351-380

Question 1

An organization has expanded its operations by opening a remote office. The new office is fully
furnished with office resources to support up to 50 employees working on any given day.
Which of the following VPN solutions would BEST support the new office?

Answer 1

A. Always On
B. Remote access
C. Site-to-site
D. Full tunnel
Answer: C

Question 2

When used at the design stage, which of the following improves the efficiency, accuracy, and speed
of a database?

Answer 2

A. Tokenization
B. Data masking
C. Normalization
D. Obfuscation
Answer: C

Question 3

A customer called a company’s security team to report that all invoices the customer has received
over the last five days from the company appear to have fraudulent banking details.
An investigation into the matter reveals the following
* The manager of the accounts payable department is using the same password across multiple external
websites and the corporate account.
* One of the websites the manager used recently experienced a data breach.
* The manager’s corporate email account was successfully accessed in the last five days by an IP
address located in a foreign country
Which of the following attacks has MOST likely been used to compromise the manager’s corporate
account?

Answer 3

A. Remote access Trojan
B. Brute-force
C. Dictionary
D. Credential stuffing
E. Password spraying
Answer: D

Question 4

Which of the following is MOST likely to outline the roles and responsibilities of data controllers and
data processors?

Answer 4

A. SSAE SOC 2
B. PCI DSS
C. GDPR
D. ISO 31000
Answer: C

Question 5

An organization has implemented a policy requiring the use of conductive metal lockboxes for
personal electronic devices outside of a secure research lab.
Which of the following did the organization determine to be the GREATEST risk to intellectual property
when creating this policy?

Answer 5

A. The theft of portable electronic devices
B. Geotagging in the metadata of images
C. Bluesnarfing of mobile devices
D. Data exfiltration over a mobile hotspot
Answer: D

Question 6

An organization that is located in a flood zone is MOST likely to document the concerns associated
with the restoration of IT operation in a:

Answer 6

A. business continuity plan
B. communications plan.
C. disaster recovery plan.
D. continuity of operations plan
Answer: C

Question 7

Which of the following would MOST likely support the integrity of a voting machine?

Answer 7

A. Asymmetric encryption
B. Blockchain
C. Transport Layer Security
D. Perfect forward secrecy
Answer: D

Question 8

A financial institution would like to stare is customer data a could but still allow the data ta he
accessed and manipulated while encrypted. Doing se would prevent the cloud service provider from
being able to decipher the data due to its sensitivity. The financial institution is not concern about
computational overheads and slow speeds.
Which of the following cryptographic techniques would BEST meet the requirement?

Answer 8

A. Asymmatric
B. Symmetric
C. Homeomorphic
D. Ephemeral
Answer: B

Question 9

A small business office is setting up a wireless infrastructure with primary requirements centered
around protecting customer information and preventing unauthorized access to the business network.
Which of the following would BEST support the office’s business needs? (Select TWO)

Answer 9

A. Installing WAPs with strategic placement
B. Configuring access using WPA3
C. Installing a WIDS
D. Enabling MAC filtering
E. Changing the WiFi password every 30 days
F. Reducing WiFi transmit power throughout the office
Answer: B,D

Question 10

A systems administrator needs to install the same X.509 certificate on multiple servers.
Which of the following should the administrator use?

Answer 10

A. Key escrow
B. A self-signed certificate
C. Certificate chaining
D. An extended validation certificate
Answer: B

Question 11

A security analyst notices several attacks are being blocked by the NIPS but does not see anything
on the boundary firewall logs. The attack seems to have been thwarted.
Which of the following resiliency techniques was applied to the network to prevent this attack?

Answer 11

A. NIC Teaming
B. Port mirroring
C. Defense in depth
D. High availability
E. Geographic dispersal
Answer: C

Question 12

A bank detects fraudulent activity on user’s account. The user confirms transactions completed
yesterday on the bank’s website at https://www.company.com. A security analyst then examines the
user’s
Internet usage logs and observes the following output:
date; username; url;destinationport; responsecode
2020-03-01; userann; http: //www.company.org/;80;302
2020-03-01; userann: http: //www.company.org/secure_login/;80;200
2020-03-01; userann:http: //www.company.org/dashboard/;80;200
Which of the following has MOST likely occurred?

Answer 12

A. Replay attack
B. SQL injection
C. SSL stripping
D. Race conditions
Answer: A

Question 13

Which of the following is the BEST reason to maintain a functional and effective asset management
policy that aids in ensuring the security of an organization?

Answer 13

A. To provide data to quantity risk based on the organization’s systems.
B. To keep all software and hardware fully patched for known vulnerabilities
C. To only allow approved, organization-owned devices onto the business network
D. To standardize by selecting one laptop model for all users in the organization
Answer: A

Question 14

Which of the following BEST explains the difference between a data owner and a data custodian?

Answer 14

A. The data owner is responsible for adhering to the rules for using the data, while the data custodian is
responsible for determining the corporate governance regarding the data
B. The data owner is responsible for determining how the data may be used, while the data custodian is
responsible for implementing the protection to the data
C. The data owner is responsible for controlling the data, while the data custodian is responsible for
maintaining the chain of custody when handling the data
D. The data owner grants the technical permissions for data access, while the data custodian maintains
the database access controls to the data
Answer: B

Question 15

A security administrator checks the table of a network switch, which shows the following output:

Which of the following is happening to this switch?

Answer 15

A. MAC Flooding
B. DNS poisoning
C. MAC cloning
D. ARP poisoning
Answer: A

Question 16

A security analyst needs to be proactive in understand the types of attacks that could potentially
target the company’s execute.
Which of the following intelligence sources should to security analyst review?

Answer 16

A. Vulnerability feeds
B. Trusted automated exchange of indicator information
C. Structured threat information expression
D. Industry information-sharing and collaboration groups
Answer: D

Question 17

A desktop support technician recently installed a new document-scanning software program on a
computer However, when the end user tried to launch the program, it did not respond.
Which of the following is MOST likely the cause?

Answer 17

A. A new firewall rule is needed to access the application.
B. The system was quarantined for missing software updates
C. The software was not added to the application whitelist.
D. The system was isolated from the network due to infected software.
Answer: C

Question 18

A company has been experiencing very brief power outages from its utility company over the last few
months. These outages only last for one second each time. The utility company is aware of the issue and
is working to replace a faulty transformer.
Which of the following BEST describes what the company should purchase to ensure its critical servers
and network devices stay online?

Answer 18

A. Dual power supplies
B. A UPS
C. A Generator
D. APDU
Answer: B

Question 19

An attacked is attempting to exploit users by creating a fake website with the URL
www.validwebsite.com. The attacker’s intent is to imitate the look and feel of a legitimate website to obtain
personal information from unsuspecting users.
Which of the following social-engineering attacks does this describe?

Answer 19

A. Information elicitation
B. Typo squatting
C. Impersonation
D. Watering-hole attack
Answer: D

Question 20

Which of the following is MOST likely to contain ranked and ordered information on the likelihood and
potential impact of catastrophic events that may affect business processes and systems, while also
highlighting the residual risks that need to be managed after mitigating controls have been implemented?

Answer 20

A. An RTO report
B. A risk register
C. A business impact analysis
D. An asset value register
E. A disaster recovery plan
Answer: B

Question 21

A remote user recently took a two-week vacation abroad and brought along a corporate-owned
laptop. Upon returning to work, the user has been unable to connect the laptop to the VPN.
Which of the following is the MOST likely reason for the user’s inability to connect the laptop to the VPN?
(Select TWO).

Answer 21

A. Due to foreign travel, the user’s laptop was isolated from the network.
B. The user’s laptop was quarantined because it missed the latest patch update.
C. The VPN client was blacklisted.
D. The user’s account was put on a legal hold.
E. The laptop is still configured to connect to an international mobile network operator.
F. The user in unable to authenticate because they are outside of the organization’s mobile geofencing
configuration.
Answer: A,B

Question 22

An analyst visits an internet forum looking for information about a tool. The analyst finds a threat that
appears to contain relevant information.
One of the posts says the following:
Which of the following BEST describes the attack that was attempted against the forum readers?

Answer 22

A. SOU attack
B. DLL attack
C. XSS attack
D. API attack
Answer: C

Question 23

On which of the following is the live acquisition of data for forensic analysis MOST dependent?
(Choose two.)

Answer 23

A. Data accessibility
B. Legal hold
C. Cryptographic or hash algorithm
D. Data retention legislation
E. Value and volatility of data
F. Right-to-audit clauses
Answer: E,F

Question 24

A network administrator is concerned about users being exposed to malicious content when
accessing company cloud applications. The administrator wants to be able to block access to sites based
on the AUP. The users must also be protected because many of them work from home or at remote
locations, providing on-site customer support.
Which of the following should the administrator employ to meet these criteria meet these criteria?

Answer 24

A. Implement NAC.
B. Implement an SWG.
C. Implement a URL filter.
D. Implement an MDM.
Answer: B

Question 25

Which of the following distributes data among nodes, making it more difficult to manipulate the data
while also minimizing downtime?

Answer 25

Which of the following distributes data among nodes, making it more difficult to manipulate the data
while also minimizing downtime?

Question 26

A security analyst is using a recently released security advisory to review historical logs, looking for
the specific activity that was outlined in the advisory.
Which of the following is the analyst doing?

Answer 26

A. A packet capture
B. A user behavior analysis
C. Threat hunting
D. Credentialed vulnerability scanning
Answer: C

Question 27

An organization is developing an authentication service for use at the entry and exit ports of country
borders. The service will use data feeds obtained from passport systems, passenger manifests, and
high-definition video feeds from CCTV systems that are located at the ports. The service will incorporate
machine-learning techniques to eliminate biometric enrollment processes while still allowing authorities to
identify passengers with increasing accuracy over time. The more frequently passengers travel, the more
accurately the service will identify them.
Which of the following biometrics will MOST likely be used, without the need for enrollment? (Choose
two.)

Answer 27

A. Voice
B. Gait
C. Vein
D. Facial
E. Retina
F. Fingerprint
Answer: B,D

Question 28

An organization routes all of its traffic through a VPN Most users are remote and connect into a
corporate datacenter that houses confidential information There is a firewall at the Internet border
followed by a DIP appliance, the VPN server and the datacenter itself.
Which of the following is the WEAKEST design element?

Answer 28

A. The DLP appliance should be integrated into a NGFW.
B. Split-tunnel connections can negatively impact the DLP appliance’s performance
C. Encrypted VPN traffic will not be inspected when entering or leaving the network
D. Adding two hops in the VPN tunnel may slow down remote connections
Answer: C

Question 29

After a phishing scam for a user’s credentials, the red team was able to craft a payload to deploy on a
server. The attack allowed the installation of malicious software that initiates a new remote session.
Which of the following types of attacks has occurred?

Answer 29

A. Privilege escalation
B. Session replay
C. Application programming interface
D. Directory traversal
Answer: A