Which of the following would enable a data center to remain operational through a multiday power outage?
An organization is evaluating the cost of licensing a new solution to prevent ransomware. Which of the following is the most helpful in making this decision?
An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?
A company wants to verify that the software the company is deploying came from the vendor the company purchased the software from. Which of the following is the best way for the company to confirm this information?
A company deploys a new server that a client must be able to access it at all times. Which of the following will support this availability requirement?
Which of the following techniques would attract the attention of a malicious attacker in an insider threat scenario?
A security administrator is deploying a DLP solution to prevent the exfiltration of sensitive customer data. Which of the following should the administrator do first?
A security team wants WAF policies to be automatically created when applications are deployed. Which concept describes this capability?
A security analyst receives an alert that an employee has clicked on a phishing email and exposed their credentials. Which of the following should the analyst do?
Which of the following describes the reason for using an MDM solution to prevent jailbreaking?
Which of the following strategies should an organization use to efficiently manage and analyze multiple types of logs?
Which of the following threat actors would most likely deface the website of a high-profile music group?
A network manager wants to protect the company ' s VPN by implementing multifactor authentication that uses:
. Something you know
. Something you have
. Something you are
Which of the following would accomplish the manager ' s goal?
A legal department must maintain a backup from all devices that have been shredded and recycled by a third party. Which of the following best describes this requirement?
A penetration tester must conduct a vulnerability assessment on a target network to identify potential security weaknesses. Which of the following tools will best achieve this goal?
An analyst is reviewing an incident in which a user clicked on a link in a phishing email. Which of the following log sources would the analyst utilize to determine whether the connection was successful?
A company is changing its mobile device policy. The company has the following requirements:
Company-owned devices
Ability to harden the devices
Reduced security risk
Compatibility with company resources
Which of the following would best meet these requirements?
Which of the following is the best safeguard to protect against an extended power failure?
A security analyst is reviewing the source code of an application to identify misconfigurations and vulnerabilities. Which of the following kinds of analysis best describes this review?
An organization is adopting cloud services at a rapid pace and now has multiple SaaS applications in use. Each application has a separate log-in. so the security team wants to reduce the number of credentials each employee must maintain. Which of the following is the first step the security team should take?
A security team must help secure a company site after attackers defaced it. The site must be available to a wide range of countries over a secure protocol, but access from known malicious networks should be blocked. Which of the following will best secure the site?
A security analyst is prioritizing vulnerability scan results using a risk-based approach. Which of the following is the most efficient resource for the analyst to use?
While investigating a possible incident, a security analyst discovers the following log entries:
67.118.34.157 ----- [28/Jul/2022:10:26:59 -0300] " GET /query.php?q-wireless%20headphones / HTTP/1.0 " 200 12737
132.18.222.103 ----[28/Jul/2022:10:27:10 -0300] " GET /query.php?q=123 INSERT INTO users VALUES( ' temp ' , ' pass123 ' )# / HTTP/1.0 " 200 935
12.45.101.121 ----- [28/Jul/2022:10:27:22 -0300] " GET /query.php?q=mp3%20players I HTTP/1.0 " 200 14650
Which of the following should the analyst do first?
Employees are missing features on company-provided tablets, affecting productivity. Management demands resolution in 48 hours. Which is the best solution?
After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?
Which of the following describes the difference between encryption and hashing?
A business is expanding to a new country and must protect customers from accidental disclosure of specific national identity information. Which of the following should the security engineer update to best meet business requirements?
An employee used a company ' s billing system to issue fraudulent checks. The administrator is looking for evidence of other occurrences of this activity. Which of the following should the administrator examine?
Which of the following elements of digital forensics should a company use If It needs to ensure the integrity of evidence?
A user is attempting to patch a critical system, but the patch fails to transfer. Which of the following access controls is most likely inhibiting the transfer?
A growing organization, which hosts an externally accessible application, adds multiple virtual servers to improve application performance and decrease the resource usage on individual servers Which of the following solutions is the organization most likely to employ to further increase performance and availability?
Which of the following is a type of vulnerability that involves inserting scripts into web-based applications in order to take control of the client ' s web browser?
A company makes a change during the appropriate change window, but the unsuccessful change extends beyond the scheduled time and impacts customers. Which of the following would prevent this from reoccurring?
Which of the following threat actors would most likely target an organization by using a logic bomb within an internally-developed application?
A security analyst needs to improve the company’s authentication policy following a password audit. Which of the following should be included in the policy? (Select two).
An accounting clerk sent money to an attacker ' s bank account after receiving fraudulent instructions over the phone to use a new account. Which of the following would most likely prevent this activity in the future?
A company is developing a critical system for the government and storing project information on a fileshare. Which of the following describes how this data will most likely be classified? (Select two).
The local administrator account for a company ' s VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have most likely prevented this from happening ' ?
Which of the following types of identification methods can be performed on a deployed application during runtime?
A security manager created new documentation to use in response to various types of security incidents. Which of the following is the next step the manager should take?
An organization is required to provide assurance that its controls are properly designed and operating effectively. Which of the following reports will best achieve the objective?
An employee clicked a link in an email from a payment website that asked the employee to update contact information. The employee entered the log-in information but received a “page not found†error message. Which of the following types of social engineering attacks occurred?
An organization has issues with deleted network share data and improper permissions. Which solution helps track and remediate these?
A client demands at least 99.99% uptime from a service provider ' s hosted security services. Which of the following documents includes the information the service provider should return to the client?
Which of the following security controls are a company implementing by deploying HIPS? (Select two).
A systems administrator discovers a system that is no longer receiving support from the vendor. However, this system and its environment are critical to running the business, cannot be modified, and must stay online. Which of the following risk treatments is the most appropriate in this situation?
An organization issued new laptops to all employees and wants to provide web filtering both in and out of the office without configuring additional access to the network. Which of the following types of web filtering should a systems administrator configure?
Which of the following best represents how frequently an incident is expected to happen each year?
Which of the following is an example of implementing Zero Trust architecture?
An IT manager is increasing the security capabilities of an organization after a data classification initiative determined that sensitive data could be exfiltrated from the environment. Which of the following solutions would mitigate the risk?
Which of the following exercises should an organization use to improve its incident response process?
As part of new compliance audit requirements, multiple servers need to be segmented on different networks and should be reachable only from authorized internal systems. Which of the following would meet the requirements?
A company wants to use new Wi-Fi-enabled environmental sensors to automatically collect metrics. Which of the following will the security team most likely do?
A cyber operations team informs a security analyst about a new tactic malicious actors are using to compromise networks.
SIEM alerts have not yet been configured. Which of the following best describes what the security analyst should do to identify this behavior?
Which of the following explains why an attacker cannot easily decrypt passwords using a rainbow table attack?
In which of the following will unencrypted PLC management traffic most likely be found?
The management team wants to assess the cybersecurity team ' s readiness to respond to a threat scenario. Which of the following will adequately assess and formalize a response within a short time?
A security administrator needs to protect the integrity of a compromised laptop. The administrator turns off the laptop for a forensic investigation. Which of the following tasks should the administrator do first before analyzing the hard drive?
After a security awareness training session, a user called the IT help desk and reported a suspicious call. The suspicious caller stated that the Chief Financial Officer wanted credit card information in order to close an invoice. Which of the following topics did the user recognize from the training?
Which of the following scenarios describes a possible business email compromise attack?
An analyst identifies that multiple users have the same passwords, but the hashes appear to be completely different. Which of the following most likely explains this issue?
A company is utilizing an offshore team to help support the finance department. The company wants to keep the data secure by keeping it on a company device but does not want to provide equipment to the offshore team. Which of the following should the company implement to meet this requirement?
Which of the following activities are associated with vulnerability management? (Select two).
Which of the following would best explain why a security analyst is running daily vulnerability scans on all corporate endpoints?
A store is setting up wireless access for employees. Management wants to limit the number of access points while ensuring full coverage. Which tool will help determine how many access points are needed?
An organization is required to provide assurance that its controls are properly designed and operating effectively. Which of the following reports will best achieve this objective?
Which of the following prevents unauthorized modifications to internal processes, assets, and security controls?
Which of the following can be best used to discover a company ' s publicly available breach information?
Which of the following should be deployed on an externally facing web server in order to establish an encrypted connection?
An organization experiences a compromise in a cloud-hosted solution that contains customer information. Which of the following strategies will help determine the sensitivity level of the breach?
Which of the following actions would reduce the number of false positives for an analyst to manually review?
Which of the following is a type of vulnerability that refers to the unauthorized installation of applications on a device through means other than the official application store?
An organization wants to deploy software in a container environment to increase security. Which of the following will limit the organization ' s ability to achieve this goal?
A security analyst receives an alert from a web server that contains the following logs:
GET /image?filename=../../../etc/passwd
Host: AcmeInc.web.net
useragent: python-request/2.27.1
GET /image?filename=../../../etc/shadow
Host: AcmeInc.web.net
useragent: python-request/2.27.1
Which of the following attacks is being attempted?
Which of the following best describes a method for ongoing vendor monitoring in third-party risk management?
During a penetration test in a hypervisor, the security engineer is able to inject a malicious payload and access the host filesystem. Which of the following best describes this vulnerability?
Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?
A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?
A systems administrator notices that one of the systems critical for processing customer transactions is running an end-of-life operating system. Which of the following techniques would increase enterprise security?
A security analyst discovers that a large number of employee credentials had been stolen and were being sold on the dark web. The analyst investigates and discovers that some hourly employee credentials were compromised, but salaried employee credentials were not affected.
Most employees clocked in and out while they were Inside the building using one of the kiosks connected to the network. However, some clocked out and recorded their time after leaving to go home. Only those who clocked in and out while Inside the building had credentials stolen. Each of the kiosks are on different floors, and there are multiple routers, since the business segments environments for certain business functions.
Hourly employees are required to use a website called acmetimekeeping.com to clock in and out. This website is accessible from the internet. Which of the following Is the most likely reason for this compromise?
Which of the following should a security operations center use to improve its incident response procedure?
An administrator installs an SSL certificate on a new system. During testing, errors indicate that the certificate is not trusted. The administrator has verified with the issuing CA and has validated the private key. Which of the following should the administrator check for next?
A security officer is implementing a security awareness program and is placing security-themed posters around the building and is assigning online user training. Which of the following would the security officer most likely implement?
A company processes a large volume of business-to-business transactions and prioritizes data confidentiality over transaction availability. The company’s firewall administrator must configure a new hardware-based firewall to replace the current one. Which of the following should the administrator do to best align with the company requirements in case a security event occurs?
A nation-state attacker gains access to the email accounts of several journalists by compromising a website that the journalists frequently use. Which of the following types of attacks describes this example?
Which of the following incident response activities ensures evidence is properly handied?
Which of the following is a reason an organization should use different CSPs for a critical financial application?
Which of the following activities would involve members of the incident response team and other stakeholders simul-ating an event?
Which of the following is used to add extra complexity before using a one-way data transformation algorithm?
When trying to access an internal website, an employee reports that a prompt displays, stating that the site is insecure. Which of the following certificate types is the site most likely using?
An organization experiences a cybersecurity incident involving a command-and-control server. Which of the following logs should be analyzed to identify the impacted host? (Select two).
An organization conducts a self-evaluation with a phishing campaign that requests login credentials. The organization receives the following results:
• None of the staff were fooled by the attempt due to proper security awareness.
• Staff deleted the email without performing any additional actions.
Which of the following security practices would add the most value to the organization?
A marketing team launches a new AI solution that trains on sensitive customer data to help provide recommendations on its next possible marketing campaign. This team requires granular access to the tool for different levels of sensitive data. Which of the following should a systems administrator prioritize when provisioning access?
Which of the following is a benefit of launching a bug bounty program? (Select two)
A security practitioner completes a vulnerability assessment on a company’s network and finds several vulnerabilities, which the operations team remediates. Which of the following should be done next?
The analyst wants to move data from production to the UAT server for testing the latest release. Which of the following strategies to protect data should the analyst use?
A security analyst developed a script to automate a trivial and repeatable task. Which of the following best describes the benefits of ensuring other team members understand how the script works?
A security analyst scans a company ' s public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?
A security operations center determines that the malicious activity detected on a server is normal. Which of the following activities describes the act of ignoring detected activity in the future?
The number of tickets the help desk has been receiving has increased recently due to numerous false-positive phishing reports. Which of the following would be best to help to reduce the false positives?
A security analyst notices an increase in port scans on the edge of the corporate network. Which of the following logs should the analyst check to obtain the attacker ' s source IP address?
Which of the following best explains a core principle of a Zero Trust security model?
The executive management team is mandating the company develop a disaster recovery plan. The cost must be kept to a minimum, and the money to fund additional internet connections is not available. Which of the following would be the best option?
A company is working with a vendor to perform a penetration test Which of the following includes an estimate about the number of hours required to complete the engagement?
A company discovered its data was advertised for sale on the dark web. During the initial investigation, the company determined the data was proprietary data. Which of the following is the next step the company should take?
A company hired a consultant to perform an offensive security assessment covering penetration testing and social engineering.
Which of the following teams will conduct this assessment activity?
An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?
A security officer observes that a software development team is not complying with its corporate security policy on encrypting confidential data. Which of the following categories refers to this type of non-compliance?
A company discovers suspicious transactions that were entered into the company ' s database and attached to a user account that was created as a trap for malicious activity. Which of the following is the user account an example of?
A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?
A Chief Information Security Officer (CISO) implements a new policy that users can no longer access fantasy sports sites while at work. The CISO wants to implement a solution that can adapt to new sites coming online and not have to constantly determine which sites are related to fantasy sports. Which of the following is the best capability for the CISO to leverage?
Staff members at a company historically click on dangerous links. The leadership team wants to reduce that risk. Which of the following should a security engineer do to help reduce future incidents?
A security consultant is working with a client that wants to physically isolate its secure systems. Which of the following best describes this architecture?
Which of the following is an example of a false negative vulnerability detection in a scan report?
Which of the following activities should a systems administrator perform to quarantine a potentially infected system?
Which of the following mitigation techniques would a security analyst most likely use to avoid bloatware on devices?
A company is in the process of migrating to cloud-based services. The company ' s IT department has limited resources for migration and ongoing support. Which of the following best meets the company ' s needs?
A client asked a security company to provide a document outlining the project, the cost, and the completion time frame. Which of the following documents should the company provide to the client?
Several customers want an organization to verify its security controls are operating effectively and have requested an independent opinion. Which of the following is the most efficient way to address these requests?
A Chief Information Security Officer wants to monitor the company ' s servers for SQLi attacks and allow for comprehensive investigations if an attack occurs. The company uses SSL decryption to allow traffic monitoring. Which of the following strategies would best accomplish this goal?
A recent black-box penetration test of http://example.com discovered that external
website vulnerabilities exist, such as directory traversals, cross-site scripting, cross-site forgery, and insecure protocols.
You are tasked with reducing the attack space and enabling secure protocols.
INSTRUCTIONS
Part 1
Use the drop-down menus to select the appropriate technologies for each location to implement a secure and resilient web architecture. Not all technologies will be used, and technologies may be used multiple times.
Part 2
Use the drop-down menus to select the appropriate command snippets from the drop-down menus. Each command section must be filled.




Which of the following phases of an incident response involves generating reports?
Which of the following should be used to prevent changes to system-level data?
A company wants to ensure that a mission-critical database can only be accessed from specific internal IP addresses. Which of the following should the company deploy to meet this requirement?
An administrator is reviewing a single server ' s security logs and discovers the following;
Which of the following best describes the action captured in this log file?
Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?
A systems administrator just purchased multiple network devices. Which of the following should the systems administrator perform to prevent attackers from accessing the devices by using publicly available information?
A security analyst identifies an incident in the network. Which of the following incident response activities would the security analyst perform next?
An unknown source has attacked an organization’s network multiple times. The organization has a firewall but no other source of protection against these attacks. Which of the following is the best security item to add?
Which of the following would be the greatest concern for a company that is aware of the consequences of non-compliance with government regulations?
A university employee logged on to the academic server and attempted to guess the system administrators ' log-in credentials. Which of the following security measures should the university have implemented to detect the employee ' s attempts to gain access to the administrators ' accounts?
Which of the following topics would most likely be included within an organization ' s SDLC?
A security analyst receives an alert from a corporate endpoint used by employees to issue visitor badges. The alert contains the following details:
Which of the following best describes the indicator that triggered the alert?
Which of the following best explains how open service ports increase an organization ' s attack surface?
An accountant is transferring information to a bank over FTP. Which of the following mitigations should the accountant use to protect the confidentiality of the data?
A spoofed identity was detected for a digital certificate. Which of the following are the type of unidentified key and the certificate mat could be in use on the company domain?
An organization has recently decided to implement SSO. The requirements are to leverage access tokens and focus on application authorization rather than user authentication. Which of the following solutions would the engineering team most likely configure?
Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.
Which of the following changes would allow users to access the site?
A security analyst reviews domain activity logs and notices the following:

Which of the following is the best explanation for what the security analyst has discovered?
A company is currently utilizing usernames and passwords, and it wants to integrate an MFA method that is seamless, can Integrate easily into a user ' s workflow, and can utilize employee-owned devices. Which of the following will meet these requirements?
Which of the following roles, according to the shared responsibility model, is responsible for securing the company’s database in an IaaS model for a cloud environment?
An employee from the accounting department logs in to a website. A desktop application automatically downloads on the employee ' s computer. Which of the following has occurred?
During a routine audit, an analyst discovers that a department at a high school uses a simul-ation program that was not properly vetted before deployment.
Which of the following threats is this an example of?
An organization has learned that its data is being exchanged on the dark web. The CIO
has requested that you investigate and implement the most secure solution to protect employee accounts.
INSTRUCTIONS
Review the data to identify weak security practices and provide the most appropriate
security solution to meet the CIO ' s requirements.

After multiple phishing simulations, the Chief Security Officer announces a new program that incentivizes employees to not click phishing links in the upcoming quarter. Which of the following security awareness execution techniques does this represent?
Which of the following methods will most likely be used to identify legacy systems?
Which of the following cryptographic methods is preferred for securing communications with limited computing resources?
A company processes a large volume of business-to-business transactions and prioritizes data confidentiality over transaction availability. The company ' s firewall administrator must configure a new hardware-based firewall to replace the current one. Which of the following should the administrator do to best align with the company requirements in case a security event occurs?
Which of the following is used to protect a computer from viruses, malware, and Trojans being installed and moving laterally across the network?
Which of the following risk analysis attributes measures the chance that a vulnerability will be exploited?
Which of the following digital forensics activities would a security team perform when responding to legal requests in a pending investigation?
Which of the following threat actors is the most likely to be hired by a foreign government to attack critical systems located in other countries?
An unexpected and out-of-character email message from a Chief Executive Officer’s corporate account asked an employee to provide financial information and to change the recipient ' s contact number. Which of the following attack vectors is most likely being used?
An organization needs to monitor its users ' activities to prevent insider threats. Which of the following solutions would help the organization achieve this goal?
Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach affecting offshore offices. Which of the following is this an example of?
Which of the following vulnerabilities will lead to a successful attack that injects < IMG src= ' http://attackersite.net/mycode.sh ' > into a web application?
Which of the following would best ensure a controlled version release of a new software application?
A company ' s marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?
Client files can only be accessed by employees who need to know the information and have specified roles in the company. Which of the following best describes this security concept?
Which of the following is a security benefit of an effective IT asset tracking system?
After a recent ransomware attack on a company ' s system, an administrator reviewed the log files. Which of the following control types did the administrator use?
A site reliability engineer is designing a recovery strategy that requires quick failover to an identical site if the primary facility goes down. Which of the following types of sites should the engineer consider?
Which of the following should a technician perform to verify the integrity of a file transferred from one device to another?
Which of the following activities is included in the post-incident review phase?
A security analyst must identify abnormal behavior on the server. Which of the following does the analyst most likely need to do?
Which of the following examples would be best mitigated by input sanitization?
A company is concerned about weather events causing damage to the server room and downtime. Which of the following should the company consider?
Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?
A store is setting up wireless access for their employees. Management wants to limit the number of access points while ensuring all areas of the store are covered. Which of the following tools will help management determine the number of access points needed?
Which of the following explains how regular patching helps mitigate risks when securing an enterprise environment?
According to various privacy rules and regulations, users have the power to request that all data pertaining to them is deleted. This is known as:
A company ' s antivirus solution is effective in blocking malware but often has false positives. The security team has spent a significant amount of time on investigations but cannot determine a root cause. The company is looking for a heuristic solution. Which of the following should replace the antivirus solution?
Which of the following methods would most likely be used to identify legacy systems?
An employee receives a text message from an unknown number claiming to be the company ' s Chief Executive Officer and asking the employee to purchase several gift cards. Which of the following types of attacks does this describe?
A security analyst has determined that a security breach would have a financial impact of $15,000 and is expected to occur twice within a three-year period. Which of the following is the ALE for this risk?
Which of the following is the most likely motivation for a company administrator to look at an employee ' s personal information in a database?
A security analyst is creating the first draft of a network diagram for the company ' s new customer-facing payment application that will be hosted by a third-party cloud service
provider.


Which of the following architecture models ensures that critical systems are physically isolated from the network to prevent access from users with remote access privileges?
A group of developers has a shared backup account to access the source code repository. Which of the following is the best way to secure the backup account if there is an SSO failure?
A systems administrator is working on a solution with the following requirements:
Provide a secure zone.
Enforce a company-wide access control policy.
Reduce the scope of threats.
Which of the following is the systems administrator setting up?
After a security incident, a systems administrator asks the company to buy a NAC platform. Which of the following attack surfaces is the systems administrator trying to protect?
A security analyst wants to automate a task that shares data between systems. Which of the following is the best option for the analyst to use?
A security administrator wants to implement a security information and event management system. The administrator must first collect network traffic on the switch to gain visibility of the network. Which of the following is the most appropriate method?
Which of the following would be the best way to block unknown programs from executing?
An engineer moved to another team and is unable to access the new team ' s shared folders while still being able to access the shared folders from the former team. After opening a ticket, the engineer discovers that the account was never moved to the new group. Which of the following access controls is most likely causing the lack of access? 1 Â
An administrator learns that users are receiving large quantities of unsolicited messages. The administrator checks the content filter and sees hundreds of messages sent to multiple users. Which of the following best describes this kind of attack?
Which of the following actors attacking an organization is the most likely to be motivated by personal beliefs?
A security manager is implementing MFA and patch management. Which of the following would best describe the control type and category? (Select two).
For which of the following reasons would a systems administrator leverage a 3DES hash from an installer file that is posted on a vendor ' s website?
A company is using a legacy FTP server to transfer financial data to a third party. The legacy system does not support SFTP, so a compensating control is needed to protect the sensitive, financial data in transit. Which of the following would be the most appropriate for the company to use?
A security administrator wants to determine if the company ' s social engineering training is effective. Which of the following should the administrator do to complete this task?
A company plans to secure its systems by:
Preventing users from sending sensitive data over corporate email
Restricting access to potentially harmful websites
Which of the following features should the company set up? (Select two).
A company must ensure that log searches are conducted in the shortest time frame. Which of the following should the company do to maintain logs in live storage for 90 days?
A company is developing a business continuity strategy and needs to determine how many staff members would be required to sustain the business in the case of a disruption. Which of the following best describes this step?
Which of the following is the best reason to complete an audit in a banking environment?
A security analyst is investigating an alert that was produced by endpoint protection software. The analyst determines this event was a false positive triggered by an employee who attempted to download a file. Which of the following is the most likely reason the download was blocked?
A security engineer is implementing FDE for all laptops in an organization. Which of the following are the most important for the engineer to consider as part of the planning process? (Select two).
A systems administrator wants to use a technical solution to explicitly define file permissions for the entire team. Which of the following should the administrator implement?
An organization is evaluating new regulatory requirements associated with the implementation of corrective controls on a group of interconnected financial systems. Which of the following is the most likely reason for the new requirement?
Which of the following are the best methods for hardening end user devices? (Select two)
Which of the following objectives is best achieved by a tabletop exercise?
You are security administrator investigating a potential infection on a network.
Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.







Which of the following is a type of vulnerability that may result from outdated algorithms or keys?
Which of the following is a vulnerability concern for end-of-life hardware?
A remote employee navigates to a shopping website on their company-owned computer. The employee clicks a link that contains a malicious file. Which of the following would prevent this file from downloading?
Which of the following threat actors is the most likely to use large financial resources to attack critical systems located in other countries?
Which of the following can assist in recovering data if the decryption key is lost?
A security architect wants to prevent employees from receiving malicious attachments by email. Which of the following functions should the chosen solution do?
A security analyst estimates that a small security incident will cost $10,000 and will occur twice per year. The analyst recommends a budget of $20,000 for next year. Which of the following does the $10,000 represent?
A company wants to ensure employees are allowed to copy files from a virtual desktop during the workday but are restricted during non-working hours. Which of the following security measures should the company set up?
A program manager wants to ensure contract employees can only use the company’s computers Monday through Friday from 9 a.m. to 5 p.m. Which of the following would best enforce this access control?
A security engineer needs to analyze the implications of moving proprietary company data from a local server to a public cloud storage service. Which of the following actions should the engineer take first?
Which of the following outlines the configuration, maintenance, and security roles between a cloud service provider and the customer?
The Chief Information Security Officer (CISO) requires that new servers include hardware-level memory encryption. Which of the following data states does the CISO want to protect?
A company processes and stores sensitive data on its own systems. Which of the following steps should the company take first to ensure compliance with privacy regulations?
Which of the following data recovery strategies will result in a quick recovery at low cost?
A company has a website in a server cluster. One server is experiencing very high usage, while others are nearly unused. Which of the following should the company configure to help distribute traffic quickly?
A Chief Information Officer wants to ensure that network devices cannot connect to the public internet or the local network to directly perform firmware updates. The IT team must manually perform the update process by using a portable device. Which of the following architecture types best fits this description?
Attackers created a new domain name that looks similar to a popular file-sharing website. Which of the following threat vectors is being used?
A security analyst is reviewing the following logs:

Which of the following attacks is most likely occurring?
A growing company would like to enhance the ability of its security operations center to detect threats but reduce the amount of manual work required tor the security analysts. Which of the following would best enable the reduction in manual work?
A company needs to determine whether authentication weaknesses in a customer-facing web application exist. Which of the following is the best technique to use?
Which of the following can best contribute to prioritizing patch applications?
During a penetration test, a vendor attempts to enter an unauthorized area using an access badge Which of the following types of tests does this represent?
A company uses its backups to recover from a ransomware attack. Which of the following best guarantees that the backups are not infected?
A company decides to purchase an insurance policy. Which of the following risk management strategies is this company implementing?
Which of the following receives logs from various devices and services, and then presents alerts?
Which of the following best describes why me SMS DIP authentication method is more risky to implement than the TOTP method?
While troubleshooting an internal resource ' s poor performance for an end user, a network engineer performs a traceroute on the end device and receives the following output:
C:\User > tracert 10.100.15.20
Tracing route to [internal.resource.org] 10.100.15.20
over a maximum of 30 hops:
1 200 ms 200 ms 200 ms 10.20.10.10
2 5 ms 3 ms 3 ms 10.20.10.1
3 20 ms 20 ms 10 ms 10.25.10.10
4 10 ms 8 ms 10 ms 10.30.110.1
5 5 ms 6 ms 3 ms 10.100.15.20
The engineer performs a traceroute from a device that is not experiencing poor performance but is connected to the same port. The engineer receives the following output:
C:\Engineer > tracert 10.100.15.20
Tracing route to [internal.resource.org] 10.100.15.20
over a maximum of 30 hops:
1 5 ms 3 ms 3 ms 10.20.10.1
2 20 ms 20 ms 10 ms 10.25.10.10
3 10 ms 8 ms 10 ms 10.30.110.1
4 5 ms 6 ms 3 ms 10.100.15.20
Which of the following is most likely occurring?
A technician is opening ports on a firewall for a new system being deployed and supported by a SaaS provider. Which of the following is a risk in the new system?
A security administrator is implementing encryption on all hard drives in an organization. Which of the following security concepts is the administrator applying?
Which of the following describes the process of concealing code or text inside a graphical image?
Which of the following is the primary purpose of a service that tracks log-ins and time spent using the service?
Which of the following best describes the purpose of using deception technologies in a security strategy?
Which of the following should be used to ensure a device is inaccessible to a network-connected resource?
An organization is developing a security program that conveys the responsibilities associated with the general operation of systems and software within the organization. Which of the following documents would most likely communicate these expectations?
A software developer released a new application and is distributing the application files through the developer’s website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?
A new corporate policy requires all staff to use multifactor authentication to access company resources. Which of the following can be utilized to set up this form of identity and access management? (Select two)
Which of the following would help ensure a security analyst is able to accurately measure the overall risk to an organization when a new vulnerability is disclosed?
Which of the following is most likely to be used as a just-in-time reference document within a security operations center?
A company is redesigning its infrastructure and wants to reduce the number of physical servers in use. Which of the following architectures is best suited for this goal?
A security analyst is reviewing logs and discovers the following:

Which of the following should be used lo best mitigate this type of attack?
Which of the following best explains the benefit of using asymmetric encryption?
An administrator is estimating the cost associated with an attack that could result in the replacement of a physical server. Which of the following processes is the administrator performing?
An employee from the accounting department logs in to the website used for processing the company ' s payments. After logging in, a new desktop application automatically downloads on the employee ' s computer and causes the computer to restart. Which of the following attacks has occurred?
The physical security team at a company receives reports that employees are not displaying their badges. The team also observes employees tailgating at controlled entrances. Which of the following topics will the security team most likely emphasize in upcoming security training?
A security administrator ' s account accesses company IT systems from an airport. Shortly after, the administrator ' s manager asks about critical configuration changes made by the administrator ' s account. The administrator was not aware of these changes. Which of the following attack methods did the attacker most likely use?
An administrator has configured a quarantine subnet for all guest devices that connect to the network. Which of the following would be best for the security team to configure on the MDM before allowing access to corporate resources?
To which of the following security categories does an EDR solution belong?
A security analyst is evaluating a SaaS application that the human resources department would like to implement. The analyst requests a SOC 2 report from the SaaS vendor. Which of the following processes is the analyst most likely conducting?
Which of the following should be used to ensure an attacker is unable to read the contents of a mobile device ' s drive if the device is lost?
Which of the following involves an attempt to take advantage of database misconfigurations?
Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?
During a penetration test in a hypervisor, the security engineer is able to use a script to inject a malicious payload and access the host filesystem. Which of the following best describes this vulnerability?
A data administrator is configuring authentication for a SaaS application and would like to reduce the number of credentials employees need to maintain. The company prefers to use domain credentials to access new SaaS applications. Which of the following methods would allow this functionality?
A company is concerned about the theft of client data from decommissioned laptops. Which of the following is the most cost-effective method to decrease this risk?