Exam Topics

Question 1

A major political party experienced a server breach. The hacker then publicly posted stolen internal communications concerning campaign strategies to give the opposition party an advantage. Which of the following BEST describes these threat actors?

A. Semi-authorized hackers
B. State actors
C. Script kiddies
D. Advanced persistent threats

Answer 1

B. State actors

Question 2

A user wanted to catch up on some work over the weekend but had issues logging in to the corporate network using a VPN. On Monday, the user opened a ticket for this issue but was able to log in successfully. Which of the following BEST describes the policy that is being implemented?

A. Time-based logins
B. Geofencing
C. Network location
D. Password history

Answer 2

A. Time-based logins

Question 3

A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?

A. Default system configuration
B. Unsecure protocols
C. Lack of vendor support
D. Weak encryption

Answer 3

C. Lack of vendor support

Question 4

Which of the following can work as an authentication method and as an alerting mechanism for unauthorized access attempts?

A. Smart card
B. Push notifications
C. Attestation service
D. HMAC-based
E. one-time password

Answer 4

B. Push notifications

Question 5

Which of the following processes will eliminate data using a method that will allow the storage device to be reused after the process is complete?

A. Pulverizing
B. Overwriting
C. Shredding
D. Degaussing

Answer 5

B. Overwriting

Question 6

A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers. Prior to releasing
specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:

A. perform attribution to specific APTs and nation-state actors.
B. anonymize any PII that is observed within the IoC data.
C. add metadata to track the utilization of threat intelligence reports.
D. assist companies with impact assessments based on the observed data.

Answer 6

B. anonymize any PII that is observed within the IoC data.

Question 7

A company has migrated to two-factor authentication for accessing the corporate network, VPN, and SSO. Several legacy
applications cannot support multifactor authentication and must continue to use usernames and passwords. Which of the
following should be implemented to ensure the legacy applications are as secure as possible while ensuring functionality?

A. Privileged accounts
B. Password reuse restrictions
C. Password complexity requirements
D. Password recovery
E. Account disablement

Answer 7

C. Password complexity requirements
E. Account disablement

Question 8

A security engineer wants to implement a site-to-site VPN that will require SSL certificates for mutual authentication. Which
of the following should the engineer implement if the design requires client MAC address to be visible across the tunnel?

A. Tunnel mode IPSec
B. Transport mode VPN IPSec
C. L2TP
D. SSL VPN

Answer 8

D. SSL VPN

Question 9

A small business just recovered from a ransomware attack against its file servers by purchasing the decryption keys from the
attackers. The issue was triggered by a phishing email and IT administrator wants to ensure it does not happen again. Which
of the following should the IT administrator do FIRST after recovery?

A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.
B. Restrict administrative privileges and patch all systems and applications.
C. Rebuild all workstations and install new antivirus software.
D. Implement application whitelisting and perform user application hardening.

Answer 9

A. Scan the NAS for residual or dormant malware and take new daily backups that are tested on a frequent basis.

Question 10

A network administrator is brute forcing accounts through a web interface. Which of the following would provide the BEST
defense from an account password being discovered?

A. Password history
B. Account lockout
C. Account expiration
D. Password complexity

Answer 10

B. Account lockout

Question 11

A Chief Financial Officer (CFO) has been receiving email messages that have suspicious links embedded from unrecognized senders. The emails ask the recipient for identity verification. The IT department has not received reports of this happening to anyone else. Which of the following is the MOST likely explanation for this behavior?

A. The CFO is the target of a whaling attack.
B. The CFO is the target of identity fraud.
C. The CFO is receiving spam that got past the mail filters.
D. The CFO is experiencing an impersonation attack.

Answer 11

A. The CFO is the target of a whaling attack.

Question 12

Joe, an employee, knows he is going to be fired in three days. Which of the following characterizations describes the employee?

A. An insider threat
B. A competitor
C. A hacktivist
D. A state actor

Answer 12

A. An insider threat

Question 13

The IT department receives a call one morning about users being unable to access files on the network shared drives. An IT technician investigates and determines the files became encrypted at 12:00 a.m. While the files are being recovered from backups, one of the IT supervisors realizes the day is the birthday of a technician who was fired two months prior. Which of the following describes what MOST likely occurred?

A. The fired technician placed a logic bomb.
B. The fired technician installed a rootkit on all the affected users’ computers.
C. The fired technician installed ransomware on the file server.
D. The fired technician left a network worm on an old work computer.

Answer 13

A. The fired technician placed a logic bomb.

Question 14

An organization has a policy in place that states the person who approves firewall controls/changes cannot be the one implementing the changes. Which of the following describes this policy?

A. Change management
B. Job rotation
C. Separation of duties
D. Least privilege

Answer 14

C. Separation of duties

Question 15

Which of the following would be the BEST method to prevent the physical theft of staff laptops at an open-plan bank location with a high volume of customers each day?

A. Guards at the door
B. Cable locks
C. Visitor logs
D. Cameras

Answer 15

B. Cable locks

Question 16

Which of the following disaster recovery sites would require the MOST time to get operations back online?

A. Colocation
B. Cold
C. Hot
D. Warm

Answer 16

B. Cold

Question 17

A security manager needed to protect a high-security datacenter, so the manager installed an access control vestibule that can detect an employee’s heartbeat, weight, and badge. Which of the following did the security manager implement?

A. A physical control
B. A corrective control
C. A compensating control
D. A managerial control

Answer 17

A. A physical control

Question 18

Which of the following if used would BEST reduce the number of successful phishing attacks?

A. Two-factor authentication
​B. Application layer firewall
​C. Mantraps
D. User training

Answer 18

D. User training

Question 19

An input field that is accepting more data than has been allocated for it in memory is an attribute of:

A. buffer overflow.
​B. memory leak.
​C. cross-site request forgery.
D. resource exhaustion.

Answer 19

A. buffer overflow.

Question 20

A social engineering technique whereby attackers under disguise of a legitimate request attempt to gain access to confidential information is commonly referred to as:

Phishing
Privilege escalation
Backdoor access
Shoulder surfing

Answer 20

Backdoor access

Question 21

Which of the following answers refer to smishing? (Select 2 answers)

Social engineering technique
E-mail communication
Spam over Internet Telephony (SPIT)
Text messaging
Spam over Internet Messaging (SPIM)

Answer 21

Social engineering technique
Text messaging

Question 22

The practice of using a telephone system to manipulate user into disclosing confidential information is known as:

Whaling
Spear phishing
Vishing
Pharming

Answer 22

Vishing

Question 23

Which of the following terms is commonly used to describe an unsolicited advertising message?

Spyware
Adware
Malware
Spam

Answer 23

Spam

Question 24

What type of spam relies on text-based communication?

Vishing
SPIM
Bluesnarfing
SPIT

Answer 24

SPIM

Question 25

Which of the following answers refer to the characteristic features of pharming? (Select 3 answers)

Domain hijacking
Traffic redirection
Fraudulent website
Password attack
Credential harvesting

Answer 25

Traffic redirection
Fraudulent website
Credential harvesting

Question 26

Which of the following is used in data URL phishing?

Prepending
Typosquatting
Pretexting
Domain hijacking

Answer 26

Prepending

Pretexting is a form of social engineering where an attacker impersonates a trusted individual or organization to obtain sensitive information or access. It often involves manipulating the victim into providing information, like passwords or financial data, by pretending to need it for a legitimate reason

Question 27

An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others would be an example of:

Vishing
Impersonation
Virus hoax
Phishing

Answer 27

Virus hoax

Question 28

Which social engineering attack relies on identity theft?

Impersonation
Dumpster diving
Watering hole attack
Shoulder surfing

Answer 28

Impersonation

Question 29

Which of the terms listed below refers to a platform used for watering hole attacks?

Mail gateways
Websites
PBX systems
Web browsers

Answer 29

Websites

Question 30

A standalone malicious computer program that typically propagates itself over a computer network to adversely affect system resources and network bandwidth is called:

Spyware
Worm
Trojan
Spam

Answer 30

Worm

Question 31

What is a PUP? (Select 3 answers)

A type of computer program not explicitly classified as malware by AV software

An application downloaded and installed without the user’s consent (illegal app)

A type of software that may adversely affect the computer’s security and performance, compromise user’s privacy, or display unsolicited ads
An application downloaded and installed with the user’s consent (legal app)

A type of computer program explicitly classified as malware by AV applications

A type of free, utility software often bundled with a paid app

Answer 31

A type of computer program not explicitly classified as malware by AV software

A type of software that may adversely affect the computer’s security and performance, compromise user’s privacy, or display unsolicited ads

An application downloaded and installed with the user’s consent (legal app)

Question 32

Which type of malware resides only in RAM?

Rootkit
Fileless virus
Backdoor
Logic bomb

Answer 32

Fileless virus

Question 33

What is the function of a C2 server?

Spam distribution
Botnet control
Authentication, Authorization, and Accounting (AAA)
Penetration testing

Answer 33

Botnet control

Question 34

Which password attack takes advantage of a predefined list of words?

Birthday attack
Replay attack
Dictionary attack
Brute-force attack

Answer 34

Dictionary attack

Question 35

Which of the following terms is used to describe the theft of personal data from a payment card?

Pivoting
Skimming
Phishing
Bluejacking

Answer 35

Skimming

Skimming is a fast and interactive way to quickly obtain payment card data and personal information from ATMs and checkout scanners.

Question 36

Which cryptographic attack relies on the concepts of probability theory?

KPA
Brute-force ( Your answer)
Dictionary
Birthday

Answer 36

Birthday

Question 37

What is the name of a network protocol that enables secure file transfer over SSH?

TFTP
SFTP
Telnet
FTPS

Answer 37

SFTP

Question 38

A type of cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers is known as:

RDP
SSH
Telnet
SCP

Answer 38

SSH

Question 39

Which of the answers listed below refers to a suite of protocols and technologies providing encryption, authentication, and data integrity for network traffic?

TLS
SSH
IPsec
VPN

Answer 39

IPsec

Question 40

Which part of IPsec provides authentication, integrity, and confidentiality?

SPD
PFS
AH
ESP

Answer 40

ESP

Encapsulating Security Payload (ESP) is a member of the Internet Protocol Security (IPsec) set of protocols that encrypt and authenticate the packets of data between computers using a Virtual Private Network (VPN)

Question 41

Which protocol enables secure, real-time delivery of audio and video over an IP network?

S/MIME
RTP
SIP
SRTP

Answer 41

SRTP (Secure Real-Time Transport Protocol)

Question 42

An encryption protocol primarily used in Wi-Fi networks implementing the WPA2 security standard is called:

TKIP
CCMP
SSL
IPsec

Answer 42

CCMP

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol based on the U.S. federal government’s Advanced Encryption Standard (AES) algorithm

Question 43

Which cryptographic protocol is designed to provide secure communications over a computer network and is the successor to SSL?

IPsec
TLS
AES
CCMP

Answer 43

TLS

Question 44

Which of the answers listed below refers to a shared secret authentication method used in WPA, WPA2, and EAP?

PSK
802.1X
SAE
TKIP

Answer 44

PSK

Pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used

Question 45

Which of the following answers refers to a cryptographic key exchange protocol that leverages ECC for enhanced security and efficiency?

S/MIME
ECDHE
DHE
ECDSA

Answer 45

ECDHE

Elliptic Curve Diffie Hellman Ephermeral (a variant of the Diffie-Hellman key exchange that uses elliptic curve cryptography to provide stronger security with smaller key sizes)

Question 46

Which of the following answers refers to a public-key cryptosystem that leverages the mathematical properties of large prime numbers to facilitate secure key exchange, create digital signatures, and encrypt data?

ECC
RSA
PKI
DSA

Answer 46

RSA

Question 47

Which of these threat actors would be MOST likely to
attack systems for direct financial gain?

❍ A. Organized crime
❍ B. Hacktivist
❍ C. Nation state
❍ D. Competitor

Answer 47

A. Organized crime

Question 48

An IPS at your company has found a sharp increase
in traffic from all-in-one printers. After researching,
your security team has found a vulnerability associated
with these devices that allows the device to be remotely
controlled by a third-party. Which category would BEST
describe these devices?

❍ A. IoT
❍ B. RTOS
❍ C. MFD
❍ D. SoC

Answer 48

C. MFD (Multifunction printing devices)

Question 49

Elizabeth, a security administrator, is concerned about
the potential for data exfiltration using external storage
drives. Which of the following would be the BEST way
to prevent this method of data exfiltration?

❍ A. Create an operating system security policy to
prevent the use of removable media
❍ B. Monitor removable media usage in host-based
firewall logs
❍ C. Only allow applications that do not use
removable media
❍ D. Define a removable media block rule in the UTM

Answer 49

A. Create an operating system security policy to
prevent the use of removable media

Question 50

A CISO (Chief Information Security Officer) would
like to decrease the response time when addressing
security incidents. Unfortunately, the company does not
have the budget to hire additional security engineers.
Which of the following would assist the CISO with this
requirement?

❍ A. ISO 27701
❍ B. PKI
❍ C. IaaS
❍ D. SOAR

Answer 50

D. SOAR

Question 51

A user connects to a third-party website and receives this
message:
Your connection is not private.
NET::ERR_CERT_INVALID
Which of the following attacks would be the MOST
likely reason
for this message?

❍ A. Brute force
❍ B. DoS
❍ C. On-path
❍ D. Disassociation

Answer 51

C. On-path

Question 52

Which of the following would be the BEST way to
provide a website login using existing credentials from a
third-party site?

❍ A. Federation
❍ B. 802.1X
❍ C. PEAP
❍ D. EAP-FAST

Answer 52

A. Federation

Question 53

A system administrator, Daniel, is working on a contract
that will specify a minimum required uptime for a set
of Internet-facing firewalls. Daniel needs to know how
often the firewall hardware is expected to fail between
repairs. Which of the following would BEST describe
this information?

❍ A. MTBF
❍ B. RTO
❍ C. MTTR
❍ D. MTTF

Answer 53

A. MTBF

Question 54

An attacker calls into a company’s help desk
and pretends to be the director of the company’s
manufacturing department. The attacker states that they
have forgotten their password and they need to have the
password reset quickly for an important meeting. What
kind of attack would BEST describe this phone call?

❍ A. Social engineering
❍ B. Tailgating
❍ C. Vishing
❍ D. On-path

Answer 54

A. Social engineering

Question 55

A security administrator has been using EAP-FAST
wireless authentication since the migration from WEP
to WPA2. The company’s network team now needs to
support additional authentication protocols inside of an
encrypted tunnel. Which of the following would meet
the network team’s requirements?

❍ A. EAP-TLS
❍ B. PEAP
❍ C. EAP-TTLS
❍ D. EAP-MSCHAPv2

Answer 55

C. EAP-TTLS

Question 56

The embedded OS in a company’s time clock appliance is
configured to reset the file system and reboot when a file
system error occurs. On one of the time clocks, this file
system error occurs during the startup process and causes
the system to constantly reboot. Which of the following
BEST describes this issue?

❍ A. DLL injection
❍ B. Resource exhaustion
❍ C. Race condition
❍ D. Weak configuration

Answer 56

❍ C. Race condition

Question 57

A recent audit has found that existing password policies
do not include any restrictions on password attempts,
and users are not required to periodically change their
passwords. Which of the following would correct these
policy issues? (Select TWO)

❍ A. Password complexity
❍ B. Password expiration
❍ C. Password history
❍ D. Password lockout
❍ E. Password recovery

Answer 57

B. Password expiration
D. Password lockout

Question 58

What kind of security control is associated
with a login banner?

❍ A. Preventive
❍ B. Deterrent
❍ C. Corrective
❍ D. Detective
❍ E. Compensating
❍ F. Physical

Answer 58

❍ B. Deterrent

Question 59

A security team has been provided with a non-
credentialed vulnerability scan report created by a third-
party. Which of the following would they expect to see
on this report?

❍ A. A summary of all files with invalid
group assignments
❍ B. A list of all unpatched operating system files
❍ C. The version of web server software in use
❍ D. A list of local user accounts

Answer 59

C. The version of web server software in use

Question 60

A business manager is documenting a set of steps for
processing orders if the primary Internet connection fails.
Which of these would BEST describe these steps?

❍ A. Communication plan
❍ B. Continuity of operations
❍ C. Stakeholder management
❍ D. Tabletop exercise

Answer 60

B. Continuity of operations

Question 61

A company is creating a security policy that will protect
all corporate mobile devices:
* All mobile devices must be automatically locked
after a predefined time period.
* Some mobile devices will be used by the
remote sales teams, so the location of each device
needs to be traceable.
* All of the user’s information should be completely
separated from company data.
Which of the following would be the BEST way to
establish these security policy rules?

❍ A. Containerization
❍ B. Biometrics
❍ C. COPE
❍ D. VDI
❍ E. Geofencing
❍ F. MDM

Answer 61

F. MDM (Mobile Device Management)

(MDM) is security software that enables IT departments to implement policies that secure, monitor, and manage end-user mobile devices

Question 62

A network administrator would like each user to
authenticate with their personal username and
password when connecting to the company’s wireless
network. Which of the following should the network
administrator configure on the wireless access points?

❍ A. WPA2-PSK
❍ B. 802.1X
❍ C. WPS
❍ D. WPA2-AES

Answer 62

B. 802.1X

Question 63

A user has assigned individual rights and permissions
to a file on their network drive. The user adds three
additional individuals to have read-only access to the
file. Which of the following would describe this access
control model?

❍ A. DAC
❍ B. MAC
❍ C. ABAC
❍ D. RBAC

Answer 63

A. DAC

Question 64

Which of these cloud deployment models would share
resources between a private virtualized data center and
externally available cloud services?

❍ A. SaaS
❍ B. Community
❍ C. Hybrid
❍ D. Containerization

Answer 64

C. Hybrid

Question 65

A company hires a large number of seasonal employees,
and their system access should normally be disabled
when the employee leaves the company. The security
administrator would like to verify that their systems
cannot be accessed by any of the former employees.
Which of the following would be the BEST way to
provide this verification?

❍ A. Confirm that no unauthorized accounts have
administrator access
❍ B. Validate the account lockout policy
❍ C. Validate the processes and procedures for all
outgoing employees
❍ D. Create a report that shows all authentications for a
24-hour period

Answer 65

C. Validate the processes and procedures for all
outgoing employees

Question 66

A network administrator has installed a new access point,
but only a portion of the wireless devices are able to
connect to the network. Other devices can see the access
point, but they are not able to connect even when using
the correct wireless settings. Which of the following
security features was MOST likely enabled?

❍ A. MAC filtering
❍ B. SSID broadcast suppression
❍ C. 802.1X authentication
❍ D. Anti-spoofin

Answer 66

A. MAC filtering