wk3-other_201-251

Question 1

The marketing department set up its own project management software without telling the
appropriate departments.
Which of the following describes this scenario?
A. Shadow IT
B. Insider threat
C. Data exfiltration
D. Service disruption

Answer 1

A. Shadow IT

Question 2

QUESTION: 201
Which of the following would best explain why a security analyst is running daily vulnerability
scans on all corporate endpoints?
A. To track the status of patching installations
B. To find shadow IT cloud deployments
C. To continuously the monitor hardware inventory
D. To hunt for active attackers in the network

Answer 2

A. To track the status of patching installations

Question 3

QUESTION: 202
Which of the following is classified as high availability in a cloud environment?
A. Access broker
B. Cloud HSM
C. WAF
D. Load balancer

Answer 3

D. Load balancer

Question 4

QUESTION: 203
Which of the following security measures is required when using a cloud-based platform for IoT
management?
A. Encrypted connection
B. Federated identity
C. Firewall
D. Single sign-on

Answer 4

A. Encrypted connection

Question 5

QUESTION: 204
Which of the following threat vectors is most commonly utilized by insider threat actors
attempting data exfiltration?
A. Unidentified removable devices
B. Default network device credentials
C. Spear phishing emails
D. Impersonation of business units through typosquatting

Answer 5

A. Unidentified removable devices

Question 6

QUESTION: 205
Which of the following methods to secure credit card data is best to use when a requirement is
to see only the last four numbers on a credit card?
A. Encryption
B. Hashing
C. Masking
D. Tokenization

Answer 6

C. Masking

Question 7

QUESTION: 206
The Chief Information Security Officer (CISO) has determined the company is non-compliant
with local data privacy regulations. The CISO needs to justify the budget request for more
resources.
Which of the following should the CISO present to the board as the direct consequence of non-
compliance?
A. Fines
B. Reputational damage
C. Sanctions
D. Contractual implications

Answer 7

A. Fines

Question 8

QUESTION: 207
Which of the following alert types is the most likely to be ignored over time?
A. True positive
B. True negative
C. False positive
D. False negative

Answer 8

C. False positive

Question 9

QUESTION: 208
A security analyst is investigating an application server and discovers that software on the
server is behaving abnormally. The software normally runs batch jobs locally and does not
generate traffic, but the process is now generating outbound traffic over random high ports.
Which of the following vulnerabilities has likely been exploited in this software?
A. Memory injection
B. Race condition
C. Side loading
D. SQL injection

Answer 9

A. Memory injection

Question 10

QUESTION: 209
An important patch for a critical application has just been released, and a systems administrator
is identifying all of the systems requiring the patch.
Which of the following must be maintained in order to ensure that all systems requiring the
patch are updated?
A. Asset inventory
B. Network enumeration
C. Data certification
D. Procurement process

Answer 10

A. Asset inventory

Question 11

QUESTION: 210
Which of the following should a security operations center use to improve its incident response
procedure?
A. Playbooks
B. Frameworks
C. Baselines
D. Benchmarks

Answer 11

A. Playbooks

Question 12

QUESTION: 211
Which of the following describes an executive team that is meeting in a board room and testing
the company’s incident response plan?
A. Continuity of operations
B. Capacity planning
C. Tabletop exercise
D. Parallel processing

Answer 12

C. Tabletop exercise

Question 13

QUESTION: 212
A healthcare organization wants to provide a web application that allows individuals to digitally
report health emergencies.
Which of the following is the most important consideration during development?
A. Scalability
B. Availability
C. Cost
D. Ease of deployment

Answer 13

B. Availability

Question 14

QUESTION: 213
Which of the following agreement types defines the time frame in which a vendor needs to
respond?
A. SOW
B. SLA
C. MOA
D. MOU

Answer 14

B. SLA

Question 15

QUESTION: 214
Which of the following is a feature of a next-generation SIEM system?
A. Virus signatures
B. Automated response actions
C. Security agent deployment
D. Vulnerability scanning

Answer 15

B. Automated response actions

Question 16

QUESTION: 215
To improve the security at a data center, a security administrator implements a CCTV system
and posts several signs about the possibility of being filmed.
Which of the following best describe these types of controls? (Choose two.)
A. Preventive
B. Deterrent
C. Corrective
D. Directive
E. Compensating
F. Detective

Answer 16

B. Deterrent
F. Detective

Question 17

QUESTION: 216
Which of the following examples would be best mitigated by input sanitization?

A.

alert("Warning!");

B. nmap - 10.11.1.130
C. Email message: “Click this link to get your free gift card.”
D. Browser message: “Your connection is not private.”

Answer 17

A.

alert("Warning!");

Question 18

QUESTION: 217
An attacker posing as the Chief Executive Officer calls an employee and instructs the employee
to buy gift cards.
Which of the following techniques is the attacker using?
A. Smishing
B. Disinformation
C. Impersonating
D. Whaling

Answer 18

C. Impersonating

Question 19

QUESTION: 218
After conducting a vulnerability scan, a systems administrator notices that one of the identified
vulnerabilities is not present on the systems that were scanned.
Which of the following describes this example?
A. False positive
B. False negative
C. True positive
D. True negative

Answer 19

A. False positive

Question 20

QUESTION: 219
A recent penetration test identified that an attacker could flood the MAC address table of
network switches.
Which of the following would best mitigate this type of attack?
A. Load balancer
B. Port security
C. IPS
D. NGFW

Answer 20

B. Port security

Question 21

QUESTION: 220
A user would like to install software and features that are not available with a smartphone’s
default software.
Which of the following would allow the user to install unauthorized software and enable new
features?
A. SQLi
B. Cross-site scripting
C. Jailbreaking
D. Side loading

Answer 21

C. Jailbreaking

Question 22

QUESTION: 221
Which of the following phases of an incident response involves generating reports?
A. Recovery
B. Preparation
C. Lessons learned
D. Containment

Answer 22

C. Lessons learned

Question 23

QUESTION: 222
Which of the following methods would most likely be used to identify legacy systems?
A. Bug bounty program
B. Vulnerability scan
C. Package monitoring
D. Dynamic analysis

Answer 23

B. Vulnerability scan

Question 24

QUESTION: 223
Employees located off-site must have access to company resources in order to complete their
assigned tasks. These employees utilize a solution that allows remote access without
interception concerns.
Which of the following best describes this solution?
A. Proxy server
B. NGFW
C. VPN
D. Security zone

Answer 24

C. VPN

Question 25

QUESTION: 224
A company allows customers to upload PDF documents to its public e-commerce website.
Which of the following would a security analyst most likely recommend?
A. Utilizing attack signatures in an IDS
B. Enabling malware detection through a UTM
C. Limiting the affected servers with a load balancer
D. Blocking command injections via a WAF

Answer 25

D. Blocking command injections via a WAF

Question 26

QUESTION: 225
A security analyst developed a script to automate a trivial and repeatable task.
Which of the following best describes the benefits of ensuring other team members understand
how the script works?
A. To reduce implementation cost
B. To identify complexity
C. To remediate technical debt
D. To prevent a single point of failure

Answer 26

D. To prevent a single point of failure

Question 27

QUESTION: 226
A company is decommissioning its physical servers and replacing them with an architecture that
will reduce the number of individual operating systems.
Which of the following strategies should the company use to achieve this security requirement?
A. Microservices
B. Containerization
C. Virtualization
D. Infrastructure as code

Answer 27

B. Containerization

Question 28

QUESTION: 227
An administrator needs to perform server hardening before deployment.
Which of the following steps should the administrator take? (Choose two.)
A. Disable default accounts.
B. Add the server to the asset inventory.
C. Remove unnecessary services.
D. Document default passwords.
E. Send server logs to the SIEM.
F. Join the server to the corporate domain.

Answer 28

A. Disable default accounts.
C. Remove unnecessary services.

Question 29

QUESTION: 228
A Chief Information Security Officer would like to conduct frequent, detailed reviews of systems
and procedures to track compliance objectives.
Which of the following will be the best method to achieve this objective?
A. Third-party attestation
B. Penetration testing
C. Internal auditing
D. Vulnerability scans

Answer 29

C. Internal auditing

Question 30

QUESTION: 229
Which of the following security concepts is accomplished with the installation of a RADIUS
server?
A. CIA
B. AAA
C. ACL
D. PEM

Answer 30

B. AAA

Question 31

QUESTION: 230
After creating a contract for IT contractors, the human resources department changed several
clauses. The contract has gone through three revisions.
Which of the following processes should the human resources department follow to track
revisions?
A. Version validation
B. Version changes
C. Version updates
D. Version control

Answer 31

D. Version control

Question 32

QUESTION: 231
The executive management team is mandating the company develop a disaster recovery plan.
The cost must be kept to a minimum, and the money to fund additional internet connections is
not available.
Which of the following would be the best option?
A. Hot site
B. Cold site
C. Failover site
D. Warm site

Answer 32

B. Cold site

Question 33

QUESTION: 232
An administrator at a small business notices an increase in support calls from employees who
receive a blocked page message after trying to navigate to a spoofed website.
Which of the following should the administrator do?
A. Deploy multifactor authentication.
B. Decrease the level of the web filter settings.
C. Implement security awareness training.
D. Update the acceptable use policy.

Answer 33

C. Implement security awareness training.

Question 34

QUESTION: 233
Which of the following teams is best suited to determine whether a company has systems that
can be exploited by a potential, identified vulnerability?
A. Purple team
B. Blue team
C. Red team
D. White team

Answer 34

C. Red team

Question 35

QUESTION: 234
A company is reviewing options to enforce user logins after several account takeovers. The
following conditions must be met as part of the solution:
* Allow employees to work remotely or from assigned offices around the world.
* Provide a seamless login experience.
* Limit the amount of equipment required.
Which of the following best meets these conditions?
A. Trusted devices
B. Geotagging
C. Smart cards
D. Time-based logins

Answer 35

A. Trusted devices

Question 36

QUESTION: 235
Which of the following methods can be used to detect attackers who have successfully
infiltrated a network? (Choose two.)
A. Tokenization
B. CI/CD
C. Honeypots
D. Threat modeling
E. DNS sinkhole
F. Data obfuscation

Answer 36

C. Honeypots
E. DNS sinkhole

Question 37

QUESTION: 236
A company wants to ensure that the software it develops will not be tampered with after the final
version is completed.
Which of the following should the company most likely use?
A. Hashing
B. Encryption
C. Baselines
D. Tokenization

Answer 37

A. Hashing

Question 38

QUESTION: 237
An organization completed a project to deploy SSO across all business applications last year.
Recently, the finance department selected a new cloud-based accounting software vendor.
Which of the following should most likely be configured during the new software deployment?
A. RADIUS
B. SAML
C. EAP
D. OpenID

Answer 38

B. SAML

Question 39

QUESTION: 238
A user, who is waiting for a flight at an airport, logs in to the airline website using the public Wi-Fi, ignores a security warning and purchases an upgraded seat.
When the flight lands, the user finds unauthorized credit card charges.
Which of the following attacks most likely occurred?
A. Replay attack
B. Memory leak
C. Buffer overflow attack
D. On-path attack

Answer 39

D. On-path attack

Question 40

QUESTION: 239
A network engineer deployed a redundant switch stack to increase system availability. However,
the budget can only cover the cost of one ISP connection.
Which of the following best describes the potential risk factor?
A. The equipment MTBF is unknown.
B. The ISP has no SLA.
C. An RPO has not been determined.
D. There is a single point of failure.

Answer 40

D. There is a single point of failure.

Question 41

QUESTION: 240
A network team segmented a critical, end-of-life server to a VLAN that can only be reached by
specific devices but cannot be reached by the perimeter network.
Which of the following best describe the controls the team implemented? (Choose two.)
A. Managerial
B. Physical
C. Corrective
D. Detective
E. Compensating
F. Technical
G. Deterrent

Answer 41

E. Compensating
F. Technical

Question 42

QUESTION: 241
A threat actor was able to use a username and password to log in to a stolen company mobile
device.
Which of the following provides the best solution to increase mobile data security on all
employees’ company mobile devices?
A. Application management
B. Full disk encryption
C. Remote wipe
D. Containerization

Answer 42

C. Remote wipe

Question 43

QUESTION: 242
Which of the following best describes the risk present after controls and mitigating factors have
been applied?
A. Residual
B. Avoided
C. Inherent
D. Operational

Answer 43

A. Residual

Question 44

QUESTION: 243
A software development team asked a security administrator to recommend techniques that
should be used to reduce the chances of the software being reverse engineered.
Which of the following should the security administrator recommend?
A. Digitally signing the software
B. Performing code obfuscation
C. Limiting the use of third-party libraries
D. Using compile flags

Answer 44

B. Performing code obfuscation

Question 45

QUESTION: 244
Which of the following is a possible factor for MFA?
A. Something you exhibit
B. Something you have
C. Somewhere you are
D. Someone you know

Answer 45

B. Something you have

Question 46

QUESTION: 245
Easy-to-guess passwords led to an account compromise. The current password policy requires
at least 12 alphanumeric characters, one uppercase character, one lowercase character, a
password history of two passwords, a minimum password age of one day, and a maximum
password age of 90 days.
Which of the following would reduce the risk of this incident from happening again? (Choose
two.)
A. Increasing the minimum password length to 14 characters.
B. Upgrading the password hashing algorithm from MD5 to SHA-512.
C. Increasing the maximum password age to 120 days.
D. Reducing the minimum password length to ten characters.
E. Reducing the minimum password age to zero days.
F. Including a requirement for at least one special character.

Answer 46

A. Increasing the minimum password length to 14 characters.
F. Including a requirement for at least one special character.

Question 47

QUESTION: 246
A user downloaded software from an online forum. After the user installed the software, the
security team observed external network traffic connecting to the user’s computer on an
uncommon port.
Which of the following is the most likely explanation of this unauthorized connection?
A. The software had a hidden keylogger.
B. The software was ransomware.
C. The user’s computer had a fileless virus.
D. The software contained a backdoor.

Answer 47

D. The software contained a backdoor.

Question 48

QUESTION: 247
A utility company is designing a new platform that will host all the virtual machines used by
business applications. The requirements include:
* A starting baseline of 50% memory utilization
* Storage scalability
* Single circuit failure resilience
Which of the following best meets all of these requirements?
A. Connecting dual PDUs to redundant power supplies
B. Transitioning the platform to an IaaS provider
C. Configuring network load balancing for multiple paths
D. Deploying multiple large NAS devices for each host

Answer 48

B. Transitioning the platform to an IaaS provider

Question 49

QUESTION: 248
Which of the following best describes a use case for a DNS sinkhole?
A. Attackers can see a DNS sinkhole as a highly valuable resource to identify a company’s
domain structure.
B. A DNS sinkhole can be used to draw employees away from known-good websites to
malicious ones owned by the attacker.
C. A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers.
D. A DNS sinkhole can be set up to attract potential attackers away from a company’s network
resources.

Answer 49

C. A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers.

Question 50

QUESTION: 249
An incident analyst finds several image files on a hard disk. The image files may contain
geolocation coordinates.
Which of the following best describes the type of information the analyst is trying to extract from
the image files?
A. Log data
B. Metadata
C. Encrypted data
D. Sensitive data

Answer 50

B. Metadata

Question 51

QUESTION: 250
Which of the following most likely describes why a security engineer would configure all
outbound emails to use S/MIME digital signatures?
A. To meet compliance standards
B. To increase delivery rates
C. To block phishing attacks
D. To ensure non-repudiation

Answer 51

D. To ensure non-repudiation