement? A. WPA3 B. Cap ve portal C. PSK D. IEEE 802.1X Correct Answer: B Reference: h ps://superuser.com/ques ons/452147/how-do-i-restrict-or-block-internet-access-on-a-homenetwork Page 53 of 63 261 While performing digital forensics, which of the following is considered the most vola le and should have the contents collected ﬁrst? A. Hard drive B. RAM C. SSD D. Temporary ﬁles Correct Answer: B Reference: h ps://link.springer.com/ar cle/10.1007/s11276-020-02535-5 262 A hos ng provider needs to prove that its security controls have been in place over the last six months and have suﬃciently protected customer data. Which of the following would provide the best proof that the hos ng provider has met the requirements? A. NIST CSF B. SOC 2 Type 2 report C. CIS Top 20 compliance reports D. Vulnerability report Correct Answer: B Reference: h ps://www.cloudpanel.io/blog/web-hos ng-security/ 263 A city municipality lost its primary data center when a tornado hit the facility. Which of the following should the city staﬀ use immediately a er the disaster to handle essen al public services? A. BCP B. Communica on plan C. DRP D. IRP Correct Answer: C Reference: h ps://linfordco.com/blog/bcp-vs-drp/ 264 Which of the following is considered a preven ve control? A. Conﬁgura on audi ng B. Log correla on C. Incident alerts D. Segrega on of du es Correct Answer: D Reference: h ps://community.trustcloud.ai/docs/grc-launchpad/grc-101/compliance/correc ve-controlbuilding-a-resilient-security- posture/ Page 54 of 63 265 A systems administrator no ces that a tes ng system is down. While inves ga ng, the systems administrator ﬁnds that the servers are online and accessible from any device on the server network. The administrator reviews the following informa on from the monitoring system: Which of the following is the most likely cause of the outage? A. Denial of service B. ARP poisoning C. Jamming D. Kerberoas ng Correct Answer: D 266 A security team has been alerted to a ﬂood of incoming emails that have various subject lines and are addressed to mul ple email inboxes. Each email contains a URL shortener link that is redirec ng to a dead domain. Which of the following is the best step for the security team to take? A. Create a blocklist for all subject lines. B. Send the dead domain to a DNS sinkhole. C. Quaran ne all emails received and no fy all employees. D. Block the URL shortener domain in the web proxy. Correct Answer: B 267 A security administrator is working to secure company data on corporate laptops in case the laptops are stolen. Which of the following solu ons should the administrator consider? A. Disk encryp on B. Data loss preven on C. Opera ng system hardening D. Boot security Correct Answer: A Reference: h ps://www.aegisifs.com/blog/how-protect-company-laptops-and-their-data 268 A company needs to keep the fewest records possible, meet compliance needs, and ensure destruc on of records that are no longer needed. Which of the following best describes the policy that meets these requirements? A. Security policy B. Classiﬁca on policy C. Reten on policy D. Access control policy Correct Answer: C Reference: h ps://www.workstream.us/policy-templates/record-reten on-policy Page 55 of 63 269 Which of the following is a common source of uninten onal corporate creden al leakage in cloud environments? A. Code repositories B. Dark web C.

Give me the loot - SYC.pdf

Document Details

Tags

Related

Full Transcript

Upgrade to continue