Architecture and Design

Question 1

A company has limited storage space available and an online presence that cannot be down for more than four hours. Which of the following backup methodologies should the company implement to allow for the FASTEST database restore time in the event of a failure, while being mindful of the limited available storage space?

Answer 1

Implement full backups every Sunday at 8:00 p.m. and nightly differential backups at 8:00 p.m

Question 2

An organization has a growing workforce that is mostly driven by additions to the sales department. Each newly hired salesperson relies on a mobile device to conduct business. The Chief Information Officer (CIO) is wondering if the organization may need to scale down just as quickly as it scaled up. The CIO is also concerned about the organization’s security and customer privacy. Which of the following would be BEST to address the CIO’s concerns?

Answer 2

Implement BYOD for the sales department while leveraging the MDM

Question 3

Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company’s final software releases? (Choose two.)

Answer 3

Included third-party libraries

Vendors/supply chain

Question 4

A customer service representative reported an unusual text message that was sent to the help desk. The message contained an unrecognized invoice number with a large balance due and a link to click for more details. Which of the following BEST describes this technique?

Answer 4

Smishing

Question 5

A security analyst is concerned about traffic initiated to the dark web from the corporate LAN. Which of the following should the analyst monitor?

Answer 5

Tor

Question 6

Which of the following should be monitored by threat intelligence researchers who search for leaked credentials?

Answer 6

Dark web

Question 7

An employee installed a new service on the domain controller without consent or approval from the IT department and change management. What specifically describes this type of threat?

Answer 7

Shadow IT

Question 8

Which of the following threat actors is most likely to be motivated by ideology?

Answer 8

Hacktivist

Question 9

After a security assessment is concluded, what benefit does the CVSS score provide to a company on the list of discovered vulnerabilities?

Answer 9

Prioritize remediation of vulnerabilities based on the possible impact

CVSS (Common Vulnerability Scoring System) is used to assign severity scores (zero to ten) to vulnerabilities which allows responders to prioritize the responses and better manage resources. Scores are calculated by a formula that uses several metrics, including complexity and severity.

Question 10

An attacker tricks a user into providing confidential information. Which of the following describes this form of malicious reconnaissance?

Answer 10

Social engineering

Question 11

A company recently experienced a major breach. An investigation concludes that customer credit card data was stolen and exfiltrated through a dedicated business partner connection to a vendor, who is not held to the same security control standards. Which of the following is the most likely source of the breach?

Answer 11

Supply chain

Question 12

A user is having problems accessing network shares. An admin investigates and finds the following on the user’s computer:

What attack has been performed on this computer?

Answer 12

ARP poisoning

Two different devices shouldn’t have the same MAC addresses. Since these are dynamically learned ARP entries, it is reasonable to believe this was an ARP poisoning. Device .1 is probably the default gateway and then device .11 is the MitM

Question 13

A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO’s report?

Answer 13

Organized crime

Question 14

Which of the following can be used to identify potential attacker activities without affecting production servers?

Answer 14

Honeypot

Question 15

A security analyst notices an unusual amount of traffic hitting the edge of the network. Upon examining the logs, the analyst identifies a source IP address and blocks that address from communicating with the network. Even though the analyst is blocking this address, the attack is still ongoing and coming from a large number of different source IP addresses. Which of the following describes this type of attack?

Answer 15

DDoS

Question 16

A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?

Answer 16

Bug bounty

Question 17

A company has installed badge readers for building access but is finding unauthorized individuals roaming the hallways. Which of the following is the most likely cause?

Answer 17

Tailgating

Question 18

A company’s Chief Information Security Officer (CISO) recently warned the security manager that the company’s Chief Executive Officer (CEO) is planning to publish a controversial opinion article in a national newspaper, which may result in new cyberattacks. Which of the following would be best for the security manager to use in a threat model?

Answer 18

Hacktivists

Question 19

A security analyst reports a company policy violation in a case in which a large amount of sensitive data is being downloaded after hours from various mobile devices to an external site. Upon further investigation, the analyst notices that successful login attempts are being conducted with impossible travel times during the same time periods when the unauthorized downloads are occurring. The analyst also discovers a couple of WAPs are using the same SSID, but they have non-standard DHCP configurations and an overlapping channel. Which of the following attacks is being conducted?

Answer 19

Evil twin

Question 20

A security analyst is reviewing the following logs:

Which of the following attacks is most likely occurring?

Answer 20

Password spraying

Question 21

A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering. Which of the following teams will conduct this assessment activity?

Answer 21

Red

Question 22

A large financial services firm recently released information regarding a security breach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file downloaded from a social media site and subsequently installed it without the user’s knowledge. Since the compromise, the attacker was able to take command and control of the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker most likely use to gain access?

Answer 22

A RAT

Question 23

A junior security analyst is reviewing web server logs and identifies the following pattern in the log file:

http://comptia.org/../../../etc/passwd

Which of the following types of attacks is being attempted and how can it be mitigated?

Answer 23

XSS; implement a SIEM

Question 24

A security assessment found that several embedded systems are running unsecure protocols. These systems were purchased two years ago, and the company that developed them is no longer in business. Which of the following constraints best describes the reason the findings cannot be remediated?

Answer 24

Unavailable patch

Question 25

A user downloaded an extension for a browser, and the user device later became infected. The analyst who is investigating the incident saw various logs where the attacker was hiding activity by deleting data. The following was observed running:

Which of the following is the malware using to execute the attack?

Answer 25

PowerShell

Question 26

A user’s login credentials were recently compromised. During the investigation, the security analyst determined the user input credentials into a pop-up window when prompted to confirm the username and password. However, the trusted website does not use a pop-up for entering user credentials. Which of the following attacks occurred?

Answer 26

DNS poisoning

Question 27

A systems administrator set up an automated process that checks for vulnerabilities across the entire environment every morning. Which of the following activities is the systems administrator conducting?

Answer 27

Scanning

Question 28

An engineer is setting up a VDI environment for a factory location, and the business wants to deploy a low-cost solution to enable users on the shop floor to log in to the VDI environment directly. Which of the following should the engineer select to meet these requirements?

Answer 28

Thin clients

Question 29

A systems administrator receives the following alert from a file integrity monitoring tool:
The hash of the cmd.exe file has changed.
The systems administrator checks the OS logs and notices that no patches were applied in the last two months. Which of the following most likely occurred?

Answer 29

A rootkit was deployed

When a file integrity monitoring tool detects a change in the hash of a critical system file like “cmd.exe,” it could indicate that a rootkit has been deployed. Rootkits are malicious software designed to hide their presence on a system by modifying critical files and processes, including system utilities like “cmd.exe.”

Question 30

A security analyst was asked to evaluate a potential attack that occurred on a publicly accessible section of the company’s website. The malicious actor posted an entry in an attempt to trick users into clicking the following:

https://www.c0mpt1a.com/contact-us/%3Fname%3D%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E

Which of the following was most likely observed?

Answer 30

XSS

Question 31

An analyst is concerned about data leaks and wants to restrict access to internet services to authorized users only. The analyst also wants to control the actions each user can perform on each service. Which of the following would be the best technology for the analyst to consider implementing?

Answer 31

CASB

CASB is a security solution that provides visibility and control over the use of cloud services by employees within an organization. It helps enforce security policies and ensures that access to internet services is restricted to authorized users only. CASB allows the organization to define granular policies to control the actions each user can perform on each cloud service.

Question 32

A security engineer needs to recommend a solution to defend against malicious actors misusing protocols and being allowed through network defenses. Which of the following will the engineer most likely recommend?

Answer 32

A next-generation firewall

Question 33

A company’s legal department drafted sensitive documents in a SaaS application and wants to ensure the documents cannot be accessed by individuals in high-risk countries. Which of the following is the most effective way to limit this access?

Answer 33

Geolocation policy

Question 34

Several users have opened tickets with the help desk. The help desk has reassigned the tickets to a security analyst for further review. The security analyst reviews the following metrics:

Which of the following is MOST likely the result of the security analyst’s review?

Answer 34

Corporate PCs have been turned into a botnet

Question 35

An organization suffered numerous multiday power outages at its current location. The Chief Executive Officer wants to create a disaster recovery strategy to resolve this issue. Which of the following options offer low-cost solutions? (Choose two.)

Answer 35

Generator

UPS

Question 36

A security analyst discovers that one of the web APIs is being abused by an unknown third party. Logs indicate that the third party is attempting to manipulate the parameters being passed to the API endpoint. Which of the following solutions would best help to protect against the attack?

Answer 36

WAF

A Web Application Firewall (WAF) is a security solution designed to protect web applications and APIs from various attacks, including those that attempt to manipulate parameters and exploit vulnerabilities in the application layer. It sits between the clients (users or third parties) and the web server, inspecting the HTTP/HTTPS traffic and filtering out malicious requests.

Question 37

An application owner reports suspicious activity on an internal financial application from various internal users within the past 14 days. A security analyst notices the following:
-Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users.
-Internal users in question were changing their passwords frequently during that time period.
-A jump box that several domain administrator users use to connect to remote devices was recently compromised.
-The authentication method used in the environment is NTLM.
Which of the following types of attacks is MOST likely being used to gain unauthorized access?

Answer 37

Pass-the-hash

Question 38

A government organization is developing an advanced Al defense system. Developers are using information collected from third-party providers. Analysts are noticing inconsistencies in the expected progress of the Al learning and attribute the outcome to a recent attack on one of the suppliers. Which of the following is the most likely reason for the inaccuracy of the system?

Answer 38

Tainted training data

Question 39

During an incident, an EDR system detects an increase in the number of encrypted outbound connections from multiple hosts. A firewall is also reporting an increase in outbound connections that use random high ports. An analyst plans to review the correlated logs to find the source of the incident. Which of the following tools will best assist the analyst?

Answer 39

A SIEM

Question 40

A company recently suffered a breach in which an attacker was able to access the internal mail servers and directly access several user inboxes. A large number of email messages were later posted online. Which of the following would best prevent email contents from being released should another breach occur?

Answer 40

Implement S/MIME to encrypt the emails at rest

S/MIME (Secure/Multipurpose Internet Mail Extensions) is a technology used to encrypt email messages, ensuring that the contents of the messages are protected both during transmission and at rest. When S/MIME is implemented, the email messages are encrypted using the recipient’s public key, and only the recipient with the corresponding private key can decrypt and read the message.

Question 41

Which of the following exercises should an organization use to improve its incident response process?

Answer 41

Tabletop

Question 42

An attacker is attempting to harvest user credentials on a client’s website. A security analyst notices multiple attempts of random usernames and passwords. When the analyst types in a random username and password, the logon screen displays the following message:
“The username you entered does not exist.”
Which of the following should the analyst recommend be enabled?

Answer 42

Error handling

The error message is too specific; attackers know the username they guessed is wrong so they can try and guess another until they find one that sticks; so proper error handling should be less specific such as “Invalid credentials”

Question 43

An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?

Answer 43

Compensating controls

Compensating controls are alternative security measures put in place when standard controls cannot be implemented or are not sufficient to meet security requirements.

Question 44

Which of the following describes the ability of code to target a hypervisor from inside a guest OS?

Answer 44

VM escape

Question 45

A grocery store is expressing security and reliability concerns regarding the on-site backup strategy currently being performed by locally attached disks. The main concerns are the physical security of the backup media and the durability of the data stored on these devices. Which of the following is a cost-effective approach to address these concerns?

Answer 45

Migrate to a cloud backup solution

Question 46

A local server recently crashed and the team is attempting to restore the server from a backup. During the restore process, the team notices the file size of each daily backup is large and will run out of space at the current rate. The current solution appears to do a full backup every night.

Which of the following would use the least amount of storage space for backups?

Answer 46

A weekly, full backup with daily incremental backups

Question 47

A security analyst discovers several jpg photos from a cellular phone during a forensics investigation involving a compromised system. The analyst runs a forensics tool to gather file metadata. Which of the following would be part of the images if all the metadata is still intact?

Answer 47

The GPS location

Question 48

A financial analyst is expecting an email containing sensitive information from a client. When the email arrives the analyst receives an error and is unable to open the encrypted message. Which of the following is the most likely cause of the issue?

Answer 48

The S/MIME plug-in is not enabled

Question 49

A company develops a complex platform that is composed of a single application. After several issues with upgrades, the systems administrator recommends breaking down the application into unique, independent modules. Which of the following best identifies the systems administrator’s recommendation?

Answer 49

Microservices

Question 50

Which of the following would be the best way to block unknown programs from executing?

Answer 50

Application allow list

Question 51

A company is planning to install a guest wireless network so visitors will be able to access the internet. The stakeholders want the network to be easy to connect to so time is not wasted during meetings. The WAPs are configured so that power levels and antennas cover only the conference rooms where visitors will attend meetings. Which of the following would best protect the company’s internal wireless network against visitors accessing company resources?

Answer 51

Configure the guest wireless network to be on a separate VLAN from the company’s internal wireless network.

Question 52

An organization relies on third-party videoconferencing to conduct daily business. Recent security changes now require all remote workers to utilize a VPN to corporate resources. Which of the following would best maintain high-quality videoconferencing while minimizing latency when connected to the VPN?

Answer 52

Configuring QoS properly on the VPN accelerators

Question 53

A security analyst is scanning a company’s public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?

Answer 53

Setting up a VPN and placing the jump server inside the firewall

Question 54

A company would like to provide flexibility for employees on device preference. However, the company is concerned about supporting too many different types of hardware. Which of the following deployment models will provide the needed flexibility with the greatest amount of control and security over company data and infrastructure?

Answer 54

CYOD

Question 55

A user would like to install software and features that are not available with a mobile device’s default software. Which of the following would allow the user to install unauthorized software and enable new features?

Answer 55

Jailbreaking

Question 56

An organization recently acquired an ISO 27001 certification. Which of the following would most likely be considered a benefit of this certification?

Answer 56

It assures customers that the organization meets security standards

This certification provides an independent verification that an organization meets recognized security standards and best practices. It demonstrates to its customers, partners, and stakeholders that it has implemented a comprehensive and systematic approach to managing information security.

Question 57

A security professional wants to enhance the protection of a critical environment that is used to store and manage a company’s encryption keys. The selected technology should be tamper resistant. Which of the following should the security professional implement to achieve the goal?

Answer 57

HSM

Question 58

Which of the following is the correct order of volatility from most to least volatile?

Answer 58

Cache memory, temporary filesystems, disk, archival media

Question 59

Which of the following agreements defines response time, escalation points, and performance metrics?

Answer 59

SLA

Question 60

A bakery has a secret recipe that it wants to protect. Which of the following objectives should be added to the company’s security awareness training?

Answer 60

Insider threat detection

Question 61

Which of the following must be considered when designing a high-availability network? (Choose two.)

Answer 61

Ease of recovery

Responsiveness

Question 62

Which of the following strategies shifts risks that are not covered in an organization’s risk strategy?

Answer 62

Risk transference

Question 63

An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to implement mitigation techniques to prevent further spread. Which of the following is the best course of action for the analyst to take?

Answer 63

Isolate the infected attachment

By isolating the infected attachment, the analyst can prevent the worm from spreading further within the network. This action involves removing the attachment from the compromised system and quarantining it to prevent it from being opened or executed.

Question 64

A dynamic application vulnerability scan identified that code injection could be performed using a web form. Which of the following will be the best remediation to prevent this vulnerability?

Answer 64

Implement input validations

Implementing input validation is the best remediation to prevent code injection vulnerabilities. WAF will prevent attacks not vulnerability.

https://techtipbits.com/security/input-validation-in-web-applications/

Question 65

A security administrator needs a method to secure data in an environment that includes some form of checks so that the administrator can track any changes. Which of the following should the administrator set up to achieve this goal?

Answer 65

FIM

Question 66

Sales team members have been receiving threatening voicemail messages and have reported these incidents to the IT security team. Which of the following would be MOST appropriate for the IT security team to analyze?

Answer 66

Session Initiation Protocol traffic logs

Question 67

Which of the following can be used to calculate the total loss expected per year due to a threat targeting an asset?

Answer 67

SLE x ARO

Question 68

A security engineer is hardening existing solutions to reduce application vulnerabilities. Which of the following solutions should the engineer implement FIRST? (Choose two.)

Answer 68

Auto-update

Sandboxing

Question 69

Which of the following authentication methods is considered to be the LEAST secure?

Answer 69

SMS

Question 70

A company needs to centralize its logs to create a baseline and have visibility on its security events. Which of the following technologies will accomplish this objective?

Answer 70

Security information and event management

Question 71

Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day to-day work activities?

Answer 71

Intellectual property

Research and development teams are responsible for developing new products, designs, technologies, and proprietary processes for an organization.
This involves generating and working with sensitive intellectual property like trade secrets, patents, formulas, schematics, and other proprietary information that provides a competitive advantage.

Question 72

An audit report indicates multiple suspicious attempts to access company resources were made. These attempts were not detected by the company. Which of the following would be the best solution to implement on the company’s network?

Answer 72

Intrusion prevention system

Question 73

An administrator is reviewing a single server’s security logs and discovers the following:

Which of the following best describes the action captured in this log file?

Answer 73

Brute-force attack

Question 74

An administrator identifies some locations on the third floor of the building that have a poor wireless signal. Multiple users confirm the incident and report it is not an isolated event. Which of the following should the administrator use to find the areas with a poor or non-existent wireless signal?

Answer 74

Site survey

Question 75

Recent changes to a company’s BYOD policy require all personal mobile devices to use a two-factor authentication method that is not something you know or have. Which of the following will meet this requirement?

Answer 75

Facial recognition

Question 76

A critical file server is being upgraded, and the systems administrator must determine which RAID level the new server will need to achieve parity and handle two simultaneous disk failures. Which of the following RAID levels meets this requirement?

Answer 76

RAID 6

Question 77

A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?

Answer 77

Encryption

Question 78

Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?

Answer 78

Network segmentation

You can set up Linux servers with host firewalls that only allow connections from a defined “ segment IP range”. This separates the servers from other devices.

Question 79

A company’s help desk has received calls about the wireless network being down and users being unable to connect to it. The network administrator says all access points are up and running. One of the help desk technicians notices the affected users are working in a building near the parking lot. Which of the following is the most likely reason for the outage?

Answer 79

Someone near the building is jamming the signal.

Question 80

A large bank with two geographically dispersed data centers is concerned about major power disruptions at both locations. Every day each location experiences very brief outages that last for a few seconds. However, during the summer a high risk of intentional under-voltage events that could last up to an hour exists, particularly at one of the locations near an industrial smelter. Which of the following is the best solution to reduce the risk of data loss?

Answer 80

Generator

If you need to supply power for an hour to a datacenter then you need Generator

Question 81

Which of the following examples would be best mitigated by input sanitization?

Answer 81

Email message: “Click this link to get your free gift card.”

Input sanitization is used to clean user-provided input from potential malicious content.
The link could contain malicious code that could be executed when the user clicks on it. Input sanitization would help to prevent this by validating the link and removing any malicious code. In the case of a blank input, there is no input to sanitize, so input sanitization would not have any effect.

Question 82

An organization would like to store customer data on a separate part of the network that is not accessible to users on the main corporate network. Which of the following should the administrator use to accomplish this goal?

Answer 82

Segmentation

Question 83

An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Choose two.)

Answer 83

Network

Firewall

Network logs (Option D): These logs can help identify network connections to the command-and-control server and provide information about source IP addresses (the impacted host) and destination IP addresses (the command-and-control server).

Firewall logs (Option E): Firewall logs also track network traffic and can provide valuable information about source and destination IP addresses, helping identify the impacted host and its communication with the command-and-control server.

Question 84

A large retail store’s network was breached recently, and this news was made public. The store did not lose any intellectual property, and no customer information was stolen. Although no fines were incurred as a result, the store lost revenue after the breach. Which of the following is the most likely reason for this issue?

Answer 84

Reputation damage

Question 85

An organization is struggling with scaling issues on its VPN concentrator and internet circuit due to remote work. The organization is looking for a software solution that will allow it to reduce traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data center and monitoring of remote employees internet traffic. Which of the following will help achieve these objectives?

Answer 85

Deploying a SASE solution to remote employees

Secure access service edge (SASE) is a network architecture that combines VPN and SD-WAN capabilities with cloud-native security functions such as SWG, CASB, firewalls, and zero-trust network access.
SASE solutions can optimize traffic routing and reduce the load on the VPN and internet circuit by intelligently directing traffic to the appropriate destination, whether it’s to the data center or to the internet.

Question 86

Which of the following is the best reason to complete an audit in a banking environment?

Answer 86

Regulatory requirement

Banks and financial institutions operate in highly regulated industries and are required by law to undergo rigorous audits and submit reports regularly. These audits ensure they comply with standards set by financial authorities.

Question 87

After a recent ransomware attack on a company’s system, an administrator reviewed the log files. Which of the following control types did the administrator use?

Answer 87

Detective

Question 88

A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?

Answer 88

Create a change control request

Question 89

An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?

Answer 89

Retention

Question 90

Which of the following provides a calculated value for known vulnerabilities so organizations can prioritize mitigation steps?

Answer 90

CVSS

Question 91

A security analyst has received several reports of an issue on an internal web application. Users state they are having to provide their credential twice lo log in. The analyst checks with the application team and notes this is not an expected behavior. After looking at several logs the analyst decides to run some commands on the gateway and obtains the following output:

Which of the following BEST describes the attack the company is experiencing?

Answer 91

ARP poisoning

Question 92

An engineer needs to deploy a security measure to identify and prevent data tampering within the enterprise. Which of the following will accomplish this goal?

Answer 92

FIM

Question 93

Which of the following mitigation techniques places devices in physically or logically separated networks and leverages policies to limit the types of communications that are allowed?

Answer 93

Access control list

Question 94

All security analysts’ workstations at a company have network access to a critical server VLAN. The information security manager wants to further enhance the controls by requiring that all access to the secure VLAN be authorized only from a given single location. Which of the following will the information security manager most likely implement?

Answer 94

A jump server

Question 95

A company recently experienced an attack in which a malicious actor was able to exfiltrate data by cracking stolen passwords, using a rainbow table on sensitive data. Which of the following should a security engineer do to prevent such an attack in the future?

Answer 95

Implement password salting

Question 96

A company wants the ability to restrict web access and monitor the websites that employees visit. Which of the following would best meet these requirements?

Answer 96

Internet proxy

Proxy servers include logs that record each site visited by users. These logs can be helpful to identify frequently visited sites and to monitor user web browsing activities.

Question 97

A security analyst receives an alert from the company’s SIEM that anomalous activity is coming from a local source IP address of 192.168.34.26. The Chief Information Security Officer asks the analyst to block the originating source. Several days later another employee opens an internal ticket stating that vulnerability scans are no longer being performed properly. The IP address the employee provides is 192.168.34.26. Which of the following describes this type of alert?

Answer 97

False positive

Question 98

A customer called a company’s security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation into the matter reveals the following:
-The manager of the accounts payable department is using the same password across multiple external websites and the corporate account.
-One of the websites the manager used recently experienced a data breach.
-The manager’s corporate email account was successfully accessed in the last five days by an IP address located in a foreign country.
Which of the following attacks has most likely been used to compromise the manager’s corporate account?

Answer 98

Credential stuffing

Question 99

Two organizations are discussing a possible merger. Both organizations’ Chief Financial Officers would like to safely share payroll data with each other to determine if the pay scales for different roles are similar at both organizations. Which of the following techniques would be best to protect employee data while allowing the companies to successfully share this information?

Answer 99

Pseudo-anonymization

Pseudo-anonymization effectively replaces direct identifiers (like names) with fictitious labels, allowing for meaningful comparison of job titles, experience, and salaries, without revealing the actual identities of employees.

Question 100

An organization’s corporate offices were destroyed due to a natural disaster, so the organization is now setting up offices in a temporary work space. Which of the following will the organization most likely consult?

Answer 100

The business continuity plan

Question 101

Which of the following can best protect against an employee inadvertently installing malware on a company system?

Answer 101

Application allow list

Question 102

Security analysts notice a server login from a user who has been on vacation for two weeks. The analysts confirm that the user did not log in to the system while on vacation. After reviewing packet capture logs, the analysts notice the following:

Which of the following occurred?

Answer 102

An attacker used a pass-the-hash attack to gain access.

Question 103

A marketing coordinator is trying to access a social media application on a company laptop but is getting blocked. The coordinator opens a help desk ticket to report the issue. Which of the following documents should a security analyst review to determine whether accessing social media applications on a company device is permitted?

Answer 103

Acceptable use policy

Question 104

A network manager wants to protect the company’s VPN by multifactor authentication that uses:

• Something you know
• Something you have
• Somewhere you are (NOT something you are)

Which of the following would accomplish the manager’s goal?

Answer 104

Domain name, PKI, GeoIP lookup

Question 105

Which of the following terms should be included in a contract to help a company monitor the ongoing security maturity of a new vendor?

Answer 105

A right-to-audit clause allowing for annual security audits

Question 106

Which of the following cloud models provides clients with servers, storage, and networks but nothing else?

Answer 106

IaaS

Question 107

An organization routes all of its traffic through a VPN. Most users are remote and connect into a corporate data center that houses confidential information. There is a firewall at the internet border, followed by a DLP appliance, the VPN server, and the data center itself. Which of the following is the weakest design element?

Answer 107

Encrypted VPN traffic will not be inspected when entering or leaving the network.

DLP won’t be able to inspect data that is passing through a VPN

Question 108

Which of the following is the best method for ensuring non-repudiation?

Answer 108

Digital certificate

Question 109

An organization is having difficulty correlating events from its individual AV, EDR, DLP, SWG, WAF, MDM, HIPS, and CASB systems. Which of the following is the best way to improve the situation?

Answer 109

Utilize a SIEM to centralize logs and dashboards.

Question 110

A company’s end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS servers, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?

Answer 110

Reflected denial of service

In a reflected DoS attack, the attacker sends requests to a large number of public servers, spoofing the source IP address to make it appear as if the requests are coming from the target server. These public servers, acting as amplifiers, then send the responses back to the target server, overwhelming it with inbound traffic.

Question 111

An audit identified PII being utilized in the development environment of a critical application. The Chief Privacy Officer (CPO) is adamant that this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to BEST satisfy both the CPO’s and the development team’s requirements?

Answer 111

Data masking

Question 112

Which of the following methods is the most effective for reducing vulnerabilities?

Answer 112

Using a scan-patch-scan process

Question 113

Law enforcement officials sent a company a notification that states electronically stored information and paper documents cannot be destroyed. Which of the following explains this process?

Answer 113

Legal hold

Question 114

Which of the following best describes why a company would erase a newly purchased device and install its own image with an operating system and applications?

Answer 114

Reimaging a system creates an updated baseline of the computer image

Reimaging a system creates an updated baseline of the computer image, ensuring that it is set up with the latest updates, configurations, and software versions.
This process ensures that all devices start from a consistent and up-to-date configuration.

Question 115

A backdoor was detected on the containerized application environment. The investigation detected that a zero-day vulnerability was introduced when the latest container image version was downloaded from a public registry. Which of the following is the best solution to prevent this type of incident from occurring again?

Answer 115

Enforce the use of a controlled trusted source of container images.

Question 116

An external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the perimeter network and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will best assist with this investigation?

Answer 116

Check the SIEM to review the correlated logs.

Question 117

A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies?

Answer 117

GDPR

Question 118

During an internal penetration test, a security analyst identified a network device that had accepted cleartext authentication and was configured with a default credential. Which of the following recommendations should the security analyst make to secure this device?

Answer 118

Configure SNMPv3

Question 119

Developers are writing code and merging it into shared repositories several times a day, where it is tested automatically. Which of the following concepts does this best represent?

Answer 119

Continuous integration

Question 120

A company wants to deploy decoy systems alongside production systems in order to entice threat actors and to learn more about attackers. Which of the following best describes these systems?

Answer 120

Honeypots

Question 121

A security engineer is concerned about using an agent on devices that rely completely on defined known-bad signatures. The security engineer wants to implement a tool with multiple components including the ability to track, analyze, and monitor devices without reliance on definitions alone. Which of the following solutions best fits this use case?

Answer 121

EDR

Endpoint Detection and Response (EDR) is a solution that provides continuous monitoring, analysis, and response capabilities on endpoints (devices) in an organization’s network. EDR solutions use behavior-based analysis and heuristics to detect and respond to potential threats.