wk2-other-101-150

Question 1

QUESTION: 101
After reviewing the following vulnerability scanning report:
A security analyst performs the following test:
Which of the following would the security analyst conclude for this reported vulnerability?
A. It is a false positive.
B. A rescan is required.
C. It is considered noise.
D. Compensating controls exist.

Answer 1

A. It is a false positive.

Question 2

QUESTION: 102
An organization disabled unneeded services and placed a firewall in front of a business-critical
legacy system.
Which of the following best describes the actions taken by the organization?
A. Exception
B. Segmentation
C. Risk transfer
D. Compensating controls

Answer 2

D. Compensating controls

Question 3

QUESTION: 103
A security consultant needs secure, remote access to a client environment.
Which of the following should the security consultant most likely use to gain access?
A. EAP
B. DHCP
C. IPSec
D. NAT

Answer 3

C. IPSec

Question 4

QUESTION: 104
Which of the following should a systems administrator use to ensure an easy deployment of
resources within the cloud provider?
A. Software as a service
B. Infrastructure as code
C. Internet of Things
D. Software-defined networking

Answer 4

B. Infrastructure as code

Question 5

QUESTION: 105
After a security awareness training session, a user called the IT help desk and reported a
suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card
information in order to close an invoice.
Which of the following topics did the user recognize from the training?
A. Insider threat
B. Email phishing
C. Social engineering
D. Executive whaling

Answer 5

C. Social engineering

Question 6

QUESTION: 106
A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer data.
Which of the following should the administrator do first?
A. Block access to cloud storage websites.
B. Create a rule to block outgoing email attachments.
C. Apply classifications to the data.
D. Remove all user permissions from shares on the file server.

Answer 6

C. Apply classifications to the data.

Question 7

QUESTION: 107
An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period.
Which of the following data policies is the administrator carrying out?
A. Compromise
B. Retention
C. Analysis
D. Transfer
E. Inventory

Answer 7

B. Retention

Question 8

QUESTION: 108
A company is working with a vendor to perform a penetration test.
Which of the following includes an estimate about the number of hours required to complete the
engagement?
A. SOW
B. BPA
C. SLA
D. NDA

Answer 8

A. SOW

Question 9

QUESTION: 109
A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the
increase of ransomware-as-a-service in a report to the management team.
Which of the following best describes the threat actor in the CISO’s report?
A. Insider threat
B. Hacktivist
C. Nation-state
D. Organized crime

Answer 9

D. Organized crime

Question 10

QUESTION: 110
Which of the following practices would be best to prevent an insider from introducing malicious
code into a company’s development process?
A. Code scanning for vulnerabilities
B. Open-source component usage
C. Quality assurance testing
D. Peer review and approval

Answer 10

D. Peer review and approval

Question 11

QUESTION: 111
Which of the following can best protect against an employee inadvertently installing malware on
a company system?
A. Host-based firewall
B. System isolation
C. Least privilege
D. Application allow list

Answer 11

D. Application allow list

Question 12

QUESTION: 112
A company is adding a clause to its AUP that states employees are not allowed to modify the
operating system on mobile devices.
Which of the following vulnerabilities is the organization addressing?
A. Cross-site scripting
B. Buffer overflow
C. Jailbreaking
D. Side loading

Answer 12

C. Jailbreaking

Question 13

QUESTION: 113
Which of the following would be the best ways to ensure only authorized personnel can access
a secure facility? (Choose two.)
A. Fencing
B. Video surveillance
C. Badge access
D. Access control vestibule
E. Sign-in sheet
F. Sensor

Answer 13

C. Badge access
D. Access control vestibule

Question 14

QUESTION: 114
An organization would like to store customer data on a separate part of the network that is not
accessible to users on the main corporate network.
Which of the following should the administrator use to accomplish this goal?
A. Segmentation
B. Isolation
C. Patching
D. Encryption

Answer 14

A. Segmentation

Question 15

QUESTION: 115
Which of the following is the most common data loss path for an air-gapped network?
A. Bastion host
B. Unsecured Bluetooth
C. Unpatched OS
D. Removable devices

Answer 15

D. Removable devices

Question 16

QUESTION: 116
Malware spread across a company’s network after an employee visited a compromised industry
blog.
Which of the following best describes this type of attack?
A. Impersonation
B. Disinformation
C. Watering-hole
D. Smishing

Answer 16

C. Watering-hole

Question 17

QUESTION: 117
An organization is struggling with scaling issues on its VPN concentrator and internet circuit due
to remote work. The organization is looking for a software solution that will allow it to reduce
traffic on the VPN and internet circuit, while still providing encrypted tunnel access to the data
center and monitoring of remote employee internet traffic.
Which of the following will help achieve these objectives?
A. Deploying a SASE solution to remote employees
B. Building a load-balanced VPN solution with redundant internet
C. Purchasing a low-cost SD-WAN solution for VPN traffic
D. Using a cloud provider to create additional VPN concentrators

Answer 17

A. Deploying a SASE solution to remote employees

Question 18

QUESTION: 118
Which of the following is the best reason to complete an audit in a banking environment?
A. Regulatory requirement
B. Organizational change
C. Self-assessment requirement
D. Service-level requirement

Answer 18

A. Regulatory requirement

Question 19

QUESTION: 119
Which of the following security concepts is the best reason for permissions on a human
resources fileshare to follow the principle of least privilege?
A. Integrity
B. Availability
C. Confidentiality
D. Non-repudiation

Answer 19

C. Confidentiality

Question 20

QUESTION: 120
Which of the following are cases in which an engineer should recommend the decommissioning
of a network device? (Choose two.)
A. The device has been moved from a production environment to a test environment.
B. The device is configured to use cleartext passwords.
C. The device is moved to an isolated segment on the enterprise network.
D. The device is moved to a different location in the enterprise.
E. The device’s encryption level cannot meet organizational standards.
F. The device is unable to receive authorized updates.

Answer 20

E. The device’s encryption level cannot meet organizational standards.
F. The device is unable to receive authorized updates.

Question 21

QUESTION: 121
A company is required to perform a risk assessment on an annual basis.
Which of the following types of risk assessments does this requirement describe?
A. Continuous
B. Ad hoc
C. Recurring
D. One time

Answer 21

C. Recurring

Question 22

QUESTION: 122
After a recent ransomware attack on a company’s system, an administrator reviewed the log files.
Which of the following control types did the administrator use?
A. Compensating
B. Detective
C. Preventive
D. Corrective

Answer 22

B. Detective

Question 23

QUESTION: 123
Which of the following exercises should an organization use to improve its incident response
process?
A. Tabletop
B. Replication
C. Failover
D. Recovery

Answer 23

A. Tabletop

Question 24

QUESTION: 124
Which of the following best ensures minimal downtime and data loss for organizations with
critical computing equipment located in earthquake-prone areas?
A. Generators and UPS
B. Off-site replication
C. Redundant cold sites
D. High availability networking

Answer 24

B. Off-site replication

Question 25

QUESTION: 125
A newly identified network access vulnerability has been found in the OS of legacy IoT devices.
Which of the following would best mitigate this vulnerability quickly?
A. Insurance
B. Patching
C. Segmentation
D. Replacement

Answer 25

C. Segmentation

Question 26

QUESTION: 126
After an audit, an administrator discovers all users have access to confidential data on a file
server.
Which of the following should the administrator use to restrict access to the data quickly?
A. Group Policy
B. Content filtering
C. Data loss prevention
D. Access control lists

Answer 26

D. Access control lists

Question 27

QUESTION: 127
A client demands at least 99.99% uptime from a service provider’s hosted security services.
Which of the following documents includes the information the service provider should return to
the client?
A. MOA
B. SOW
C. MOU
D. SLA

Answer 27

D. SLA

Question 28

QUESTION: 128
A company is discarding a classified storage array and hires an outside vendor to complete the
disposal.
Which of the following should the company request from the vendor?
A. Certification
B. Inventory list
C. Classification
D. Proof of ownership

Answer 28

A. Certification

Question 29

QUESTION: 129
A company is planning a disaster recovery site and needs to ensure that a single natural
disaster would not result in the complete loss of regulated backup data.
Which of the following should the company consider?
A. Geographic dispersion
B. Platform diversity
C. Hot site
D. Load balancing

Answer 29

A. Geographic dispersion

Question 30

QUESTION: 130
A security analyst locates a potentially malicious video file on a server and needs to identify
both the creation date and the file’s creator.
Which of the following actions would most likely give the security analyst the information
required?
A. Obtain the file’s SHA-256 hash.
B. Use hexdump on the file’s contents.
C. Check endpoint logs.
D. Query the file’s metadata.

Answer 30

D. Query the file’s metadata.

Question 31

QUESTION: 131
Which of the following teams combines both offensive and defensive testing techniques to
protect an organization’s critical systems?
A. Red
B. Blue
C. Purple
D. Yellow

Answer 31

C. Purple

Question 32

QUESTION: 132
A small business uses kiosks on the sales floor to display product information for customers. A
security team discovers the kiosks use end-of-life operating systems.
Which of the following is the security team most likely to document as a security implication of
the current architecture?
A. Patch availability
B. Product software compatibility
C. Ease of recovery
D. Cost of replacement

Answer 32

A. Patch availability

Question 33

QUESTION: 133
Which of the following would help ensure a security analyst is able to accurately measure the
overall risk to an organization when a new vulnerability is disclosed?
A. A full inventory of all hardware and software
B. Documentation of system classifications
C. A list of system owners and their departments
D. Third-party risk assessment documentation

Answer 33

A. A full inventory of all hardware and software

Question 34

QUESTION: 134
Which of the following best practices gives administrators a set period to perform changes to an
operational system to ensure availability and minimize business impacts?
A. Impact analysis
B. Scheduled downtime
C. Backout plan
D. Change management boards

Answer 34

B. Scheduled downtime

Question 35

QUESTION: 135
A company must ensure sensitive data at rest is rendered unreadable.
Which of the following will the company most likely use?
A. Hashing
B. Tokenization
C. Encryption
D. Segmentation

Answer 35

C. Encryption

Question 36

QUESTION: 136
A legacy device is being decommissioned and is no longer receiving updates or patches.
Which of the following describes this scenario?
A. End of business
B. End of testing
C. End of support
D. End of life

Answer 36

D. End of life

Question 37

QUESTION: 137
A bank insists all of its vendors must prevent data loss on stolen laptops.
Which of the following strategies is the bank requiring?
A. Encryption at rest
B. Masking
C. Data classification
D. Permission restrictions

Answer 37

A. Encryption at rest

Question 38

QUESTION: 138
A company’s end users are reporting that they are unable to reach external websites. After
reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk,
and memory usage are minimal, but the network interface is flooded with inbound traffic.
Network logs show only a small number of DNS queries sent to this server.
Which of the following best describes what the security analyst is seeing?
A. Concurrent session usage
B. Secure DNS cryptographic downgrade
C. On-path resource consumption
D. Reflected denial of service

Answer 38

D. Reflected denial of service

Question 39

QUESTION: 139
A systems administrator wants to prevent users from being able to access data based on their
responsibilities. The administrator also wants to apply the required access structure via a
simplified format.
Which of the following should the administrator apply to the site recovery resource group?
A. RBAC
B. ACL
C. SAML
D. GPO

Answer 39

A. RBAC

Question 40

QUESTION: 140
During the onboarding process, an employee needs to create a password for an intranet
account. The password must include ten characters, numbers, and letters, and two special
characters. Once the password is created, the company will grant the employee access to other
company-owned websites based on the intranet profile.
Which of the following access management concepts is the company most likely using to
safeguard intranet accounts and grant access to multiple sites based on a user’s intranet
account? (Choose two.)
A. Federation
B. Identity proofing
C. Password complexity
D. Default password changes
E. Password manager
F. Open authentication

Answer 40

A. Federation
C. Password complexity

Question 41

QUESTION: 141
Which of the following describes a security alerting and monitoring tool that collects system,
application, and network logs from multiple sources in a centralized system?
A. SIEM
B. DLP
C. IDS
D. SNMP

Answer 41

A. SIEM

Question 42

QUESTION: 142
A network manager wants to protect the company’s VPN by implementing multifactor
authentication that uses:
Something you know
Something you have
Something you are
Which of the following would accomplish the manager’s goal?
A. Domain name, PKI, GeoIP lookup
B. VPN IP address, company ID, facial structure
C. Password, authentication token, thumbprint
D. Company URL, TLS certificate, home address

Answer 42

C. Password, authentication token, thumbprint

Question 43

QUESTION: 143
Which of the following would be the best way to handle a critical business application that is
running on a legacy server?
A. Segmentation
B. Isolation
C. Hardening
D. Decommissioning

Answer 43

B. Isolation

Question 44

QUESTION: 144
Which of the following vulnerabilities is exploited when an attacker overwrites a register with a
malicious address?
A. VM escape
B. SQL injection
C. Buffer overflow
D. Race condition

Answer 44

C. Buffer overflow

Question 45

QUESTION: 145
After a company was compromised, customers initiated a lawsuit. The company’s attorneys
have requested that the security team initiate a legal hold in response to the lawsuit.
Which of the following describes the action the security team will most likely be required to
take?
A. Retain the emails between the security team and affected customers for 30 days.
B. Retain any communications related to the security breach until further notice.
C. Retain any communications between security members during the breach response.
D. Retain all emails from the company to affected customers for an indefinite period of time.

Answer 45

B. Retain any communications related to the security breach until further notice.

Question 46

QUESTION: 146
Which of the following describes the process of concealing code or text inside a graphical
image?
A. Symmetric encryption
B. Hashing
C. Data masking
D. Steganography

Answer 46

D. Steganography

Question 47

QUESTION: 147
An employee receives a text message from an unknown number claiming to be the company’s
Chief Executive Officer and asking the employee to purchase several gift cards.
Which of the following types of attacks does this describe?
A. Vishing
B. Smishing
C. Pretexting
D. Phishing

Answer 47

B. Smishing

Question 48

QUESTION: 148
Which of the following risk management strategies should an enterprise adopt first if a legacy
application is critical to business operations and there are preventative controls that are not yet
implemented?
A. Mitigate
B. Accept
C. Transfer
D. Avoid

Answer 48

A. Mitigate

Question 49

QUESTION: 149
Visitors to a secured facility are required to check in with a photo ID and enter the facility
through an access control vestibule.
Which of the following best describes this form of security control?
A. Physical
B. Managerial
C. Technical
D. Operational

Answer 49

A. Physical

Question 50

QUESTION: 150
The local administrator account for a company’s VPN appliance was unexpectedly used to log
in to the remote management interface.
Which of the following would have most likely prevented this from happening?
A. Using least privilege
B. Changing the default password
C. Assigning individual user IDs
D. Reviewing logs more frequently

Answer 50

B. Changing the default password