Which of the following are the best methods for hardening end user devices? (Select two)
During an investigation, an incident response team attempts to understand the source of an incident. Which of the following incident response activities describes this process?
An organization’s internet-facing website was compromised when an attacker exploited a buffer overflow. Which of the following should the organization deploy to best protect against similar attacks in the future?
Which of the following is the best way to improve the confidentiality of remote connections to an enterprise ' s infrastructure?
A company asks a vendor to help its internal red team with a penetration test without providing too much detail about the infrastructure. Which of the following penetration testing methods does this scenario describe?
A security company informs its customers of a new vulnerability that affects web applications. The vulnerability does not have an available patch at the moment. Which of the following best describes this vulnerability?
An administrator investigating an incident is concerned about the downtime of a critical server due to a failed drive. Which of the following would the administrator use to estimate the time needed to fix the issue?
A government official receives a blank envelope containing photos and a note instructing the official to wire a large sum of money by midnight to prevent the photos from being leaked on the Internet. Which of the following best describes the threat actor ' s intent?
A penetration testing report indicated that an organization should implement controls related to database input validation. Which of the following best identifies the type of vulnerability that was likely discovered during the test?
A company processes a large volume of business-to-business transactions and prioritizes data confidentiality over transaction availability. The company’s firewall administrator must configure a new hardware-based firewall to replace the current one. Which of the following should the administrator do to best align with the company requirements in case a security event occurs?
A Chief Information Officer wants to ensure that network devices cannot connect to the public internet or the local network to directly perform firmware updates. The IT team must manually perform the update process by using a portable device. Which of the following architecture types best fits this description?
During a risk treatment exercise, an administrator discovers a risk that cannot be mitigated. Which of the following best describes this situation?
A security analyst receives an alert that an employee has clicked on a phishing email and exposed their credentials. Which of the following should the analyst do?
While troubleshooting an internal resource ' s poor performance for an end user, a network engineer performs a traceroute on the end device and receives the following output:
C:\User > tracert 10.100.15.20
Tracing route to [internal.resource.org] 10.100.15.20
over a maximum of 30 hops:
1 200 ms 200 ms 200 ms 10.20.10.10
2 5 ms 3 ms 3 ms 10.20.10.1
3 20 ms 20 ms 10 ms 10.25.10.10
4 10 ms 8 ms 10 ms 10.30.110.1
5 5 ms 6 ms 3 ms 10.100.15.20
The engineer performs a traceroute from a device that is not experiencing poor performance but is connected to the same port. The engineer receives the following output:
C:\Engineer > tracert 10.100.15.20
Tracing route to [internal.resource.org] 10.100.15.20
over a maximum of 30 hops:
1 5 ms 3 ms 3 ms 10.20.10.1
2 20 ms 20 ms 10 ms 10.25.10.10
3 10 ms 8 ms 10 ms 10.30.110.1
4 5 ms 6 ms 3 ms 10.100.15.20
Which of the following is most likely occurring?
An employee used a company ' s billing system to issue fraudulent checks. The administrator is looking for evidence of other occurrences of this activity. Which of the following should the administrator examine?
A Chief Information Security Officer (CISO) wants to explicitly raise awareness about the increase of ransomware-as-a-service in a report to the management team. Which of the following best describes the threat actor in the CISO ' s report?
A security administrator wants to implement a security information and event management system. The administrator must first collect network traffic on the switch to gain visibility of the network. Which of the following is the most appropriate method?
A security analyst is reviewing the following logs about a suspicious activity alert for a user ' s VPN log-ins. Which of the following malicious activity indicators triggered the alert?
✅Log Summary:
User logs in fromChicago, ILmultiple times, then suddenly a successful login appears fromRome, Italy, followed again by Chicago logins — all within ashort time span.
A penetration tester visits a client’s website and downloads the site ' s content. Which of the following actions is the penetration tester performing?
Which of the following would a security administrator use to comply with a secure baseline during a patch update?
Which of the following exercises should an organization use to improve its incident response process?
An organization needs to monitor its users ' activities to prevent insider threats. Which of the following solutions would help the organization achieve this goal?
Which of the following is the most important element when defining effective security governance?
An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period. Which of the following data policies is the administrator carrying out?
Which of the following would be the best ways to ensure only authorized personnel can access a secure facility? (Select two).
Which of the following cryptographic methods is preferred for securing communications with limited computing resources?
The local administrator account for a company ' s VPN appliance was unexpectedly used to log in to the remote management interface. Which of the following would have most likely prevented this from happening ' ?
During a recent log review, an analyst discovers evidence of successful injection attacks. Which of the following will best address this issue?
A software developer released a new application and is distributing the application files through the developer’s website. Which of the following should the developer post on the website to allow users to verify the integrity of the downloaded files?
Which of the following factors are the most important to address when formulating a training curriculum plan for a security awareness program? (Select two).
Which of the following topics would most likely be included within an organization ' s SDLC?
An organization discovers that its cold site does not have enough storage and computers available. Which of the following was most likely the cause of this failure?
The Chief Information Security Officer (CISO) of a medium-sized business plans to modernize the existing security infrastructure and address issues with legacy software and assets. Which of the following should the CISO use to determine the scope of the legacy infrastructure and develop a risk-based approach to modernization?
A company is using a legacy FTP server to transfer financial data to a third party. The legacy system does not support SFTP, so a compensating control is needed to protect the sensitive, financial data in transit. Which of the following would be the most appropriate for the company to use?
Which of the following describes an executive team that is meeting in a board room and testing the company ' s incident response plan?
A security analyst reviews domain activity logs and notices the following:

Which of the following is the best explanation for what the security analyst has discovered?
Which of the following best practices gives administrators a set period to perform changes to an operational system to ensure availability and minimize business impacts?
While updating the security awareness training, a security analyst wants to address issues created if vendors ' email accounts are compromised. Which of the following recommendations should the security analyst include in the training?
Which of the following is a common source of unintentional corporate credential leakage in cloud environments?
Which of the following is the most relevant reason a DPO would develop a data inventory?
Which of the following methods would most likely be used to identify legacy systems?
Which of the following vulnerabilities would likely be mitigated by setting up an MDM platform?
A security team receives reports about high latency and complete network unavailability throughout most of the office building. Flow logs from the campus switches show high traffic on TCP 445. Which of the following is most likely the root cause of this incident?
An organization has learned that its data is being exchanged on the dark web. The CIO
has requested that you investigate and implement the most secure solution to protect employee accounts.
INSTRUCTIONS
Review the data to identify weak security practices and provide the most appropriate
security solution to meet the CIO ' s requirements.

A small business initially plans to open common communications ports (21, 22, 25, 80, 443) on its firewall to allow broad access to its screened subnet. However, their security consultant advises against this action. Which of the following security principles is the consultant addressing?
Which of the following should be used to prevent changes to system-level data?
Which of the following is used to quantitatively measure the criticality of a vulnerability?
Which of the following is the best reason to complete an audit in a banking environment?
Which of the following technologies assists in passively verifying the expired status of a digital certificate?
Which of the following can automate vulnerability management?
Select the appropriate attack and remediation from each drop-down list to label the corresponding attack with its remediation.
INSTRUCTIONS
Not all attacks and remediation actions will be used.
If at any time you would like to bring back the initial state of the simu-lation, please click the Reset All button.

A nation-state attacker gains access to the email accounts of several journalists by compromising a website that the journalists frequently use. Which of the following types of attacks describes this example?
A client demands at least 99.99% uptime from a service provider ' s hosted security services. Which of the following documents includes the information the service provider should return to the client?
Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach that would affect offshore offices. Which of the following is this an example of?
A user needs to complete training at After manually entering the URL, the user sees that the accessed website is noticeably different from the standard company website. Which of the following is the most likely explanation for the difference?
Users at a company are reporting they are unable to access the URL for a new retail website because it is flagged as gambling and is being blocked.
Which of the following changes would allow users to access the site?
A new security regulation was announced that will take effect in the coming year. A company must comply with it to remain in business. Which of the following activities should the company perform next?
An end-of-service server cannot be patched, but it still performs as expected for business operations. The team moves the system to a segmented network. Which of the following control types has the team applied?
Which of the following best explains how open service ports increase an organization ' s attack surface?
An IT manager informs the entire help desk staff that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security techniques is the IT manager setting up?
A security engineer is installing an IPS to block signature-based attacks in the environment. Which of the following modes will best accomplish this task?
A remote employee navigates to a shopping website on their company-owned computer. The employee clicks a link that contains a malicious file. Which of the following would prevent this file from downloading?
A security analyst sees the following entries in web server logs:
200.17.88.121 [05/May/2025:01:05:18 -0200] " GET /aboutus.htm " 200 3344
200.17.88.121 [05/May/2025:01:08:22 -0200] " GET /corporateOrg.htm " 200 4200
132.18.62.144 [05/May/2025:01:08:23 -0200] " GET /../../vhosts " 403 502
200.17.88.121 [05/May/2025:01:10:33 -0200] " POST /ContactUs.asp " 403 512
118.19.200.55 [05/May/2025:01:10:45 -0200] " POST/search " 200 1212 " SELECT * FROM company WHERE keyword = ' VP
105.86.13.11 [05/May/2025:01:15:45 -0200] " GET /latestContracts.htm " 404 512
Which of the following IP addresses is most likely involved in a malicious attempt?
A company wants to ensure that only authorized devices can enter an environment. Which of the following will the company most likely use to implement the control?
Which of the following can be used to compromise a system that is running an RTOS?
A penetration tester was able to gain unauthorized access to a hypervisor platform. Which of the following vulnerabilities was most likely exploited?
Which of the following should be used to ensure a device is inaccessible to a network-connected resource?
Which of the following teams combines both offensive and defensive testing techniques to protect an organization ' s critical systems?
A company is implementing a policy to allow employees to use their personal equipment for work. However, the company wants to ensure that only company-approved applications can be installed. Which of the following addresses this concern?
A security analyst scans a company ' s public network and discovers a host is running a remote desktop that can be used to access the production network. Which of the following changes should the security analyst recommend?
A new corporate policy requires all staff to use multifactor authentication to access company resources. Which of the following can be utilized to set up this form of identity and access management? (Select two)
The marketing department set up its own project management software without telling the appropriate departments. Which of the following describes this scenario?
Which of the following are the best security controls for controlling on-premises access? (Select two.)
Security controls in a data center are being reviewed to ensure data is properly protected and that human life considerations are included. Which of the following best describes how the controls should be set up?
Which of the following describes when a user installs an unauthorized application by bypassing the authorized application store and installing a binary file?
Which of the following methods will most likely be used to identify legacy systems?
A systems administrator discovers a system that is no longer receiving support from the vendor. However, this system and its environment are critical to running the business, cannot be modified, and must stay online. Which of the following risk treatments is the most appropriate in this situation?
A new vulnerability enables a type of malware that allows the unauthorized movement of data from a system. Which of the following would detect this behavior?
An incident response specialist must stop a malicious attack from expanding to other parts of an organization. Which of the following should the incident response specialist perform first?
A security administrator needs to protect the integrity of a compromised laptop. The administrator turns off the laptop for a forensic investigation. Which of the following tasks should the administrator do first before analyzing the hard drive?
Which of the following vulnerabilities is associated with installing software outside of a manufacturer’s approved software repository?
An administrator learns that users are receiving large quantities of unsolicited messages. The administrator checks the content filter and sees hundreds of messages sent to multiple users. Which of the following best describes this kind of attack?
Which of the following best explains the role of compensating controls?
Which of the following consequences would a retail chain most likely face from customers in the event the retailer is non-compliant with PCI DSS?
An employee receives a text message that appears to have been sent by the payroll department and is asking for credential verification. Which of the following social engineering techniques are being attempted? (Choose two.)
While a user reviews their email, a host gets infected by malware from an external hard drive plugged into the host. The malware steals all the user ' s credentials stored in the browser. Which of the following training topics should the user review to prevent this situation from reoccurring?
Which of the following explains the difference between data masking and data tokenization?
An organization is building a new backup data center with cost-benefit as the primary requirement and RTO and RPO values around two days. Which of the following types of sites is the best for this scenario?
Which of the following best explains why an organization would choose a warm site for disaster recovery?
Which of the following best describes the concept of information being stored outside of its country of origin while still being subject to the laws and requirements of the country of origin?
Which of the following should be used to ensure that a new software release has not been modified before reaching the user?
A company uses its backups to recover from a ransomware attack. Which of the following best guarantees that the backups are not infected?
The help desk receives multiple calls that machines with an outdated OS version are running slowly. Several users are seeing virus detection alerts. Which of the following mitigation techniques should be reviewed first?
A company decided to reduce the cost of its annual cyber insurance policy by removing the coverage for ransomware attacks. Which of the following analysis elements did the company most likely use in making this decision?
Which of the following examples would be best mitigated by input sanitization?
A staff member finds a USB drive in the office ' s parking lot. Which of the following should the staff member do?
A company is expanding its threat surface program and allowing individuals to security test the company’s internet-facing application. The company will compensate researchers based on the vulnerabilities discovered. Which of the following best describes the program the company is setting up?
A security analyst collects IOCs from a cybersecurity bulletin. Which of the following should the analyst do next to assess if an environment is compromised?
A security analyst must prevent remote users from accessing malicious URLs. The sites need to be checked inline for reputation, content, or categorization. Which of the following technologies will help secure the enterprise?
A security analyst wants to better understand the behavior of users and devices in order to gain visibility into potential malicious activities. The analyst needs a control to detect when actions deviate from a common baseline Which of the following should the analyst use?
Employees in the research and development business unit receive extensive training to ensure they understand how to best protect company data. Which of the following is the type of data these employees are most likely to use in day-to-day work activities?
Which of the following describes a security alerting and monitoring tool that collects system, application, and network logs from multiple sources in a centralized system?
Visitors to a secured facility are required to check in with a photo ID and enter the facility through an access control vestibule Which of the following but describes this form of security control?
Which of the following can a security director use to prioritize vulnerability patching within a company ' s IT environment?
Which of the following is a benefit of launching a bug bounty program? (Select two)
Which of the following describes the category of data that is most impacted when it is lost?
Which of the following can best contribute to prioritizing patch applications?
An organization is looking to optimize its environment and reduce the number of patches necessary for operating systems. Which of the following will best help to achieve this objective?
An employee in the accounting department receives an email containing a demand for payment tot services performed by a vendor However, the vendor is not in the vendor management database. Which of the following in this scenario an example of?
A company ' s end users are reporting that they are unable to reach external websites. After reviewing the performance data for the DNS severs, the analyst discovers that the CPU, disk, and memory usage are minimal, but the network interface is flooded with inbound traffic. Network logs show only a small number of DNS queries sent to this server. Which of the following best describes what the security analyst is seeing?
An engineer has ensured that the switches are using the latest OS, the servers have the latest patches, and the endpoints ' definitions are up to date. Which of the following will these actions most effectively prevent?
The security operations center is researching an event concerning a suspicious IP address A security analyst looks at the following event logs and discovers that a significant portion of the user accounts have experienced faded log-In attempts when authenticating from the same IP address:

Which of the following most likely describes attack that took place?
A new employee accessed an unauthorized website. An investigation found that the employee violated the company ' s rules. Which of the following did the employee violate?
Attackers created a new domain name that looks similar to a popular file-sharing website. Which of the following threat vectors is being used?
A user sends an email that includes a digital signature for validation. Which of the following security concepts would ensure that a user cannot deny that they sent the email?
A business provides long-term cold storage services to banks that are required to follow regulator-imposed data retention guidelines. Banks that use these services require that data is disposed of in a specific manner at the conclusion of the regulatory threshold for data retention. Which of the following aspects of data management is the most important to the bank in the destruction of this data?
Which of the following is a hardware-specific vulnerability?
A security analyst is reviewing the security of a SaaS application that the company intends to purchase. Which of the following documentations should the security analyst request from the SaaS application vendor?
The management team notices that new accounts that are set up manually do not always have correct access or permissions.
Which of the following automation techniques should a systems administrator use to streamline account creation?
A spoofed identity was detected for a digital certificate. Which of the following are the type of unidentified key and the certificate mat could be in use on the company domain?
Which of the following receives logs from various devices and services, and then presents alerts?
A manufacturing organization receives the results from a penetration test. According to the results, legacy devices that are critical to continued business function display vulnerabilities. The devices have minimal vendor support and should be segmented and monitored closely. Which of the following devices were most likely identified?
A company wants to reduce the time and expense associated with code deployment. Which of the following technologies should the company utilize?
An IT team rolls out a new management application that uses a randomly generated MFA token sent to the administrator’s phone. Despite this new MFA precaution, there is a security breach of the same software. Which of the following describes this kind of attack?
A customer of a large company receives a phone call from someone claiming to work for the company and asking for the customer ' s credit card information. The customer sees the caller ID is the same as the company ' s main phone number. Which of the following attacks is the customer most likely a target of?
Which of the following is the best reason to perform a tabletop exercise?
A security analyst has determined that a security breach would have a financial impact of $15,000 and is expected to occur twice within a three-year period. Which of the following is the ALE for this risk?
During a penetration test in a hypervisor, the security engineer is able to inject a malicious payload and access the host filesystem. Which of the following best describes this vulnerability?
Which of the following automation use cases would best enhance the security posture of an organization by rapidly updating permissions when employees leave a company?
A security analyst created a fake account and saved the password in a non-readily accessible directory in a spreadsheet. An alert was also configured to notify the security team if the spreadsheet is opened. Which of the following best describes the deception method being deployed?
Which of the following is a common data removal option for companies that want to wipe sensitive data from hard drives in a repeatable manner but allow the hard drives to be reused?
Which of the following are the most important considerations when encrypting data? (Select two).
Employees located off-site must have access to company resources in order to complete their assigned tasks These employees utilize a solution that allows remote access without interception concerns. Which of the following best describes this solution?
Which of the following is most likely to be used as a just-in-time reference document within a security operations center?
Which of the following data recovery strategies will result in a quick recovery at low cost?
Which of the following would be the most appropriate way to protect data in transit?
A new employee logs in to the email system for the first time and notices a message from human resources about onboarding. The employee hovers over a few of the links within the email and discovers that the links do not correspond to links associated with the company. Which of the following attack vectors is most likely being used?
Which of the following principles ensures data is only accessible to authorized users?
An administrator at a small business notices an increase in support calls from employees who receive a blocked page message after trying to navigate to a spoofed website. Which of the following should the administrator do?
An organization disabled unneeded services and placed a firewall in front of a business-critical legacy system. Which of the following best describes the actions taken by the organization?
Which of the following can best protect against an employee inadvertently installing malware on a company system?
Which of the following describes the difference between encryption and hashing?
A security analyst developed a script to automate a trivial and repeatable task. Which of the following best describes the benefits of ensuring other team members understand how the script works?
Which of the following best explains a core principle of a Zero Trust security model?
The management team wants to assess the cybersecurity team ' s readiness to respond to a threat scenario. Which of the following will adequately assess and formalize a response within a short time?
An administrator was notified that a user logged in remotely after hours and copied large amounts of data to a personal device.
Which of the following best describes the user’s activity?
Various stakeholders are meeting to discuss their hypothetical roles and responsibilities in a specific situation, such as a security incident or major disaster. Which of the following best describes this meeting?
An organization wants a third-party vendor to do a penetration test that targets a specific device. The organization has provided basic information about the device. Which of the following best describes this kind of penetration test?
A company purchased cyber insurance to address items listed on the risk register. Which of the following strategies does this represent?
Which of the following is the best way to validate the integrity and availability of a disaster recovery site?
A service provider wants a cost-effective way to rapidly expand from providing internet links to managing them. Which of the following methods will allow the service provider to best scale its services while maintaining performance consistency?
A systems administrator receives an alert that a company ' s internal file server is very slow and is only working intermittently. The systems administrator reviews the server management software and finds the following information about the server:

Which of the following indicators most likely triggered this alert?
Which of the following enables the use of an input field to run commands that can view or manipulate data?
A healthcare organization wants to provide a web application that allows individuals to digitally report health emergencies.
Which of the following is the most important consideration during development?
A company decides to purchase an insurance policy. Which of the following risk management strategies is this company implementing?
Various company stakeholders meet to discuss roles and responsibilities in the event of a security breach affecting offshore offices. Which of the following is this an example of?
A technician needs to apply a high-priority patch to a production system. Which of the following steps should be taken first?
Which of the following should a security administrator adhere to when setting up a new set of firewall rules?
A systems administrator is looking for a low-cost application-hosting solution that is cloud-based. Which of the following meets these requirements?
An organization plans to increase security controls for devices that connect to its internal network. The additional security control must perform port-based authentication as part of the connection process. Which of the following should the organization implement?
An administrator is Investigating an incident and discovers several users’ computers were Infected with malware after viewing files mat were shared with them. The administrator discovers no degraded performance in the infected machines and an examination of the log files does not show excessive failed logins. Which of the following attacks Is most likely the cause of the malware?
A network administrator must turn off insecure protocols after a recent inspection. Which of the following best describes the vulnerability the network administrator is remediating?
Which of the following is the best way to consistently determine on a daily basis whether security settings on servers have been modified?
A security analyst finds a rogue device during a monthly audit of current endpoint assets that are connected to the network. The corporate network utilizes 002.1X for access control. To be allowed on the network, a device must have a Known hardware address, and a valid user name and password must be entered in a captive portal. The following is the audit report:

Which of the following is the most likely way a rogue device was allowed to connect?
A company ' s marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?
Which of the following is a directive managerial control?
Which of the following would best allow a company to prevent access to systems from the Internet?
A security audit of an organization revealed that most of the IT staff members have domain administrator credentials and do not change the passwords regularly. Which of the following solutions should the security learn propose to resolve the findings in the most complete way?
Which of the following best describes a method for ongoing vendor monitoring in third-party risk management?
An administrator has configured a quarantine subnet for all guest devices that connect to the network. Which of the following would be best for the security team to configure on the MDM before allowing access to corporate resources?
An analyst is reviewing an incident in which a user clicked on a link in a phishing email. Which of the following log sources would the analyst utilize to determine whether the connection was successful?
Which of the following describes the reason for using an MDM solution to prevent jailbreaking?
A technician wants to improve the situational and environmental awareness of existing users as they transition from remote to in-office work. Which of the following is the best option?
Which of the following is the first step to take when creating an anomaly detection process?
A security technician determines that no additional patches can be applied to an application and the risks of operating as such must be accepted. Additionally, only a limited number of network services should utilize the application. Which of the following best describes this type of mitigation?
Which of the following data types best describes an AI tool developed by a company to automate the ticketing system under a specific contract?
The Chief Information Security Officer (CISO) requires that new servers include hardware-level memory encryption. Which of the following data states does the CISO want to protect?
Which of the following are the best for hardening end-user devices? (Selecttwo)
Which of the following is a type of vulnerability that may result from outdated algorithms or keys?
A security administrator receives multiple reports about the same suspicious email. Which of the following is the most likely reason for the malicious email ' s continued delivery?
An organization has a new regulatory requirement to implement corrective controls on a financial system. Which of the following is the most likely reason for the new requirement?
An organization is required to provide assurance that its controls are properly designed and operating effectively. Which of the following reports will best achieve the objective?
A software developer would like to ensure. The source code cannot be reverse engineered or debugged. Which of the following should the developer consider?
Which of the following makes Infrastructure as Code (IaC) a preferred security architecture over traditional infrastructure models?
A security consultant is working with a client that wants to physically isolate its secure systems. Which of the following best describes this architecture?
Which of the following attacks primarily targets insecure networks?
Which of the following considerations is the most important for an organization to evaluate as it establishes and maintains a data privacy program?
An employee decides to collect PII data from the company ' s system for personal use. The employee compresses the data into a single encrypted file before sending the file to their personal email. The security department becomes aware of the attempted misuse and blocks the attachment from leaving the corporate environment. Which of the following types of employee training would most likely reduce the occurrence of this type of issue?
(Select two).
A bank set up a new server that contains customers ' Pll. Which of the following should the bank use to make sure the sensitive data is not modified?
An organization plans to expand its operations internationally and needs to keep data at the new location secure. The organization wants to use the most secure architecture model possible. Which of the following models offers the highest level of security?
A security administrator is addressing an issue with a legacy system that communicates data using an unencrypted protocol to transfer sensitive data to a third party. No software updates that use an encrypted protocol are available, so a compensating control is needed. Which of the following are the most appropriate for the administrator to suggest? (Select two.)
A database administrator is updating the company ' s SQL database, which stores credit card information for pending purchases. Which of the following is the best method to secure the data against a potential breach?
An analyst is evaluating the implementation of Zero Trust principles within the data plane. Which of the following would be most relevant for the analyst to evaluate?
After an audit, an administrator discovers all users have access to confidential data on a file server. Which of the following should the administrator use to restrict access to the data quickly?
A company plans to secure its systems by:
Preventing users from sending sensitive data over corporate email
Restricting access to potentially harmful websites
Which of the following features should the company set up? (Select two).
Which of the following is the best way to prevent data from being leaked from a secure network that does not need to communicate externally?
Which of the following resources is the most useful for a researcher to find more details about threat activities?
A newly identified network access vulnerability has been found in the OS of legacy loT devices. Which of the following would best mitigate this vulnerability quickly?
A company ' s accounts payable clerk receives a message from a vendor asking to change their bank account before paying an invoice. The clerk makes the change and sends the payment to the new account. Days later, the clerk receives another message from the same vendor with a request for a missing payment to the original bank account. Which of the following has most likely occurred?
Which of the following threat actors would most likely target an organization by using a logic bomb within an internally-developed application?
A security analyst reviews the following endpoint log:
powershell -exec bypass -Command " IEX (New-Object " )
Which of the following logs will help confirm an established connection to IP address 176.30.40.50?
Executives at a company are concerned about employees accessing systems and information about sensitive company projects unrelated to the employees ' normal job duties. Which of the following enterprise security capabilities will the security team most likely deploy to detect that activity?
Which of the following is most likely to cause reputational damage to a company?
A security engineer needs to analyze the implications of moving proprietary company data from a local server to a public cloud storage service. Which of the following actions should the engineer take first?
A company wants to minimize the chance of its outgoing marketing emails getting flagged as spam. The company decides to list the email servers on the proper DNS record. Which of the following protocols should the company apply next?
An administrator notices that several users are logging in from suspicious IP addresses. After speaking with the users, the administrator determines that the employees were not logging in from those IP addresses and resets the affected users’ passwords. Which of the following should the administrator implement to prevent this type of attack from succeeding in the future?
After multiple phishing simulations, the Chief Security Officer announces a new program that incentivizes employees to not click phishing links in the upcoming quarter. Which of the following security awareness execution techniques does this represent?
During a penetration test, a vendor attempts to enter an unauthorized area using an access badge Which of the following types of tests does this represent?
A company requires hard drives to be securely wiped before sending decommissioned systems to recycling. Which of the following best describes this policy?
Which of the following describes the reason root cause analysis should be conducted as part of incident response?
An organization has issues with deleted network share data and improper permissions. Which solution helps track and remediate these?
A few weeks after deploying additional email servers, employees complain that messages are being marked as spam. Which needs to be updated?
A company wants to use new Wi-Fi-enabled environmental sensors in order to automatically collect metrics. Which of the following will the security team most likely do?
Which of the following describes the process of concealing code or text inside a graphical image?
Which of the following is the most likely to be used to document risks, responsible parties, and thresholds?
Which of the following describes the maximum allowance of accepted risk?
A security analyst needs to improve the company’s authentication policy following a password audit. Which of the following should be included in the policy? (Select two).
An organization is evaluating the cost of licensing a new solution to prevent ransomware. Which of the following is the most helpful in making this decision?
A security team wants to work with the development team to ensure WAF policies are automatically created when applications are deployed. Which concept describes this capability?
Which of the following security principles most likely requires validation before allowing traffic between systems?
Which of the following is a benefit of an RTO when conducting a business impact analysis?
Which of the following is the best way to secure an on-site data center against intrusion from an insider?
Which of the following activities should be performed first to compile a list of vulnerabilities in an environment?
Which of the following should be used to ensure that a device is inaccessible to a network-connected resource?
An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?
Which of the following security controls is a company implementing by deploying HIPS? (Select two)
A security administrator is implementing encryption on all hard drives in an organization. Which of the following security concepts is the administrator applying?
Which of the following is the most likely outcome if a large bank fails an internal PCI DSS compliance assessment?
A company is working with a vendor to perform a penetration test Which of the following includes an estimate about the number of hours required to complete the engagement?
In a rush to meet an end-of-year business goal, the IT department was told to implement a new business application. The security engineer reviews the attributes of the application and decides the time needed to perform due diligence is insufficient from a cybersecurity perspective. Which of the following best describes the security engineer ' s response?
Which of the following is used to add extra complexity before using a one-way data transformation algorithm?
Which of the following would enable a data center to remain operational through a multiday power outage?
An organization has too many variations of a single operating system and needs to standardize the arrangement prior to pushing the system image to users. Which of the following should the organization implement first?
Which of the following allows an exploit to go undetected by the operating system?
Which of the following best describe a penetration test that resembles an actual external attach?
An employee who was working remotely lost a mobile device containing company data. Which of the following provides the best solution to prevent future data loss?
A security analyst is reviewing logs and discovers the following:

Which of the following should be used lo best mitigate this type of attack?
Which of the following is a reason an organization should use different CSPs for a critical financial application?
A malicious insider from the marketing team alters records and transfers company funds to a personal account. Which of the following methods would be the best way to secure company records in the future?
A company wants to get alerts when others are researching and doing reconnaissance on the company One approach would be to host a part of the Infrastructure online with known vulnerabilities that would appear to be company assets. Which of the following describes this approach?
A company performs a risk assessment on the information security program each year. Which of the following best describes this risk assessment?
Which of the following can be used to mitigate attacks from high-risk regions?
A company wants to track modifications to the code that is used to build new virtual servers. Which of the following will the company most likely deploy?
A company is planning a disaster recovery site and needs to ensure that a single natural disaster would not result in the complete loss of regulated backup data. Which of the following should the company consider?
An organization experiences data loss after several employees traveled to an area that is well-known for corporate espionage. The employees always used VPNs when connected to the hotel Wi-Fi, logged off their machines when not in use, and kept their doors locked when leaving their devices unattended. Which of the following will best prevent data loss events in the future?
A security analyst reviews logs and finds a large number of malicious requests that have caused performance issues on the company ' s site. Which of the following would have most likely prevented this attack?
A company wants to use new Wi-Fi-enabled environmental sensors to automatically collect metrics. Which of the following will the security team most likely do?
A software development manager wants to ensure the authenticity of the code created by the company. Which of the following options is the most appropriate?
During a SQL update of a database, a temporary field used as part of the update sequence was modified by an attacker before the update completed in order to allow access to the system. Which of the following best describes this type of vulnerability?
A Chief Information Security Officer (CISO) implements a new policy that users can no longer access fantasy sports sites while at work. The CISO wants to implement a solution that can adapt to new sites coming online and not have to constantly determine which sites are related to fantasy sports. Which of the following is the best capability for the CISO to leverage?
A malicious update was distributed to a common software platform and disabled services at many organizations. Which of the following best describes this type of vulnerability?
Which of the following is the phase in the incident response process when a security analyst reviews roles and responsibilities?
Which of the following provides resilience by hosting critical VMs within different IaaS providers while being maintained by internal application owners?
Which of the following explains how regular patching helps mitigate risks when securing an enterprise environment?
A store is setting up wireless access for their employees. Management wants to limit the number of access points while ensuring all areas of the store are covered. Which of the following tools will help management determine the number of access points needed?
A company wants to improve the availability of its application with a solution that requires minimal effort in the event a server needs to be replaced or added. Which of the following would be the best solution to meet these objectives?
A company processes and stores sensitive data on its own systems. Which of the following steps should the company take first to ensure compliance with privacy regulations?
A security analyst is reviewing alerts in the SIEM related to potential malicious network traffic coming from an employee’s corporate laptop. The security analyst has determined that additional data about the executable running on the machine is necessary to continue the investigation. Which of the following logs should the analyst use as a data source?
Which of the following phases of an incident response involves generating reports?
Which of the following best explains a concern with OS-based vulnerabilities?
A company needs to determine whether authentication weaknesses in a customer-facing web application exist. Which of the following is the best technique to use?
An administrator wants to perform a risk assessment without using proprietary company information. Which of the following methods should the administrator use to gather information?
Which of the following uses proprietary controls and is designed to function in harsh environments over many years with limited remote access management?
During a routine audit, an analyst discovers that a department uses software that was not vetted. Which threat is this?
After a security incident, a systems administrator asks the company to buy a NAC platform. Which of the following attack surfaces is the systems administrator trying to protect?
A company must ensure sensitive data at rest is rendered unreadable. Which of the following will the company most likely use?