101-200

Question 1

A DBA reports that several production server hard drives were wiped over the weekend. The DBA also reports that several Linux servers were unavailable due to system files being deleted unexpectedly. A security analyst verified that software was configured to delete data deliberately from those servers. No backdoors to any servers were found. Which of the following attacks was MOST likely used to cause the data loss?

A. Logic bomb
B. Ransomware
C. Fileless virus
D. Remote access Trojans
E. Rootkit

Answer 1

A. Logic bomb

Question 2

Digital signatures use asymmetric encryption. This means the message is encrypted with:

A. the sender’s private key and decrypted with the sender’s public key.
B. the sender’s public key and decrypted with the sender’s private key.
C. the sender’s private key and decrypted with the recipient’s public key.
D. the sender’s public key and decrypted with the recipient’s private key.

Answer 2

A. the sender’s private key and decrypted with the sender’s public key.

Question 3

A security engineer was assigned to implement a solution to prevent attackers from gaining access by pretending to be authorized users. Which of the following technologies meets the requirement?

A. SSO
B. IDS
C. MFA
D. TPM

Answer 3

C. MFA

Question 4

The Chief Information Security Officer (CISO) has requested that a third-party vendor provide supporting documents that show proper controls are in place to protect customer data. Which of the following would be BEST for the third-party vendor to provide to the CISO?

A. GDPR compliance attestation
B. Cloud Security Alliance materials
C. SOC 2 Type 2 report
D. NIST RMF workbooks

Answer 4

C. SOC 2 Type 2 report

Question 5

Which of the following is assured when a user signs an email using a private key?

A. Non-repudiation
B. Confidentiality
C. Availability
D. Authentication

Answer 5

A. Non-repudiation

Question 6

A systems administrator is troubleshooting a server’s connection to an internal web server. The administrator needs to determine the correct ports to use. Which of the following tools BEST shows which ports on the web server are in a listening state?

A. ipconfig
B. ssh
C. ping
D. netstat

Answer 6

D. netstat

Question 7

Which of the following BEST reduces the security risks introduced when running systems that have expired vendor support and lack an immediate replacement?

A. Implement proper network access restrictions.
B. Initiate a bug bounty program.
C. Classify the system as shadow IT.
D. Increase the frequency of vulnerability scans.

Answer 7

A. Implement proper network access restrictions.

Question 8

Due to unexpected circumstances, an IT company must vacate its main office, forcing all operations to alternate, off-site locations. Which of the following will the company MOST likely reference for guidance during this change?

A. The business continuity plan
B. The retention policy
C. The disaster recovery plan
D. The incident response plan

Answer 8

A. The business continuity plan

Question 9

While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor?

A. Utilizing SIEM correlation engines
B. Deploying Netflow at the network border
C. Disabling session tokens for all sites
D. Deploying a WAF for the web server

Answer 9

A. Utilizing SIEM correlation engines

Question 10

Two organizations plan to collaborate on the evaluation of new SIEM solutions for their respective companies. A combined effort from both organizations’ SOC teams would speed up the effort. Which of the following can be written to document this agreement?

A. MOU
B. ISA
C. SLA
D. NDA

Answer 10

A. MOU (Memorandum of Understanding)

A Memorandum of Understanding (MOU) is a non-legally binding agreement between two or more parties that outlines the intentions and understanding between them to collaborate or work together on a specific project

Question 11

The Chief Information Security Officer wants to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations. Which of the following would be the BEST solution to implement?

A. DLP
B. USB data blocker
C. USB OTG
D. Disabling USB ports

Answer 11

B. USB data blocker

USB data blockers, also known as USB “charge-only” adapters or USB condom devices

Question 12

The board of directors at a company contracted with an insurance firm to limit the organization’s liability. Which of the following risk management practices does this BEST describe?

A. Transference
B. Avoidance
C. Mitigation
D. Acknowledgement

Answer 12

A. Transference

Transference in risk management involves shifting or transferring the risk to another party.

Question 13

Which of the following is a risk that is specifically associated with hosting applications in the public cloud?

A. Unsecured root accounts
B. Zero-day
C. Shared tenancy
D. Insider threat

Answer 13

C. Shared tenancy

Question 14

DDoS attacks are causing an overload on the cluster of cloud servers. A security architect is researching alternatives to make the cloud environment respond to load fluctuation in a cost-effective way. Which of the following options BEST fulfills the architect’s
requirements?

A. An orchestration solution that can adjust scalability of cloud assets
B. Use of multipath by adding more connections to cloud storage
C. Cloud assets replicated on geographically distributed regions
D. An on-site backup that is displayed and only used when the load increases

Answer 14

A. An orchestration solution that can adjust scalability of cloud assets

Question 15

Which of the following documents provides expectations at a technical level for quality, availability, and responsibilities?

A. EOL
B. SLA
C. MOU
D. EOSL

Answer 15

B. SLA

Question 16

Which of the following is an example of transference of risk?

A. Purchasing insurance
B. Patching vulnerable servers
C. Retiring outdated applications
D. Application owner risk sign-off

Answer 16

A. Purchasing Insurance

Question 17

An employee received a word processing file that was delivered as an email attachment. The subject line and email content enticed the employee to open the attachment. Which of the following attack vectors BEST matches this malware?

A. Embedded Python code
B. Macro-enabled file
C. Bash scripting
D. Credential-harvesting website

Answer 17

B. Macro-enabled file

Question 18

A security proposal was set up to track requests for remote access by creating a baseline of the users’ common sign-in properties. When a baseline deviation is detected, an MFA challenge will be triggered. Which of the following should be configured in order to deploy the proposal?

A. Context-aware authentication
B. Simultaneous authentication of equals
C. Extensive authentication protocol
D. Agentless network access control

Answer 18

A. Context-aware authentication

Context-aware authentication involves analyzing various contextual factors related to user behavior, device information, location, time of access, and other variables to determine the legitimacy of a user’s access request. Creating

Question 19

Which of the following secure coding techniques makes compromised code more difficult for hackers to use?

A. Obfuscation
B. Normalization
C. Execution
D. Reuse

Answer 19

A. Obfuscation

Obfuscation is a technique used to make code more difficult to understand or reverse-engineer. It involves intentionally making the code more convoluted or obscure without changing its functionality.

Question 20

As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the auditor do to complete the assessment?

A. User behavior analysis
B. Packet captures
C. Configuration reviews
D. Log analysis

Answer 20

C. Configuration reviews

Question 21

A database administrator wants to grant access to an application that will be reading and writing data to a database. The database is shared by other applications also used by the finance department. Which of the following account types is MOST appropriate for this purpose?

A. Service
B. Shared
C. Generic
D. Admin

Answer 21

A. Service

A service account is typically used for applications, services, or automated processes that require access to resources such as databases. It’s specifically designed for non-human interactions and allows applications to access resources without needing individual user accounts.

Question 22

A security analyst generated a file named host1.pcap and shared it with a team member who is going to use it for further incident analysis. Which of the following tools will the other team member MOST likely use to open this file?

A. Autopsy
B. Memdump
C. FTK imager
D. Wireshark

Answer 22

D. Wireshark

PCAP (Packet Capture) files typically contain captured network traffic data, and Wireshark is a widely used and powerful network protocol analyzer.

Question 23

An application developer accidentally uploaded a company’s code-signing certificate private key to a public web server. The company is concerned about malicious use of its certificate. Which of the following should the company do FIRST?

A. Delete the private key from the repository.
B. Verify the public key is not exposed as well.
C. Update the DLP solution to check for private keys.
D. Revoke the code-signing certificate.

Answer 23

D. Revoke the code-signing certificate.

Question 24

An organization implemented a process that compares the settings currently configured on systems against secure configuration guidelines in order to identify any gaps. Which of the following control types has the organization implemented?

A. Compensating
B. Corrective
C. Preventive
D. Detective

Answer 24

D. Detective

Detective controls are security measures designed to identify or detect security incidents or deviations from security policies and standards after they have occurred or during the occurrence.

Question 25

The Chief Information Security Officer directed a risk reduction in shadow IT and created a policy requiring all unsanctioned high-risk SaaS applications to be blocked from user access. Which of the following is the BEST security solution to reduce this risk?

A. CASB
B. VPN concentrator
C. MFA
D. VPC endpoint

Answer 25

A. CASB (Cloud Access Security Broker)

A CASB is specifically designed to provide security controls and visibility over cloud applications used within an organization.

Question 26

A technician enables full disk encryption on a laptop that will be taken on a business trip. Which of the following does this process BEST protect?

A. Data in transit
B. Data in processing
C. Data at rest
D. Data tokenization

Answer 26

C. Data at rest

Question 27

A security analyst was called to investigate a file received directly from a hardware manufacturer. The analyst is trying to determine whether the file was modified in transit before installation on the user’s computer. Which of the following can be used to safely assess the file?

A. Check the hash of the installation file.
B. Match the file names.
C. Verify the URL download location.
D. Verify the code signing certificate.

Answer 27

A. Check the hash of the installation file.

Question 28

A help desk technician receives a phone call from someone claiming to be a part of the organization’s cybersecurity incident response team. The caller asks the technician to verify the network’s internal firewall IP Address. Which of the following is the technician’s BEST course of action?

A. Direct the caller to stop by the help desk in person and hang up declining any further requests from the caller.
B. Ask for the caller’s name, verify the person’s identity in the email directory, and provide the requested information over the phone.
C. Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization’s cybersecurity officer.
D. Request the caller send an email for identity verification and provide the requested information via email to the caller.

Answer 28

C. Write down the phone number of the caller if possible, the name of the person requesting the information, hang up, and notify the organization’s cybersecurity officer.

Question 29

Which of the following would BEST provide detective and corrective controls for thermal regulation?

A. A smoke detector
B. A fire alarm
C. An HVAC system
D. A fire suppression system
E. Guards

Answer 29

C. An HVAC system

Question 30

Which of the following is a benefit of including a risk management framework into an organization’s security approach?

A. It defines expected service levels from participating supply chain partners to ensure system outages are remediated in a timely manner.
B. It identifies specific vendor products that have been tested and approved for use in a secure environment.
C. It provides legal assurances and remedies in the event a data breach occurs.
D. It incorporates control, development, policy, and management activities into IT operations.

Answer 30

D. It incorporates control, development, policy, and management activities into IT operations.

Question 31

An organization maintains several environments in which patches are developed and tested before being deployed to an operational status. Which of the following is the environment in which patches will be deployed just prior to being put into an operational status?

A. Development
B. Test
C. Production
D. Staging

Answer 31

D. Staging

The staging environment is used as an intermediate step between the testing environment and the production (operational) environment. In the staging environment, patches, updates, or changes that have successfully passed the testing phase are deployed and further evaluated in an environment that closely resembles the production environment.

Question 32

During a trial, a judge determined evidence gathered from a hard drive was not admissible. Which of the following BEST explains this reasoning?

A. The forensic investigator forgot to run a checksum on the disk image after creation.
B. The chain of custody form did not note time zone offsets between transportation regions.
C. The computer was turned off, and a RAM image could not be taken at the same time.
D. The hard drive was not properly kept in an antistatic bag when it was moved.

Answer 32

B. The chain of custody form did not note time zone offsets between transportation regions.

In legal proceedings, maintaining a proper chain of custody is critical to ensure the integrity and authenticity of evidence

Question 33

An organization wants to implement a biometric system with the highest likelihood that an unauthorized user will be denied access. Which of the following should the organization use to compare biometric solutions?

A. FRR
B. Difficulty of use
C. Cost
D. FAR
E. CER

Answer 33

D. FAR (False Acceptance Rate)

The False Acceptance Rate (FAR) is a crucial metric in biometric systems that measures the likelihood of incorrectly accepting an unauthorized user.

Question 34

A company recently experienced a significant data loss when proprietary information was leaked to a competitor. The company took special precautions by using proper labels; however, email filter logs do not have any record of the incident. An investigation confirmed the corporate network was not breached, but documents were downloaded from an employee’s COPE tablet and passed to the competitor via cloud storage. Which of the following is the BEST remediation for this data leak?

A. User training
B. CASB
C. MDM
D. DLP

Answer 34

D. DLP

Question 35

An attacker was eavesdropping on a user who was shopping online. The attacker was able to spoof the IP address associated with the shopping site. Later, the user received an email regarding the credit card statement with unusual purchases. Which of the following attacks took place?

A. On-path attack
B. Protocol poisoning
C. Domain hijacking
D. Bluejacking

Answer 35

A. On-path attack

An on-path attack, specifically a man-in-the-middle (MITM) attack, seems to align with the scenario provided. In this attack, the attacker intercepts communication between the user and the shopping site by positioning themselves on the communication path. By eavesdropping on the user’s online shopping activity, the attacker could gather sensitive information, such as credit card details or login credentials.

Question 36

A company is considering transitioning to the cloud. The company employs individuals from various locations around the world. The company does not want to increase its on premises infrastructure blueprint and only wants to pay for additional compute power required. Which of the following solutions would BEST meet the needs of the company?

A. Private cloud
B. Hybrid environment
C. Managed security service provider
D. Hot backup site

Answer 36

B. Hybrid environment

Question 37

After multiple on premises security solutions were migrated to the cloud, the incident response time increased. The analysts are spending a long time trying to trace information on different cloud consoles and correlating data in different formats. Which of the following can be used to optimize the incident response time?

A. CASB
B. VPC
C. SWG
D. CMS

Answer 37

A. CASB (Cloud Access Security Broker)

CASB solutions are specifically designed to provide visibility, control, and security for cloud-based services used within an organization.

Question 38

Which of the following control types would be BEST to use in an accounting department to reduce losses from fraudulent transactions?

A. Recovery
B. Deterrent
C. Corrective
D. Detective

Answer 38

B. Deterrent

Question 39

A company is receiving emails with links to phishing sites that look very similar to the company’s own website address and content. Which of the following is the
BEST way for the company to mitigate this attack?

A. Create a honeynet to trap attackers who access the VPN with credentials obtained by phishing.
B. Generate a list of domains similar to the company’s own and implement a DNS sinkhole for each.
C. Disable POP and IMAP on all Internet-facing email servers and implement SMTPS.
D. Use an automated tool to flood the phishing websites with fake usernames and passwords.

Answer 39

B. Generate a list of domains similar to the company’s own and implement a DNS sinkhole for each. Most Voted

Question 40

A SOC operator is receiving continuous alerts from multiple Linux systems indicating that unsuccessful SSH attempts to a functional user ID have been attempted on each one of them in a short period of time. Which of the following BEST explains this behavior?

A. Rainbow table attack
B. Password spraying
C. Logic bomb
D. Malware bot

Answer 40

B. Password spraying

Question 41

A tax organization is working on a solution to validate the online submission of documents. The solution should be carried on a portable USB device that should be inserted on any computer that is transmitting a transaction securely. Which of the following is the BEST certificate for these requirements?

A. User certificate
B. Self-signed certificate
C. Computer certificate
D. Root certificate

Answer 41

C. Computer certificate

A computer certificate, also known as a machine certificate or host certificate, is issued to a computer or device to validate its identity within a network or when communicating with other systems.

Question 42

A routine audit of medical billing claims revealed that several claims were submitted without the subscriber’s knowledge. A review of the audit logs for the medical billing company’s system indicated a company employee downloaded customer records and adjusted the direct deposit information to a personal bank account.
Which of the following does this action describe?

A. Insider threat
B. Social engineering
C. Third-party risk
D. Data breach

Answer 42

A. Insider threat

Question 43

A recent audit cited a risk involving numerous low-criticality vulnerabilities created by a web application using a third-party library. The development staff state there are still customers using the application even though it is end of life and it would be a substantial burden to update the application for compatibility with more secure libraries. Which of the following would be the MOST prudent course of action?

A. Accept the risk if there is a clear road map for timely decommission.
B. Deny the risk due to the end-of-life status of the application.
C. Use containerization to segment the application from other applications to eliminate the risk.
D. Outsource the application to a third-party developer group.

Answer 43

A. Accept the risk if there is a clear road map for timely decommission.

Question 44

A security analyst is evaluating solutions to deploy an additional layer of protection for a web application. The goal is to allow only encrypted communications without relying on network devices. Which of the following can be implemented?

A. HTTP security header
B. DNSSEC implementation
C. SRTP
D. S/MIME

Answer 44

A. HTTP security header

Question 45

A company labeled some documents with the public sensitivity classification. This means the documents can be accessed by:

A. employees of other companies and the press.
B. all members of the department that created the documents.
C. only the company’s employees and those listed in the document.
D. only the individuals listed in the documents.

Answer 45

A. employees of other companies and the press. Most Voted

Question 46

Which of the following is the MOST relevant security check to be performed before embedding third-party libraries in developed code?

A. Check to see if the third party has resources to create dedicated development and staging environments.
B. Verify the number of companies that downloaded the third-party code and the number of contributions on the code repository.
C. Assess existing vulnerabilities affecting the third-party code and the remediation efficiency of the libraries’ developers.
D. Read multiple penetration-testing reports for environments running software that reused the library.

Answer 46

C. Assess existing vulnerabilities affecting the third-party code and the remediation efficiency of the libraries’ developers.

Performing a comprehensive assessment of existing vulnerabilities in the third-party code is crucial. This involves examining any known security vulnerabilities, weaknesses, or flaws present in the libraries.

Question 47

A help desk technician receives an email from the Chief Information Officer (CIO) asking for documents. The technician knows the CIO is on vacation for a few weeks. Which of the following should the technician do to validate the authenticity of the email?

A. Check the metadata in the email header of the received path in reverse order to follow the email’s path.
B. Hover the mouse over the CIO’s email address to verify the email address.
C. Look at the metadata in the email header and verify the ג€From:ג€ line matches the CIO’s email address.
D. Forward the email to the CIO and ask if the CIO sent the email requesting the documents.

Answer 47

A. Check the metadata in the email header of the received path in reverse order to follow the email’s path. Most Voted

Question 48

A company needs to validate its updated incident response plan using a real-world scenario that will test decision points and relevant incident response actions without interrupting daily operations. Which of the following would BEST meet the company’s requirements?

A. Red-team exercise
B. Capture-the-flag exercise
C. Tabletop exercise
D. Phishing exercise

Answer 48

C. Tabletop exercise

A tabletop exercise is a discussion-based simulation or scenario-driven exercise conducted in a meeting-room setting.

Question 49

A security policy states that common words should not be used as passwords. A security auditor was able to perform a dictionary attack against corporate credentials. Which of the following controls was being violated?
A. Password complexity
B. Password history
C. Password reuse
D. Password length

Answer 49

A. Password complexity

Question 50

A security incident has been resolved. Which of the following BEST describes the importance of the final phase of the incident response plan?

A. It examines and documents how well the team responded, discovers what caused the incident, and determines how the incident can be avoided in the future.
B. It returns the affected systems back into production once systems have been fully patched, data restored, and vulnerabilities addressed.
C. It identifies the incident and the scope of the breach, how it affects the production environment, and the ingress point.
D. It contains the affected systems and disconnects them from the network, preventing further spread of the attack or breach.

Answer 50

A. It examines and documents how well the team responded, discovers what caused the incident, and determines how the incident can be avoided in the future.

This phase, often referred to as the “lessons learned” or post-incident analysis phase, focuses on evaluating the incident response process itself.

Question 51

During the onboarding process, an employee needs to create a password for an intranet account. The password must include ten characters, numbers, and letters, and two special characters. Once the password is created, the company will grant the employee access to other company-owned websites based on the intranet profile. Which of the following access management concepts is the company most likely using to safeguard intranet accounts and grant access to multiple sites based on a user’s intranet account? (Choose two.)

A. Federation
B. Identity proofing
C. Password complexity
D. Default password changes
E. Password manager
F. Open authentication

Answer 51

A. Federation

C. Password complexity

Question 52

A large bank with two geographically dispersed data centers is concerned about major power disruptions at both locations. Every day each location experiences very brief outages that last for a few seconds. However, during the summer a high risk of intentional brownouts that last up to an hour exists, particularly at one of the locations near an industrial smelter. Which of the following is the BEST solution to reduce the risk of data loss?

A. Dual supply
B. Generator
C. UPS
D. POU
E. Daily backups

Answer 52

C. UPS (Uninterruptible Power Supply)

Question 53

Which of the following would be the BEST way to analyze diskless malware that has infected a VDI?

A. Shut down the VDI and copy off the event logs.
B. Take a memory snapshot of the running system.
C. Use NetFlow to identify command-and-control IPs.
D. Run a full on-demand scan of the root volume.

Answer 53

B. Take a memory snapshot of the running system.

Question 54

Users are presented with a banner upon each login to a workstation. The banner mentions that users are not entitled to any reasonable expectation of privacy and access is for authorized personnel only. In order to proceed past that banner, users must click the OK button. Which of the following is this an example of?

A. AUP
B. NDA
C. SLA
D. MOU

Answer 54

A. AUP (Acceptable Use Policy)

An Acceptable Use Policy (AUP) is a set of rules and guidelines outlining the acceptable behaviors and actions for users accessing company resources, systems, or networks.

Question 55

The Chief Information Security Officer is concerned about employees using personal email rather than company email to communicate with clients and sending sensitive business information and PII. Which of the following would be the BEST solution to install on the employees’ workstations to prevent information from leaving the company’s network?

A. HIPS
B. DLP
C. HIDS
D. EDR

Answer 55

B. DLP

Question 56

On the way into a secure building, an unknown individual strikes up a conversation with an employee. The employee scans the required badge at the door while the unknown individual holds the door open, seemingly out of courtesy, for the employee. Which of the following social engineering techniques is being utilized?

A. Shoulder surfing
B. Watering-hole attack
C. Tailgating
D. Impersonation

Answer 56

C. Tailgating

Question 57

A company discovered that terabytes of data have been exfiltrated over the past year after an employee clicked on an email link. The threat continued to evolve and remain undetected until a security analyst noticed an abnormal amount of external connections when the employee was not working. Which of the following is the MOST likely threat actor?

A. Shadow IT
B. Script kiddies
C. APT
D. Insider threat

Answer 57

C. APT (Advanced Persistent Threat)

Advanced Persistent Threat (APT) actors are highly skilled threat actors, often associated with well-funded and sophisticated groups or nation-state actors. They employ stealthy and continuous attack methods to gain unauthorized access, remain undetected for extended periods within a targeted network, and exfiltrate data over an extended period.

Question 58

An untrusted SSL certificate was discovered during the most recent vulnerability scan. A security analyst determines the certificate is signed properly and is a valid wildcard. This same certificate is installed on the other company servers without issue. Which of the following is the MOST likely reason for this finding?

A. The required intermediate certificate is not loaded as part of the certificate chain.
B. The certificate is on the CRL and is no longer valid.
C. The corporate CA has expired on every server, causing the certificate to fail verification.
D. The scanner is incorrectly configured to not trust this certificate when detected on the server.

Answer 58

A. The required intermediate certificate is not loaded as part of the certificate chain.

Question 59

A company wants to improve end users’ experiences when they log in to a trusted partner website. The company does not want the users to be issued separate credentials for the partner website. Which of the following should be implemented to allow users to authenticate using their own credentials to log in to the trusted partner’s website?

A. Directory service
B. AAA server
C. Federation
D. Multifactor authentication

Answer 59

C. Federation

Question 60

A company is under investigation for possible fraud. As part of the investigation, the authorities need to review all emails and ensure data is not deleted. Which of the following should the company implement to assist in the investigation?
A. Legal hold
B. Chain of custody
C. Data loss prevention
D. Content filter

Answer 60

A. Legal hold

Legal hold is a process used to preserve all relevant data, including emails and other forms of communication, which could potentially be relevant to an investigation, audit, or litigation. It ensures that potentially relevant data is safeguarded from deletion or alteration.

Question 61

A user wanted to catch up on some work over the weekend but had issues logging in to the corporate network using a VPN. On Monday, the user opened a ticket for this issue but was able to log in successfully. Which of the following BEST describes the policy that is being implemented?

A. Time-based logins
B. Geofencing
C. Network location
D. Password history

Answer 61

A. Time-based logins

Question 62

A major political party experienced a server breach. The hacker then publicly posted stolen internal communications concerning campaign strategies to give the opposition party an advantage. Which of the following BEST describes these threat actors?

A. Semi-authorized hackers
B. State actors
C. Script kiddies
D. Advanced persistent threats

Answer 62

B. State actors

Question 63

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

A. Default system configuration
B. Unsecure protocols
C. Lack of vendor support
D. Weak encryption

Answer 63

C. Lack of vendor support

Question 64

A security analyst has been tasked with ensuring all programs that are deployed into the enterprise have been assessed in a runtime environment. Any critical issues found in the program must be sent back to the developer for verification and remediation. Which of the following BEST describes the type of assessment taking place?

A. Input validation
B. Dynamic code analysis
C. Fuzzing
D. Manual code review

Answer 64

B. Dynamic code analysis

Dynamic code analysis, also known as dynamic application security testing (DAST), involves assessing an application or program while it is running in a runtime environment

Question 65

Which of the following can work as an authentication method and as an alerting mechanism for unauthorized access attempts?

A. Smart card
B. Push notifications
C. Attestation service
D. HMAC-based
E. one-time password

Answer 65

B. Push Notifications

Question 66

A company has a flat network in the cloud. The company needs to implement a solution to segment its production and non-production servers without migrating servers to a new network. Which of the following solutions should the company implement?

A. Intranet
B. Screened subnet
C. VLAN segmentation
D. Zero Trust

Answer 66

C. VLAN segmentation

VLAN segmentation allows the company to logically segment its network by creating separate virtual LANs (VLANs) within the existing network infrastructure. By assigning different VLANs to the production and non-production servers, network traffic can be isolated, allowing for enhanced security and separation between the two environments without physically relocating or reconfiguring servers.

Question 67

The president of a regional bank likes to frequently provide SOC tours to potential investors. Which of the following policies BEST reduces the risk of malicious activity occurring after a tour?

A. Password complexity
B. Acceptable use
C. Access control
D. Clean desk

Answer 67

D. Clean desk

Question 68

A Chief Information Security Officer has defined resiliency requirements for a new data center architecture. The requirements are as follows:
* Critical fileshares will remain accessible during and after a natural disaster.
* Five percent of hard disks can fail at any given time without impacting the data.
* Systems will be forced to shut down gracefully when battery levels are below 20%.
Which of the following are required to BEST meet these objectives? (Choose three.)

A. Fiber switching
B. IaC
C. NAS
D. RAID
E. UPS
F. Redundant power supplies
G. Geographic dispersal
H. Snapshots
I. Load balancing

Answer 68

D. RAID
E. UPS
G. Geographic dispersal

Question 69

Which of the following is a security best practice that ensures the integrity of aggregated log files within a SIEM?

A. Set up hashing on the source log file servers that complies with local regulatory requirements.
B. Back up the aggregated log files at least two times a day or as stated by local regulatory requirements.
C. Write protect the aggregated log files and move them to an isolated server with limited access.
D. Back up the source log files and archive them for at least six years or in accordance with local regulatory requirements.

Answer 69

A. Set up hashing on the source log file servers that complies with local regulatory requirements.

Question 70

A security analyst is evaluating the risks of authorizing multiple security solutions to collect data from the company’s cloud environment. Which of the following is an immediate consequence of these integrations?

A. Non-compliance with data sovereignty rules
B. Loss of the vendors interoperability support
C. Mandatory deployment of a SIEM solution
D. Increase in the attack surface

Answer 70

D. Increase in the attack surface

Question 71

Which of the following explains why RTO is included in a BIA?

A. It identifies the amount of allowable downtime for an application or system.
B. It prioritizes risks so the organization can allocate resources appropriately.
C. It monetizes the loss of an asset and determines a break-even point for risk mitigation.
D. It informs the backup approach so that the organization can recover data to a known time.

Answer 71

A. It identifies the amount of allowable downtime for an application or system.

RTO establishes the maximum tolerable duration for which a business process, system, or service can remain unavailable before its absence significantly impacts the business. In a Business Impact Analysis (BIA), determining the RTO helps in understanding the criticality of various systems or processes.

Question 72

A security analyst is reviewing web-application logs and finds the following log:
Google.com/Contactus/%2e%2e%2f%pswd

Which of the following attacks is being observed?
A. Directory traversal
B. XSS
C. CSRF
D. On-path attack

Answer 72

A. . Directory traversal

Question 73

A security analyst is reviewing the vulnerability scan report for a web server following an incident. The vulnerability that was used to exploit the server is present in historical vulnerability scan reports, and a patch is available for the vulnerability. Which of the following is the MOST likely cause?

A. Security patches were uninstalled due to user impact.
B. An adversary altered the vulnerability scan reports
C. A zero-day vulnerability was used to exploit the web server
D. The scan reported a false negative for the vulnerability

Answer 73

A. Security patches were uninstalled due to user impact.

This situation suggests that security patches addressing the known vulnerability were previously installed but might have been uninstalled or rolled back at some point due to causing issues or user impact.

Question 74

Which of the following is a known security risk associated with data archives that contain financial information?

A. Data can become a liability if archived longer than required by regulatory guidance.
B. Data must be archived off-site to avoid breaches and meet business requirements.
C. Companies are prohibited from providing archived data to e-discovery requests.
D. Unencrypted archives should be preserved as long as possible and encrypted.

Answer 74

A. Data can become a liability if archived longer than required by regulatory guidance.

Question 75

Which of the following BEST describes the process of documenting who has access to evidence?

A. Order of volatility
B. Chain of custody
C. Non-repudiation
D. Admissibility

Answer 75

B. Chain of custody

Question 76

Which of the following is a policy that provides a greater depth and breadth of knowledge across an organization?

A. Asset management policy
B. Separation of duties policy
C. Acceptable use policy
D. Job rotation policy

Answer 76

D. Job rotation policy.

A job rotation policy involves periodically rotating employees through different roles or positions within an organization. This practice allows individuals to gain diverse experiences, learn various aspects of the business, understand different functions or departments, and acquire a broader understanding of the organization’s operations

Question 77

A company is moving its retail website to a public cloud provider. The company wants to tokenize credit card data but not allow the cloud provider to see the stored credit card information. Which of the following would BEST meet these objectives?

A. WAF
B. CASB
C. VPN
D. TLS

Answer 77

B. CASB (Cloud Access Security Broker).

CASB solutions are designed to provide security when organizations migrate to the cloud. They allow companies to enforce security policies, including data encryption, tokenization, and access controls, even in cloud environments.

Question 78

A security analyst is tasked with defining the “something you are” factor of the company’s MFA settings. Which of the following is BEST to use to complete the configuration?

A. Gait analysis
B. Vein
C. Soft token
D. HMAC-based, one-time password

Answer 78

A. Gait analysis

Gait analysis is a biometric authentication method that involves analyzing an individual’s walking pattern or style. It identifies individuals based on the unique way they walk, their stride length, walking speed, or other characteristics related to their gait.

Question 79

Which of the following processes will eliminate data using a method that will allow the storage device to be reused after the process is complete?

A. Pulverizing
B. Overwriting
C. Shredding
D. Degaussing

Answer 79

B. Overwriting

Question 80

A user’s account is constantly being locked out. Upon further review, a security analyst found the following in the SIEM:

TIME LOG MESSAGE
9:00:00 am User: Admin Password: ABC10
9:01:00 am User: Admin Password: ABC20
9:02:00 am User: Admin Password: ABC30
9:03:00 am User: Admin Password: ABC40

Which of the following describes what is occurring?
A. An attacker is utilizing a password-spraying attack against the account.
B. An attacker is utilizing a dictionary attack against the account.
C. An attacker is utilizing a brute-force attack against the account.
D. An attacker is utilizing a rainbow table attack against the account.

Answer 80

C. An attacker is utilizing a brute-force attack against the account.

Question 81

A web server has been compromised due to a ransomware attack. Further investigation reveals the ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services back up as soon as possible. Which of the following should the administrator use to restore services to a secure state?

A. The last incremental backup that was conducted 72 hours ago
B. The last known-good configuration
C. The last full backup that was conducted seven days ago
D. The baseline OS configuration

Answer 81

C. The last full backup that was conducted seven days ago

Question 82

A network engineer created two subnets that will be used for production and development servers. Per security policy production and development servers must each have a dedicated network that cannot communicate with one another directly. Which of the following should be deployed so that server administrators can access these devices?

A. VLANs
B. Internet proxy servers
C. NIDS
D. Jump servers

Answer 82

D. Jump servers

Question 83

A social media company based in North America is looking to expand into new global markets and needs to maintain compliance with international standards.
With which of the following is the company’s data protection officer MOST likely concerned?
A. NIST Framework
B. ISO 27001
C. GDPR
D. PCI-DSS

Answer 83

C. GDPR

Question 84

A security architect is required to deploy to conference rooms some workstations that will allow sensitive data to be displayed on large screens. Due to the nature of the data, it cannot be stored in the conference rooms. The file share is located in a local data center. Which of the following should the security architect recommend to BEST meet the requirement?

Answer 84

B. VDI (Virtual Desktop Infrastructure) and thin clients.

Question 85

A Chief Information Security Officer wants to ensure the organization is validating and checking the integrity of zone transfers. Which of the following solutions should be implemented?

A. DNSSEC
B. LDAPS
C. NGFW
D. DLP

Answer 85

A. DNSSEC (Domain Name System Security Extensions).

DNSSEC is specifically designed to add security to the Domain Name System (DNS) by signing DNS data and enabling validation of its authenticity using digital signatures.

Question 86

Which of the following controls is used to make an organization initially aware of a data compromise?
A. Protective
B. Preventative
C. Corrective
D. Detective

Answer 86

D. Detective

Question 87

An annual information security assessment has revealed that several OS-level configurations are not in compliance due to outdated hardening standards the company is using. Which of the following would be BEST to use to update and reconfigure the OS-level security configurations?
A. CIS benchmarks
B. GDPR guidance
C. Regional regulations
D. ISO 27001 standards

Answer 87

A. CIS benchmarks.

The Center for Internet Security (CIS) provides widely recognized and comprehensive best practice standards for securing systems and networks. CIS benchmarks offer detailed guidance and configuration recommendations for various operating systems, applications, and devices.

Question 88

A company acquired several other small companies. The company that acquired the others is transitioning network services to the cloud. The company wants to make sure that performance and security remain intact. Which of the following BEST meets both requirements?

A. High availability
B. Application security
C. Segmentation
D. Integration and auditing

Answer 88

C. Segmentation

Question 89

After a recent external audit, the compliance team provided a list of several non-compliant, in-scope hosts that were not encrypting cardholder data at rest. Which of the following compliance frameworks would address the compliance team’s GREATEST concern?

A. PCI DSS
B. GDPR
C. ISO 27001
D. NIST CSF

Answer 89

A. PCI DSS

Question 90

A security analyst is receiving several alerts per user and is trying to determine if various logins are malicious. The security analyst would like to create a baseline of normal operations and reduce noise. Which of the following actions should the security analyst perform?

A. Adjust the data flow from authentication sources to the SIEM.
B. Disable email alerting and review the SIEM directly.
C. Adjust the sensitivity levels of the SIEM correlation engine.
D. Utilize behavioral analysis to enable the SIEM’s learning mode.

Answer 90

D. Utilize behavioral analysis to enable the SIEM’s learning mode.

Question 91

Which of the following is the MOST effective way to detect security flaws present on third-party libraries embedded on software before it is released into production?

A. Employ different techniques for server- and client-side validations
B. Use a different version control system for third-party libraries
C. Implement a vulnerability scan to assess dependencies earlier on SDLC
D. Increase the number of penetration tests before software release

Answer 91

C. Implement a vulnerability scan to assess dependencies earlier on SDLC Most Voted