A security analyst is tasked with defining the “something you are“ factor of the company’s MFA settings. Which of the following is BEST to use to complete the configuration?
Users are presented with a banner upon each login to a workstation. The banner mentions that users are not entitled to any reasonable expectation of privacy and access is for authorized personnel only.
In order to proceed past that banner. users must click the OK button. Which of the following is this an example of?
Which of the following techniques eliminates the use of rainbow tables for password cracking?
A company wants to build a new website to sell products online. The website will host a storefront application that will allow visitors to add products to a shopping cart and pay for the products using a credit card. Which of the following protocols would be the MOST secure to implement?
Which of the following is a risk that is specifically associated with hosting applications in the public cloud?
Which of the following controls is used to make an organization initially aware of a data compromise?
A company's security team received notice of a critical vulnerability affecting a high-profile device within the web infrastructure. The vendor patch was just made available online but has not yet been regression tested in development environments. In the interim, firewall rules were implemented to reduce the access to the interface affected by the vulnerability. Which of the following controls does this scenario describe?
A company recently experienced an inside attack using a corporate machine that resulted in data compromise. Analysis indicated an unauthorized change to the software circumvented technological protection measures, The analyst was tasked with determining the best method to ensure the integrity of the systems remains intact and local and remote boot attestation can take place. Which of the following would provide the BEST solution?
An attacker has successfully exfiltrated several non-salted password hashes from an online system. Given the logs below:
Which of the following BEST describes the type of password attack the attacker is performing?
Which of the following is an effective tool to stop or prevent the exfiltration of data from a network?
A security manager has tasked the security operations center with locating all web servers that respond to an unsecure protocol. Which of the following commands could an analyst run to find requested servers?
An audit Identified Pll being utilized In the development environment of a critical application. The Chief Privacy Officer (CPO) Is adamant that this data must be removed; however, the developers are concerned that without real data they cannot perform functionality tests and search for specific data. Which of the following should a security professional implement to BEST satisfy both the CPO's and the development team's requirements?
A major political party experienced a server breach. The hacker then publicly posted stolen internal communications concerning campaign strategies to give the opposition party an advantage. Which of the following BEST describes these threat actors?
The president of a regional bank likes to frequently provide SOC tours to potential investors. Which of the following policies BEST reduces the risk of malicious activity occurring after a tour?
A company is required to continue using legacy software to support a critical service. Which of the following BEST explains a risk of this practice?
A security analyst is receiving several alerts per user and is trying to determine If various logins are malicious. The security analyst would like to create a baseline of normal operations and reduce noise. Which of the following actions should the security analyst perform?
Which of the following is used to ensure that evidence is admissible in legal proceedings when it is collected and provided to the authorities?
Which of the following is a security best practice that ensures the integrity of aggregated log files within a SIEM?
Which of the following BEST describes when an organization utilizes a ready-to-use application from a cloud provider?
An organization just implemented a new security system. Local laws state that citizens must be notified prior to encountering the detection mechanism to deter malicious activities. Which of the following is being implemented?
A cyber-security administrator is using an enterprise firewall. The administrator created some rules, but now Seems to be unresponsive. All connections being dropped by the firewall. Which of the following would be the BEST option to remove the rules?
Which of the following control types fixes a previously identified issue and mitigates a risk?
Which of the following prevents an employee from seeing a colleague who is visiting an inappropriate website?
A administrator needs to allow mobéle BYOD devices to access network resources, As the devices are not enrolled to the domain and do not have policies applied to them, which of the
following are best practces for authentication and infrastructure security? (Select TWO)
Which of the following is the purpose of a risk register?
After consulting with the Chief Risk Officer (CRO). a manager decides to acquire cybersecurity insurance for the company Which of the following risk management strategies is the manager adopting?
A cybersecurity administrator is using iptables as an enterprise firewall. The administrator created some rules, but the network now seems to be unresponsive All connections are being dropped by the firewall. Which of the following would be the BEST option to remove the rules?
Which of the following control sets should a well-written BCP include? (Select THREE)
An application owner has requested access for an external application to upload data from the central internal website without providing credentials at any point. Which of the following authentication methods should be configured to allow this type of integration access?
A recent malware outbreak across a subnet included successful rootkit installations on many PCs, ensuring persistence by rendering remediation efforts ineffective. Which of the following would BEST detect the
presence of a rootkit in the future?
Local guidelines require that all information systems meet a minimum-security baseline to be compliant.
Which of the following can security administrators use to assess their system configurations against the baseline?
uring an investigation, a security manager receives notification from local authorities that company proprietary data was found on a former employee's home computer. The former employee's
corporate workstation has since been repurposed, and the data on the hard drive has been overwritten. Which of the following would BEST provide the security manager with enough details to
determine when the data was removed from the company network?
In which of the following common use cases would steganography be employed?
A network engineer notices the VPN concentrator overloaded and crashes on days when there are a lot of remote workers. Senior management has placed greater importance on the availability of VPN resources for the remote workers than the security of the end users’ traffic. Which of the following would be BEST to solve this issue?
Which of the following incident response steps involves actions to protect critical systems while maintaining business operations?
A company's Chief Information Office (CIO) is meeting with the Chief Information Security Officer (CISO) to plan some activities to enhance the skill levels of the company's developers. Which of the following would be MOST suitable for training the developers'?
A systems administrator needs to install the same X.509 certificate on multiple servers. Which of the following should the administrator use?
A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives?
A security engineer needs to implement an MDM solution that complies with the corporate mobile device policy. The policy states that in order for mobile users to access corporate resources on their devices the following requirements must be met:
• Mobile device OSs must be patched up to the latest release
• A screen lock must be enabled (passcode or biometric)
• Corporate data must be removed if the device is reported lost or stolen
Which of the following controls should the security engineer configure? (Select TWO)
While reviewing the wireless router, a systems administrator of a small business determines someone is spoofing the MAC address of an authorized device.
Given the table below:
Which of the following should be the administrator's NEXT step to detect if there is a rague system without impacting availability?
Which of the following would cause a Chief information Security Officer the MOST concer regarding newly installed Internet-accessible 4K surveillance cameras?
An inability to monitor 100% of every facility could expose the company to unnecessary risk.
B. The cameras could be compromised if not patched in a timely manner.
C. Physical security at the facility may not protect the cameras from theft.
D. Exported videos may take up excessive space on the file servers.
hich of the following is the BEST method for ensuring non-repudiation?
A cybersecurity department purchased o new PAM solution. The team is planning to randomize the service account credentials of the Windows server first. Which of the following would be the BEST method to increase the security on the Linux server?
An analyst needs to set up a method for securely transferring files between systems. One of the requirements is to authenticate the IP header and the payload. Which of the following services would BEST meet the criteria?
A company is setting up a web server on the Internet that will utilize both encrypted and unencrypted web-browsing protocols. A security engineer runs a port scan against the server from the Internet and sees the following output:
Which of the following steps would be best for the security engineer to take NEXT?
A network administrator has been asked to design a solution to improve a company's security posture The administrator is given the following, requirements?
• The solution must be inline in the network
• The solution must be able to block known malicious traffic
• The solution must be able to stop network-based attacks
Which of the following should the network administrator implement to BEST meet these requirements?
Whiten of the folowing BEST describes the MFA atiribute tha requires6 calback on a predefined landline?
A financial nstitution wauid like to stare its customer data in a coud but still allaw the data ta he accessed and manipulated while encrypted. Doing so would prevent the claud servine provider from heing adle ta decipher the data due ta its sensitivity. The financial institutan is not concernec about computational averheads and slow speeds, Which of the follawing cryotographic techniques would BEST meet the requirement?
A security administrator has noticed unusual activity occurring between different global instances and workloads and needs to identify the source of the unusual
traffic. Which of the following log sources would be BEST to show the source of the unusual traffic?
Several large orders of merchandise were recently purchased on an e-commerce company's website. The totals for each of the transactions were negative values, resulting in credits on the customers?
accounts. Which of the following should be implemented to prevent similar situations in the future?
A systoms administrator needs to instal the seme X.509 certificate on multiple servers. Which of the following should the administrator use?
A recent security assessment revealed that an actor explolied a vuinerable workstation willvin an organization and has persisted on the network for several months. The organization realizes the need to reassess Its seourlty
strategy for mitigating risks within the perimeter Which of the following solutions woukl BEST support the organization's strategy?
After installing a Windows server, a cybersecurity administrator needs to harden it, following security best practices. Which of the following will achieve the administrator's goal? (Select TWO).
Which of the following is the correct order of volatility from MOST to LEAST volatile? >
An organization recently recovered from a data breach. During the root cause analysis, the organization determined the source of the breach to be a personal cell phone that had been reported lost. Which of the following
solutions should the organization implement to reduce the likelihood of future data breaches?
A external forensics investigator has been hired to investigate a data breach at a large enterprise with numerous assets. It is known that the breach started in the DMZ and moved to the sensitive information, generating multiple logs as the attacker traversed through the network. Which of the following will BEST assist with this investigation?
An incident, which is affecting dozens of systems, involves malware that reaches out to an Internet service for rules and updates. The IP addresses for the
Internet host appear to be different in each case. The organization would like to determine a common IoC to support response and recovery actions. Which of
the following sources of information would BEST support this solution?
A security administrator needs to inspect in-transit files on the enterprise network to search for Pll, credit card data, and classification words. Which of the following would be the BEST to use?
An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer map the existing controls? (Select TWO).
A Iso
B. PCI DSS
C. soc
D.. GDPR
E. CSA
F. NIST
An organization plans to transition the intrusion detection and prevention techniques on a critical subnet to an anomaly-based system. Which of the following does the organization
need to determine for this to be successful?
A ecurily analyst b concemed alout iratic initiated to he dark web fom the corporate LAN. Which of the folowing motworks should he analyst monior?
Whichppf the following will MOST likely cause machine-learning and Al-enabled systems to operate with unintended consequences?
Joe, a security analyst, recently performed a network discovery to fully understand his organization's electronic footprint from a "public" perspective. Joe ran a set of commands and received the following output:
Which of the following can be determined about the organization's public presence and security posture? (Select TWO).
A Chief Security Officer (CSO) was notified that a customer was able to access confidential internal company files on a commonly used file-sharing service. The
file-sharing service is the same one used by company staff as one of its approved third-party applications. After further investigation, the security team
determines the sharing of confidential files was accidental and not malicious. However, the CSO wants to implement changes to minimize this type of incident
from reoccurring but does not want to impact existing business processes. Which of the following would BEST meet the CSO's objectives?
A customer called a company's security team to report that all invoices the customer has received over the last five days from the company appear to have fraudulent banking details. An investigation
into the matter reveals the following
* The manager of the accounts payable department is using the same password across multiple external websites and the corporate account.
* One of the websites the manager used recently experienced a data breach
* The manager's corporate email account was successfully accessed in the last fve days by an IP address located in a foreign country
Which of the following attacks has MOST hkely been used to compromise the manager's corporate account?
A Remote access Trojan
B. Brute-force
C. Oicbonary
D. Credential stuffing
E. Password spraying
An analyst is trying to identify insecure services that are running on the internal network. After performing a port scan, the analyst identifies that a server has
sont insecure services enabled on default ports. Which of the following BEST describes the services that are currently running and the secure alternatives for
replacing them? (Select THREE).
The website http://companywebsite.com requires users to provide personal information including security responses, for
registration. which of the following would MOST likely cause a date breach?
A security administrator is trying to determine whether a server is vulnerable to a range of attacks. After using a tool, the administrator obtains the following output:
Which of the following attacks was successfully implemented based on the output?
A SOC is implementing an insider-threat-detection program. The primary concern is that users may be accessing confidential data without authorization. Which of the following should be deployed to detect a potential insider
threat?
While reviewing pcap data, a network security analyst is able to locate plaintext usernames and passwords being sent from workstations to network witches. Which of the following is the security analyst MOST likely observing?
A company is implementing a new SIEM to log and send alerts whenever malicious activity is blocked by its antivirus and web content filters. Which of the following is the primary use case for this scenario?
Ahelp desk technician receives an email from the Chief Information Officer (C/O) asking for documents. The technician knows the CIO is on vacation for a few weeks. Which of the following should the technician do to validate the authenticity of the email?
An analyst is working on an email security incident in which the target opened an attachment containing a worm. The analyst wants to implement mitigation techniques to prevent further spread. Which of the following is the BEST course of action for the analyst to take?
A scurity analyst must enforce policies to harden an MDM infrastructure. The requirements are as follows:
* Ensure mobile devices can be tracked and wiped.
* Confirm mobile devices are encrypted.
Which of the following should the analyst enable on all the devices to meet these requirements?
Which of the following environments utilizes dummy data and is MOST likely to be installed locally on a system that allows code to be assessed directly and modified easily with each build?
An organization wants seamless authentication to its applications. Which of the following should the organization employ to meet this requirement?
A customer has reported that an organization's website displayed an image of a smiley (ace rather than the expected web page for a short time two days earlier. A security analyst reviews log tries and sees the following around the lime of the incident:
Which of the following is MOST likely occurring?
A bad actor tries to persuade someone to provide financial information over the phone in order to gain access to funds. Which of the following types of attacks does this scenario describe?
A company recenty experienced an attack during which its main website was Girected to the attacker's web server, allowing the attacker to harvest credentials trom unsuspecting customers, Which of the following should the
company implement lo prevent this type of attack from occurring In the future?
it a current private key is compromised, which of the following would ensure it cannot be used to decrypt ail historical data?
Which of the following describes a maintenance metric that measures the average time required to troubleshoot and restore failed equipment?
Which of the following conditions impacts data sovereignty?
Aconbgany uses a drone for precise perimeter and boundary monitoring. Which of the following should be MOST conceming to the company?
ir security team received a report of copyright infringement from the IP space of the corporate network. The report provided a precise time stamp for the incident as well as the name of the copyrighted file“sThe analyst has been tasked with determining the infringing source machine and instructed to implement measures to prevent such incidents from occurring again. Which of the following is MOST capable of accomplishing both tasks?
A security analyst notices several attacks are being blocked by the NIPS but does not see anything on the boundary firewall logs. The attack seems to have been thwarted Which of the following resiliency techniques was applied to the network to prevent this attack?
A securily analysl has receved several reporls of an issue on an inlemal web application. Users state they are having to provide their credentials brice to log in. The analyst checks with he application team and noles Unis is not an expected bohavier. After looking at several lags, the analysi deciies to in some commands on the gateway and obtains the following output:
Which of the following BEST describes the attack the company is experiencing?
Atocompany wants to modify its current backup strategy to modity its current backup strategy to minenize the number of backups that would need to be restored in case of data loss. Which of the following would be the BEST backup strategy
A security engineer is installing a WéAF io protect the company's website from malicious wed requests over SSL, Which of the following is needed io meet the objective?
A, A ere proxy
B.A Geeryption certificate
C. A gpill-tunnel VPN
D. Load-balanced servere
Which of the following uses six initial steps that provide basic control over system security by including hardware and software inventory, vulnerability management, and continuous monitoring to minimize risk in all network environments?
A company recently expenenced an attack dunng which #5 main website was directed to the atacker’s web server, allowing the attacker to harvest credentials from unsuspecting customers. Vhich of the following snould the company Implement to prevent this type of attack from accurting in the future?
A new vulnerability in the SMB protocol on the Windows systems was recently discovered, but no patches are currently available to resolve the issue. The security administrator is concerned tf servers in the company's DMZ will be vulnerable to external attack; however, the administrator cannot disable the service on the servers, as SMB is used by a number of internal systems and applications on the LAN. Which of the following TCP ports should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers? (Select TWO).
A cybersecurity administrator needs to implement a Layer 7 security control on a network and block potential attacks. Which of the following can block an attack at Layer 7? (Select TWO).
A tax organization is working on a solution to validate the online submission of documents The solution should be earned on a portable USB device that should be inserted on any computer that is transmitting a transaction securely. Which of the following is the BEST certificate for these requirements?
Which of the following is the BEST example of a cost-effective physical control to enforce a USB removable media restriction policy?
A company is looking to migrate some servers to the cloud to minimize its technology footprint. The company has 100 databases that are on premises. Which of the following solutions will require the LEAST management and support from the company?
A technician enables full disk encryption on a laptop that will be taken on a business tnp. Which of the following does this process BEST protect?
During a recent incident an external attacker was able to exploit an SMB vulnerability over the internet. Which of the following action items should a security analyst perform FIRST to prevent this from occurring again?
An amusement park is implementing a btomelnc system that validates customers' fingerpnnts to ensure they are not sharing tickets The park's owner values customers above all and would prefer customers' convenience over security For this reason which of the following features should the security team prioritize FIRST?
A company is providing security awareness training regarding the importance of not forwarding social media messages from unverified sources. Which of the following risks would this training help to prevent?
The Chief Information Security Officer wants to prevent exfiltration of sensitive information from employee cell phones when using public USB power charging stations. Which of the following would be the BEST solution to Implement?
After a recent security breach a security analyst reports that several admimstratrve usemames and passwords are being sent via cieartext across the network to access network devices over prot 23 Which of the following should be implemented so all credentials sent over the network are encrypted when remotely accessing and configunng network devices?
A penetration tester was able to compromise an internal server and is now trying to pivot the current session in a network lateral movement Which of the following tools if available on the server, will provide the MOST useful information for the next assessment step?
Certain users are reporting their accounts are being used to send unauthorized emails and conduct suspicious activities After further investigation, a security analyst notices the following
• All users share workstations throughout the day
• Endpoint protection was disabled on several workstations throughout the network.
• Travel times on logins from the affected users are impossible
• Sensitive data is being uploaded to external sites
• All usee account passwords were forced lo be reset and the issue continued
Which of the following attacks is being used to compromise the user accounts?
Which of the following statements BEST describes zero-day exploits'?
Which biometric error would allow an unauthorized user to access a system?
A company needs to validate its updated incident response plan using a real-world scenario that will test decision points and relevant incident response actions without interrupting daily operations. Which of the following would BEST meet the company's requirements?
An organization discovered files with proprietary financial data have been deleted. The files have been recovered from backup but every time the Chief Financial Officer logs in to the file server, the same files are deleted again No other users are experiencing this issue. Which of the following types of malware is MOST likely causing this behavior?
A security engineer was assigned to implement a solution to prevent attackers from gaining access by pretending to be authorized users. Which of the following technologies meets the requirement?
Security analysts are conducting an investigation of an attack that occurred inside the organization’s network. An attacker was able to connect network traffic between workstation throughout the network. The analysts review the following logs:
The layer 2 address table has hundred of entries similar to the ones above. Which of the following attacks has MOST likely occurred?
An employee received a word processing file that was delivered as an email attachment The subject line and email content enticed the employee to open the attachment. Which of the following attack vectors BEST matches this malware?
Which of the following documents provides expectations at a technical level for quality, availability, and responsibilities?
Which of the following provides a calculated value for known vulnerabilities so organizations can prioritize mitigation steps?
The SOC for a large MSSP is meeting to discuss the lessons learned from a recent incident that took much too long to resolve This type of incident has become more common in recent weeks and is consuming large amounts of the analysts' time due to manual tasks being performed Which of the following solutions should the SOC consider to BEST improve its response time?
A security analyst was called to investigate a file received directly from a hardware manufacturer. The analyst is trying to determine whether odified in transit before installation on the user's computer. Which of the following can be used to safely assess the file?
While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is alerted to a subsequent token reuse moments later on a different service using the same single sign-on method. Which of the following would BEST detect a malicious actor?
The technology department at a large global company is expanding its Wi-Fi network infrastructure at the headquarters building Which of the following should be closely coordinated between the technology, cybersecurity, and physical security departments?
The compliance team requires an annual recertification of privileged and non-privileged user access. However, multiple users who left the company six months ago still have access. Which of the following would have prevented this compliance violation?
Which of the following incident response steps occurs before containment?
Which of the following should customers who are involved with Ul developer agreements be concerned with when considering the use of these products on highly sensitive projects?
An application owner reports suspicious activity on an internal financial application from various internal users within the past 14 days. A security analyst notices the following:
•Financial transactions were occurring during irregular time frames and outside of business hours by unauthorized users.
•Internal users in question were changing their passwords frequently during that time period.
•A jump box that several domain administrator users use to connect to remote devices was recently compromised.
•The authentication method used in the environment is NTLM.
Which of the following types of attacks is MOST likely being used to gain unauthorized access?
During an investigation, the incident response team discovers that multiple administrator accounts were suspected of being compromised. The host audit logs indicate a repeated brute-force attack on a single administrator account followed by suspicious logins from unfamiliar geographic locations. Which of the following data sources would be BEST to use to assess the accounts impacted by this attack?
A systems analyst determines the source of a high number of connections to a web server that were initiated by ten different IP addresses that belong to a network block in a specific country. Which of the following techniques will the systems analyst MOST likely implement to address this issue?
Which of the following BEST describes the team that acts as a referee during a penetration-testing exercise?
A security engineer is hardening existing solutions to reduce application vulnerabilities. Which of the following solutions should the engineer implement FIRST? (Select TWO)
A security engineer is reviewing the logs from a SAML application that is configured to use MFA, during this review the engineer notices a high volume of successful logins that did not require MFA from users who were traveling internationally. The application, which can be accessed without a VPB, has a policy that allows time-based tokens to be generated. Users who changed locations should be required to reauthenticate but have been Which of the following statements BEST explains the issue?
A Chief Information Security Officer (CISO) is evaluating (he dangers involved in deploying a new ERP system tor the company. The CISO categorizes the system, selects the controls mat apply to the system, implements the controls, and then assesses the success of the controls before authorizing the system Which of the following is the CISO using to evaluate Hie environment for this new ERP system?
A security analyst has been tasked with creating a new WiFi network for the company. The requirements received by the analyst are as follows:
•Must be able to differentiate between users connected to WiFi
•The encryption keys need to change routinely without interrupting the users or forcing reauthentication
•Must be able to integrate with RADIUS
•Must not have any open SSIDs
Which of the following options BEST accommodates these requirements?
A Chief Information Officer is concerned about employees using company-issued laptops lo steal data when accessing network shares. Which of the following should the company Implement?
A security analyst needs to implement an MDM solution for BYOD users that willallow the company to retain control over company emails residing on the devices andlimit data exfiltration that might occur if the devices are lost or stolen.Which of the following would BEST meet these requirements? (Select TWO).
A Chief information Officer is concemed about employees using company-issued laptops to steal dala when accessing network shares Which of the following should the company implement?
Which of the following environments typically hosts the current version configurations and code, compares user-story responses and workflow, and uses a modified version of actual data for testing?
Which of the following Is the BEST reason to maintain a functional and effective asset management policy that aids in ensuring the security of an organization?
Which of the following authentication methods is considered to be the LEAST secure?
An attacker replaces a digitally signed document with another version that goes unnoticed Upon reviewing the document's contents the author notices some additional verbiage that was not originally in the document but cannot validate an integrity issue. Which of the following attacks was used?
Which of the following roles would MOST likely have direct access to the senior management team?
While troubleshooting a service disruption on a mission-critical server, a technician discovered the user account that was configured to run automated processes was disabled because the user's password failed to meet password complexity requirements. Which of the following would be the BEST solution to securely prevent future issues?