200 questions v1

Question 1

An employee in the finance department receives an email, which appears to come from the Chief Financial Officer (CFO), instructing the employee to immediately wire a large sum of money to a vendor. Which of the following BEST describes the principles of social engineering used? (Choose two.)
A.  Familiarity
B.  Scarcity
C.  Urgency
D.  Authority
E.  Consensus

Answer 1

C. Urgency

D. Authority

Question 2

A security administrator has replaced the firewall and notices a number of dropped connections. After looking
at the data the security administrator sees the following information that was flagged as a possible issue:
Which of the following can the security administrator determine from this?
A. An SQL injection attack is being attempted
B. Legitimate connections are being dropped
C. A network scan is being done on the system
D. An XSS attack is being attempted
Correct Answer: A

Answer 2

A. An SQL injection attack is being attempted

Question 3

A penetration testing team deploys a specifically crafted payload to a web server, which results in opening a
new session as the web server daemon. This session has full read/write access to the file system and the
admin console. Which of the following BEST describes the attack?
A. Domain hijacking
B. Injection
C. Buffer overflow
D. Privilege escalation

Answer 3

D. Privilege escalation

Question 4

A corporation is concerned that, if a mobile device is lost, any sensitive information on the device could be
accessed by third parties. Which of the following would BEST prevent this from happening?
A. Initiate remote wiping on lost mobile devices
B. Use FDE and require PINs on all mobile devices
C. Use geolocation to track lost devices
D. Require biometric logins on all mobile devices
Correct Answer: A

Answer 4

A. Initiate remote wiping on lost mobile devices

Question 5

5
Ann, a security analyst, wants to implement a secure exchange of email. Which of the following is the BEST
option for Ann to implement?
A.  PGP
B.  HTTPS
C.  WPA
D.  TLS

Answer 5

A. PGP

Question 6

6
After a security assessment was performed on the enterprise network, it was discovered that:
Configuration changes have been made by users without the consent of IT.
Network congestion has increased due to the use of social media.
Users are accessing file folders and network shares that are beyond the scope of their need to know.
Which of the following BEST describe the vulnerabilities that exist in this environment? (Choose two.)
A. Poorly trained users
B. Misconfigured WAP settings
C. Undocumented assets
D. Improperly configured accounts
E. Vulnerable business processes

Answer 6

A. Poorly trained users

D. Improperly configured accounts

Question 7

7
A security administrator wants to determine if a company’s web servers have the latest operating system and
application patches installed. Which of the following types of vulnerability scans should be conducted?
A.  Non-credentialed
B.  Passive
C.  Port
D.  Credentialed
E.  Red team
F.  Active

Answer 7

D. Credentialed

Question 8

8
During a recent audit, several undocumented and unpatched devices were discovered on the internal network.
Which of the following can be done to prevent similar occurrences?
A. Run weekly vulnerability scans and remediate any missing patches on all company devices
B. Implement rogue system detection and configure automated alerts for new devices
C. Install DLP controls and prevent the use of USB drives on devices
D. Configure the WAPs to use NAC and refuse connections that do not pass the health check

Answer 8

A. Run weekly vulnerability scans and remediate any missing patches on all company devices

Question 9

9
A company needs to implement a system that only lets a visitor use the company’s network infrastructure if the
visitor accepts the AUP. Which of the following should the company use?
A. WiFi-protected setup
B. Password authentication protocol
C. Captive portal
D. RADIUS

Answer 9

C. Captive portal

Question 10

10
An analyst is currently looking at the following output:
Which of the following security issues has been discovered based on the output?
A. Insider threat
B. License compliance violation
C. Unauthorized software
D. Misconfigured admin permissions

Answer 10

B. License compliance violation

Question 11

11
A company has purchased a new SaaS application and is in the process of configuring it to meet the
company’s needs. The director of security has requested that the SaaS application be integrated into the
company’s IAM processes. Which of the following configurations should the security administrator set up in
order to complete this request?
A. LDAP
B. RADIUS
C. SAML
D. NTLM
Correct Answer: C

Answer 11

C. SAML

Question 12

12
An organization wants to implement a method to correct risks at the system/application layer. Which of the
following is the BEST method to accomplish this goal?
A. IDS/IPS
B. IP tunneling
C. Web application firewall
D. Patch management

Answer 12

C. Web application firewall

Question 13

13
A company recently updated its website to increase sales. The new website uses PHP forms for leads and
provides a directory with sales staff and their phone numbers. A systems administrator is concerned with the
new website and provides the following log to support the concern:
Which of the following is the systems administrator MOST likely to suggest to the Chief Information Security
Officer (CISO) based on the above?
A. Changing the account standard naming convention
B. Implementing account lockouts
C. Discontinuing the use of privileged accounts
D. Increasing the minimum password length from eight to ten characters

Answer 13

A. Changing the account standard naming convention

Question 14

14
A company hired a firm to test the security posture of its database servers and determine if any vulnerabilities
can be exploited. The company provided limited imformation pertaining to the infrastructure and database
server. Which of the following forms of testing does this BEST describe?
A. Black box
B. Gray box
C. White box
D. Vulnerability scanning

Answer 14

B. Gray box

Question 15

15
When considering IoT systems, which of the following represents the GREATEST ongoing risk after a
vulnerability has been discovered?
A. Difficult-to-update firmware
B. Tight integration to existing systems
C. IP address exhaustion
D. Not using industry standards

Answer 15

B. Tight integration to existing systems

Question 16

16
A systems administrator has been assigned to create accounts for summer interns. The interns are only
authorized to be in the facility and operate computers under close supervision. They must also leave the
facility at designated times each day. However, the interns can access intern file folders without supervision.
Which of the following represents the BEST way to configure the accounts? (Choose two.)
A. Implement time-of-day restrictions.
B. Modify archived data.
C. Access executive shared portals.
D. Create privileged accounts.
E. Enforce least privilege.
Correct Answer: AE

Answer 16

answer

Question 17

17
An attachment that was emailed to finance employees contained an embedded message. The security
administrator investigates and finds the intent was to conceal the embedded information from public view.
Which of the following BEST describes this type of message?
A. Obfuscation
B. Steganography
C. Diffusion
D. BCRYPT
Correct Answer: B

Answer 17

answer

Question 18

18
If two employees are encrypting traffic between them using a single encryption key, which of the following
algorithms are they using?
A.  RSA
B.                                                                                                                3DES
C.  DSA
D.  SHA-2
Correct Answer: B

Answer 18

answer

Question 19

19
An organization hosts a public-facing website that contains a login page for users who are registered and
authorized to access a secure, non-public section of the site. That non-public site hosts information that
requires multifactor authentication for access. Which of the following access management approaches would
be the BEST practice for the organization?
A. Username/password with TOTP
B. Username/password with pattern matching
C. Username/password with a PIN
D. Username/password with a CAPTCHA
Correct Answer: A

Answer 19

answer

Question 20

20
A security administrator needs to configure remote access to a file share so it can only be accessed between
the hours of 9:00 a.m. and 5:00 p.m. Files in the share can only be accessed by members of the same
department as the data owner. Users should only be able to create files with approved extensions, which may
differ by department. Which of the following access controls would be the MOST appropriate for this situation?
A. RBAC
B. MAC
C. ABAC
D. DAC
Correct Answer: C

Answer 20

answer

Question 21

21
A member of the human resources department received the following email message after sending an email
containing benefit and tax information to a candidate:
“Your message has been quarantined for the following policy violation: external potential_PII. Please contact
the IT security administrator for further details”.
Which of the following BEST describes why this message was received?
A. The DLP system flagged the message.
B. The mail gateway prevented the message from being sent to personal email addresses.
C. The company firewall blocked the recipient’s IP address.
D. The file integrity check failed for the attached files.
Correct Answer: A

Answer 21

answer

Question 22

22
A security analyst is checking log files and finds the following entries:
Which of the following is MOST likely happening?
A. A hacker attempted to pivot using the web server interface.
B. A potential hacker could be banner grabbing to determine what architecture is being used.
C. The DNS is misconfigured for the server’s IP address.
D. A server is experiencing a DoS, and the request is timing out.
Correct Answer: B

Answer 22

answer

Question 23

23
After discovering the /etc/shadow file had been rewritten, a security administrator noticed an application
insecurely creating files in / tmp.
Which of the following vulnerabilities has MOST likely been exploited?
A. Privilege escalation
B. Resource exhaustion
C. Memory leak
D. Pointer dereference
Correct Answer: A

Answer 23

answer

Question 24

24
A security analyst is specifying requirements for a wireless network. The analyst must explain the security
features provided by various architecture choices.
Which of the following is provided by PEAP, EAP-TLS, and EAP-TTLS?
A. Key rotation
B. Mutual authentication
C. Secure hashing
D. Certificate pinning
Correct Answer: B

Answer 24

answer

Question 25

25
A company is planning to build an internal website that allows for access to outside contracts and partners. A
majority of the content will only be to internal employees with the option to share.
Which of the following concepts is MOST appropriate?
A. VPN
B. Proxy
C. DMZ
D. Extranet
Correct Answer: D

Answer 25

answer

Question 26

26
A small organization has implemented a rogue system detection solution. Which of the following BEST
explains the organization’s intent?
A. To identify weak ciphers being used on the network
B. To identify assets on the network that are subject to resource exhaustion
C. To identify end-of-life systems still in use on the network
D. To identify assets that are not authorized for use on the network
Correct Answer: D

Answer 26

answer

Question 27

27
Which of the following is used to encrypt web application data?
A.  MD5
B.  AES
C.  SHA
D.  DHA
Correct Answer: B

Answer 27

answer

Question 28

28
Which of the following uses tokens between the identity provider and the service provider to authenticate and
authorize users to resources?
A.  RADIUS
B.  SSH
C.  OAuth
D.  MSCHAP
Correct Answer: C

Answer 28

answer

Question 29

29
A company has won an important government contract. Several employees have been transferred from their
existing projects to support a new contract. Some of the employees who have transferred will be working long
hours and still need access to their project information to transition work to their replacements.
Which of the following should be implemented to validate that the appropriate offboarding process has been
followed?
A. Separation of duties
B. Time-of-day restrictions
C. Permission auditing
D. Mandatory access control
Correct Answer: C

Answer 29

answer

Question 30

30
Which of the following are considered to be “something you do”? (Choose two.)
A.  Iris scan
B.  Handwriting
C.  CAC card
D.  Gait
E.  PIN
F.  Fingerprint
Correct Answer: BD

Answer 30

answer

Question 31

31
A user needs to transmit confidential information to a third party.
Which of the following should be used to encrypt the message?
A.  AES
B.  SHA-2
C.  SSL
D.  RSA
Correct Answer: A

Answer 31

answer

Question 32

32
A security analyst believes an employee’s workstation has been compromised. The analyst reviews the
system logs, but does not find any attempted logins. The analyst then runs the diff command, comparing the
C:\Windows\System32 directory and the installed cache directory. The analyst finds a series of files that look
suspicious.
One of the files contains the following commands:
Which of the following types of malware was used?
A. Worm
B. Spyware
C. Logic bomb
D. Backdoor
Correct Answer: D

Answer 32

answer

Question 33

33
Which of the following access management concepts is MOST closely associated with the use of a password
or PIN??
A.  Authorization
B.  Authentication
C.  Accounting
D.  Identification
Correct Answer: B

Answer 33

answer

Question 34

34
An organization employee resigns without giving adequate notice. The following day, it is determined that the
employee is still in possession of several company-owned mobile devices.
Which of the following could have reduced the risk of this occurring? (Choose two.)
A. Proper offboarding procedures
B. Acceptable use policies
C. Non-disclosure agreements
D. Exit interviews
E. Background checks
F. Separation of duties
Correct Answer: AD

Answer 34

answer

Question 35

35
Which of the following differentiates ARP poisoning from a MAC spoofing attack?
A. ARP poisoning uses unsolicited ARP replies.
B. ARP poisoning overflows a switch’s CAM table.
C. MAC spoofing uses DHCPOFFER/DHCPACK packets.
D. MAC spoofing can be performed across multiple routers.
Correct Answer: A

Answer 35

answer

Question 36

36
A security administrator has completed a monthly review of DNS server query logs. The administrator notices
continuous name resolution attempts from a large number of internal hosts to a single Internet addressable
domain name. The security administrator then correlated those logs with the establishment of persistent TCP
connections out to this domain. The connections seem to be carrying on the order of kilobytes of data per
week.
Which of the following is the MOST likely for this anomaly?
A. An attacker is exfiltrating large amounts of proprietary company data.
B. Employees are playing multiplayer computer games.
C. A worm is attempting to spread to other hosts via SMB exploits.
D. Internal hosts have become members of a botnet.
Correct Answer: D

Answer 36

answer

Question 37

37
An audit found that an organization needs to implement job rotation to be compliant with regulatory
requirements. To prevent unauthorized access to systems after an individual changes roles or departments,
which of the following should the organization implement?
A. Permission auditing and review
B. Exit interviews
C. Offboarding
D. Multifactor authentication
Correct Answer: A

Answer 37

answer

Question 38

38
A company has just completed a vulnerability scan of its servers. A legacy application that monitors the HVAC
system in the datacenter presents several challenges, as the application vendor is no longer in business.
Which of the following secure network architecture concepts would BEST protect the other company servers if
the legacy server were to be exploited?
A. Virtualization
B. Air gap
C. VLAN
D. Extranet
Correct Answer: B

Answer 38

answer

Question 39

39
Which of the following methods is used by internal security teams to assess the security of internally
developed applications?
A.  Active reconnaissance
B.  Pivoting
C.  White box testing
D.  Persistence
Correct Answer: C

Answer 39

answer

Question 40

40
A company wants to implement a wireless network with the following requirements:
All wireless users will have a unique credential.
User certificates will not be required for authentication.
The company’s AAA infrastructure must be utilized.
Local hosts should not store authentication tokens.
Which of the following should be used in the design to meet the requirements?
A. EAP-TLS
B. WPS
C. PSK
D. PEAP
Correct Answer: D

Answer 40

answer

Question 41

41
A technician has discovered a crypto-virus infection on a workstation that has access to sensitive remote
resources.
Which of the following is the immediate NEXT step the technician should take?
A. Determine the source of the virus that has infected the workstation.
B. Sanitize the workstation’s internal drive.
C. Reimage the workstation for normal operation.
D. Disable the network connections on the workstation.
Correct Answer: D

Answer 41

answer

Question 42

42
A user is unable to open a file that has a grayed-out icon with a lock. The user receives a pop-up message
indicating that payment must be sent in Bitcoin to unlock the file. Later in the day, other users in the
organization lose the ability to open files on the server.
Which of the following has MOST likely occurred? (Choose three.)
A. Crypto-malware
B. Adware
C. Botnet attack
D. Virus
E. Ransomware
F. Backdoor
G. DDoS attack
Correct Answer: ADE

Answer 42

answer

Question 43

43
A security administrator is configuring a RADIUS server for wireless authentication. The configuration must
ensure client credentials are encrypted end-to-end between the client and the authenticator.
Which of the following protocols should be configured on the RADIUS server? (Choose two.)
A. PAP
B. MSCHAP
C. PEAP
D. NTLM
E. SAML
Correct Answer: BC

Answer 43

answer

Question 44

44
A security engineer implements multiple technical measures to secure an enterprise network. The engineer
also works with the Chief Information Officer (CIO) to implement policies to govern user behavior.
Which of the following strategies is the security engineer executing?
A. Baselining
B. Mandatory access control
C. Control diversity
D. System hardening
Correct Answer: C

Answer 44

answer

Question 45

45
A security analyst identified an SQL injection attack.
Which of the following is the FIRST step in remediating the vulnerability?
A.  Implement stored procedures.
B.  Implement proper error handling.
C.  Implement input validations.
D.  Implement a WAF.
Correct Answer: C

Answer 45

answer

Question 46

46
Joe, a contractor, is hired by a firm to perform a penetration test against the firm’s infrastructure. When
conducting the scan, he receives only the network diagram and the network list to scan against the network.
Which of the following scan types is Joe performing?
A. Authenticated
B. White box
C. Automated
D. Gray box
Correct Answer: D

Answer 46

answer

Question 47

47
Which of the following types of security testing is the MOST cost-effective approach used to analyze existing
code and identity areas that require patching?
A.  Black box
B.  Gray box
C.  White box
D.  Red team
E.  Blue team
Correct Answer: C

Answer 47

answer

Question 48

48
Which of the following needs to be performed during a forensics investigation to ensure the data contained in
a drive image has not been compromised?
A. Follow the proper chain of custody procedures.
B. Compare the image hash to the original hash.
C. Ensure a legal hold has been placed on the image.
D. Verify the time offset on the image file.
Correct Answer: B

Answer 48

answer

Question 49

49
A company is performing an analysis of the corporate enterprise network with the intent of identifying any one
system, person, function, or service that, when neutralized, will cause or cascade disproportionate damage to
the company’s revenue, referrals, and reputation.
Which of the following an element of the BIA that this action is addressing?
A. Identification of critical systems
B. Single point of failure
C. Value assessment
D. Risk register
Correct Answer: A

Answer 49

answer

Question 50

50
An analyst generates the following color-coded table shown in the exhibit to help explain the risk of potential
incidents in the company. The vertical axis indicates the likelihood of an incident, while the horizontal axis
indicates the impact.
Which of the following is this table an example of?
A. Internal threat assessment
B. Privacy impact assessment
C. Qualitative risk assessment
D. Supply chain assessment
Correct Answer: C

Answer 50

answer

Question 51

51
An office recently completed digitizing all its paper records. Joe, the data custodian, has been tasked with the
disposal of the paper files, which include:
Intellectual property
Payroll records
Financial information
Drug screening results
Which of the following is the BEST way to dispose of these items?
A.  Schredding
B.  Pulping
C.  Deidentifying
D.  Recycling
Correct Answer: B

Answer 51

answer

Question 52

52
Upon learning about a user who has reused the same password for the past several years, a security
specialist reviews the logs. The following is an extraction of the report after the most recent password change
requirement:
Which of the following security controls is the user’s behavior targeting?
A. Password expiration
B. Password history
C. Password complexity
D. Password reuse
Correct Answer: B

Answer 52

answer

Question 53

53
In a lessons learned report, it is suspected that a well-organized, well-funded, and extremely sophisticated
group of attackers may have been responsible for a breach at a nuclear facility.
Which of the following describes the type of actors that may have been implicated?
A. Nation state
B. Hacktivist
C. Insider
D. Competitor
Correct Answer: A

Answer 53

answer

Question 54

54
A security administrator is analyzing a user report in which the computer exhibits odd network-related outages.
The administrator, however, does not see any suspicious processes running. A prior technician’s notes
indicate the machine has been remediated twice, but the system still exhibits odd behavior. Files were deleted
from the system recently.
Which of the following is the MOST likely cause of this behavior?
A. Crypto-malware
B. Rootkit
C. Logic bomb
D. Session hijacking
Correct Answer: B

Answer 54

answer

Question 55

55
Joe, a member of the sales team, recently logged into the company servers after midnight local time to
download the daily lead form before his coworkers did. Management has asked the security team to provide a
method for detecting this type of behavior without impeding the access for sales employee as they travel
overseas.
Which of the following would be the BEST method to achieve this objective?
A. Configure time-of-day restrictions for the sales staff.
B. Install DLP software on the devices used by sales employees.
C. Implement a filter on the mail gateway that prevents the lead form from being emailed.
D. Create an automated alert on the SIEM for anomalous sales team activity.
Correct Answer: D

Answer 55

answer

Question 56

56
A security administrator wants to implement least privilege access for a network share that stores sensitive
company data. The organization is particularly concerned with the integrity of data and implementing
discretionary access control. The following controls are available:
Read = A user can read the content of an existing file.
Write = A user can modify the content of an existing file and delete an existing file.
Create = A user can create a new file and place data within the file.
A missing control means the user does not have that access. Which of the following configurations provides
the appropriate control to support the organization/s requirements?
A. Owners: Read, Write, Create
Group Members: Read, Write
Others: Read, Create
B. Owners: Write, Create
Group Members: Read, Write, Create
Others: Read
C. Owners: Read, Write
Group Members: Read, Create
Others: Read, Create
D. Owners: Write, Create
Group Members: Read, Create
Others: Read, Write, Create
Correct Answer: A

Answer 56

answer

Question 57

57
After reports of slow internet connectivity, a technician reviews the following logs from a server’s host-based
firewall:
Which of the following can the technician conclude after reviewing the above logs?
A. The server is under a DDoS attack from multiple geographic locations.
B. The server is compromised, and is attacking multiple hosts on the Internet.
C. The server is under an IP spoofing resource exhaustion attack.
D. The server is unable to complete the TCP three-way handshake and send the last ACK.
Correct Answer: C

Answer 57

answer

Question 58

58
Which of the following strategies helps reduce risk if a rollback is needed when upgrading a critical system
platform?
A.  Non-persistent configuration
B.  Continuous monitoring
C.  Firmware updates
D.  Fault tolerance
Correct Answer: D

Answer 58

answer

Question 59

59
A security administrator is creating a risk assessment with regard to how to harden internal communications in
transit between servers.
Which of the following should the administrator recommend in the report?
A. Configure IPSec in transport mode.
B. Configure server-based PKI certificates.
C. Configure the GRE tunnel.
D. Configure a site-to-site tunnel.
Correct Answer: B

Answer 59

answer

Question 60

60
A company is executing a strategy to encrypt and sign all proprietary data in transit. The company recently
deployed PKI services to support this strategy.
Which of the following protocols supports the strategy and employs certificates generated by the PKI?
(Choose three.)
A.  S/MIME
B.  TLS
C.  SFTP
D.  SAML
E.  SIP
F.  IPSec
G. Kerberos
Correct Answer: ABC

Answer 60

answer

Question 61

61
A security specialist is notified about a certificate warning that users receive when using a new internal
website. After being given the URL from one of the users and seeing the warning, the security specialist
inspects the certificate and realizes it has been issued to the IP address, which is how the developers reach
the site.
Which of the following would BEST resolve the issue?
A. OSCP
B. OID
C. PEM
D. SAN
Correct Answer: D

Answer 61

answer

Question 62

62
Joe, an employee, asks a coworker how long ago Ann started working at the help desk. The coworker
expresses surprise since nobody named Ann works at the help desk. Joe mentions that Ann called several
people in the customer service department to help reset their passwords over the phone due to unspecified
“server issues”.
Which of the following has occurred?
A. Social engineering
B. Whaling
C. Watering hole attack
D. Password cracking
Correct Answer: A

Answer 62

answer

Question 63

63
Hacktivists are most commonly motivated by:
A.  curiosity
B.  notoriety
C.  financial gain
D.  political cause
Correct Answer: D

Answer 63

answer

Question 64

64
A systems administrator is configuring a new network switch for TACACS+ management and authentication.
Which of the following must be configured to provide authentication between the switch and the TACACS+
server?
A. 802.1X
B. SSH
C. Shared secret
D. SNMPv3
E. CHAP
Correct Answer: C

Answer 64

answer

Question 65

65
A security analyst monitors the syslog server and notices the following:
A.  Memory leak
B.  Buffer overflow
C.  Null pointer deference
D.  Integer overflow
Correct Answer: B

Answer 65

answer

Question 66

66
A security, who is analyzing the security of the company’s web server, receives the following output:
Which of the following is the issue?
A.  Code signing
B.  Stored procedures
C.  Access violations
D.  Unencrypted credentials
Correct Answer: D

Answer 66

answer

Question 67

67
Which of the following is an example of resource exhaustion?
A. A penetration tester requests every available IP address from a DHCP server.
B. An SQL injection attack returns confidential data back to the browser.
C. Server CPU utilization peaks at 100% during the reboot process.
D. System requirements for a new software package recommend having 12GB of RAM, but only 8GB are
available.
Correct Answer: A

Answer 67

answer

Question 68

68
A security consultant is setting up a new electronic messaging platform and wants to ensure the platform
supports message integrity validation.
Which of the following protocols should the consultant recommend?
A.  S/MIME
B.  DNSSEC
C.  RADIUS
D.  802.11x
Correct Answer: A

Answer 68

answer

Question 69

69
Datacenter employees have been battling alarms in a datacenter that has been experiencing hotter than
normal temperatures. The server racks are designed so all 48 rack units are in use, and servers are installed
in any manner in which the technician can get them installed.
Which of the following practices would BEST alleviate the heat issues and keep costs low?
A. Utilize exhaust fans.
B. Use hot and cold aisles.
C. Airgap the racks.
D. Use a secondary AC unit.
Correct Answer: B

Answer 69

answer

Question 70

70
When accessing a popular website, a user receives a warming that the certificate for the website is not valid.
Upon investigation, it was noted that the certificate is not revoked and the website is working fine for other
users.
Which of the following is the MOST likely cause for this?
A. The certificate is corrupted on the server.
B. The certificate was deleted from the local cache.
C. The user needs to restart the machine.
D. The system date on the user’s device is out of sync.
Correct Answer: D

Answer 70

answer

Question 71

71
A company wishes to move all of its services and applications to a cloud provider but wants to maintain full
control of the deployment, access, and provisions of its services to its users.
Which of the following BEST represents the required cloud deployment model?
A. SaaS
B. IaaS
C. MaaS
D. Hybrid
E. Private
Correct Answer: A

Answer 71

answer

Question 72

72
A systems administrator has created network file shares for each department with associated security groups
for each role within the organization.
Which of the following security concepts is the systems administrator implementing?
A.  Separation of duties
B.  Permission auditing
C.  Least privilege
D.  Standard naming conversation
Correct Answer: A

Answer 72

answer

Question 73

73
A technician has installed a new AAA server, which will be used by the network team to control access to a
company’s routers and switches. The technician completes the configuration by adding the network team
members to the NETWORK_TEAM group, and then adding the NETWORK_TEAM group to the appropriate
ALLOW_ACCESS access list. Only members of the network team should have access to the company’s
routers and switches.
Members of the network team successfully test their ability to log on to various network devices configured to
use the AAA server. Weeks later, an auditor asks to review the following access log sample:
Which of the following should the auditor recommend based on the above information?
A. Configure the ALLOW_ACCESS group logic to use AND rather than OR.
B. Move the NETWORK_TEAM group to the top of the ALLOW_ACCESS access list.
C. Disable groups nesting for the ALLOW_ACCESS group in the AAA server.
D. Remove the DOMAIN_USERS group from ALLOW_ACCESS group.
Correct Answer: D

Answer 73

answer

Question 74

74
A security technician has been given the task of preserving emails that are potentially involved in a dispute
between a company and a contractor.
Which of the following BEST describes this forensic concept?
A.  Legal hold
B.  Chain of custody
C.  Order of volatility
D.  Data acquisition
Correct Answer: A

Answer 74

answer

Question 75

75
Which of the following outcomes is a result of proper error-handling procedures in secure code?
A. Execution continues with no notice or logging of the error condition.
B. Minor fault conditions result in the system stopping to preserve state.
C. The program runs through to completion with no detectable impact or output.
D. All fault conditions are logged and do not result in a program crash.
Correct Answer: D

Answer 75

answer

Question 76

76
Which of the following enables sniffing attacks against a switched network?
A.  ARP poisoning
B.  IGMP snooping
C.  IP spoofing
D.  SYN flooding
Correct Answer: A

Answer 76

answer

Question 77

77
A company wants to ensure users are only logging into the system from their laptops when they are on site.
Which of the following would assist with this?
A.  Geofencing
B.  Smart cards
C.  Biometrics
D.  Tokens
Correct Answer: A

Answer 77

answer

Question 78

78
During a penetration test, the tester performs a preliminary scan for any responsive hosts. Which of the
following BEST explains why the tester is doing this?
A. To determine if the network routes are improperly forwarding request packets
B. To identify the total number of hosts and determine if the network can be victimized by a DoS attack
C. To identify servers for subsequent scans and further investigation
D. To identify the unresponsive hosts and determine if those could be used as zombies in a follow-up scan.
Correct Answer: C

Answer 78

answer

Question 79

79
Which of the following is being used when a malicious actor searches various social media websites to find
information about a company’s system administrators and help desk staff?
A.  Passive reconnaissance
B.  Initial exploitation
C.  Vulnerability scanning
D.  Social engineering
Correct Answer: A

Answer 79

answer

Question 80

80
Given the following requirements:
Help to ensure non-repudiation
Capture motion in various formats
Which of the following physical controls BEST matches the above descriptions?
A.  Camera
B.  Mantrap
C.  Security guard
D.  Motion sensor
Correct Answer: A

Answer 80

answer

Question 81

81
Which of the following is a random value appended to a credential that makes the credential less susceptible
to compromise when hashed?
A.  Nonce
B.  Salt
C.  OTP
D.  Block cipher
E.  IV
Correct Answer: B

Answer 81

answer

Question 82

82
An organization has hired a new remote workforce. Many new employees are reporting that they are unable to
access the shared network resources while traveling. They need to be able to travel to and from different
locations on a weekly basis. Shared offices are retained at the headquarters location. The remote workforce
will have identical file and system access requirements, and must also be able to log in to the headquarters
location remotely. Which of the following BEST represent how the remote employees should have been set up
initially? (Choose two.)
A. User-based access control
B. Shared accounts
C. Group-based access control
D. Mapped drives
E. Individual accounts
F. Location-based policies
Correct Answer: CF

Answer 82

answer

Question 83

83
A salesperson often uses a USB drive to save and move files from a corporate laptop. The coprorate laptop
was recently updated, and now the files on the USB are read-only. Which of the following was recently added
to the laptop?
A.  Antivirus software
B.  File integrity check
C.  HIPS
D.  DLP
Correct Answer: D

Answer 83

answer

Question 84

84
A network technician is setting up a new branch for a company. The users at the new branch will need to
access resources securely as if they were at the main location. Which of the following networking concepts
would BEST accomplish this?
A.  Virtual network segmentation
B.  Physical network segmentation
C.  Site-to-site VPN
D.  Out-of-band access
E.  Logical VLANs
Correct Answer: C

Answer 84

answer

Question 85

85
A water utility company has seen a dramatic increase in the number of water pumps burning out. A malicious
actor was attacking the company and is responsible for the increase. Which of the following systems has the
attacker compromised?
A.  DMZ
B.  RTOS
C.  SCADA
D.  IoT
Correct Answer: C

Answer 85

answer

Question 86

86
An organization’s Chief Executive Officer (CEO) directs a newly hired computer technician to install an OS on
the CEO’s personal laptop. The technician performs the installation, and a software audit later in the month
indicates a violation of the EULA occurred as a result. Which of the following would address this violation
going forward?
A. Security configuration baseline
B. Separation of duties
C. AUP
D. NDA
Correct Answer: A

Answer 86

answer

Question 87

87
Which of the following attackers generally possesses minimal technical knowledge to perform advanced
attacks and uses widely available tools as well as publicly available information?
A.  Hacktivist
B.  White hat hacker
C.  Script kiddle
D.  Penetration tester
Correct Answer: C

Answer 87

answer

Question 88

88
A company is performing an analysis of which corporate units are most likely to cause revenue loss in the
event the unit is unable to operate. Which of the following is an element of the BIA that this action is
addressing?
A.  Critical system inventory
B.  Single point of failure
C.  Continuity of operations
D.  Mission-essential functions
Correct Answer: D

Answer 88

answer

Question 89

89
A company has critical systems that are hosted on an end-of-life OS. To maintain operations and mitigate
potential vulnerabilities, which of the following BEST accomplishes this objective?
A. Use application whitelisting.
B. Employ patch management.
C. Disable the default administrator account.
D. Implement full-disk encryption.
Correct Answer: A

Answer 89

answer

Question 90

90
Which of the following terms BEST describes an exploitable vulnerability that exists but has not been publicly
disclosed yet?
A.  Design weakness
B.  Zero-day
C.  Logic bomb
D.  Trojan
Correct Answer: B

Answer 90

answer

Question 91

91
A company’s IT staff is given the task of securely disposing of 100 server HDDs. The security team informs the
IT staff that the data must not be accessible by a third party after disposal. Which of the following is the MOST
time-efficient method to achieve this goal?
A. Use a degausser to sanitize the drives.
B. Remove the platters from the HDDs and shred them.
C. Perform a quick format of the HDD drives.
D. Use software to zero fill all of the hard drives.
Correct Answer: A

Answer 91

answer

Question 92

92
A company has migrated to two-factor authentication for accessing the corporate network, VPN, and SSO.
Several legacy applications cannot support multifactor authentication and must continue to use usernames
and passwords. Which of the following should be implemented to ensure the legacy applications are as secure
as possible while ensuring functionality? (Choose two.)
A. Privileged accounts
B. Password reuse restrictions
C. Password complexity requirements
D. Password recovery
E. Account disablement
Correct Answer: CE

Answer 92

answer

Question 93

93
Two companies are enabling TLS on their respective email gateways to secure communications over the
Internet. Which of the following cryptography concepts is being implemented?
A.  Perfect forward secrecy
B.  Ephemeral keys
C.  Domain validation
D.  Data in transit
Correct Answer: D

Answer 93

answer

Question 94

94
The Chief Executive Officer (CEO) received an email from the Chief Financial Officer (CFO), asking the CEO
to send financial details. The CEO thought it was strange that the CFO would ask for the financial details via
email. The email address was correct in the “From” section of the email. The CEO clicked the form and sent
the financial information as requested. Which of the following caused the incident?
A. Domain hijacking
B. SPF not enabled
C. MX records rerouted
D. Malicious insider
Correct Answer: B

Answer 94

answer

Question 95

95
Which of the following control types would a backup of server data provide in case of a system issue?
A.  Corrective
B.  Deterrent
C.  Preventive
D.  Detective
Correct Answer: A

Answer 95

answer

Question 96

96
A recent penetration test revealed several issues with a public-facing website used by customers. The testers
were able to:
Enter long lines of code and special characters
Crash the system
Gain unauthorized access to the internal application server
Map the internal network
The development team has stated they will need to rewrite a significant portion of the code used, and it will
take more than a year to deliver the finished product. Which of the following would be the BEST solution to
introduce in the interim?
A. Content fileting
B. WAF
C. TLS
D. IPS/IDS
E. UTM
Correct Answer: B

Answer 96

answer

Question 97

97
Which of the following can occur when a scanning tool cannot authenticate to a server and has to rely on
limited information obtained from service banners?
A.  False positive
B.  Passive reconnaissance
C.  Access violation
D.  Privilege escalation
Correct Answer: A

Answer 97

answer

Question 98

98
A systems administrator needs to integrate multiple IoT and small embedded devices into the company’s
wireless network securely. Which of the following should the administrator implement to ensure low-power and
legacy devices can connect to the wireless network?
A. WPS
B. WPA
C. EAP-FAST
D. 802.1X
Correct Answer: A

Answer 98

answer

Question 99

99
When backing up a database server to LTO tape drives, the following backup schedule is used. Backups take
one hour to complete:
On Friday at 9:00 p.m., there is a RAID failure on the database server. The data must be restored from
backup. Which of the following is the number of backup tapes that will be needed to complete this operation?
A. 1
B. 2
C. 3
D. 4
E. 6
Correct Answer: D

Answer 99

answer

Question 100

100
Management wants to ensure any sensitive data on company-provided cell phones is isolated in a single
location that can be remotely wiped if the phone is lost. Which of the following technologies BEST meets this
need?
A.  Geofencing
B.  Containerization
C.  Device encryption
D.  Sandboxing
Correct Answer: B

Answer 100

answer