Test Dump

Question 1

Which of the following will MOST likely adversely impact the operations of unpatched traditional
programmable-logic controllers, running a back-end LAMP server and OT systems with human-management
interfaces that are accessible over the Internet via a web interface? (Choose two.)

A. Cross-site scripting
B. Data exfiltration
C. Poor system logging
D. Weak encryption
E. SQL injection
F. Server-side request forgery

Answer 1

D. Weak encryption
F. Server-side request forgery

Question 2

A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged
corporate-owned mobile devices. Which of the following technologies would be BEST to balance the BYOD
culture while also protecting the company’s data?

A. Containerization
B. Geofencing
C. Full-disk encryption
D. Remote wipe

Answer 2

C. Full-disk encryption

Question 3

A Chief Security Office’s (CSO’s) key priorities are to improve preparation, response, and recovery practices to
minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the
following would BEST meet the CSO’s objectives?

A. Use email-filtering software and centralized account management, patch high-risk systems, and restrict
administration privileges on fileshares.
B. Purchase cyber insurance from a reputable provider to reduce expenses during an incident.
C. Invest in end-user awareness training to change the long-term culture and behavior of staff and executives,
reducing the organization’s susceptibility to phishing attacks.
D. Implement application whitelisting and centralized event-log management, and perform regular testing and
validation of full backups.

Answer 3

D. Implement application whitelisting and centralized event-log management, and perform regular testing and
validation of full backups.

Question 4

A network engineer has been asked to investigate why several wireless barcode scanners and wireless
computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and
computers are all on forklift trucks and move around the warehouse during their regular use. Which of the
following should the engineer do to determine the issue? (Choose two.)

A. Perform a site survey
B. Deploy an FTK Imager
C. Create a heat map
D. Scan for rogue access points
E. Upgrade the security protocols

Answer 4

A. Perform a site survey
C. Create a heat map

Question 5

A security administrator suspects an employee has been emailing proprietary information to a competitor.
Company policy requires the administrator to capture an exact copy of the employee’s hard disk. Which of the
following should the administrator use?

A. dd
B. chmod
C. dnsenum
D. logger

Answer 5

A. dd

Question 6

Which of the following is MOST likely to outline the roles and responsibilities of data controllers and data
processors?

A. SSAE SOC 2
B. PCI DSS
C. GDPR
D. ISO 31000

Answer 6

C. GDPR

Question 7

Phishing and spear-phishing attacks have been occurring more frequently against a company’s staff. Which of
the following would MOST likely help mitigate this issue?

A. DNSSEC and DMARC
B. DNS query logging
C. Exact mail exchanger records in the DNS
D. The addition of DNS conditional forwarders

Answer 7

C. Exact mail exchanger records in the DNS

Question 8

On which of the following is the live acquisition of data for forensic analysis MOST dependent? (Choose two.)

A. Data accessibility
B. Legal hold
C. Cryptographic or hash algorithm
D. Data retention legislation
E. Value and volatility of data
F. Right-to-audit clauses

Answer 8

E. Value and volatility of data
F. Right-to-audit clauses

Question 9

Which of the following incident response steps involves actions to protect critical systems while maintaining
business operations?

A. Investigation
B. Containment
C. Recovery
D. Lessons learned

Answer 9

B. Containment

Question 10

A security auditor is reviewing vulnerability scan data provided by an internal security team. Which of the
following BEST indicates that valid credentials were used?

A. The scan results show open ports, protocols, and services exposed on the target host
B. The scan enumerated software versions of installed programs
C. The scan produced a list of vulnerabilities on the target host
D. The scan identified expired SSL certificates
Correct Answer: B

Answer 10

B. The scan enumerated software versions of installed programs

Question 11

Which of the following BEST explains the difference between a data owner and a data custodian?
A. The data owner is responsible for adhering to the rules for using the data, while the data custodian is responsible for determining the corporate governance regarding the data

B. The data owner is responsible for determining how the data may be used, while the data custodian is
responsible for implementing the protection to the data

C. The data owner is responsible for controlling the data, while the data custodian is responsible for
maintaining the chain of custody when handling the data

D. The data owner grants the technical permissions for data access, while the data custodian maintains the
database access controls to the data
Correct Answer: B

Answer 11

B. The data owner is responsible for determining how the data may be used, while the data custodian is
responsible for implementing the protection to the data

Question 12

A network engineer needs to build a solution that will allow guests at the company’s headquarters to access
the Internet via WiFi. This solution should not allow access to the internal corporate network, but it should
require guests to sign off on the acceptable use policy before accessing the Internet. Which of the following
should the engineer employ to meet these requirements?

A. Implement open PSK on the APs
B. Deploy a WAF
C. Configure WIPS on the APs
D. Install a captive portal

Answer 12

D. Install a captive portal

A captive portal is a customized login page that users must address before connecting to a public (or free) Wi-Fi network

Question 13

Which of the following cloud models provides clients with servers, storage, and networks but nothing else?

A. SaaS
B. PaaS
C. IaaS
D. DaaS

Answer 13

C. IaaS

Question 14

A network administrator needs to build out a new datacenter, with a focus on resiliency and uptime. Which of
the following would BEST meet this objective? (Choose two.)

A. Dual power supply
B. Off-site backups
C. Automatic OS upgrades
D. NIC teaming
E. Scheduled penetration testing
F. Network-attached storage

Answer 14

A. Dual power supply
B. Off-site backups

Question 15

An organization is developing an authentication service for use at the entry and exit ports of country borders.
The service will use data feeds obtained from passport systems, passenger manifests, and high-definition
video feeds from CCTV systems that are located at the ports. The service will incorporate machine-learning
techniques to eliminate biometric enrollment processes while still allowing authorities to identify passengers
with increasing accuracy over time. The more frequently passengers travel, the more accurately the service will
identify them. Which of the following biometrics will MOST likely be used, without the need for enrollment?

(Choose two.)
A. Voice
B. Gait
C. Vein
D. Facial
E. Retina
F. Fingerprint

Answer 15

B. Gait
D. Facial

Question 16

An organization needs to implement more stringent controls over administrator/root credentials and service
accounts. Requirements for the project include:
Check-in/checkout of credentials
The ability to use but not know the password
Automated password changes
Logging of access to credentials
Which of the following solutions would meet the requirements?

A. OAuth 2.0
B. Secure Enclave
C. A privileged access management system
D. An OpenID Connect authentication system

Answer 16

D. An OpenID Connect authentication system

Question 17

Several employees return to work the day after attending an industry trade show. That same day, the security
manager notices several malware alerts coming from each of the employee’s workstations. The security
manager investigates but finds no signs of an attack on the perimeter firewall or the NIDS. Which of the
following is MOST likely causing the malware alerts?

A. A worm that has propagated itself across the intranet, which was initiated by presentation media
B. A fileless virus that is contained on a vCard that is attempting to execute an attack
C. A Trojan that has passed through and executed malicious code on the hosts
D. A USB flash drive that is trying to run malicious code but is being blocked by the host firewall

Answer 17

A. A worm that has propagated itself across the intranet, which was initiated by presentation media

Question 18

An attacker sends multiple syn packets from multiple sources

Target: Web server
(answer format: attack identified, Remediation Action)

Answer 18

Botnet, enable DDoS protection

Question 19

The attack is self propogating and compromises a SQL database using well-known credentials as it moves through the network

Target: Database Server
(answer format: attack identified, Remediation Action)

Answer 19

Worm, change the default application password

Question 20

The Attacker establishes a connection which allows remote commands to be executed

Target: User
(answer format: attack identified, Remediation Action)

Answer 20

RAT, implement a host based IPS

Question 21

The attacker uses hardware to remotely monitor a user’s input activity to harvest credentials

Target: Executive
(answer format: attack identified, Remediation Action)

Answer 21

keylogger, disable vulnerable services

Question 22

The attacker embeds hidden access in an internally developed application that bypasses account log in

Target: application
(answer format: attack identified, Remediation Action)

Answer 22

backdoor, implement 2FA using push notification

Question 23

A security engineer is setting up passwordless authentication for the first time.
INSTRUCTIONS
Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.

chmod664 ~/.ssh/id_rsa
chmod 777 ~/.ssh/authorized_keys
ssh-keygen -t rsa
scp ~/.ssh/id_rsa user@server:.ssh/authorized_keys
ssh-copy-id -i ~/.ssh/id_rsa.pub user@server
ssh -i ~/.ssh/id_rsa user@server
ssh root@server

Answer 23

ssh-keygen -t rsa
ssh-copy-id -i ~/.ssh/id_rsa.pub user@server
chmod664 ~/.ssh/id_rsa
ssh root@server

Question 24

Shadow IT

Answer 24

information technology systems deployed by departments other than the central IT department, to bypass limitations and restrictions that have been imposed by central information systems

Question 25

The IT department at a university is concerned about professors placing servers on the university network in an
attempt to bypass security controls. Which of the following BEST represents this type of threat?

A. A script kiddie
B. Shadow IT
C. Hacktivism
D. White-hat

Answer 25

B. Shadow IT

Question 26

Which of the following refers to applications and systems that are used within an organization without consent
or approval?

A. Shadow IT
B. OSINT
C. Dark web
D. Insider threats

Answer 26

A. Shadow IT

Question 27

A manufacturer creates designs for very high security products that are required to be protected and controlled
by the government regulations. These designs are not accessible by corporate networks or the Internet. Which
of the following is the BEST solution to protect these designs?

A. An air gap
B. A Faraday cage
C. A shielded cable
D. A demilitarized zone

Answer 27

A. An air gap

Question 28

An organization just experienced a major cyberattack incident. The attack was well coordinated, sophisticated,
and highly skilled. Which of the following targeted the organization?

A. Shadow IT
B. An insider threat
C. A hacktivist
D. An advanced persistent threat

Answer 28

D. An advanced persistent threat

Question 29

A security analyst has received an alert about PII being sent via email. The analyst’s Chief Information Security
Officer (CISO) has made it clear that PII must be handled with extreme care. From which of the following did
the alert MOST likely originate?

A. S/MIME
B. DLP
C. IMAP
D. HIDS

Answer 29

B. DLP

Question 30

A local coffee shop runs a small WiFi hotspot for its customers that utilizes WPA2-PSK. The coffee shop would
like to stay current with security trends and wants to implement WPA3 to make its WiFi even more secure.
Which of the following technologies will the coffee shop MOST likely use in place of PSK?

A. WEP
B. MSCHAP
C. WPS
D. SAE

Answer 30

D. SAE

Question 31

A company is designing the layout of a new datacenter so it will have an optimal environmental temperature.
Which of the following must be included? (Choose two.)

A. An air gap
B. A cold aisle
C. Removable doors
D. A hot aisle
E. An IoT thermostat
F. A humidity monitor

Answer 31

B. A cold aisle
E. An IoT thermostat

Question 32

Which of the following will MOST likely cause machine learning and AI-enabled systems to operate with
unintended consequences?

A. Stored procedures
B. Buffer overflows
C. Data bias
D. Code reuse

Answer 32

D. Code reuse

Question 33

A security engineer at an offline government facility is concerned about the validity of an SSL certificate. The engineer wants to perform the fastest check with the least delay to determine if the certificate has been
revoked. Which of the following would BEST meet these requirements?

A. RA
B. OCSP
C. CRL
D. CSR

Answer 33

C. CRL

Question 34

Which of the following would be BEST to establish between organizations to define the responsibilities of each
party, outline the key deliverables, and include monetary penalties for breaches to manage third-party risk?

A. An ARO
B. An MOU
C. An SLA
D. A BPA

Answer 34

C. An SLA

Question 35

Users at an organization have been installing programs from the Internet on their workstations without first
receiving proper authorization. The organization maintains a portal from which users can install standardized
programs. However, some users have administrative access on their workstations to enable legacy programs
to function properly. Which of the following should the security administrator consider implementing to address
this issue?

A. Application code signing
B. Application whitelisting
C. Data loss prevention
D. Web application firewalls

Answer 35

B. Application whitelisting

Question 36

A security analyst is reviewing information regarding recent vulnerabilities. Which of the following will the
analyst MOST likely consult to validate which platforms have been affected?

A. OSINT
B. SIEM
C. CVSS
D. CVE

Answer 36

D. CVE

Question 37

A security analyst is looking for a solution to help communicate to the leadership team the severity levels of the
organization’s vulnerabilities. Which of the following would BEST meet this need?

A. CVE
B. SIEM
C. SOAR
D. CVSS

Answer 37

D. CVSS

Question 38

In the middle of a cyberattack, a security engineer removes the infected devices from the network and locks
down all compromised accounts. In which of the following incident response phases is the security engineer
currently operating?

A. Identification
B. Preparation
C. Lessons learned
D. Eradication
E. Recovery
F. Containment

Answer 38

F. Containment

Question 39

A network administrator is setting up wireless access points in all the conference rooms and wants to
authenticate devices using PKI. Which of the following should the administrator configure?

A. A captive portal
B. PSK
C. 802.1X
D. WPS

Answer 39

C. 802.1X

Question 40

Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable
code in a software company’s final software releases? (Choose two.)

A. Unsecure protocols
B. Use of penetration-testing utilities
C. Weak passwords
D. Included third-party libraries
E. Vendors/supply chain
F. Outdated anti-malware software

Answer 40

A. Unsecure protocols
C. Weak passwords

Question 41

A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged
corporate-owned mobile devices. Which of the following technologies would be BEST to balance the BYOD
culture while also protecting the company’s data?

A. Containerization
B. Geofencing
C. Full-disk encryption
D. Remote wipe

Answer 41

C. Full-disk encryption

Question 42

Which of the following incident response steps involves actions to protect critical systems while maintaining
business operations?

A. Investigation
B. Containment
C. Recovery
D. Lessons learned

Answer 42

B. Containment

Question 43

A company is implementing MFA for all applications that store sensitive data. The IT manager wants MFA to
be non-disruptive and user friendly. Which of the following technologies should the IT manager use when
implementing MFA?

A. One-time passwords
B. Email tokens
C. Push notifications
D. Hardware authentication

Answer 43

C. Push notifications

Question 44

A development team employs a practice of bringing all the code changes from multiple team members into the
same development project through automation. A tool is utilized to validate the code and track source code
through version control. Which of the following BEST describes this process?

A. Continuous delivery
B. Continuous integration
C. Continuous validation
D. Continuous monitoring

Answer 44

B. Continuous integration

Question 45

Which of the following BEST explains the reason why a server administrator would place a document named
password.txt on the desktop of an administrator account on a server?

A. The document is a honeyfile and is meant to attract the attention of a cyberintruder.
B. The document is a backup file if the system needs to be recovered.
C. The document is a standard file that the OS needs to verify the login credentials.
D. The document is a keylogger that stores all keystrokes should the account be compromised.

Answer 45

A. The document is a honeyfile and is meant to attract the attention of a cyberintruder.

Question 46

A small company that does not have security staff wants to improve its security posture. Which of the following
would BEST assist the company?

A. MSSP
B. SOAR
C. IaaS
D. PaaS

Answer 46

B. SOAR

Question 47

A RAT that was used to compromise an organization’s banking credentials was found on a user’s computer.
The RAT evaded antivirus detection. It was installed by a user who has local administrator rights to the system
as part of a remote management tool set. Which of the following recommendations would BEST prevent this
from reoccurring?

A. Create a new acceptable use policy.
B. Segment the network into trusted and untrusted zones.
C. Enforce application whitelisting.
D. Implement DLP at the network boundary.

Answer 47

C. Enforce application whitelisting

Question 48

A network administrator has been asked to install an IDS to improve the security posture of an organization.
Which of the following control types is an IDS?

A. Corrective
B. Physical
C. Detective
D. Administrative

Answer 48

C. Detective

Question 49

An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or
data theft. Which of the following would be the MOST acceptable?

A. SED
B. HSM
C. DLP
D. TPM

Answer 49

A. SED (Self Encrypting Drive)

Question 50

SED

Answer 50

hard disk drive (HDD) or solid state drive (SSD) with an encryption circuit built into the drive

Question 51

A cybersecurity analyst needs to implement secure authentication to third-party websites without users’
passwords. Which of the following would be the BEST way to achieve this objective?

A. OAuth
B. SSO
C. SAML
D. PAP

Answer 51

A. OAuth

Question 52

An analyst needs to identify the applications a user was running and the files that were open before the user’s
computer was shut off by holding down the power button. Which of the following would MOST likely contain
that information?

A. NGFW
B. Pagefile
C. NetFlow
D. RAM

Answer 52

B. Pagefile

a reserved portion of a storage drive that is used as an extension of random access memory for data in RAM that hasn’t been used