101-150

Question 1

The facilities supervisor for a government agency is concerned about unauthorized access to
environmental systems in the event the staff WiFi network is breached.
Which of the blowing would BEST address this security concern?

Answer 1

A. install a smart meter on the staff WiFi.
B. Place the environmental systems in the same DHCP scope as the staff WiFi.
C. Implement Zigbee on the staff WiFi access points.
D. Segment the staff WiFi network from the environmental systems network.
Answer: D

Question 2

An organization just experienced a major cyberattack modem. The attack was well coordinated
sophisticated and highly skilled.
Which of the following targeted the organization?

Answer 2

A. Shadow IT
B. An insider threat
C. A hacktivist
D. An advanced persistent threat
Answer: D

Question 3

Joe, an employee, receives an email stating he won the lottery. The email includes a link that
requests a name, mobile phone number, address, and date of birth be provided to confirm Joe’s identity
before sending him the prize.
Which of the following BEST describes this type of email?

Answer 3

A. Spear phishing
B. Whaling
C. Phishing
D. Vishing
Answer: C

Question 4

An organization wants to implement a third factor to an existing multifactor authentication. The
organization already uses a smart card and password.
Which of the following would meet the organization’s needs for a third factor?

Answer 4

A. Date of birth
B. Fingerprints
C. PIN
D. TPM
Answer: B

Question 5

Which of the following ISO standards is certified for privacy?

Answer 5

A. ISO 9001
B. ISO 27002
C. ISO 27701
D. ISO 31000
Answer: C

Question 6

The CSIRT is reviewing the lessons learned from a recent incident. A worm was able to spread
unhindered throughout the network and infect a large number of computers and servers.
Which of the following recommendations would be BEST to mitigate the impacts of a similar incident in
the future?

Answer 6

A. Install a NIDS device at the boundary.
B. Segment the network with firewalls.
C. Update all antivirus signatures daily.
D. Implement application blacklisting.
Answer: B

Question 7

A RAT that was used to compromise an organization’s banking credentials was found on a user’s
computer. The RAT evaded antivirus detection. It was installed by a user who has local administrator
rights to the system as part of a remote management tool set.
Which of the following recommendations would BEST prevent this from reoccurring?

Answer 7

A. Create a new acceptable use policy.
B. Segment the network into trusted and untrusted zones.
C. Enforce application whitelisting.
D. Implement DLP at the network boundary.
Answer: C

Question 8

A network manager is concerned that business may be negatively impacted if the firewall in
its datacenter goes offline.
The manager would like to Implement a high availability pair to:

Answer 8

A. decrease the mean ne between failures
B. remove the single point of failure
C. cut down the mean tine to repair
D. reduce the recovery time objective
Answer: B

Question 9

Which of the following organizational policies are MOST likely to detect fraud that is being conducted
by existing employees? (Select TWO).

Answer 9

A. Offboarding
B. Mandatory vacation
C. Job rotation
D. Background checks
E. Separation of duties
F. Acceptable use
Answer: B,C

Question 10

Accompany deployed a WiFi access point in a public area and wants to harden the configuration to
make it more secure. After performing an assessment, an analyst identifies that the access point is
configured to use WPA3, AES, WPS, and RADIUS.
Which of the following should the analyst disable to enhance the access point security?

Answer 10

A. WPA3
B. AES
C. RADIUS
D. WPS
Answer: D

Question 11

A security audit has revealed that a process control terminal is vulnerable to malicious users installing
and executing software on the system. The terminal is beyond end-of-life support and cannot be
upgraded, so it is placed on a projected network segment.
Which of the following would be MOST effective to implement to further mitigate the reported
vulnerability?

Answer 11

A. DNS sinkholding
B. DLP rules on the terminal
C. An IP blacklist
D. Application whitelisting
Answer: D

Question 12

Which of the following scenarios would make a DNS sinkhole effective in thwarting an attack?

Answer 12

A. An attacker is sniffing traffic to port 53, and the server is managed using unencrypted usernames and
passwords.
B. An organization is experiencing excessive traffic on port 53 and suspects an attacker is trying to DoS
the domain name server.
C. Malware trying to resolve an unregistered domain name to determine if it is running in an isolated
sandbox
D. Routing tables have been compromised, and an attacker is rerouting traffic to malicious websites
Answer: D

Question 13

The website http://companywebsite.com requires users to provide personal information including
security responses, for registration.
Which of the following would MOST likely cause a date breach?

Answer 13

A. LACK OF INPUT VALIDATION
B. OPEN PERMISSIONS
C. UNSCECURE PROTOCOL
D. MISSING PATCHES
Answer: A

Question 14

The IT department’s on-site developer has been with the team for many years. Each time an
application is released, the security team is able to identify multiple vulnerabilities.
Which of the following would BEST help the team ensure the application is ready to be released to
production?

Answer 14

A. Limit the use of third-party libraries.
B. Prevent data exposure queries.
C. Obfuscate the source code.
D. Submit the application to QA before releasing it.
Answer: D

Question 15

The following are the logs of a successful attack.

Which of the following controls would be BEST to use to prevent such a breach in the future?

Answer 15

A. Password history
B. Account expiration
C. Password complexity
D. Account lockout
Answer: D

Question 16

Which of the following cloud models provides clients with servers, storage, and networks but nothing
else?

Answer 16

A. SaaS
B. PaaS
C. IaaS
D. DaaS
Answer: C

Question 17

A forensics examiner is attempting to dump password cached in the physical memory of a live system
but keeps receiving an error message.

Answer 17

A. The examiner does not have administrative privileges to the system
B. The system must be taken offline before a snapshot can be created
C. Checksum mismatches are invalidating the disk image
D. The swap file needs to be unlocked before it can be accessed
Answer: D

Question 18

To secure an application after a large data breach, an e-commerce site will be resetting all users’
credentials.
Which of the following will BEST ensure the site’s users are not compromised after the reset?

Answer 18

A. A password reuse policy
B. Account lockout after three failed attempts
C. Encrypted credentials in transit
D. A geofencing policy based on login history
Answer: C

Question 19

A security analyst has been asked to investigate a situation after the SOC started to receive alerts
from the SIEM.
The analyst first looks at the domain controller and finds the following events: {{ PIC }}
To better understand what is going on, the analyst runs a command and receives the following output: {{ PIC }}

Based on the analyst’s findings, which of the following attacks is being executed?

Answer 19

A. Credential harvesting
B. Keylogger
C. Brute-force
D. Spraying
Answer: D

Question 20

An attacker has successfully exfiltrated several non-salted password hashes from an online system.
Given the logs below:

Which of the following BEST describes the type of password attack the attacker is performing?

Answer 20

A. Dictionary
B. Pass-the-hash
C. Brute-force
D. Password spraying
Answer: A

Question 21

An organization’s corporate offices were destroyed due to a natural disaster, so the organization is
now setting up offices in a temporary work space.
Which of the following will the organization MOST likely consult?

Answer 21

A. The business continuity plan
B. The disaster recovery plan
C. The communications plan
D. The incident response plan
Answer: A

Question 22

Which of the following is the purpose of a risk register?

Answer 22

A. To define the level or risk using probability and likelihood
B. To register the risk with the required regulatory agencies
C. To identify the risk, the risk owner, and the risk measures
D. To formally log the type of risk mitigation strategy the organization is using
Answer: C

Question 23

The spread of misinformation surrounding the outbreak of a novel virus on election day ted to eligible
voters choosing not to take the risk of going to the polls.
This is an example of:

Answer 23

A. prepending.
B. an influence campaign
C. a watering-hole attack
D. intimidation
E. information elicitation
Answer: D

Question 24

A security analyst needs to find real-time data on the latest malware and locs.

Which of the following best describe the solution the analyst should persue?

Answer 24

A. Advisories and bulletins
B. Threat fEEDS
C. SECURITY NEWS ARTICLES
D. PEER-REVIEWED CONTENT
Answer: B

Question 25

A. Advisories and bulletins
B. Threat fEEDS
C. SECURITY NEWS ARTICLES
D. PEER-REVIEWED CONTENT
Answer: B

Answer 25

A. SIEM
B. DLP
C. CASB
D. SWG
Answer: C

Question 26

An enterprise has hired an outside security firm to conduct penetration testing on its network and
applications. The firm has only been given the documentation available to the customers of the
applications.

Which of the following BEST represents the type of testing that will occur?

Answer 26

A. Bug bounty
B. Black-box
C. Gray-box
D. White-box
Answer: A

Question 27

Which of the following would cause a Chief Information Security Officer (CISO) the MOST concern
regarding newly installed Internet-accessible 4K surveillance cameras?

Answer 27

A. An inability to monitor 100%, of every facility could expose the company to unnecessary risk.
B. The cameras could be compromised if not patched in a timely manner.
C. Physical security at the facility may not protect the cameras from theft.
D. Exported videos may take up excessive space on the file servers.
Answer: A

Question 28

Which of the following describes the ability of code to target a hypervisor from inside

Answer 28

A. Fog computing
B. VM escape
C. Software-defined networking
D. Image forgery
E. Container breakout
Answer: B

Question 29

After reading a security bulletin, a network security manager is concerned that a malicious actor may
have breached the network using the same software flaw. The exploit code is publicly available and has
been reported as being used against other industries in the same vertical.
Which of the following should the network security manager consult FIRST to determine a priority list for
forensic review?

Answer 29

A. The vulnerability scan output
B. The IDS logs
C. The full packet capture data
D. The SIEM alerts
Answer: A

Question 30

A network administrator is setting up wireless access points in all the conference rooms and wants to
authenticate device using PKI.

Which of the following should the administrator configure?

Answer 30

A. A captive portal
B. PSK
C. 802.1X
D. WPS
Answer: C

Question 31

A workwide manufacturing company has been experiencing email account compromised. In one
incident, a user logged in from the corporate office in France, but then seconds later, the same user
account attempted a login from Brazil.

Which of the following account policies would BEST prevent this type of attack?

Answer 31

A. Network location
B. Impossible travel time
C. Geolocation
D. Geofencing
Answer: D

Question 32

A security analyst needs to produce a document that details how a security incident occurred, the
steps that were taken for recovery, and how future incidents can be avoided.

During which of the following stages of the response process will this activity take place?

Answer 32

A. Recovery
B. Identification
C. Lessons learned
D. Preparation
Answer: C

Question 33

A system administrator needs to implement an access control scheme that will allow an object’s
access policy be determined by its owner.
Which of the following access control schemes BEST fits the requirements?

Answer 33

A. Role-based access control
B. Discretionary access control
C. Mandatory access control
D. Attribute-based access control
Answer: B

Question 34

CORRECT TEXT
A systems administrator needs to install a new wireless network for authenticated guest access. The
wireless network should support 802. IX using the most secure encryption and protocol available.
Perform the following slops:
1. Configure the RADIUS server.
2. Configure the WiFi controller.
3. Preconfigure the client for an incoming guest. The guest AD credentials are:
User: guest01
Password: guestpass

Answer 34

{{ PIC }}

Question 35

Which of the following should be put in place when negotiating with a new vendor about the
timeliness of the response to a significant outage or incident?

Answer 35

A. MOU
B. MTTR
C. SLA
D. NDA
Answer: C

Question 36

A company is implementing MFA for all applications that store sensitive data. The IT manager wants
MFA to be non-disruptive and user friendly.
Which of the following technologies should the IT manager use when implementing MFA?

Answer 36

A. One-time passwords
B. Email tokens
C. Push notifications
D. Hardware authentication
Answer: C

Question 37

An information security officer at a credit card transaction company is conducting a
framework-mapping exercise with the internal controls. The company recently established a new office in
Europe.
To which of the following frameworks should the security officer map the existing controls? (Select TWO).

Answer 37

A. ISO
B. PCI DSS
C. SOC
D. GDPR
E. CSA
F. NIST
Answer: B,D

Question 38

A security analyst is running a vulnerability scan to check for missing patches during a suspected
security rodent.
During which of the following phases of the response process is this activity MOST likely occurring?

Answer 38

A. Containment
B. Identification
C. Recovery
D. Preparation
Answer: D

Question 39

Which of the following would be the BEST method for creating a detailed diagram of wireless access
points and hot-spots?

Answer 39

A. Footprinting
B. White-box testing
C. A drone/UAV
D. Pivoting
Answer: A

Question 40

Which of the following policies would help an organization identify and mitigate potential single points
of failure in the company’s IT/security operations?

Answer 40

A. Least privilege
B. Awareness training
C. Separation of duties
D. Mandatory vacation
Answer: C

Question 41

After entering a username and password, and administrator must gesture on a touch screen.
Which of the following demonstrates what the administrator is providing?

Answer 41

A. Multifactor authentication
B. Something you can do
C. Biometric
D. Two-factor authentication
Answer: D

Question 42

A security administrator suspects an employee has been emailing proprietary information to a
competitor. Company policy requires the administrator to capture an exact copy of the employee’s hard
disk.
Which of the following should the administrator use?

Answer 42

A. dd
B. chmod
C. dnsenum
D. logger
Answer: A

Question 43

A global company is experiencing unauthorized logging due to credential theft and account lockouts
caused by brute-force attacks. The company is considering implementing a third-party identity provider to
help mitigate these attacks.
Which of the following would be the BEST control for the company to require from prospective vendors’?

Answer 43

A. IP restrictions
B. Multifactor authentication
C. A banned password list
D. A complex password policy
Answer: B

Question 44

Which of the following types of controls is a turnstile?

Answer 44

A. Physical
B. Detective
C. Corrective
D. Technical
Answer: A

Question 45

A technician needs to prevent data loss in a laboratory. The laboratory is not connected to any
external networks.
Which of the following methods would BEST prevent data? (Select TWO)

Answer 45

A. VPN
B. Drive encryption
C. Network firewall
D. File-level encryption
E. USB blocker
F. MFA
Answer: B,E

Question 46

Which of the following scenarios BEST describes a risk reduction technique?

Answer 46

A. A security control objective cannot be met through a technical change, so the company purchases insurance and is no longer concerned about losses from data breaches.
B. A security control objective cannot be met through a technical change, so the company implements a
policy to train users on a more secure method of operation.
C. A security control objective cannot be met through a technical change, so the company changes as
method of operation
D. A security control objective cannot be met through a technical change, so the Chief Information Officer
(CIO) decides to sign off on the risk.
Answer: B

Question 47

A global pandemic is forcing a private organization to close some business units and reduce staffing
at others.
Which of the following would be BEST to help the organization’s executives determine the next course of
action?

Answer 47

A. An incident response plan
B. A communications plan
C. A disaster recovery plan
D. A business continuity plan
Answer: D

Question 48

A security analyst reviews the datacenter access logs for a fingerprint scanner and notices an
abundance of errors that correlate with users’ reports of issues accessing the facility.

Which of the following MOST likely the cause of the cause of the access issues?

Answer 48

A. False rejection
B. Cross-over error rate
C. Efficacy rale
D. Attestation
Answer: B

Question 49

A security analyst needs to implement an MDM solution for BYOD users that will allow the company
to retain control over company emails residing on the devices and limit data exfiltration that might occur if
the devices are lost or stolen.

Which of the following would BEST meet these requirements? (Select TWO).

Answer 49

A. Full-device encryption
B. Network usage rules
C. Geofencing
D. Containerization
E. Application whitelisting
F. Remote control
Answer: A,B

Question 50

An organization’s Chief Security Officer (CSO) wants to validate the business’s involvement in the
incident response plan to ensure its validity and thoroughness.
Which of the following will the CSO MOST likely use?

Answer 50

A. An external security assessment
B. A bug bounty program
C. A tabletop exercise
D. A red-team engagement
Answer: C